00000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:45:42 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 40) 19:45:42 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 82) [ 1377.538200] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1377.538200] program syz-executor.6 not setting count and/or reply_len properly 19:45:42 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="061dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1377.550461] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1377.550461] program syz-executor.0 not setting count and/or reply_len properly [ 1377.566776] FAULT_INJECTION: forcing a failure. [ 1377.566776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.567774] CPU: 0 PID: 24521 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1377.568436] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1377.569113] Call Trace: [ 1377.569351] dump_stack+0x107/0x167 [ 1377.569657] should_fail.cold+0x5/0xa [ 1377.569977] copy_page_from_iter+0x40a/0x900 [ 1377.570347] blk_rq_map_user_iov+0x138b/0x1a60 [ 1377.570727] ? perf_trace_lock+0xac/0x490 [ 1377.571069] ? __lockdep_reset_lock+0x180/0x180 [ 1377.571456] ? __lockdep_reset_lock+0x180/0x180 [ 1377.571836] ? blk_rq_unmap_user+0x750/0x750 [ 1377.572206] ? mark_held_locks+0x9e/0xe0 [ 1377.572547] ? find_held_lock+0x2c/0x110 [ 1377.572887] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1377.573330] ? lock_downgrade+0x6d0/0x6d0 [ 1377.573670] ? import_single_range+0x24d/0x2e0 [ 1377.574050] blk_rq_map_user+0x103/0x170 [ 1377.574387] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1377.574777] ? alloc_pages_current+0x18f/0x280 [ 1377.575154] ? sg_build_indirect.isra.0+0x448/0x710 [ 1377.575570] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1377.576014] ? sg_build_indirect.isra.0+0x710/0x710 [ 1377.576426] ? vprintk_func+0x93/0x140 [ 1377.576749] ? record_print_text.cold+0x16/0x16 [ 1377.577139] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1377.577568] ? trace_hardirqs_on+0x5b/0x180 [ 1377.577931] sg_write.part.0+0x69e/0xaa0 [ 1377.578271] ? sg_new_write.isra.0+0x770/0x770 [ 1377.578653] ? find_held_lock+0x2c/0x110 [ 1377.578993] ? __might_fault+0xd3/0x180 [ 1377.579323] ? lock_downgrade+0x6d0/0x6d0 [ 1377.579673] ? _cond_resched+0x12/0x80 [ 1377.580000] ? inode_security+0x107/0x140 [ 1377.580338] ? avc_policy_seqno+0x9/0x70 [ 1377.580672] ? selinux_file_permission+0x92/0x520 [ 1377.581077] ? security_file_permission+0x24e/0x570 [ 1377.581490] sg_write+0x87/0x120 [ 1377.581775] do_iter_write+0x482/0x670 [ 1377.582101] ? import_iovec+0x83/0xb0 [ 1377.582418] vfs_writev+0x1ae/0x620 [ 1377.582720] ? vfs_iter_write+0xa0/0xa0 [ 1377.583048] ? __fget_files+0x26d/0x4c0 [ 1377.583375] ? lock_downgrade+0x6d0/0x6d0 [ 1377.583716] ? find_held_lock+0x2c/0x110 [ 1377.584055] ? __fget_files+0x296/0x4c0 [ 1377.584386] ? __fget_light+0xea/0x290 [ 1377.584706] do_writev+0x139/0x300 [ 1377.584998] ? vfs_writev+0x620/0x620 [ 1377.585321] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1377.585748] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1377.586171] do_syscall_64+0x33/0x40 [ 1377.586474] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1377.586888] RIP: 0033:0x7f3e10b72b19 [ 1377.587194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1377.588679] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1377.589308] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1377.589883] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1377.590461] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1377.591037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1377.591611] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:45:42 executing program 5: r0 = perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x13, 0x1, 0xfd, 0x0, 0x0, 0x0, 0x20010, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = fork() r2 = gettid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000400)=0x0) r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) clone3(&(0x7f0000000480)={0x20000000, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0xf}, &(0x7f0000000340)=""/90, 0x5a, &(0x7f00000003c0)=""/64, &(0x7f0000000440)=[r2, r3, r5, r2, r1], 0x5}, 0x58) kcmp(r1, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x3, 0x1, 0xff, 0x5, 0x0, 0x9, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x4, @perf_bp={&(0x7f0000000140), 0xb}, 0x12301, 0x0, 0x1, 0x5, 0x9c58, 0x7, 0x2, 0x0, 0x400, 0x0, 0x5}, r2, 0x2, r0, 0x1) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp857'}}]}) truncate(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffe0) 19:45:42 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="021dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:45:42 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x11, r2) ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 1377.638814] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1377.638814] program syz-executor.7 not setting count and/or reply_len properly [ 1377.642661] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1377.642661] program syz-executor.4 not setting count and/or reply_len properly [ 1377.657360] FAULT_INJECTION: forcing a failure. [ 1377.657360] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.658436] CPU: 0 PID: 24544 Comm: syz-executor.4 Not tainted 5.10.218 #1 [ 1377.658996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1377.659664] Call Trace: [ 1377.659885] dump_stack+0x107/0x167 [ 1377.660187] should_fail.cold+0x5/0xa [ 1377.660506] _copy_to_user+0x2e/0x180 [ 1377.660823] simple_read_from_buffer+0xcc/0x160 [ 1377.661220] proc_fail_nth_read+0x198/0x230 [ 1377.661579] ? proc_sessionid_read+0x230/0x230 [ 1377.661952] ? security_file_permission+0x24e/0x570 [ 1377.662358] ? perf_trace_initcall_start+0xf1/0x380 [ 1377.662771] ? proc_sessionid_read+0x230/0x230 [ 1377.663146] vfs_read+0x228/0x580 [ 1377.663435] ksys_read+0x12d/0x260 [ 1377.663724] ? vfs_write+0xa70/0xa70 [ 1377.664034] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1377.664459] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1377.664880] do_syscall_64+0x33/0x40 [ 1377.665186] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1377.665608] RIP: 0033:0x7f500a01669c [ 1377.665915] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1377.667390] RSP: 002b:00007f50075d9170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1377.668015] RAX: ffffffffffffffda RBX: 000000000000002d RCX: 00007f500a01669c [ 1377.668591] RDX: 000000000000000f RSI: 00007f50075d91e0 RDI: 0000000000000008 [ 1377.669166] RBP: 00007f50075d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1377.669747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1377.670330] R13: 00007fff46ddfa2f R14: 00007f50075d9300 R15: 0000000000022000 [ 1377.689619] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1377.689619] program syz-executor.6 not setting count and/or reply_len properly [ 1377.712946] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1377.712946] program syz-executor.6 not setting count and/or reply_len properly 19:45:55 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:45:55 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) r5 = fork() r6 = gettid() waitid(0x2, r6, 0x0, 0x1, &(0x7f00000003c0)) r7 = gettid() kcmp(r5, r7, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) wait4(r5, &(0x7f0000000080), 0x20000000, &(0x7f0000000280)) 19:45:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:45:55 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 41) 19:45:55 executing program 5: setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x47e2, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) fallocate(0xffffffffffffffff, 0x0, 0x806, 0x0) ftruncate(r0, 0x1000003) fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000200)='security.capability\x00', &(0x7f0000000240)='./file0\x00', 0xffffffffffffffff) ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0) getpgrp(0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x300c) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x4, &(0x7f0000001e00)=ANY=[@ANYBLOB="7472616e2f0c1ea552e990d711000166642c7266646e6f3d6a121915eb9c8ec0368c8ba14b508f5334eae6f09b1f419d5895e01844cc1aecd6e6af420c3336985473e60867f0188bc13d234d7372623bbd703b456be1b47523870871ab83b65565a011d176fa9e5f39", @ANYBLOB="f9989bc7141f431e3944813b9ce088da3e7949292d4ac3ff2e05d74c2c8d7d0ccdb89d556a309e05bb5a4d33d529dbc65a7d188b999fa4375f4188f8af214bd7e83604b073b401df0d4d832d86a7c5464cd32ed35e5194b8ca0ef9adfc805416ef71d10d83264341d8063d8e44bb1448c30b1c69389711b39023fde9bfd6668111772635446c009d859a28e1e296c8c3d01b297812e30bf705ca6c0f453dfadce7ea01f749e3ae19681bc5fa2ecad1d555d73c19c6e896c9fae27a65749cfe73e4b1c624bc072f8e5621a6939a2db467201ff0cd41046f131fb581459dafde4ce445e29c30f14d4a857e9e9fcd333e7654fc8b612c9e87a82357c3a9b96a24340c6323027dc6e195a369bc6924403a1f4dfc7762fe729f1cd7f0a1e0116e0e0e6aca33088b4b71f65b05d0fc37bff2a82f5cc4810ff1129fc59d2b8782b6b3d45fed3c6b605562ca80169e4912d6b3e31ccdbb5d00f4f42d29293afc3b5bcda4a1d81a6096531f8de4c0f1e9aa4587da246128773a02b51e284dddf7635edcc2a29b6762800c10bc8fa962b4be623c84eb4517bfd6b0b5ebf96f1c11bdd0a8e089f1273a313e94c39db498638f2ff68f9e22e127b2859bafd2456cf7cdf50d8bc950d38902f22cbbe4a2c36c3269bb2691b7913b7f025c05442a9ea01ec5b24c7b3ff66c35fe3bcee87e918de4c3932ba16ef1783158225424f7b12c0ab762290afbd584148833b5a1d19dfcde9cf66c29c85790af5cea88d8733e534f0a2d33e8635be49578bad7893490d56f9834d7330dc81e11b4bff2219b3d6a9ea665fb4050e500d01e82f99958993802c18a13799f96bb75cdedec13055b0b43b2a1ad7bb894d07c44122e71aa64d7ddc4350b1dea0148ab59534e93bb0d1d7627515493c2b792a7d90770797680b3213f253640ba260102244470fe17a212d60a3a25baeff58a74d790c3397d9ca2b98317f4b3b8c4858bc5f65fd2976195e4e445e501702f654ef6c673b510d3b0b2e23dd097e5ba0c2013a5bddfe18b834399ebcd9eb8ecd5a77fa0e1a06d0b8037e6898267a4b7094f40f64098558ed6cbde9f7a15a3663a5cdf718b6feaf2e0f6dc8db70047149c6cab522e981b371199dc0fdb1ef0ed1397deea41aa7f06d88004714d53d8309de8058cda8c0b7a2d844de5181d15a9f8105fff4571c03b0b9ddd1cbaf8ccb2119e57c7a6515d0253a327f596779da2138156639055d06e804c7ed1eea9f21b93431c60ea1f138a7645ebd2a0d651f28d931c4faf5363b844dd68d081b15744c684b979cc0ea4fd0369d41385247c25865764eec4869c61b5e989ed56f3764df57f6905b9ec7379d7fe8627b8cdce185ad9ab53db20c3800bda6bbf6a4629e76a670314efc19307370f8fa5e06bff483a1830cf356642954ae67f1dd613b578c2865d6b9950bd7ec951dfc713738fdfe947e40493f431b81e05c16e3e9cf7ca19c0f88f44d0dce1c0d503685608d3d0168e996636d05c886a7a5502a092af2b6c16f4e42f6b491f259e3250ec8d4945669b24d374591d985ef0187987870e8edb5033b4233c23ed46c2ff0627b5ce50c79ad20d6878ee59e0ef99931f5fce2e516f6cdf3b049423be8b79b1b95204d6b10bfdf3ea1fafe8fa0e7ac305ad9e700441530f714a90ce56eb426411d2965814e506b31225a7dc00c4f3e88d24ba389b54445001c9e2a7a4678a36690f8846c93a92977764514a579c339145a2cf16c3b32df9e6962de1f7322cc0522cfdbb8f436e748e664146297634c5e59b91004a5e5ca1cd4d09546c5420a5d7c50840ec9a1620a416ed5f374c68d47bcb38156aaf3e43d62b56c69d024ba76fafcc5d190f876c4555a48d94a213d4ff3cc2dff029345646175cdfcb036522a0587f85d3ecb6d6859d77ca570b28b5b891455295a791656cc9e7f4643d90928e2aed49ebbbc2be240d2f03e42250b7076fca6abd72ec00a584b000f2bdfe74b20f4ce2c62f5aad8aba0b6da3c3fcc7049283a1bfb698d880f59adc6d48f493e11b5697806441998031859c6b3308fc5cdd85a8f76cacad057027fb7f27ba8a5f2bc6cdbaf1b7d5a6d13863f3223879df5b2a1b89e59a7db68aefc790426ed36897955caae003dc4d4a4f72be6003ae71aa70c44048bc3b82326344b0fd8ab9e962c01858af4d20286aaebe3df54177984e13fec0569fd00d1790c55dbe7420a149e493ee150219639aac61a008c2b5ed999736c51d24762dd85ddb9c2348f33ffe85fdf821f969bd88ada7c64b203b3556d0420c30575026421b401b37d23b2847702f9a79ab255a9d8206f925abcf2f86f5060ae34a068e00eeefd8e88aa6bfda3fe0f956d922d1010c1a7a48c09f07613bb8f8ba148a19d3da300cd614e9544ed7e93de38a0c319d8ef8cc86c17b1af0a931e7b41964d6a41ecb5e6b3a30b12a2e4c43ca791425f4c908ea19bbd9e92d59183d27d1f2da3bf4f6ee6cd4f1cbe432db2787d9849d6573e9d60a06748006089a9efeef7426de18a65e01c41480080385a947fccf602a0f6309a3e517dea39b5c6c9c004eea0a125225c82baa862094dc3852ed16345e62e761914fbac3705fa8461b0fe9b0917ba394cdc915e2eb5526793392b2dd6f1f8651d1e82e8ed1ffd05b54c2c7b6c6dd19fbe6f0f8013e97bddd2250fb6614a1538d840b4d06605cdbded8bd8251b0631f0944cc1b7efbe40e16914f905b328d8392ebbc89e382ba300a2dac203a2ee1d81de06a60f786e70ea5af909927909e323b348bcc7a9aa16d90cf48f6d61991f2365d1850a5083995eca9723d7105a703eeaf23419f7b94ebbf2fcb1e99d6f4bcc5e88e6de8350f1f4897d55cade5a998b9ea34d9834f86f292bf60597a3742e131ca9de88fd79e89ffdf9770a6ac7a84da67fd21f205b1fbf155f4013f88258f8ac32e4443a571554d2472a720226e05755e410b06b13c1ec2d3d0a4a12425f22acf65b85159cd09884af75c33ff043a04977b3ac053af956f366f14e540b3cf83db8bd2914fe9577fa975ea3164851b0f3d5d8946143d57137cf35e13f6d9ff1101a5ac96ebf34bf1e1f2211cfd110428cbfabab41531a92c3a087c69b90e2aa7dadffb88687fb251049769a8e8d5a7233e1ba0b7c8c9f33efdffb7db42d1ba690e6fb414eac93be63cf5a293581f8b17e22c47d69a0f437837b0013d60f480eb7855e31cdf5c8e4299529c20a6f06f05858895ce23ee08da5c22ee2f8815b56fced489285b38c3d51ccc91f708300f67f246b8d83909853d18446d14c478d8f01498af4b2052f4c56a6a1af6099010a8469c17729cbeae7c1f164ce214195c724a4f0def388d64a69b586d0a150dfbfc3144e6bf5af46b0778be1e3a4ca6633bc8abfb43c3d859dc6b06cf3ff5a4bd7369f36a762cab56f480f760f543b7abe43be7e4aadbf175aa019328bc76de3a9161bc681cf6933a6600caa2b298a0a5d1f1e0dca6093cabddbeede5eb883f5ffb90096dcd8738db0714cb4e308602d18e14361ddf4f86a6168ff965cb7d965e3e745c761570c6a814a3bf4653f67828d0e4fdab43bba925d5c8c70c34cbe4866ca7023965d60f67bbeeb98dcb017e0e4f70e67f1cb63193b86af5497fceba51eafb9a4e23c9c8c9931e12a3ab89fa666c8042ebc012cef62faf56b572bcc766881356372be00c1224908904f0eac655f837b3854c82bc0646517bc4328cadd347a624d35c752a1f2406f5d2a44cf63fc69a19d3be5de3f34b9ee864cab4d080ca38ea9d01f5bec9afd16d465764842f80a1ae360fe781f97a6627188263492d092646ee95e7f9b3497aa6354ce168080af7190dc2e9ff1b855e5cfea2b7d2a53d4c2ba02f569fabe24cd3d3269f58c33b87629abcb7deb7847dfffdb3b5a1110eeb9d7d321ca6992309ed0d5ca47da760e320f36109bcb78906c5db4364fba0f3ca9fb2c17464d560dd4531c542f58b614ba38aa1e589616b53586276a1a9a14c6a109d48e6a97091b722d08c508823605aafae39ed04af0688c1a6fbca14124899c81986cf56472ddfb09416673db3dedef67216886e4eab772daaaae159cbda81cc82a93a8a96626840ab4c47421ca11b2f4d2f9539003bf198eddad45c5e320c52f10dc7e2200c8f0cfd29428dc09562e835be53ea84341aec6350e7752d751cb820d3cd96fe1891b30a2d9cc0bc7859333527224ba04fa2e8b04a5add65394eddd967b6550793447d964a481a0d6de8486f6407af7c16e81c12c8cb5ccc2c2ef1d8c6680dd2387cddf5416b60854cf6d047582392519bb631a9833adf0e091c4c3de9f44422b754a87774e40acc91d4a745bcfd2041934dc230b905a1f11b6ab97011d9c1917536a188e8787237b58388f0ecce8cbf008a1dee4e22aec697bcd1c51fff951953c5cf149d73f2e5f746450bd52ff52b0ff5ece45ffaeea95ae0175c4926ef2a3d6404f9ac29efa83cc000e938dace420057b2bf7a06982c173c6a5316f85fcd1f4e944376d43bc9de74f71204dcbd12cf62457fbaf1a815d4eb9a1316ca650e14bd1edd4e173d6d6429a205a28fd3dd4f9456e596da6f07629d2c90ab524270a645748cfd4199a40052229b364baaa1a67ca9474a1ac9e5465786496423d15f4d842f73774dfadd6ddb6501bf486188395f9560588a996aab93e4662f52d7dccc41ec7e8bec43e90523290f27e910c98113534b2f46894718bd75d69b5ba8028e6620e9d012c8dd797e057627ef91450e7534553e8a8a80235300ba0d9368afc8ed977a93cbca0eaab8b033cfdbb71f1f18a013799814e6af96f90680390555095426b226558650f5fd6ab841d2875a7e95c67a9a55ca3c134c5e49cfe14b5ffa23283e0f0229f986c7eaa3401ba76555e0f48f0e8be78363a68e7ee25a23ebf280f65ce6f7a487f3ca5eb19b841910854268c9bea7e317ee31ab4b402d2536458f40a22dd8f6112392ea5c26e5527e613f324f61599fccb052442f63196bb631b27ad28ad8db5e472f8d459c4ea7057939e87f5bec7a70f926fb38ce56467a1aec69c2fc194611c3dfc80b887af2267eb4f236d969527c37e3fc91c57df0a40efeaa9d934954f730602cd9de4bd7bfebaa79e9b42ddef50b6a56cbde35c1c9c2ec6a75c09f0fd676f39b58dd9fe50366fa971ab572d9d42af7f6992813fe6e74c89015f88364a5ba56dcb604a07b98a3cc85e0b7c847a2baae6e7c920264fd911f1eaef30c8d80bf9b3d4b185ca04be917117661bec9c1b5588c0aa3d634fa2a25f591030170decaa8b163add78632e0de655657d5a0ff680a27a7d78baf56758a3b14f2ad501fd8ef1be3260e70268ef84fbaa9c6050e4d8de6015485b272ccf583a9249c237d41a865480c202b3b19763134c433edaf4ae243a30f025dbcc398163696985adf999c2c9ec7a233950f70d1009c6c20a9aff070745ecbea996cf241ef77720d52cf5a7f32dc6f1e9721b746f5b85d2e9b4fb7aa91fdafab25441a1ef036af0a4cd0716b161340befa29574cc3005909bb6a5b5acaaab47cb14552792307f85bdff754061d8338dd8082c713bf5b82cb7d62302d7812aca309ffc4b556f280a5c020c025966b23487272c6755c387d8db0d4bf554ade800c69388192a4412ccd7479658b5be55bf55413cb396e2a17e72074c4af329db22c8f8707908babde2596fdd2c3697a5ee62dec3c04d569bdea636b3739eac5716e6a49b6375fbdd3bf8cd53831261cfbea0853c18591340b208624cf2647a32f0b1dbc10d3182c69bbe17aa893df28", @ANYRESDEC, @ANYRESHEX=r2, @ANYRES64, @ANYRESDEC, @ANYBLOB="2c66736d616769633d3078303030303030303030303030666666662c736d61636b66737472616e736d7574653d7365637479e60d7218a51900000008000000000000000000002c00"]) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, 0x0, 0x0) dup2(r0, r1) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_script(r1, &(0x7f0000000300)={'#! ', './file0'}, 0xb) 19:45:55 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:45:55 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="071dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:45:55 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="031dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1390.755022] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1390.755022] program syz-executor.7 not setting count and/or reply_len properly [ 1390.775016] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1390.775016] program syz-executor.0 not setting count and/or reply_len properly [ 1390.778371] kauditd_printk_skb: 58 callbacks suppressed [ 1390.778384] audit: type=1326 audit(1718135155.605:1771): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=24774 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1390.780369] FAULT_INJECTION: forcing a failure. [ 1390.780369] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1390.783784] CPU: 0 PID: 24773 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1390.784548] audit: type=1326 audit(1718135155.611:1772): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=24774 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1390.784913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1390.784921] Call Trace: [ 1390.784948] dump_stack+0x107/0x167 [ 1390.784970] should_fail.cold+0x5/0xa [ 1390.789558] copy_page_from_iter+0x40a/0x900 [ 1390.790234] blk_rq_map_user_iov+0x138b/0x1a60 [ 1390.790915] ? perf_trace_lock+0xac/0x490 [ 1390.791532] ? __lockdep_reset_lock+0x180/0x180 [ 1390.792230] ? __lockdep_reset_lock+0x180/0x180 [ 1390.792909] ? blk_rq_unmap_user+0x750/0x750 [ 1390.793567] ? find_held_lock+0x2c/0x110 [ 1390.794173] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1390.794949] ? lock_downgrade+0x6d0/0x6d0 [ 1390.795553] ? import_single_range+0x24d/0x2e0 [ 1390.796229] blk_rq_map_user+0x103/0x170 [ 1390.796826] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1390.797531] ? alloc_pages_current+0x18f/0x280 [ 1390.798208] ? sg_build_indirect.isra.0+0x448/0x710 [ 1390.798948] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1390.799727] ? sg_build_indirect.isra.0+0x710/0x710 [ 1390.800461] ? vprintk_func+0x93/0x140 [ 1390.801037] ? record_print_text.cold+0x16/0x16 [ 1390.801729] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1390.802492] sg_write.part.0+0x69e/0xaa0 [ 1390.803099] ? sg_new_write.isra.0+0x770/0x770 [ 1390.803805] ? find_held_lock+0x2c/0x110 [ 1390.804414] ? __might_fault+0xd3/0x180 [ 1390.804703] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1390.804703] program syz-executor.6 not setting count and/or reply_len properly [ 1390.805013] ? lock_downgrade+0x6d0/0x6d0 [ 1390.805047] ? _cond_resched+0x12/0x80 [ 1390.805066] ? inode_security+0x107/0x140 [ 1390.805091] ? avc_policy_seqno+0x9/0x70 [ 1390.808245] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1390.808245] program syz-executor.4 not setting count and/or reply_len properly [ 1390.808336] ? selinux_file_permission+0x92/0x520 [ 1390.808364] ? security_file_permission+0x24e/0x570 [ 1390.812395] sg_write+0x87/0x120 [ 1390.812903] do_iter_write+0x482/0x670 [ 1390.813495] ? import_iovec+0x83/0xb0 [ 1390.814065] vfs_writev+0x1ae/0x620 [ 1390.814606] ? vfs_iter_write+0xa0/0xa0 [ 1390.815191] ? __fget_files+0x26d/0x4c0 [ 1390.815786] ? lock_downgrade+0x6d0/0x6d0 [ 1390.816406] ? find_held_lock+0x2c/0x110 [ 1390.817025] ? __fget_files+0x296/0x4c0 [ 1390.817620] ? __fget_light+0xea/0x290 [ 1390.818208] do_writev+0x139/0x300 [ 1390.818737] ? vfs_writev+0x620/0x620 [ 1390.819303] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1390.820067] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1390.820821] do_syscall_64+0x33/0x40 [ 1390.821369] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1390.822119] RIP: 0033:0x7f3e10b72b19 [ 1390.822661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1390.825315] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1390.826428] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1390.827465] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1390.828500] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1390.829542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1390.830579] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1390.835024] FAT-fs (loop3): bogus number of reserved sectors [ 1390.835577] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1390.839932] audit: type=1326 audit(1718135155.661:1773): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=24774 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1390.852402] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1390.852402] program syz-executor.6 not setting count and/or reply_len properly [ 1390.857022] audit: type=1326 audit(1718135155.662:1774): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=24774 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1390.859225] audit: type=1326 audit(1718135155.675:1775): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=24774 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:45:55 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="081dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:45:55 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 42) 19:45:55 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="021dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1390.936793] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1390.936793] program syz-executor.0 not setting count and/or reply_len properly [ 1390.942427] FAULT_INJECTION: forcing a failure. [ 1390.942427] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1390.943515] CPU: 1 PID: 24894 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1390.944282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1390.945018] Call Trace: [ 1390.945267] dump_stack+0x107/0x167 [ 1390.945611] should_fail.cold+0x5/0xa [ 1390.945968] copy_page_from_iter+0x40a/0x900 [ 1390.946378] blk_rq_map_user_iov+0x138b/0x1a60 [ 1390.946802] ? perf_trace_lock+0xac/0x490 [ 1390.947181] ? __lockdep_reset_lock+0x180/0x180 [ 1390.947602] ? __lockdep_reset_lock+0x180/0x180 [ 1390.948021] ? blk_rq_unmap_user+0x750/0x750 [ 1390.948462] ? find_held_lock+0x2c/0x110 [ 1390.948838] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1390.949318] ? lock_downgrade+0x6d0/0x6d0 [ 1390.949702] ? import_single_range+0x24d/0x2e0 [ 1390.950123] blk_rq_map_user+0x103/0x170 [ 1390.950489] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1390.950919] ? alloc_pages_current+0x18f/0x280 [ 1390.951326] ? sg_build_indirect.isra.0+0x448/0x710 [ 1390.951779] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1390.952259] ? sg_build_indirect.isra.0+0x710/0x710 [ 1390.952722] ? vprintk_func+0x93/0x140 [ 1390.953078] ? record_print_text.cold+0x16/0x16 [ 1390.953502] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1390.953963] ? trace_hardirqs_on+0x5b/0x180 [ 1390.954452] sg_write.part.0+0x69e/0xaa0 [ 1390.954828] ? sg_new_write.isra.0+0x770/0x770 [ 1390.955242] ? find_held_lock+0x2c/0x110 [ 1390.955624] ? __might_fault+0xd3/0x180 [ 1390.955987] ? lock_downgrade+0x6d0/0x6d0 [ 1390.956377] ? _cond_resched+0x12/0x80 [ 1390.956738] ? inode_security+0x107/0x140 [ 1390.957117] ? avc_policy_seqno+0x9/0x70 [ 1390.957489] ? selinux_file_permission+0x92/0x520 [ 1390.957931] ? security_file_permission+0x24e/0x570 [ 1390.958375] sg_write+0x87/0x120 [ 1390.958689] do_iter_write+0x482/0x670 [ 1390.959041] ? import_iovec+0x83/0xb0 [ 1390.959391] vfs_writev+0x1ae/0x620 [ 1390.959722] ? vfs_iter_write+0xa0/0xa0 [ 1390.960080] ? __fget_files+0x26d/0x4c0 [ 1390.960436] ? lock_downgrade+0x6d0/0x6d0 [ 1390.960807] ? find_held_lock+0x2c/0x110 [ 1390.961181] ? __fget_files+0x296/0x4c0 [ 1390.961556] ? __fget_light+0xea/0x290 [ 1390.961906] do_writev+0x139/0x300 [ 1390.962229] ? vfs_writev+0x620/0x620 [ 1390.962573] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1390.963045] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1390.963505] do_syscall_64+0x33/0x40 [ 1390.963844] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1390.964302] RIP: 0033:0x7f3e10b72b19 [ 1390.964637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1390.966271] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1390.966945] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1390.967587] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1390.968219] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1390.968219] program syz-executor.7 not setting count and/or reply_len properly [ 1390.969582] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1390.969590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1390.969597] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:45:55 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="041dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:45:55 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = syz_io_uring_setup(0xfffffffd, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x10, r1, 0x0) mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg$inet6(r0, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000001c0)="4bc702854e3954b59347985ccc868289d3fe483d2c0900a2a1d12e33a66529e1f276fef452632dfa3c004ce3be84a5f66c29cd4ec39ae5206562fbc9ea3c0dbbebc22e628e147b0e9631f19b0ce0a48e0e675b2da3442226b898f1ddf8eabf133ab4a9cb0999c2ee1d3bd36d089b0d8e97ea00d4c5f6ad14dce058d595aacba2d587ff5eacd81b71a73f53ed276d1f3b3384bb2bfba4e0f37302e690df9e7024378ac754ac0576f996f3ee53d1034c7720767ddf2625817532f7ae89103367b73a36152b84c38bc227ba9e9ff48bcfe027585cf14bff37a888", 0xd9}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0x7, @local, 0xfffffffd}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000002c0)="1798a257a2c32ab567887a3554ee5712b547e3da68b82eb58fe564d5f812bc3e9808d5178a243d176870d238dad07e443630ca0050bb74b1e72f38f8f1fb54e696902efb64508f34", 0x48}], 0x1, &(0x7f0000000640)=[@hoplimit={{0x14, 0x29, 0x34, 0x1}}, @hopopts_2292={{0x118, 0x29, 0x36, {0x3a, 0x1f, '\x00', [@pad1, @generic={0x5, 0xf4, "3cfdc6302b18d5eef81867bdf56da53fa182672a531e2c5e11596687e940cea16ef90321f6aa5981a6e3fe6d75b7f6b169d4e9c7ea5248cf85e516fc1410c556c1cb4300177f58c642bed65a0803851df3cc65e5aa87ad74a4cd61d9c832df734a9a2a122b6ea169930007575c5bd362faf055c4cb6601984ae96418cf005b5c0e6846e0a57eed850683071a3e862860d55be6e450bdc87f523e5c45b3b6d1d6a226ebf3f9b107b5f34ba63b5d2d1cd78a4d58ab213981845f0daaa349d525f10c46b66731f805dc00b8373a1a286e74b514ae5fa16274fa2d1f5cc8c9f93b82de970c255b6a16110bb6eeeafad48ea9bef3b568"}]}}}, @hopopts={{0x30, 0x29, 0x36, {0xc, 0x3, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @jumbo={0xc2, 0x4, 0xa6f7}]}}}, @hoplimit={{0x14}}], 0x178}}], 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000480)={@private2}, 0x14) creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000180)) [ 1391.038249] audit: type=1326 audit(1718135155.864:1776): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=24774 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:45:55 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 43) [ 1391.064789] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1391.064789] program syz-executor.0 not setting count and/or reply_len properly [ 1391.066726] FAULT_INJECTION: forcing a failure. [ 1391.066726] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1391.068085] CPU: 1 PID: 24992 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1391.068674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1391.069373] Call Trace: [ 1391.069612] dump_stack+0x107/0x167 [ 1391.069922] should_fail.cold+0x5/0xa [ 1391.070248] copy_page_from_iter+0x40a/0x900 [ 1391.070629] blk_rq_map_user_iov+0x138b/0x1a60 [ 1391.071038] ? perf_trace_lock+0xac/0x490 [ 1391.071398] ? __lockdep_reset_lock+0x180/0x180 [ 1391.071795] ? blk_rq_unmap_user+0x750/0x750 [ 1391.072181] ? find_held_lock+0x2c/0x110 [ 1391.072540] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1391.073000] ? lock_downgrade+0x6d0/0x6d0 [ 1391.073350] ? import_single_range+0x24d/0x2e0 [ 1391.073746] blk_rq_map_user+0x103/0x170 [ 1391.074086] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1391.074485] ? alloc_pages_current+0x18f/0x280 [ 1391.074872] ? sg_build_indirect.isra.0+0x448/0x710 [ 1391.075301] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1391.075751] ? sg_build_indirect.isra.0+0x710/0x710 [ 1391.076177] ? vprintk_func+0x93/0x140 [ 1391.076520] ? record_print_text.cold+0x16/0x16 [ 1391.076921] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1391.077160] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1391.077160] program syz-executor.4 not setting count and/or reply_len properly [ 1391.077350] ? trace_hardirqs_on+0x5b/0x180 [ 1391.077381] sg_write.part.0+0x69e/0xaa0 [ 1391.077394] ? sg_new_write.isra.0+0x770/0x770 [ 1391.077409] ? find_held_lock+0x2c/0x110 [ 1391.077424] ? __might_fault+0xd3/0x180 [ 1391.077444] ? lock_downgrade+0x6d0/0x6d0 [ 1391.081775] ? _cond_resched+0x12/0x80 [ 1391.082103] ? inode_security+0x107/0x140 [ 1391.082456] ? avc_policy_seqno+0x9/0x70 [ 1391.082796] ? selinux_file_permission+0x92/0x520 [ 1391.083206] ? security_file_permission+0x24e/0x570 [ 1391.083626] sg_write+0x87/0x120 [ 1391.083919] do_iter_write+0x482/0x670 [ 1391.084253] ? import_iovec+0x83/0xb0 [ 1391.084583] vfs_writev+0x1ae/0x620 [ 1391.084894] ? vfs_iter_write+0xa0/0xa0 [ 1391.085229] ? __fget_files+0x26d/0x4c0 [ 1391.085578] ? lock_downgrade+0x6d0/0x6d0 [ 1391.085929] ? find_held_lock+0x2c/0x110 [ 1391.086286] ? __fget_files+0x296/0x4c0 [ 1391.086630] ? __fget_light+0xea/0x290 [ 1391.086964] do_writev+0x139/0x300 [ 1391.087269] ? vfs_writev+0x620/0x620 [ 1391.087596] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1391.088040] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1391.088468] do_syscall_64+0x33/0x40 [ 1391.088782] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1391.089210] RIP: 0033:0x7f3e10b72b19 [ 1391.089532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1391.091050] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1391.091692] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1391.092286] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1391.092877] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1391.093476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1391.094079] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1391.096808] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1391.096808] program syz-executor.6 not setting count and/or reply_len properly 19:46:09 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="051dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:09 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:46:09 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 44) [ 1404.674623] audit: type=1326 audit(1718135169.501:1777): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.677217] audit: type=1326 audit(1718135169.504:1778): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.680324] audit: type=1326 audit(1718135169.507:1779): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:46:09 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="031dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:09 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="091dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:09 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[]) symlinkat(&(0x7f00000001c0)='./file0\x00', r0, &(0x7f0000000180)='./file1\x00') unlinkat(r0, &(0x7f0000000000)='./file1\x00', 0x0) 19:46:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000", 0x15, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:46:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140), 0x0, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1404.709873] sg_write: 1 callbacks suppressed [ 1404.710357] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1404.710357] program syz-executor.4 not setting count and/or reply_len properly [ 1404.713706] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1404.713706] program syz-executor.7 not setting count and/or reply_len properly [ 1404.718005] audit: type=1326 audit(1718135169.542:1780): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.745018] FAT-fs (loop3): bogus number of reserved sectors [ 1404.746166] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1404.761828] audit: type=1326 audit(1718135169.587:1781): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.764250] audit: type=1326 audit(1718135169.588:1782): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.769131] audit: type=1326 audit(1718135169.595:1783): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.771699] audit: type=1326 audit(1718135169.596:1784): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.777472] audit: type=1326 audit(1718135169.596:1785): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.783097] audit: type=1326 audit(1718135169.598:1786): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25104 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1404.794130] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1404.794130] program syz-executor.6 not setting count and/or reply_len properly [ 1404.809552] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1404.809552] program syz-executor.0 not setting count and/or reply_len properly 19:46:09 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0a1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:09 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="041dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:09 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000080)='./file0\x00', 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x2, 0x3) readlinkat(r1, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=""/143, 0x8f) [ 1404.858316] FAULT_INJECTION: forcing a failure. [ 1404.858316] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1404.859646] CPU: 0 PID: 25119 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1404.860472] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1404.861243] Call Trace: [ 1404.861504] dump_stack+0x107/0x167 [ 1404.861850] should_fail.cold+0x5/0xa [ 1404.862203] copy_page_from_iter+0x40a/0x900 [ 1404.862610] blk_rq_map_user_iov+0x138b/0x1a60 [ 1404.863030] ? perf_trace_lock+0xac/0x490 [ 1404.863411] ? trace_hardirqs_on+0x5b/0x180 [ 1404.863811] ? blk_rq_unmap_user+0x750/0x750 [ 1404.864230] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1404.864742] ? kcov_remote_stop+0x310/0x310 [ 1404.865133] ? import_single_range+0x24d/0x2e0 [ 1404.865556] blk_rq_map_user+0x103/0x170 [ 1404.865927] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1404.866349] ? alloc_pages_current+0x18f/0x280 [ 1404.866761] ? sg_build_indirect.isra.0+0x448/0x710 [ 1404.867218] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1404.867693] ? sg_build_indirect.isra.0+0x710/0x710 [ 1404.868156] ? vprintk_func+0x93/0x140 [ 1404.868503] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1404.868503] program syz-executor.4 not setting count and/or reply_len properly [ 1404.868538] ? record_print_text.cold+0x16/0x16 [ 1404.871449] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1404.871900] ? trace_hardirqs_on+0x5b/0x180 [ 1404.872304] sg_write.part.0+0x69e/0xaa0 [ 1404.872675] ? sg_new_write.isra.0+0x770/0x770 [ 1404.873109] ? find_held_lock+0x2c/0x110 [ 1404.873486] ? __might_fault+0xd3/0x180 [ 1404.873854] ? lock_downgrade+0x6d0/0x6d0 [ 1404.874235] ? _cond_resched+0x12/0x80 [ 1404.874594] ? inode_security+0x107/0x140 [ 1404.874970] ? avc_policy_seqno+0x9/0x70 [ 1404.875331] ? selinux_file_permission+0x92/0x520 [ 1404.875787] ? security_file_permission+0x24e/0x570 [ 1404.876250] sg_write+0x87/0x120 [ 1404.876557] do_iter_write+0x482/0x670 [ 1404.876910] ? import_iovec+0x83/0xb0 [ 1404.877260] vfs_writev+0x1ae/0x620 [ 1404.877590] ? vfs_iter_write+0xa0/0xa0 [ 1404.877946] ? __fget_files+0x26d/0x4c0 [ 1404.878312] ? lock_downgrade+0x6d0/0x6d0 [ 1404.878695] ? find_held_lock+0x2c/0x110 [ 1404.879067] ? __fget_files+0x296/0x4c0 [ 1404.879435] ? __fget_light+0xea/0x290 [ 1404.879801] do_writev+0x139/0x300 [ 1404.880122] ? vfs_writev+0x620/0x620 [ 1404.880469] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1404.880936] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1404.881397] do_syscall_64+0x33/0x40 [ 1404.881750] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1404.882229] RIP: 0033:0x7f3e10b72b19 [ 1404.882563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.884207] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1404.884905] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1404.885568] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1404.886215] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1404.886844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1404.887491] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1404.911284] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1404.911284] program syz-executor.7 not setting count and/or reply_len properly 19:46:09 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 45) 19:46:09 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="061dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:09 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="051dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:09 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0d1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1405.070353] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1405.070353] program syz-executor.0 not setting count and/or reply_len properly [ 1405.076802] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1405.076802] program syz-executor.6 not setting count and/or reply_len properly [ 1405.085302] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1405.085302] program syz-executor.4 not setting count and/or reply_len properly [ 1405.089430] FAULT_INJECTION: forcing a failure. [ 1405.089430] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.090428] CPU: 0 PID: 25364 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1405.090993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.091661] Call Trace: [ 1405.091889] dump_stack+0x107/0x167 [ 1405.092190] should_fail.cold+0x5/0xa [ 1405.092504] copy_page_from_iter+0x40a/0x900 [ 1405.092871] blk_rq_map_user_iov+0x138b/0x1a60 [ 1405.093253] ? perf_trace_lock+0xac/0x490 [ 1405.093621] ? __lockdep_reset_lock+0x180/0x180 [ 1405.094010] ? __lockdep_reset_lock+0x180/0x180 [ 1405.094390] ? blk_rq_unmap_user+0x750/0x750 [ 1405.094752] ? find_held_lock+0x2c/0x110 [ 1405.095089] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1405.095521] ? lock_downgrade+0x6d0/0x6d0 [ 1405.095862] ? import_single_range+0x24d/0x2e0 [ 1405.096236] blk_rq_map_user+0x103/0x170 [ 1405.096569] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1405.096959] ? alloc_pages_current+0x18f/0x280 [ 1405.097330] ? sg_build_indirect.isra.0+0x448/0x710 [ 1405.097749] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1405.098185] ? sg_build_indirect.isra.0+0x710/0x710 [ 1405.098590] ? vprintk_func+0x93/0x140 [ 1405.098912] ? record_print_text.cold+0x16/0x16 [ 1405.099294] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1405.099706] ? trace_hardirqs_on+0x5b/0x180 [ 1405.100074] sg_write.part.0+0x69e/0xaa0 [ 1405.100407] ? sg_new_write.isra.0+0x770/0x770 [ 1405.100776] ? find_held_lock+0x2c/0x110 [ 1405.101112] ? __might_fault+0xd3/0x180 [ 1405.101431] ? lock_downgrade+0x6d0/0x6d0 [ 1405.101779] ? _cond_resched+0x12/0x80 [ 1405.102100] ? inode_security+0x107/0x140 [ 1405.102438] ? avc_policy_seqno+0x9/0x70 [ 1405.102767] ? selinux_file_permission+0x92/0x520 [ 1405.103160] ? security_file_permission+0x24e/0x570 [ 1405.103563] sg_write+0x87/0x120 [ 1405.103841] do_iter_write+0x482/0x670 [ 1405.104162] ? import_iovec+0x83/0xb0 [ 1405.104474] vfs_writev+0x1ae/0x620 [ 1405.104771] ? vfs_iter_write+0xa0/0xa0 [ 1405.105092] ? __fget_files+0x26d/0x4c0 [ 1405.105412] ? lock_downgrade+0x6d0/0x6d0 [ 1405.105750] ? find_held_lock+0x2c/0x110 [ 1405.106085] ? __fget_files+0x296/0x4c0 [ 1405.106412] ? __fget_light+0xea/0x290 [ 1405.106730] do_writev+0x139/0x300 [ 1405.107021] ? vfs_writev+0x620/0x620 [ 1405.107332] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.107754] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.108171] do_syscall_64+0x33/0x40 [ 1405.108472] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.108881] RIP: 0033:0x7f3e10b72b19 [ 1405.109184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.110645] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1405.111263] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1405.111835] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1405.112412] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.112987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.113568] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:46:09 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() getpgid(r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[{0x200, 0x2, 0x1, 0x5}, {0x9, 0x4, 0x0, 0x6}, {0x8000, 0x3, 0x7f, 0xf8b}, {0x7, 0x0, 0xfc}, {0x9, 0x0, 0x6f, 0x8}]}) kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) setpgid(r2, r4) ptrace(0x10, r3) r5 = fork() tkill(r5, 0x3f) wait4(r5, 0x0, 0x8, 0x0) [ 1405.124836] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1405.124836] program syz-executor.7 not setting count and/or reply_len properly 19:46:09 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="041dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:10 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="071dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0xf90}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x98, 0x1, 0x1, 0x801, 0x0, 0x0, {0xf, 0x0, 0x9}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x81}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3}, @CTA_PROTOINFO={0x38, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x34, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x20, 0xfd}}, @CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x1, 0x76}}, @CTA_PROTOINFO_TCP_FLAGS_ORIGINAL={0x6, 0x4, {0x3, 0x1}}, @CTA_PROTOINFO_TCP_STATE={0x5}, @CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5, 0x2, 0x8a}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0x80}]}}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}, @CTA_TUPLE_MASTER={0x18, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4000010}, 0x8011) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x18, 0x109, 0x0, 0x0, {0xa}, [@typed={0x8, 0x600, 0x0, 0x0, @u32}]}, 0x1c}}, 0x4096) 19:46:23 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="061dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 46) 19:46:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="3e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) syz_io_uring_setup(0x52e, &(0x7f0000000080)={0x0, 0xe51c, 0x4, 0x0, 0x6b}, &(0x7f0000ff3000/0xd000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x1, 0x2004, @fd, 0x200, &(0x7f0000000280)="5db46c79b2c54ee01a8a2ded9887f35519d839e147ba533153eee3f59c58dae017140f2824373e6554eac869e92095a39bea8286f5ff1b300c02f711fb9d3429b50581a3804326aa407041fff31f57a665e7c8e9050677dc1ab4a4ba82914c4720f537b85f7c6bdebf24b13f9a78cd5ea86840048c16bf7707d6c4867f3bc8bbb98dc19540117e94d6a38649bda3faa88b11c035a0b5bc6c2c77f038719ef951c3787b12673ee524329fb496beff92f8b89a80efeaa1e2d064f4ecbe1ac21c1b7d20c761a6ba87249f41ff3f50eb", 0xce, 0x1}, 0x5) r5 = fork() tkill(r5, 0x3f) wait4(r5, &(0x7f0000000200), 0x80000000, &(0x7f0000000380)) wait4(r5, 0x0, 0x8, 0x0) 19:46:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="081dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140), 0x0, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:46:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000", 0x15, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1418.385785] kauditd_printk_skb: 16 callbacks suppressed [ 1418.385799] audit: type=1326 audit(1718135183.212:1803): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25569 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.388958] audit: type=1326 audit(1718135183.215:1804): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25569 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.398087] audit: type=1326 audit(1718135183.225:1805): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25569 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.401280] audit: type=1326 audit(1718135183.227:1806): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25569 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.403548] sg_write: 5 callbacks suppressed [ 1418.403568] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.403568] program syz-executor.0 not setting count and/or reply_len properly [ 1418.412697] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.412697] program syz-executor.6 not setting count and/or reply_len properly [ 1418.414314] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.414314] program syz-executor.7 not setting count and/or reply_len properly [ 1418.418742] FAULT_INJECTION: forcing a failure. [ 1418.418742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1418.419857] CPU: 1 PID: 25574 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1418.420488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1418.420669] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.420669] program syz-executor.4 not setting count and/or reply_len properly [ 1418.421230] Call Trace: [ 1418.421248] dump_stack+0x107/0x167 [ 1418.421274] should_fail.cold+0x5/0xa [ 1418.424605] copy_page_from_iter+0x40a/0x900 [ 1418.425023] blk_rq_map_user_iov+0x138b/0x1a60 [ 1418.425451] ? perf_trace_lock+0xac/0x490 [ 1418.425844] ? __lockdep_reset_lock+0x180/0x180 [ 1418.426272] ? __lockdep_reset_lock+0x180/0x180 [ 1418.426694] ? blk_rq_unmap_user+0x750/0x750 [ 1418.427101] ? find_held_lock+0x2c/0x110 [ 1418.427481] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1418.427716] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1418.427963] ? lock_downgrade+0x6d0/0x6d0 [ 1418.427973] ? import_single_range+0x24d/0x2e0 [ 1418.427988] blk_rq_map_user+0x103/0x170 [ 1418.428001] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1418.428015] ? alloc_pages_current+0x18f/0x280 [ 1418.428034] ? sg_build_indirect.isra.0+0x448/0x710 [ 1418.428053] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1418.431985] ? sg_build_indirect.isra.0+0x710/0x710 [ 1418.432440] ? vprintk_func+0x93/0x140 [ 1418.432795] ? record_print_text.cold+0x16/0x16 [ 1418.433219] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1418.433692] sg_write.part.0+0x69e/0xaa0 [ 1418.434071] ? sg_new_write.isra.0+0x770/0x770 [ 1418.434489] ? find_held_lock+0x2c/0x110 [ 1418.434860] ? __might_fault+0xd3/0x180 [ 1418.435226] ? lock_downgrade+0x6d0/0x6d0 [ 1418.435618] ? _cond_resched+0x12/0x80 [ 1418.435969] ? inode_security+0x107/0x140 [ 1418.436344] ? avc_policy_seqno+0x9/0x70 [ 1418.436712] ? selinux_file_permission+0x92/0x520 [ 1418.437158] ? security_file_permission+0x24e/0x570 [ 1418.437611] sg_write+0x87/0x120 [ 1418.437932] do_iter_write+0x482/0x670 [ 1418.438291] ? import_iovec+0x83/0xb0 [ 1418.438643] vfs_writev+0x1ae/0x620 [ 1418.438975] ? vfs_iter_write+0xa0/0xa0 [ 1418.439333] ? __fget_files+0x26d/0x4c0 [ 1418.439698] ? lock_downgrade+0x6d0/0x6d0 [ 1418.440077] ? find_held_lock+0x2c/0x110 [ 1418.440452] ? __fget_files+0x296/0x4c0 [ 1418.440815] ? __fget_light+0xea/0x290 [ 1418.441174] do_writev+0x139/0x300 [ 1418.441499] ? vfs_writev+0x620/0x620 [ 1418.441856] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1418.442329] do_syscall_64+0x33/0x40 [ 1418.442666] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1418.443129] RIP: 0033:0x7f3e10b72b19 [ 1418.443468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1418.445099] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1418.445790] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1418.446432] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1418.447077] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1418.447718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1418.448360] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1418.458339] FAT-fs (loop3): bogus number of reserved sectors [ 1418.458915] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1418.475787] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.475787] program syz-executor.4 not setting count and/or reply_len properly 19:46:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="481dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1418.490754] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.490754] program syz-executor.6 not setting count and/or reply_len properly [ 1418.575336] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.575336] program syz-executor.7 not setting count and/or reply_len properly [ 1418.603397] audit: type=1326 audit(1718135183.430:1807): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25569 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.605464] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.605464] program syz-executor.4 not setting count and/or reply_len properly 19:46:23 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="071dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 5: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000180)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7ff}, 0x20, 0x0, 0x0, 0x0, 0x0, 0xa418b6d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_tables_matches\x00') read(r2, &(0x7f00000002c0)=""/225, 0xe1) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x1274, 0x0) getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000280), 0x2) r3 = dup2(r1, r1) r4 = syz_io_uring_complete(0x0) r5 = io_uring_setup(0x1b33, &(0x7f00000003c0)={0x0, 0xc7e7, 0x20, 0x3, 0x175, 0x0, r2}) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r2, 0x2) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000480)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000440)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r5, @ANYBLOB="010049b89c0600001f0000007dbe6669"]) write$binfmt_elf64(r3, &(0x7f0000000840)={{0x7f, 0x45, 0x4c, 0x46, 0x7f, 0x2, 0x6, 0x0, 0xea6, 0x2, 0x3e, 0x1800, 0x3bd, 0x40, 0x31e, 0x7, 0x201, 0x38, 0x2, 0x1f32, 0x1, 0x100}, [], "5563cd9a58df47eb7fe1862c4d6716e03dda73ad79bdf1e9a003bcf3986c50d4e8aa28c957fb3d2f3a377ec19cccee4be2003b4f8551fca880d37a4b", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x97c) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x4a6c80) syz_open_procfs(0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000004c0)={0x0, 0x0, 0x1, 0x0, '\x00', [{0xacb3, 0x4a08, 0xca, 0x200, 0xfff, 0x8}, {0x2, 0x916, 0x2, 0xfffffffffffff800, 0x7, 0x7}], ['\x00']}) syz_open_procfs(0x0, &(0x7f0000000140)='net/ptype\x00') clone3(&(0x7f0000000200)={0x451a6100, &(0x7f00000000c0), 0x0, &(0x7f0000000100), {0x16}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0, 0xffffffffffffffff], 0x2}, 0x58) 19:46:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="091dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1418.621995] audit: type=1326 audit(1718135183.448:1808): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25569 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.652015] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.652015] program syz-executor.6 not setting count and/or reply_len properly 19:46:23 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="081dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="4c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1418.714265] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1418.714265] program syz-executor.6 not setting count and/or reply_len properly 19:46:23 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x1, r3) r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) fcntl$setown(0xffffffffffffffff, 0x8, r4) fork() tkill(0x0, 0x200000f) r6 = fork() r7 = gettid() kcmp(r6, r7, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) wait4(r6, 0x0, 0x2, 0x0) ptrace(0x4208, 0x0) 19:46:23 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 47) [ 1418.801213] audit: type=1326 audit(1718135183.627:1809): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.804466] audit: type=1326 audit(1718135183.628:1810): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.807539] audit: type=1326 audit(1718135183.631:1811): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1418.832169] audit: type=1326 audit(1718135183.631:1812): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:46:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0d1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1418.909293] FAULT_INJECTION: forcing a failure. [ 1418.909293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1418.911077] CPU: 0 PID: 25818 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1418.912078] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1418.913285] Call Trace: [ 1418.913692] dump_stack+0x107/0x167 [ 1418.914233] should_fail.cold+0x5/0xa [ 1418.914794] copy_page_from_iter+0x40a/0x900 [ 1418.915441] blk_rq_map_user_iov+0x138b/0x1a60 [ 1418.916119] ? perf_trace_lock+0xac/0x490 [ 1418.916721] ? __lockdep_reset_lock+0x180/0x180 [ 1418.917403] ? __lockdep_reset_lock+0x180/0x180 [ 1418.918090] ? blk_rq_unmap_user+0x750/0x750 [ 1418.918739] ? find_held_lock+0x2c/0x110 [ 1418.919347] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1418.920120] ? lock_downgrade+0x6d0/0x6d0 [ 1418.920723] ? import_single_range+0x24d/0x2e0 [ 1418.921391] blk_rq_map_user+0x103/0x170 [ 1418.921996] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1418.922687] ? alloc_pages_current+0x18f/0x280 [ 1418.923357] ? sg_build_indirect.isra.0+0x448/0x710 [ 1418.924095] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1418.924871] ? sg_build_indirect.isra.0+0x710/0x710 [ 1418.925590] ? lock_downgrade+0x6d0/0x6d0 [ 1418.926221] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1418.926995] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1418.927726] ? trace_hardirqs_on+0x5b/0x180 [ 1418.928364] ? ___ratelimit+0x1fc/0x440 [ 1418.928953] sg_write.part.0+0x69e/0xaa0 [ 1418.929551] ? sg_new_write.isra.0+0x770/0x770 [ 1418.930228] ? find_held_lock+0x2c/0x110 [ 1418.930831] ? __might_fault+0xd3/0x180 [ 1418.931416] ? lock_downgrade+0x6d0/0x6d0 [ 1418.932037] ? _cond_resched+0x12/0x80 [ 1418.932607] ? inode_security+0x107/0x140 [ 1418.933213] ? avc_policy_seqno+0x9/0x70 [ 1418.933806] ? selinux_file_permission+0x92/0x520 [ 1418.934516] ? security_file_permission+0x24e/0x570 [ 1418.935246] sg_write+0x87/0x120 [ 1418.935747] do_iter_write+0x482/0x670 [ 1418.936321] ? import_iovec+0x83/0xb0 [ 1418.936884] vfs_writev+0x1ae/0x620 [ 1418.937418] ? vfs_iter_write+0xa0/0xa0 [ 1418.938006] ? __fget_files+0x26d/0x4c0 [ 1418.938595] ? lock_downgrade+0x6d0/0x6d0 [ 1418.939218] ? find_held_lock+0x2c/0x110 [ 1418.939823] ? __fget_files+0x296/0x4c0 [ 1418.940419] ? __fget_light+0xea/0x290 [ 1418.940994] do_writev+0x139/0x300 [ 1418.941524] ? vfs_writev+0x620/0x620 [ 1418.942099] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1418.942858] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1418.943608] do_syscall_64+0x33/0x40 [ 1418.944161] entry_SYSCALL_64_after_hwframe+0x67/0xd1 19:46:23 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="091dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1418.944907] RIP: 0033:0x7f3e10b72b19 [ 1418.945584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1418.948294] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1418.949398] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1418.950431] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1418.951485] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1418.952522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1418.953579] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:46:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="681dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 48) 19:46:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="6c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1419.223501] FAULT_INJECTION: forcing a failure. [ 1419.223501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1419.225322] CPU: 0 PID: 26032 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1419.226318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1419.227484] Call Trace: [ 1419.227868] dump_stack+0x107/0x167 [ 1419.228393] should_fail.cold+0x5/0xa [ 1419.228950] copy_page_from_iter+0x40a/0x900 [ 1419.229588] blk_rq_map_user_iov+0x138b/0x1a60 [ 1419.230254] ? perf_trace_lock+0xac/0x490 [ 1419.230985] ? __lockdep_reset_lock+0x180/0x180 [ 1419.231666] ? __lockdep_reset_lock+0x180/0x180 [ 1419.232344] ? blk_rq_unmap_user+0x750/0x750 [ 1419.232999] ? find_held_lock+0x2c/0x110 [ 1419.233600] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1419.234387] ? lock_downgrade+0x6d0/0x6d0 [ 1419.234993] ? import_single_range+0x24d/0x2e0 [ 1419.235666] blk_rq_map_user+0x103/0x170 [ 1419.236263] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1419.236958] ? alloc_pages_current+0x18f/0x280 [ 1419.237648] ? sg_build_indirect.isra.0+0x448/0x710 [ 1419.238412] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1419.239195] ? sg_build_indirect.isra.0+0x710/0x710 [ 1419.239927] ? lock_downgrade+0x6d0/0x6d0 [ 1419.240558] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1419.241327] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1419.242076] ? trace_hardirqs_on+0x5b/0x180 [ 1419.242708] ? ___ratelimit+0x1fc/0x440 [ 1419.243294] sg_write.part.0+0x69e/0xaa0 [ 1419.243888] ? sg_new_write.isra.0+0x770/0x770 [ 1419.244577] ? find_held_lock+0x2c/0x110 [ 1419.245200] ? __might_fault+0xd3/0x180 [ 1419.245788] ? lock_downgrade+0x6d0/0x6d0 [ 1419.246405] ? _cond_resched+0x12/0x80 [ 1419.246993] ? inode_security+0x107/0x140 [ 1419.247613] ? avc_policy_seqno+0x9/0x70 [ 1419.248236] ? selinux_file_permission+0x92/0x520 [ 1419.248946] ? security_file_permission+0x24e/0x570 [ 1419.249692] sg_write+0x87/0x120 [ 1419.250199] do_iter_write+0x482/0x670 [ 1419.250764] ? import_iovec+0x83/0xb0 [ 1419.251336] vfs_writev+0x1ae/0x620 [ 1419.251876] ? vfs_iter_write+0xa0/0xa0 [ 1419.252455] ? __fget_files+0x26d/0x4c0 [ 1419.253058] ? lock_downgrade+0x6d0/0x6d0 [ 1419.253666] ? find_held_lock+0x2c/0x110 [ 1419.254291] ? __fget_files+0x296/0x4c0 [ 1419.254883] ? __fget_light+0xea/0x290 [ 1419.255473] do_writev+0x139/0x300 [ 1419.256001] ? vfs_writev+0x620/0x620 [ 1419.256562] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1419.257322] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1419.258096] do_syscall_64+0x33/0x40 [ 1419.258639] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1419.259379] RIP: 0033:0x7f3e10b72b19 [ 1419.259928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1419.262578] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1419.263679] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1419.264706] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1419.265737] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1419.266770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1419.267808] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:46:38 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140), 0x0, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:46:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000", 0x15, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:46:38 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 49) [ 1434.017704] sg_write: 10 callbacks suppressed [ 1434.017740] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1434.017740] program syz-executor.7 not setting count and/or reply_len properly 19:46:38 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="741dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:38 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="3e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:38 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) r2 = fork() r3 = gettid() kcmp(r2, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x10, r2) ptrace(0x10, 0x0) r4 = fork() ptrace(0x10, r4) r5 = fork() tkill(r5, 0x3f) wait4(r5, 0x0, 0x8, 0x0) fork() 19:46:38 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0d1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:38 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="481dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1434.033426] FAT-fs (loop3): bogus number of reserved sectors [ 1434.034349] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1434.047760] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1434.047760] program syz-executor.6 not setting count and/or reply_len properly [ 1434.056611] kauditd_printk_skb: 2 callbacks suppressed [ 1434.056632] audit: type=1326 audit(1718135198.883:1815): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26041 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1434.073750] audit: type=1326 audit(1718135198.897:1816): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26041 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1434.083086] audit: type=1326 audit(1718135198.900:1817): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26041 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1434.087750] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1434.087750] program syz-executor.4 not setting count and/or reply_len properly [ 1434.096749] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1434.096749] program syz-executor.0 not setting count and/or reply_len properly [ 1434.104643] audit: type=1326 audit(1718135198.900:1818): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26041 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1434.112646] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1434.112646] program syz-executor.5 not setting count and/or reply_len properly [ 1434.120607] audit: type=1326 audit(1718135198.900:1819): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26041 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1434.172051] FAULT_INJECTION: forcing a failure. [ 1434.172051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1434.174563] CPU: 1 PID: 26053 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1434.175574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1434.176771] Call Trace: [ 1434.177172] dump_stack+0x107/0x167 [ 1434.177715] should_fail.cold+0x5/0xa [ 1434.178305] copy_page_from_iter+0x40a/0x900 [ 1434.178963] blk_rq_map_user_iov+0x138b/0x1a60 [ 1434.179643] ? perf_trace_lock+0xac/0x490 [ 1434.180248] ? __lockdep_reset_lock+0x180/0x180 [ 1434.180931] ? __lockdep_reset_lock+0x180/0x180 [ 1434.181614] ? blk_rq_unmap_user+0x750/0x750 [ 1434.182278] ? mark_held_locks+0x9e/0xe0 [ 1434.182878] ? find_held_lock+0x2c/0x110 [ 1434.183480] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1434.184258] ? lock_downgrade+0x6d0/0x6d0 [ 1434.184858] ? import_single_range+0x24d/0x2e0 [ 1434.185528] blk_rq_map_user+0x103/0x170 [ 1434.186144] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1434.186842] ? alloc_pages_current+0x18f/0x280 [ 1434.187510] ? sg_build_indirect.isra.0+0x448/0x710 [ 1434.188251] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1434.189025] ? sg_build_indirect.isra.0+0x710/0x710 [ 1434.189764] ? vprintk_func+0x93/0x140 [ 1434.190357] ? record_print_text.cold+0x16/0x16 [ 1434.191038] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1434.191775] ? trace_hardirqs_on+0x5b/0x180 [ 1434.192419] sg_write.part.0+0x69e/0xaa0 [ 1434.193022] ? sg_new_write.isra.0+0x770/0x770 [ 1434.193695] ? find_held_lock+0x2c/0x110 [ 1434.194322] ? __might_fault+0xd3/0x180 [ 1434.194908] ? lock_downgrade+0x6d0/0x6d0 [ 1434.195554] ? _cond_resched+0x12/0x80 [ 1434.196125] ? inode_security+0x107/0x140 [ 1434.196730] ? avc_policy_seqno+0x9/0x70 [ 1434.197320] ? selinux_file_permission+0x92/0x520 [ 1434.198050] ? security_file_permission+0x24e/0x570 [ 1434.198770] sg_write+0x87/0x120 [ 1434.199274] do_iter_write+0x482/0x670 [ 1434.199853] ? import_iovec+0x83/0xb0 [ 1434.200418] vfs_writev+0x1ae/0x620 [ 1434.200953] ? vfs_iter_write+0xa0/0xa0 [ 1434.201531] ? __fget_files+0x26d/0x4c0 [ 1434.202136] ? lock_downgrade+0x6d0/0x6d0 [ 1434.202743] ? find_held_lock+0x2c/0x110 [ 1434.203349] ? __fget_files+0x296/0x4c0 [ 1434.203946] ? __fget_light+0xea/0x290 [ 1434.204520] do_writev+0x139/0x300 [ 1434.205040] ? vfs_writev+0x620/0x620 [ 1434.205604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1434.206388] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1434.207146] do_syscall_64+0x33/0x40 [ 1434.207697] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1434.208441] RIP: 0033:0x7f3e10b72b19 [ 1434.208989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1434.211656] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1434.212761] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1434.213792] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1434.214849] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1434.215884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1434.216912] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1434.243445] audit: type=1326 audit(1718135199.070:1820): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26041 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1434.246734] audit: type=1326 audit(1718135199.070:1821): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26041 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:46:54 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x0, &(0x7f0000000080)}) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:46:54 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="481dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:54 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="7a1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:54 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 50) 19:46:54 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x40000, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40005, 0x5}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = open(&(0x7f00000002c0)='./file0\x00', 0x2800, 0x80) write(r3, &(0x7f0000000240)="01", 0x1) write$P9_RREADLINK(r1, &(0x7f0000000140)=ANY=[], 0x10) ioctl$GIO_FONTX(r4, 0x4b6b, &(0x7f0000000280)={0x16f, 0xb, &(0x7f0000000340)}) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000140)='ext4\x00', 0x0, r0) openat(0xffffffffffffffff, &(0x7f0000000300)='./file0/file0\x00', 0x650483, 0x120) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) sendmsg$nl_generic(r4, &(0x7f0000001e40)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001e00)={&(0x7f0000000900)={0x1454, 0x2b, 0x4, 0x70bd29, 0x25dfdbfd, {0x11}, [@nested={0xc, 0x80, 0x0, 0x1, [@typed={0x8, 0x29, 0x0, 0x0, @str='!}#\x00'}]}, @generic="222d0bf95cc1aec198aa0c5d1c3daf2991dbe9d21a16f7dad6010689f3a7d1450577a924c95375b06af3a0501691ad43c35e543b4228b84b41f14e24f84fda46d74509931b42bf2a4f80215b49219083616f2b28fb9261b6c582c91fe4886000575781b4e68f9ce575ce6f424db8ce27958773721e8a8a251a7d4ced00125050abbc0d990dbd6b2e9688ddae84bd5ab70e28e890a1cfd16a7a9daaf6c7072528ba183f0fea51e53f745f7c25f1352f7f3daf9ae9c9acc83c34ab7b751591aa988c8faf970c4e832850f519a8fbf30110f77ae102c7daa89cb5", @nested={0xc, 0x4d, 0x0, 0x1, [@typed={0x8, 0x2d, 0x0, 0x0, @ipv4=@rand_addr=0x64010101}]}, @generic="d34abc4471449b208b11b9199c8886bc30d80b5c0e7a6f468df111fe4c68187defe279b5f1510c1eae285ab49efcb9299312d3ff7e2bfaf20715dcd4e063476280e7a1a595b124311c3db7ba06dc4933d3bf986d0737af9dfca976a8f0fbe7baf8ff9854e8bae612ef1f0fc9ce942c85da376bcb20a8871fab01ad8e873c01460e2be51613711acf", @generic="edaa01b7640415990848c2220fe58459ab08e7d068d44aabb8d3377ed0f0696567325d46b577f412d2ef756071907130801e23fcc7f0bd3bb69b66b3ffe30981aa7fe0bda3ca9b4b9a02872ca6f37dcd9969f971f9556b278103dbe9586107408c689b5250a01b42d191de90f45af3f473bacb0a58989a479ec5b2ba1f25a051ca3a823b0f799a2c3ba535a57622da413916528e45a764173354d7b251c025c77eeb7a21022bcb93062cbe56e2e2efa3425fdda79840bf80a0e7e4ebab9d820e3f41a9d893e401707fcaec7758f79299ce45cbc0afb1ade2c5790193714cbe4121b44d1825692190733ebad5fd09c9f510cf5787d4561f3de2744472da955b6ca12fd85293f452ee436b4fb4438789744f3bcffa073e4aeddf11dcde64cf0fd4dacd6331f2f857ab1be4fb331032a72ee7305241ce15774b6a54a35cf00e75e7ffef6070b4951852c32a0e853e890823fef66ce1cff31a4707a89b95ea1221135576177d2f530c794f6a947db829cb81dd365e625a75c8d55b10a0c9e1d9996754efe0bd408717d7f639af7b66e862d5fd45b097ccb91226bceb3c41f4fa4a2b3653bf4e8247b75c9114579e8dfa5cdaa22225728d75fbaf0002b23b068b0f1536b92762750de58b33f8f7610f07ea3895a7b231acdea146e1c4650c0269b1ab3657cc88f188bd0af13fe84821625dbc8d89ccca0707e3d782c44ad88425637e940c89811be62a1fbb0e6f3779f072304c05773bd27a96f784f48f80d0803f447a2c8502cdc6d6b8f516c179da0d46b7c4d6b41d29f290ab94d5ca0d222f4171fc7c5dd71c0681426b13dbc307f1bc046f3bf0a77fdf7a2f663544ddc271e7f5ceffadd1e5e58c2290cacaab7a6f6ccd1b3d4780517afec54d87e8656d218e32b43b7d14da4e889bc5d1711259530a198577eba8aefdc3ce735dedae5f70690c55dd0253626805ac284318e33471c7e3942fc5b8a3ed6e39606dfeafff943ae8433d757512a8b7cc41df93a795f98082cf02c47ffb10558451e5b21786b058b47317e3c2ab460adcec166adc2fddaaeac288e5113055a0f05ec8f23a08462adba807aacff6d39ae904401b2cba74c8a6dd71b421c2da67ca07a0fa1ad5fcfeb171f6dd0a20d4ea15c1706be777621a0d8946ec34b47aa99c31f7aa32c6984f676b12eed9874b8204e94eabc717eb2552405404312e3c4363b7b085b659635e5d33478e849bd1cebe9ab6ea88644be637319dfab51030d36b346ca82f7a8943479a7f6e3978a92619a948baf89715507663067c4b295199f2ef692d6120cf3b0909e6e8a03dc75087f981e32b3868946802c2bfd2467cb00c54c4d802f556851d5aacadf50cb067bda4f4eab6d9cb16181fa29fcfebdb7e12dde2a974802f61d472b0c0040713e74bbd01611800e88555fa23aeaf7cbd6dc7c828575ed67909e03e82d66858e8b23104b5677f346521ccfecd7a3844f2839becb67b22b7ca89fe5f04d42a2fa7669ac2ff010921bf349358232889e9c11bccda277d6e51280e506456cfddbd71859adc193fcc952354dcf038dcf5e16a2305c934272fec7a6ab95fc9d51f18585cff7127e7ffa6cb93ab63aa8360ff31c852b22936ba08a4906164b6a0c77ce7e8c882f5e6823cc041071d4f9d982b0955baef7456dc28d9864cf2c0dd9952aa940505cb2d3453ddd3aa44f98d6780b8f6b6bd3d5ea69d1f5e6268b094a4b8d39f40d71f6f52716123a15aa12cfe6f0a75b4448c5958d868fdca539cb67a1e747744e34ef402c88b48e74b5d586e01cbe25aa9aaafc0896af4db33fd771118816a960ae00b8cd09e5d9e10043a7a56c721129f026567136f4e640973428de1fcbec47a7f5d111c374d59012384d03a842cb880751788b97a74a8ab3be6d4d0f49e07e24504ac4cfb13d1d94a68ff335d61e363ce534812bffffce49b07d3c87c542745e560e2a3b521472b14eb97fa7f2363a06c41bdfba57c05a240b5a335e9478ac31e10ae1d23b119a751eb544225841abf2d28ac1b8c27ad190b2924e3ae0e3f099b3b6dc84d2cc7a0f7f20cd5950e4cb68b818698b23b07f1d27e28384e76906ca7c5c3f283578f006265a5d58b3fd4ad7f4eeadcb4a9be21c9daa5a896241ffdff85f16d28de61d0d0e8e0ccb86667ad11b015d2039451cd33fd96355152dbdc8dd6e7291dd2f69df2d0bd8dc98ebf5be3e301e356bbb84abdf9462abd84c50689b93e322a876d07a9432e69600f9ba623f4de407d0cbf09c1278be322d0eab9e18e17703fcf6fcc5aeb62913ebb66303aa3db2655dc5253afb2c1e7e58f6699cb4d88ad348bfeca5fd44cc54b1841ddc10718ad2db3804c003e1a3f611ae663a275637c3039d529caca9f6450b522b2408c61d72c731670772fa9c6c7c06033fff9bdd0706918e6f6010a8f07b3d77330cb28e832078b9075170b64319580739d8a28512c5d9eb175337d5a01a129b9a362ce6782e5bb46a12ae18cbe54c2c993028baa1ebcc60dbe6106affd50149354dcadcbf475d122ae693a8a61bd6c32db4503f2a5aed94b5b9b7e4e2c0810193b33730787803aa7329788912d0a65deca36546307f8155977bb6951a072c9525fe192a630f4da0abd2361a3e0a4f3ea9b26bd698965571c61302956c57c7a9469a21781651a036c436b04e3fcd4c6473cc7747984f4ec578e2a088809f72e69ff3261f7fb9995720dedb548841093c03bd3234ffa86b5a3d0d0799f6b199a5b7a2a2eddf1d8e4110f9e9a9302589867b7edd95debfd4c60d876620727ab232e87470c7ccf6d4db3edcaca87e32ef9bcd3136fde097a339f7c0d118b889535ecb55b85cece31ffdf67186867a28b6547ca517ff2199c8d0d32f66d0711d813eff1401e17d2ccd6d236e345b4bd3c59afcfc2a4fbf7bb15c815ba3fd099ad73f7b461deb52eaca0abca84d3ccc5bc75b8dffe26f75f17809d0cd76c14d101b7e52cb412090cc519df341d64ff76bf70c9d7514fba8591c5abf29def19094752049ab0f9c1fddb338b1af8667ba9a159076b51cb34545cb8f53d01f9cd71bb2fa92a3daaca353c3fa950d554c60ccefeb8233e658c7f69a03eb53b56165820b6b6b51913a15cb99076cb5cb49b6f55d37be9919b6ead60a43efd7130d84f6988d30b92132f393d51fc13995e48968e45ef7c0ff44008ce37ad883990159f240cbac4ecc09c928ac734de974c73a56ef8d76119d7b507a35acaa9067cb91dc43da5d42c29ab652f0c043cdbbc35c7710c12e8af108e80ebb2ccd341734c6895b08a7af8abd703824c8bdf201f71651a211182ddb30a13cc5e15df47ded46eef76191aad66a8dd1b5d21c7ee642b6893cb4be8b75f31c6d2d2d8403acc61508a52c4a5851c433056b474142c2850d7767a2d4a9da39e6fd6278e2798479284b9ba943bde5852b48e03eb8cc69226d7d799fadf7fa0b2c24b95b665ba27f438d6205e9ab5e495805a735e6217de37bb4b0a52dd73829d07b3d6f2a7f4b27a17e9ea3c1e00130088b0cde7a901552cad15b0c49a7f0c98232694df261b216740c5f84421de07f0da9d40449a3d82142632e5488de83cba23472d98045736b88c40c9720190f7c98eecb56a6943997f11b52bf493ad8a14a9b28fe57b9fe2e3e0eba0935af52be0fcce9e9f979dc8577b6151849de9d6b5523722c898f1aba8069a06d76c07ab823b13abc52d48ae8060d336416b9aa07f446a288f1735f575047c83bd8c06ce32fe9ca409bb86ee8a9eaa3a2287498113fe451fc92f54fdc2fe4a6e2e8f2853d24b0f82f113fa650c4ff971999361d6b86a352c10c2f9da64278fbcc6aff289ac77dc2acad4c9b99db4a89ff8afe9706a27460565fc5230e87f0d50a402d63480783a3ff1ea0d6f5b1b71f1558de935675d41a60ae9a2cfc6e8dcbedb01454a42d462cfe5b47be22e363e7d1b82866a86597bdcf580f154da35dce99b61a1899874b3bef9f4b9f2a50e5fbbb3049dfea529332ab2db9a1ce9e89a883787a7dcc351faafa37ed9e7797225da1da34e3633ae337b27d927b3677b881b16705e86683f196b005fe5645116ff7268f044bdb32696de55cbaa02cb459e790a6d944505af516f646bd46abde6108f6c6c9c954f1db069784a2ed3571f4e34b51a322185964bd1ffea4fc562dc205cf00b4333679eaa246239f1cfd4fbc5138b47fa09b4d3c757f4ff262443f7f3dba57e0e244f7f4ab46b04a12b0a28066d447ecb2da0c1dbba1a9225a3075ff93b9a42a675a4579fc9668a31a0f315d5062c34e63ceaf6612c32d07bc9a79e82d79e5aa2f70d8d6a1934a0dc701b05579c18d1671cebe0cdd93f0c5f280f263f2ec60ee43e914c4ba565eda7330a8ff99cdab4189e8755f71bd4b330c7c9fe995e23b7943fffeae6dad6bfa041283e6a6afcfbaa3f10d1ef7715645b3cd99961d1a9feac18a9af6db27057959ef191e07274f9e70d4b9fdb014799652a148171930db8f7a8efb83e36ea044db74aa987a4e961987d911dbc50001512854fb871d3d29ff0e773bcb9136af196f7ccfde2f7c8f8b7c56f7a4a6f52aae77230a732067e25e7794e1efb576f29f49c28bf7bb067ab4d4022eb24546ff1f32bcab46228f48effdf2ce6e1a5e96e90e7a252cd27cbc39678c1b3d991dc61f03eefed866f9a8d0b9ea6202271ef2babdff1365b498691e34e6ee9b834edfe5a7924c4a54f4b0141d24332e533d6913d47a71d76e4319d4364b6cc8b3d90725d024f7b804f29c3e97ffbc9fb01047782f7afa6bd74606801d61461b9cc8f51a1cf7766bc85ed836630988bade5f806b93671b682fd324a88448d5d6e66a7294a3bad514d937711f78d377eca8ddce2b54e12ae0aa81bb494bbfae968e2b5c4ecc62a7084a4473797cb2cc498e32a28c97a01d7d38743302559278d28ba735056e70dcb6f4be80db56aeb0658a03bfcacb3b8ce213d74126bed28a08d60c24393b283394ee71d04419c5ed2559c9e9ec44a4a19e9184327af847677b7e08f3834f2c3c2afbe330ef7fd176bd83ccace31c43ab40012b69497bf716e7716701550eed7e41100c795b533cdb99d23388e2a64a12b31e9cd172fe2931fed00c6fb3545a7a0581127d813e7bb5695f2c8c11250172582ad8410ffd4765df52ed27f412996327d5bce025f0e647e7aee6c6bc2bcd5ce03d456549f52116565edf2572fc85cb1e5490b17881990d903d3544e5d54cba6ee27478fb07fe22e999f400da97f4dac0d2d5faff494a6e1c43ea15605140594db80a0f276a89d1b3cae488564a31463a87d85ef49cf099440991209ee4878ed3ee444d01b0009c607a039a126c03429612ef56cba5ba667d7786410fbde5c0add3749b581d2b91a2355b2b1241402bcecbbb7330e23412f8b21d2252f00efa6ba78b6ead4667862da2ae6b241616c6cbb7e389d0ee6de6cc5e74065b278ae529578ac14d6d71ff20d0d152cbaf41804542678cdf75bc874c5d76e56e2d79875c824d5bd51d49b95e87253b8ff023e9e941c3b8faea5f598cfe55a7e5f3260f17b04ecb251cef71cb368ecc6e4e6807a1e4fd69826e384f7993b7e2f9fd6e5d39517e74f7c3fe51c179346b151acd04cf617ea310eab48de309d16c30559250a206d95618608f65fad539042267d7bc119c80306230f334b0034b501bcd6599660dbc70e34d72d77fbe7c35c449c99c680b5f53c5d527fd353e482eff0396f3ed27ce38a28b4440e4a8d3c50d6254fe0ae256fe081ae9752fd4d7d7b2c26ebd6432fecdd8d35b06ae9fe", @typed={0xa, 0x63, 0x0, 0x0, @str='\x02.)!:\x00'}, @nested={0x1b0, 0x5, 0x0, 0x1, [@generic="8eacabda76040d021c974e27526ed38055540fa248a6994733fb32ccbb694073d2b241857c39b63fb14ab0d24f20146caf3ffbaa6d371771f24299a2e51f889440ecf6172b8611b263ec67057aba0271f75f36b37546763de5bdf0fb3737967b0edf55590268d252f97a27ea0684093e0d021d57", @typed={0x75, 0x80, 0x0, 0x0, @binary="4d1abe52fffb4b7e96701da35934759938f38ce4c919873fe06cf25027c5b1314a4f3520b0104287edc844a5bc4081197294f12b6e3de57c6b322cd71ece96084debe44264dbb92a614f17e6891ecad40045d3e21f40899453c91f35ad96caf004fc076070862a0a433672a06c5d867371"}, @generic="91bc9f9b4cff319f5ee4319825b2743f8f348367febf6a4ecdc9405ed0ee79c1f9bdd4", @typed={0x8, 0x6, 0x0, 0x0, @u32=0x4681}, @generic="9eb96582e7e8a671bee9e8beb92d8dd954efa5ad231b8aacea9e57", @typed={0x8, 0x3d, 0x0, 0x0, @ipv4=@remote}, @generic="61432ec84865b5198b0ebb3f61ba7a42cfd2cd7eee6297555b4007666e340ad690fb1dd82367817d8a4e8d06a752a1c2c367083ad93ae1a33980756acd6c084486de2c0ed4b7232bbbaeed1d56c8bb6e900de1c8c5900086cd805c399fd8", @typed={0x8, 0x71, 0x0, 0x0, @u32=0x2}, @typed={0x9, 0x1e, 0x0, 0x0, @str='ext4\x00'}]}, @generic="6acb09b6468fb878d6ea701bd7540dda0dc5d7c7584cfc0a4cabc03973cff3ec31da58f42ba886c4d8f60e9f29c301443fe9eb21816f4b0155eeb4a364e8ac57bc4c1b47bc8af6da4f0429aab25892fcfe875c1450887d70983ef645563ac6a005cf31c54cca7c177650a14f8d73f640995a627ec3bee2d518c45e678b07a424789f424d2f8fb51846a7fd27040bcc34c3841d5808fdbf2556ef3a948736ab1046a0312fe7138f127fb8b01e0759f6a468cd171e12eeb5a1c07f4941f4", @generic="fc4826d0510c294a33d956357283fe8950236d0b6b987132ecd2da47c3f2a62789f0a71ae903ef9fd256b3c7c3ffd75a432bb4d5e146931037adf55bf6049e66867b5e1a302e050b5e334410"]}, 0x1454}, 0x1, 0x0, 0x0, 0x4008840}, 0x40000) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000740)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000007c0)=""/125, 0x7d}, {&(0x7f0000000840)=""/70, 0x46}], 0x2}, 0x42) sendfile(r1, r2, 0x0, 0x20d315) 19:46:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:46:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f8", 0x16, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1449.510709] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.510709] program syz-executor.4 not setting count and/or reply_len properly [ 1449.524447] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.524447] program syz-executor.0 not setting count and/or reply_len properly [ 1449.531439] FAT-fs (loop3): bogus number of reserved sectors [ 1449.532595] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1449.534917] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.534917] program syz-executor.7 not setting count and/or reply_len properly [ 1449.544057] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.544057] program syz-executor.6 not setting count and/or reply_len properly [ 1449.563793] audit: type=1326 audit(1718135214.389:1822): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26184 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1449.566322] FAULT_INJECTION: forcing a failure. [ 1449.566322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1449.568547] CPU: 1 PID: 26173 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1449.569917] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1449.571404] Call Trace: [ 1449.571930] dump_stack+0x107/0x167 [ 1449.572643] should_fail.cold+0x5/0xa [ 1449.573275] copy_page_from_iter+0x40a/0x900 [ 1449.574007] blk_rq_map_user_iov+0x138b/0x1a60 [ 1449.574779] ? perf_trace_lock+0xac/0x490 [ 1449.575523] ? __lockdep_reset_lock+0x180/0x180 [ 1449.575944] audit: type=1326 audit(1718135214.398:1823): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26184 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1449.576318] ? __lockdep_reset_lock+0x180/0x180 [ 1449.578984] ? blk_rq_unmap_user+0x750/0x750 [ 1449.579721] ? find_held_lock+0x2c/0x110 [ 1449.580476] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1449.581499] ? lock_downgrade+0x6d0/0x6d0 [ 1449.582228] ? import_single_range+0x24d/0x2e0 [ 1449.583052] blk_rq_map_user+0x103/0x170 [ 1449.583801] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1449.584609] ? alloc_pages_current+0x18f/0x280 [ 1449.585468] ? sg_build_indirect.isra.0+0x448/0x710 [ 1449.586357] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1449.587330] ? sg_build_indirect.isra.0+0x710/0x710 [ 1449.588261] ? vprintk_func+0x93/0x140 [ 1449.588959] ? record_print_text.cold+0x16/0x16 [ 1449.589719] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1449.590553] ? trace_hardirqs_on+0x5b/0x180 [ 1449.591383] sg_write.part.0+0x69e/0xaa0 [ 1449.592090] ? sg_new_write.isra.0+0x770/0x770 [ 1449.592897] ? find_held_lock+0x2c/0x110 [ 1449.593561] ? __might_fault+0xd3/0x180 [ 1449.594251] ? lock_downgrade+0x6d0/0x6d0 [ 1449.594974] ? _cond_resched+0x12/0x80 [ 1449.595594] ? inode_security+0x107/0x140 [ 1449.596262] ? avc_policy_seqno+0x9/0x70 [ 1449.596937] ? selinux_file_permission+0x92/0x520 [ 1449.597722] ? security_file_permission+0x24e/0x570 [ 1449.598551] sg_write+0x87/0x120 [ 1449.599102] do_iter_write+0x482/0x670 [ 1449.599733] ? import_iovec+0x83/0xb0 [ 1449.600367] vfs_writev+0x1ae/0x620 [ 1449.600982] ? vfs_iter_write+0xa0/0xa0 [ 1449.601611] ? __fget_files+0x26d/0x4c0 [ 1449.602247] ? lock_downgrade+0x6d0/0x6d0 [ 1449.602967] ? find_held_lock+0x2c/0x110 [ 1449.603770] ? __fget_files+0x296/0x4c0 [ 1449.604423] ? __fget_light+0xea/0x290 [ 1449.605102] do_writev+0x139/0x300 [ 1449.605717] ? vfs_writev+0x620/0x620 [ 1449.606401] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1449.607305] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1449.608190] do_syscall_64+0x33/0x40 [ 1449.608794] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1449.609741] RIP: 0033:0x7f3e10b72b19 [ 1449.610368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1449.613597] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1449.614910] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1449.616128] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1449.617363] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1449.618563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1449.619825] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1449.623486] audit: type=1326 audit(1718135214.449:1824): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26184 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1449.626623] audit: type=1326 audit(1718135214.449:1825): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26184 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:46:54 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="3e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1449.658960] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue 19:46:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:54 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="4c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:54 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 51) [ 1449.739724] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.739724] program syz-executor.0 not setting count and/or reply_len properly 19:46:54 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) fork() ioctl$BTRFS_IOC_SEND(r4, 0x40489426, &(0x7f0000000100)={{r0}, 0x6, &(0x7f00000000c0)=[0x3, 0x5, 0xe0, 0x8, 0xfff, 0x5], 0x32b1a9be, 0x2, [0x6, 0x1, 0x0, 0x200000000000]}) r5 = fork() tkill(r5, 0x3f) wait4(r5, 0x0, 0x8, 0x0) 19:46:54 executing program 5: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x74) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f00000000c0)='system_u:object_r:hald_keymap_exec_t:s0\x00', 0x28) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000002c0)={0x0, {}, 0x0, {}, 0x81, 0x9, 0xa, 0xc, "5214f84727062306b01a74f0ff7055ea869c0e1e836aab483e18ffe7987486153e2451aab372f30c57b481987c628bd01cda5aacb27f1b68beda2238629809b9", "ce4ca2a25e584478e8d96d338492b929c344e32e69c0f8d4d18367eb40d7e27b", [0x0, 0x6]}) r3 = syz_open_dev$vcsa(&(0x7f0000000240), 0x100000001, 0x110002) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x1a, 0x101, 0x0, 0x0, {}, [@generic="7b828f25ec5b"]}, 0x1c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_MPATH(r6, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040025bd7000fedbdf251500000008000300c50c36c564ee76594012b53ab066054bc6045168c7249c0000005610b5a204b327c1aa818c1748d0dbad506ef88059c4083cb34fb093130b45f8ed24922971361c204194723d4be3ece639d7d153699cdd490d1bf11c1e6339357504f16d830858ab65502272a2aa70a0887c49f7adcb6d", @ANYRES32=r7, @ANYBLOB="0c00990000000000690000000a001a000802110000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000600)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032bbd7000ffdbdf253100000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990001800000790000000800db00", @ANYRES32=r3, @ANYBLOB="08000300", @ANYRES32=r4, @ANYBLOB="0800db00", @ANYRES32=r1, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB="080103003689ce24caad8932fba6c2292a47d9cdf45513ee30355a5d0714c4c3a86e6ca016c88f25d021ffa9156a", @ANYRES32=r7, @ANYBLOB="080001003b000000"], 0x58}, 0x1, 0x0, 0x0, 0x95}, 0x808c0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x3ff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000140)={[{@delalloc}]}) [ 1449.779704] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.779704] program syz-executor.4 not setting count and/or reply_len properly [ 1449.782352] FAULT_INJECTION: forcing a failure. [ 1449.782352] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1449.783431] CPU: 0 PID: 26392 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1449.784048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1449.784769] Call Trace: [ 1449.785004] dump_stack+0x107/0x167 [ 1449.785320] should_fail.cold+0x5/0xa [ 1449.785647] copy_page_from_iter+0x40a/0x900 [ 1449.786043] blk_rq_map_user_iov+0x138b/0x1a60 [ 1449.786439] ? perf_trace_lock+0xac/0x490 [ 1449.786787] ? __lockdep_reset_lock+0x180/0x180 [ 1449.787180] ? __lockdep_reset_lock+0x180/0x180 [ 1449.787570] ? blk_rq_unmap_user+0x750/0x750 [ 1449.787948] ? find_held_lock+0x2c/0x110 [ 1449.788304] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1449.788753] ? lock_downgrade+0x6d0/0x6d0 [ 1449.789109] ? import_single_range+0x24d/0x2e0 [ 1449.789501] blk_rq_map_user+0x103/0x170 [ 1449.789848] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1449.790261] ? alloc_pages_current+0x18f/0x280 [ 1449.790651] ? sg_build_indirect.isra.0+0x448/0x710 [ 1449.791082] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1449.791533] ? sg_build_indirect.isra.0+0x710/0x710 [ 1449.791953] ? vprintk_func+0x93/0x140 [ 1449.792285] ? record_print_text.cold+0x16/0x16 [ 1449.792681] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1449.793113] ? trace_hardirqs_on+0x5b/0x180 [ 1449.793484] sg_write.part.0+0x69e/0xaa0 [ 1449.793829] ? sg_new_write.isra.0+0x770/0x770 [ 1449.794231] ? find_held_lock+0x2c/0x110 [ 1449.794578] ? __might_fault+0xd3/0x180 [ 1449.794916] ? lock_downgrade+0x6d0/0x6d0 [ 1449.795280] ? _cond_resched+0x12/0x80 [ 1449.795610] ? inode_security+0x107/0x140 [ 1449.795962] ? avc_policy_seqno+0x9/0x70 [ 1449.796307] ? selinux_file_permission+0x92/0x520 [ 1449.796719] ? security_file_permission+0x24e/0x570 [ 1449.797140] sg_write+0x87/0x120 [ 1449.797432] do_iter_write+0x482/0x670 [ 1449.797766] ? import_iovec+0x83/0xb0 [ 1449.798103] vfs_writev+0x1ae/0x620 [ 1449.798418] ? vfs_iter_write+0xa0/0xa0 [ 1449.798757] ? __fget_files+0x26d/0x4c0 [ 1449.799101] ? lock_downgrade+0x6d0/0x6d0 [ 1449.799454] ? find_held_lock+0x2c/0x110 [ 1449.799805] ? __fget_files+0x296/0x4c0 [ 1449.800152] ? __fget_light+0xea/0x290 [ 1449.800484] do_writev+0x139/0x300 [ 1449.800785] ? vfs_writev+0x620/0x620 [ 1449.801115] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1449.801554] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1449.801988] do_syscall_64+0x33/0x40 [ 1449.802313] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1449.802745] RIP: 0033:0x7f3e10b72b19 [ 1449.803063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1449.804574] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1449.805215] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1449.805810] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1449.806408] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1449.807005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1449.807594] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1449.811670] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.811670] program syz-executor.7 not setting count and/or reply_len properly [ 1449.834155] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.834155] program syz-executor.6 not setting count and/or reply_len properly [ 1449.838427] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=26411 comm=syz-executor.5 19:46:54 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 52) 19:46:54 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="481dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1449.880591] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.880591] program syz-executor.6 not setting count and/or reply_len properly 19:46:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="00b3abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1449.922770] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1449.922770] program syz-executor.4 not setting count and/or reply_len properly [ 1449.936269] FAULT_INJECTION: forcing a failure. [ 1449.936269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1449.937289] CPU: 1 PID: 26469 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1449.937877] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1449.938576] Call Trace: [ 1449.938807] dump_stack+0x107/0x167 [ 1449.939118] should_fail.cold+0x5/0xa [ 1449.939445] copy_page_from_iter+0x40a/0x900 [ 1449.939827] blk_rq_map_user_iov+0x138b/0x1a60 [ 1449.940218] ? perf_trace_lock+0xac/0x490 [ 1449.940576] ? __lockdep_reset_lock+0x180/0x180 [ 1449.940972] ? __lockdep_reset_lock+0x180/0x180 [ 1449.941366] ? blk_rq_unmap_user+0x750/0x750 [ 1449.941742] ? find_held_lock+0x2c/0x110 [ 1449.942100] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1449.942561] ? lock_downgrade+0x6d0/0x6d0 [ 1449.942910] ? import_single_range+0x24d/0x2e0 [ 1449.943297] blk_rq_map_user+0x103/0x170 [ 1449.943643] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1449.944047] ? alloc_pages_current+0x18f/0x280 [ 1449.944437] ? sg_build_indirect.isra.0+0x448/0x710 [ 1449.944861] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1449.945313] ? sg_build_indirect.isra.0+0x710/0x710 [ 1449.945736] ? lock_downgrade+0x6d0/0x6d0 [ 1449.946111] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1449.946565] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1449.946988] ? trace_hardirqs_on+0x5b/0x180 [ 1449.947352] ? ___ratelimit+0x1fc/0x440 [ 1449.947694] sg_write.part.0+0x69e/0xaa0 [ 1449.948047] ? sg_new_write.isra.0+0x770/0x770 [ 1449.948435] ? find_held_lock+0x2c/0x110 [ 1449.948783] ? __might_fault+0xd3/0x180 [ 1449.949120] ? lock_downgrade+0x6d0/0x6d0 [ 1449.949484] ? _cond_resched+0x12/0x80 [ 1449.949813] ? inode_security+0x107/0x140 [ 1449.950174] ? avc_policy_seqno+0x9/0x70 [ 1449.950511] ? selinux_file_permission+0x92/0x520 [ 1449.950920] ? security_file_permission+0x24e/0x570 [ 1449.951336] sg_write+0x87/0x120 [ 1449.951626] do_iter_write+0x482/0x670 [ 1449.951956] ? import_iovec+0x83/0xb0 [ 1449.952281] vfs_writev+0x1ae/0x620 [ 1449.952595] ? vfs_iter_write+0xa0/0xa0 [ 1449.952926] ? __fget_files+0x26d/0x4c0 [ 1449.953258] ? lock_downgrade+0x6d0/0x6d0 [ 1449.953597] ? find_held_lock+0x2c/0x110 [ 1449.953948] ? __fget_files+0x296/0x4c0 [ 1449.954297] ? __fget_light+0xea/0x290 [ 1449.954620] do_writev+0x139/0x300 [ 1449.954919] ? vfs_writev+0x620/0x620 [ 1449.955253] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1449.955694] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1449.956128] do_syscall_64+0x33/0x40 [ 1449.956442] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1449.956869] RIP: 0033:0x7f3e10b72b19 [ 1449.957181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1449.958956] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1449.959748] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1449.960408] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1449.961044] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1449.961751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1449.962372] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1449.974151] audit: type=1326 audit(1718135214.800:1826): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1449.976228] audit: type=1326 audit(1718135214.801:1827): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1449.994951] audit: type=1326 audit(1718135214.819:1828): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1449.998945] audit: type=1326 audit(1718135214.819:1829): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1450.000715] audit: type=1326 audit(1718135214.819:1830): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:46:54 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="681dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="00b3abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:46:54 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="4c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1450.025434] audit: type=1326 audit(1718135214.823:1831): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:46:54 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) timer_delete(0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x2, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x800, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0) timer_create(0x3, &(0x7f0000000000)={0x0, 0x1c, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timer_gettime(r1, &(0x7f00000002c0)) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x1c}}, 0x4000004) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f00000003c0)={0x0, 0xd6, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r3, 0xd8499488957a772f, 0x0, 0x4}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) timer_gettime(r1, &(0x7f0000000280)) timer_create(0x3, 0x0, &(0x7f0000000040)=0x0) timer_settime(r4, 0x0, &(0x7f0000000400)={{}, {0x77359400}}, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r4, 0x1, &(0x7f0000000300)={{r5, r6+10000000}, {0x77359400}}, &(0x7f0000000380)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32, @ANYBLOB="7e693c51c33150762720dc9b7b0b884139f55865d38066e68f42f8df3bff231ddbedce14608b4991d1eff491"]) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {0x32}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffecf}, 0x86) 19:46:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f8", 0x16, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:08 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 53) 19:47:08 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x8000000004, 0x0, &(0x7f0000000140)=0x9) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) fork() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f00000000c0)) ptrace(0x10, r3) r4 = fork() ptrace$setregset(0x4205, r2, 0x6, &(0x7f0000000080)={&(0x7f0000000280)="1c4817077467890b93120e91f00df94f25f85409ab1006651d3924876ac6f8051ec6dba3c0e34e2056cb354be3b804e3965e40b0ed6ba650941e173b66f1ffec06f256ef86a8246294f609e6ca3621cbdfcbdafea0bf94b81125401b0fd0573d7009894dad53b9e47c798eb42359e9bc34f1fb11e5f21f962ccc8704bc432e5375acd0939c09202c98c3583eee3992b820b361eeaffd1002ae745185874ff1f20c24a20d50092fddc8bb9be38f022d76d2c3b9a7ba9b723241732189", 0xbc}) r5 = fork() r6 = gettid() kcmp(r5, r6, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) ptrace(0x4207, r5) tkill(r4, 0x21880030) wait4(r4, 0x0, 0x8, 0x0) 19:47:08 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="6c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:08 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001db3e0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:08 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x2270, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f8300000308290cf978ad75"]) 19:47:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f8", 0x16, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:08 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="681dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1464.187874] kauditd_printk_skb: 2 callbacks suppressed [ 1464.189117] audit: type=1326 audit(1718135229.014:1834): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.195147] audit: type=1326 audit(1718135229.014:1835): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.199449] sg_write: 6 callbacks suppressed [ 1464.199491] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.199491] program syz-executor.6 not setting count and/or reply_len properly [ 1464.201232] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.201232] program syz-executor.7 not setting count and/or reply_len properly [ 1464.210373] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.210373] program syz-executor.4 not setting count and/or reply_len properly [ 1464.227953] FAT-fs (loop3): bogus number of reserved sectors [ 1464.228797] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1464.234086] audit: type=1326 audit(1718135229.046:1836): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.257227] audit: type=1326 audit(1718135229.046:1837): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.283818] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.283818] program syz-executor.0 not setting count and/or reply_len properly [ 1464.294382] audit: type=1326 audit(1718135229.046:1838): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.300659] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.300659] program syz-executor.6 not setting count and/or reply_len properly [ 1464.315277] audit: type=1326 audit(1718135229.047:1839): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.349417] FAULT_INJECTION: forcing a failure. [ 1464.349417] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1464.351712] CPU: 1 PID: 26762 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1464.352718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1464.353904] Call Trace: [ 1464.354300] dump_stack+0x107/0x167 [ 1464.354828] should_fail.cold+0x5/0xa [ 1464.355391] copy_page_from_iter+0x40a/0x900 [ 1464.356039] blk_rq_map_user_iov+0x138b/0x1a60 [ 1464.356710] ? perf_trace_lock+0xac/0x490 [ 1464.357312] ? __lockdep_reset_lock+0x180/0x180 [ 1464.357983] ? __lockdep_reset_lock+0x180/0x180 [ 1464.358660] ? blk_rq_unmap_user+0x750/0x750 [ 1464.359301] ? find_held_lock+0x2c/0x110 [ 1464.359903] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1464.360666] ? lock_downgrade+0x6d0/0x6d0 [ 1464.361257] ? import_single_range+0x24d/0x2e0 [ 1464.361935] blk_rq_map_user+0x103/0x170 [ 1464.362534] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1464.363281] ? alloc_pages_current+0x18f/0x280 [ 1464.363945] ? sg_build_indirect.isra.0+0x448/0x710 [ 1464.364684] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1464.365445] ? sg_build_indirect.isra.0+0x710/0x710 [ 1464.366173] ? vprintk_func+0x93/0x140 [ 1464.366756] ? record_print_text.cold+0x16/0x16 [ 1464.367435] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1464.368158] ? trace_hardirqs_on+0x5b/0x180 [ 1464.368799] sg_write.part.0+0x69e/0xaa0 [ 1464.369386] ? sg_new_write.isra.0+0x770/0x770 [ 1464.370051] ? find_held_lock+0x2c/0x110 [ 1464.370657] ? __might_fault+0xd3/0x180 [ 1464.371236] ? lock_downgrade+0x6d0/0x6d0 [ 1464.371851] ? _cond_resched+0x12/0x80 [ 1464.372422] ? inode_security+0x107/0x140 [ 1464.373031] ? avc_policy_seqno+0x9/0x70 [ 1464.373613] ? selinux_file_permission+0x92/0x520 [ 1464.374330] ? security_file_permission+0x24e/0x570 [ 1464.375055] sg_write+0x87/0x120 [ 1464.375551] do_iter_write+0x482/0x670 [ 1464.376120] ? import_iovec+0x83/0xb0 [ 1464.376681] vfs_writev+0x1ae/0x620 [ 1464.377215] ? vfs_iter_write+0xa0/0xa0 [ 1464.377792] ? __fget_files+0x26d/0x4c0 [ 1464.378379] ? lock_downgrade+0x6d0/0x6d0 [ 1464.378984] ? find_held_lock+0x2c/0x110 [ 1464.379589] ? __fget_files+0x296/0x4c0 [ 1464.380183] ? __fget_light+0xea/0x290 [ 1464.380753] do_writev+0x139/0x300 [ 1464.381274] ? vfs_writev+0x620/0x620 [ 1464.381839] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1464.382602] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1464.383353] do_syscall_64+0x33/0x40 [ 1464.383892] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1464.384636] RIP: 0033:0x7f3e10b72b19 [ 1464.385177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1464.387828] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1464.388913] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1464.389923] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1464.390947] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1464.391968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1464.392987] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:47:09 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="741dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:09 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0240000000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:09 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="6c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1464.496445] audit: type=1326 audit(1718135229.323:1840): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.518686] audit: type=1326 audit(1718135229.345:1841): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26744 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.539868] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.539868] program syz-executor.6 not setting count and/or reply_len properly 19:47:09 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 54) 19:47:09 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x1ed982, 0x0) ioctl$DVD_AUTH(r0, 0x5390, &(0x7f0000000000)=@lsa={0x0, 0x3}) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = fcntl$dupfd(r1, 0x0, r2) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000100)=0x5) shutdown(0xffffffffffffffff, 0x1) ioctl$CDROM_LAST_WRITTEN(r0, 0x5395, &(0x7f00000000c0)) fsetxattr$security_capability(r1, &(0x7f0000000000), &(0x7f00000005c0)=@v3={0x3000000, [{0x2, 0x9}, {0x5, 0xfffffff9}]}, 0x18, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x48042) clone3(&(0x7f0000000140)={0x11060900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r5 = epoll_create(0x2) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r5) fcntl$getown(r2, 0x9) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$CDROM_LAST_WRITTEN(r3, 0x5395, &(0x7f0000000240)) ioctl$CDROMPLAYBLK(r0, 0x5317, &(0x7f0000000200)={0x10001, 0x2}) getsockopt$bt_sco_SCO_OPTIONS(r4, 0x11, 0x1, &(0x7f00000002c0)=""/96, &(0x7f00000001c0)=0x60) syz_mount_image$ext4(&(0x7f00000008c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000002000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffddfffbf8}, {&(0x7f00000006c0)="020000000300000004", 0x9, 0x2}, {&(0x7f0000011600)="cd41000010fd5740dd74d04224f47fecddaf71c8f8655fe09881362c7e", 0x1d, 0x2100}], 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="030000000000000015cf5f28cb4187236908623f48aaf58cd02617b1515c726026b810bbe5d9ece835649f3c594b8a53c0dc5a65460a2b1db7fbaa7b686b61b109c723d87542354fb6e85b2471357fc4757bd4f14f1c7edf12a1aac737eecd90ce34fe43a288d92d7105f45efc592e0430f038230d1dd609155f6e7417da60ef5658822f6d70a051c0bcf0fb0a"]) [ 1464.597390] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.597390] program syz-executor.6 not setting count and/or reply_len properly [ 1464.633399] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.633399] program syz-executor.4 not setting count and/or reply_len properly 19:47:09 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="7a1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:09 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x101, 0x122) ptrace(0x10, r1) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f00000000c0)={0x4, &(0x7f0000000080)=[{0x1, 0x8, 0x6, 0x4}, {0x3, 0x1f, 0x4}, {0xb4f0, 0x9, 0xfe, 0x99}, {0x4, 0x6, 0x8, 0xfffffffa}]}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = gettid() kcmp(r3, r4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4200, r4, 0x3, 0x4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) [ 1464.663413] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. 19:47:09 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc02000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1464.680816] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.680816] program syz-executor.0 not setting count and/or reply_len properly [ 1464.701352] FAULT_INJECTION: forcing a failure. [ 1464.701352] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1464.703153] CPU: 0 PID: 26980 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1464.704175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1464.705386] Call Trace: [ 1464.705784] dump_stack+0x107/0x167 [ 1464.706341] should_fail.cold+0x5/0xa [ 1464.706909] copy_page_from_iter+0x40a/0x900 [ 1464.707567] blk_rq_map_user_iov+0x138b/0x1a60 [ 1464.708236] ? perf_trace_lock+0xac/0x490 [ 1464.708850] ? __lockdep_reset_lock+0x180/0x180 [ 1464.709532] ? __lockdep_reset_lock+0x180/0x180 [ 1464.710224] ? blk_rq_unmap_user+0x750/0x750 [ 1464.710874] ? find_held_lock+0x2c/0x110 [ 1464.711478] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1464.712251] ? lock_downgrade+0x6d0/0x6d0 [ 1464.712861] ? import_single_range+0x24d/0x2e0 [ 1464.713524] blk_rq_map_user+0x103/0x170 [ 1464.714124] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1464.714829] ? alloc_pages_current+0x18f/0x280 [ 1464.715503] ? sg_build_indirect.isra.0+0x448/0x710 [ 1464.716232] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1464.717015] ? sg_build_indirect.isra.0+0x710/0x710 [ 1464.717743] ? vprintk_func+0x93/0x140 [ 1464.718331] ? record_print_text.cold+0x16/0x16 [ 1464.719013] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1464.719743] ? trace_hardirqs_on+0x5b/0x180 [ 1464.720381] sg_write.part.0+0x69e/0xaa0 [ 1464.720985] ? sg_new_write.isra.0+0x770/0x770 [ 1464.721652] ? find_held_lock+0x2c/0x110 [ 1464.722266] ? __might_fault+0xd3/0x180 [ 1464.722843] ? lock_downgrade+0x6d0/0x6d0 [ 1464.723466] ? _cond_resched+0x12/0x80 [ 1464.724034] ? inode_security+0x107/0x140 [ 1464.724646] ? avc_policy_seqno+0x9/0x70 [ 1464.725245] ? selinux_file_permission+0x92/0x520 [ 1464.725950] ? security_file_permission+0x24e/0x570 [ 1464.726689] sg_write+0x87/0x120 [ 1464.727193] do_iter_write+0x482/0x670 [ 1464.727769] ? import_iovec+0x83/0xb0 [ 1464.728337] vfs_writev+0x1ae/0x620 [ 1464.728870] ? vfs_iter_write+0xa0/0xa0 [ 1464.729453] ? __fget_files+0x26d/0x4c0 [ 1464.730031] ? lock_downgrade+0x6d0/0x6d0 [ 1464.730639] ? find_held_lock+0x2c/0x110 [ 1464.731243] ? __fget_files+0x296/0x4c0 [ 1464.731837] ? __fget_light+0xea/0x290 [ 1464.732414] do_writev+0x139/0x300 [ 1464.732940] ? vfs_writev+0x620/0x620 [ 1464.733510] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1464.734276] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1464.735026] do_syscall_64+0x33/0x40 [ 1464.735566] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1464.736316] RIP: 0033:0x7f3e10b72b19 [ 1464.736860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1464.739528] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1464.740625] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1464.741666] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1464.742706] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1464.743750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1464.744786] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1464.758336] audit: type=1326 audit(1718135229.585:1842): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26984 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1464.770284] audit: type=1326 audit(1718135229.596:1843): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26984 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:47:09 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="741dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1464.799435] sg_write: data in/out 187568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1464.799435] program syz-executor.7 not setting count and/or reply_len properly 19:47:09 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc04000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:09 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) dup3(r3, 0xffffffffffffffff, 0x0) r4 = open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) sendmsg$BATADV_CMD_SET_MESH(r4, 0x0, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c53b74be1cc06a8682449c18237d779b4f25", 0x17}, {0x0}, {0x0}], 0x3}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 19:47:09 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:09 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 55) [ 1465.094471] FAULT_INJECTION: forcing a failure. [ 1465.094471] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1465.096163] CPU: 1 PID: 27189 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1465.097088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1465.098201] Call Trace: [ 1465.098561] dump_stack+0x107/0x167 [ 1465.099054] should_fail.cold+0x5/0xa [ 1465.099563] copy_page_from_iter+0x40a/0x900 [ 1465.100161] blk_rq_map_user_iov+0x138b/0x1a60 [ 1465.100781] ? perf_trace_lock+0xac/0x490 [ 1465.101336] ? __lockdep_reset_lock+0x180/0x180 [ 1465.101964] ? __lockdep_reset_lock+0x180/0x180 [ 1465.102597] ? blk_rq_unmap_user+0x750/0x750 [ 1465.103183] ? find_held_lock+0x2c/0x110 [ 1465.103730] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1465.104444] ? lock_downgrade+0x6d0/0x6d0 [ 1465.104991] ? import_single_range+0x24d/0x2e0 [ 1465.105604] blk_rq_map_user+0x103/0x170 [ 1465.106150] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1465.106786] ? alloc_pages_current+0x18f/0x280 [ 1465.107407] ? sg_build_indirect.isra.0+0x448/0x710 [ 1465.108082] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1465.108788] ? sg_build_indirect.isra.0+0x710/0x710 [ 1465.109441] ? lock_downgrade+0x6d0/0x6d0 [ 1465.110000] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1465.110684] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1465.111355] ? trace_hardirqs_on+0x5b/0x180 [ 1465.111920] ? ___ratelimit+0x1fc/0x440 [ 1465.112443] sg_write.part.0+0x69e/0xaa0 [ 1465.112982] ? sg_new_write.isra.0+0x770/0x770 [ 1465.113579] ? find_held_lock+0x2c/0x110 [ 1465.114119] ? __might_fault+0xd3/0x180 [ 1465.114660] ? lock_downgrade+0x6d0/0x6d0 [ 1465.115226] ? _cond_resched+0x12/0x80 [ 1465.115729] ? inode_security+0x107/0x140 [ 1465.116277] ? avc_policy_seqno+0x9/0x70 [ 1465.116808] ? selinux_file_permission+0x92/0x520 [ 1465.117460] ? security_file_permission+0x24e/0x570 [ 1465.118115] sg_write+0x87/0x120 [ 1465.118576] do_iter_write+0x482/0x670 [ 1465.119097] ? import_iovec+0x83/0xb0 [ 1465.119597] vfs_writev+0x1ae/0x620 [ 1465.120082] ? vfs_iter_write+0xa0/0xa0 [ 1465.120603] ? __fget_files+0x26d/0x4c0 [ 1465.121130] ? lock_downgrade+0x6d0/0x6d0 [ 1465.121671] ? find_held_lock+0x2c/0x110 [ 1465.122228] ? __fget_files+0x296/0x4c0 [ 1465.122769] ? __fget_light+0xea/0x290 [ 1465.123302] do_writev+0x139/0x300 [ 1465.123767] ? vfs_writev+0x620/0x620 [ 1465.124273] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1465.124956] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1465.125640] do_syscall_64+0x33/0x40 [ 1465.126138] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1465.126814] RIP: 0033:0x7f3e10b72b19 [ 1465.127302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1465.129695] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1465.130697] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1465.131624] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1465.132559] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1465.133472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1465.134409] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:47:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:23 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:23 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="7a1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:23 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) execveat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)=[&(0x7f0000000140)=']\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='security.capability\x00', &(0x7f0000000340)='security.capability\x00'], &(0x7f0000000440)=[&(0x7f00000003c0)='\x00', &(0x7f0000000400)=']$-\x00'], 0x1000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) ftruncate(r0, 0x1000003) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x101000, 0x0) openat(r1, &(0x7f00000005c0)='./file0\x00', 0x100, 0x10) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0x69, 0x8c, 0x0, 0x0, 0x0, 0x0, 0x4023, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x2, 0x0, 0x8, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@empty}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000000100)=0xe8) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{}, {0x8000000, 0x3}]}, 0x14, 0x0) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000480)) mknodat$loop(r0, &(0x7f00000004c0)='./file0\x00', 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) 19:47:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="00b3abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc08000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:23 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x4, &(0x7f0000000080)=[{0x9, 0x6, 0x6, 0x3f}, {0x3, 0x4d, 0x81, 0x6}, {0x9, 0x1, 0x3, 0x9}, {0x5, 0x8, 0x9, 0x5}]}) readahead(r0, 0x401, 0xa517) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300cd43229ba08f319543e927577cca51bf579706b467a1", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x6, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x8010) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) syz_open_procfs$namespace(r6, &(0x7f00000000c0)='ns/user\x00') 19:47:23 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 56) [ 1478.483599] sg_write: 6 callbacks suppressed [ 1478.483612] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.483612] program syz-executor.0 not setting count and/or reply_len properly [ 1478.489693] FAULT_INJECTION: forcing a failure. [ 1478.489693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.491235] CPU: 0 PID: 27318 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1478.491941] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.492710] Call Trace: [ 1478.492961] dump_stack+0x107/0x167 [ 1478.493308] should_fail.cold+0x5/0xa [ 1478.493671] copy_page_from_iter+0x40a/0x900 [ 1478.494095] blk_rq_map_user_iov+0x138b/0x1a60 [ 1478.494538] ? perf_trace_lock+0xac/0x490 [ 1478.494927] ? __lockdep_reset_lock+0x180/0x180 [ 1478.495362] ? __lockdep_reset_lock+0x180/0x180 [ 1478.495798] ? blk_rq_unmap_user+0x750/0x750 [ 1478.496217] ? find_held_lock+0x2c/0x110 [ 1478.496602] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1478.497103] ? lock_downgrade+0x6d0/0x6d0 [ 1478.497486] ? import_single_range+0x24d/0x2e0 [ 1478.497916] blk_rq_map_user+0x103/0x170 [ 1478.498297] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1478.498752] ? alloc_pages_current+0x18f/0x280 [ 1478.499180] ? sg_build_indirect.isra.0+0x448/0x710 [ 1478.499650] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1478.500142] ? sg_build_indirect.isra.0+0x710/0x710 [ 1478.500610] ? vprintk_func+0x93/0x140 [ 1478.500980] ? record_print_text.cold+0x16/0x16 [ 1478.501415] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1478.501887] ? trace_hardirqs_on+0x5b/0x180 [ 1478.502299] sg_write.part.0+0x69e/0xaa0 [ 1478.502687] ? sg_new_write.isra.0+0x770/0x770 [ 1478.503116] ? find_held_lock+0x2c/0x110 [ 1478.503502] ? __might_fault+0xd3/0x180 [ 1478.503878] ? lock_downgrade+0x6d0/0x6d0 [ 1478.504278] ? _cond_resched+0x12/0x80 [ 1478.504644] ? inode_security+0x107/0x140 [ 1478.505030] ? avc_policy_seqno+0x9/0x70 [ 1478.505412] ? selinux_file_permission+0x92/0x520 [ 1478.505868] ? security_file_permission+0x24e/0x570 [ 1478.506334] sg_write+0x87/0x120 [ 1478.506667] do_iter_write+0x482/0x670 [ 1478.507034] ? import_iovec+0x83/0xb0 [ 1478.507396] vfs_writev+0x1ae/0x620 [ 1478.507737] ? vfs_iter_write+0xa0/0xa0 [ 1478.508109] ? __fget_files+0x26d/0x4c0 [ 1478.508489] ? lock_downgrade+0x6d0/0x6d0 [ 1478.508880] ? find_held_lock+0x2c/0x110 [ 1478.509272] ? __fget_files+0x296/0x4c0 [ 1478.509650] ? __fget_light+0xea/0x290 [ 1478.510019] do_writev+0x139/0x300 [ 1478.510369] ? vfs_writev+0x620/0x620 [ 1478.510729] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.511214] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.511695] do_syscall_64+0x33/0x40 [ 1478.512045] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.512521] RIP: 0033:0x7f3e10b72b19 [ 1478.512869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.514547] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1478.515251] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1478.515906] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1478.516558] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.517208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.517859] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1478.530618] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.530618] program syz-executor.4 not setting count and/or reply_len properly [ 1478.536379] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.536379] program syz-executor.6 not setting count and/or reply_len properly [ 1478.543822] FAT-fs (loop3): bogus number of reserved sectors [ 1478.544393] FAT-fs (loop3): Can't find a valid FAT filesystem 19:47:23 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 57) [ 1478.585389] sg_write: data in/out 580784/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.585389] program syz-executor.7 not setting count and/or reply_len properly 19:47:23 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="002cabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1478.631348] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.631348] program syz-executor.0 not setting count and/or reply_len properly 19:47:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="00b3abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1478.647346] FAULT_INJECTION: forcing a failure. [ 1478.647346] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.648648] CPU: 0 PID: 27375 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1478.649328] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.650052] Call Trace: [ 1478.650294] dump_stack+0x107/0x167 [ 1478.650637] should_fail.cold+0x5/0xa [ 1478.650994] copy_page_from_iter+0x40a/0x900 [ 1478.651389] blk_rq_map_user_iov+0x138b/0x1a60 [ 1478.651795] ? perf_trace_lock+0xac/0x490 [ 1478.652156] ? __lockdep_reset_lock+0x180/0x180 [ 1478.652568] ? __lockdep_reset_lock+0x180/0x180 [ 1478.652981] ? blk_rq_unmap_user+0x750/0x750 [ 1478.653373] ? find_held_lock+0x2c/0x110 [ 1478.653737] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1478.654208] ? lock_downgrade+0x6d0/0x6d0 [ 1478.654580] ? import_single_range+0x24d/0x2e0 [ 1478.654984] blk_rq_map_user+0x103/0x170 [ 1478.655345] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1478.655769] ? alloc_pages_current+0x18f/0x280 [ 1478.656176] ? sg_build_indirect.isra.0+0x448/0x710 [ 1478.656624] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1478.657088] ? sg_build_indirect.isra.0+0x710/0x710 [ 1478.657531] ? vprintk_func+0x93/0x140 [ 1478.657874] ? record_print_text.cold+0x16/0x16 [ 1478.658288] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1478.658744] ? trace_hardirqs_on+0x5b/0x180 [ 1478.659131] sg_write.part.0+0x69e/0xaa0 [ 1478.659493] ? sg_new_write.isra.0+0x770/0x770 [ 1478.659900] ? find_held_lock+0x2c/0x110 [ 1478.660263] ? __might_fault+0xd3/0x180 [ 1478.660614] ? lock_downgrade+0x6d0/0x6d0 [ 1478.660993] ? _cond_resched+0x12/0x80 [ 1478.661340] ? inode_security+0x107/0x140 [ 1478.661707] ? avc_policy_seqno+0x9/0x70 [ 1478.662061] ? selinux_file_permission+0x92/0x520 [ 1478.662492] ? security_file_permission+0x24e/0x570 [ 1478.662931] sg_write+0x87/0x120 [ 1478.663236] do_iter_write+0x482/0x670 [ 1478.663586] ? import_iovec+0x83/0xb0 [ 1478.663928] vfs_writev+0x1ae/0x620 [ 1478.664255] ? vfs_iter_write+0xa0/0xa0 [ 1478.664605] ? __fget_files+0x26d/0x4c0 [ 1478.664956] ? lock_downgrade+0x6d0/0x6d0 [ 1478.665321] ? find_held_lock+0x2c/0x110 [ 1478.665689] ? __fget_files+0x296/0x4c0 [ 1478.666037] ? __fget_light+0xea/0x290 [ 1478.666385] do_writev+0x139/0x300 [ 1478.666697] ? vfs_writev+0x620/0x620 [ 1478.667034] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.667487] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.667938] do_syscall_64+0x33/0x40 [ 1478.668267] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.668711] RIP: 0033:0x7f3e10b72b19 [ 1478.669039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.670639] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1478.671304] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1478.671929] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1478.672553] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.673177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.673796] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1478.682553] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.682553] program syz-executor.4 not setting count and/or reply_len properly [ 1478.713147] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.713147] program syz-executor.6 not setting count and/or reply_len properly [ 1478.735096] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.735096] program syz-executor.6 not setting count and/or reply_len properly 19:47:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc3e000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:23 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001db3e0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:23 executing program 5: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000c00)=ANY=[@ANYBLOB="4b000000fb00000000fb4b01d826f17652d8bd1f051683b41771beb6c4ec442e2fc2102489584d22a5ba3c2c5ef8ddd559296bcba4b29dba036896e36a816bb6f859610d3d7957031d3e2ebf207f29b7a5f82a9ade16f18b67ba9d3579a32b10e7e6abf7858bf067258035fcac94e8e6c19d6861ae91e64f45c3b4"], 0x80000) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000180)={0x1, 0xf5, @start={0x0, 0x1, "97b7a35d71732f8d43d2421c41fedde7fe2d0b4f96e638e3f33d94bb97f47e4122d9847559f154418d2030788b54428389b4aeaf5cc3791d168cbca48453aa74de9871cfb16b53baad950e77a02ff71597647ae961e76d26c45ddffc2d5f6b6c5536f2448deb33acb7c4db58e239768adebb2dbc77907a3c336e20bef8d886049e7c2e4d041a2ed226db98a132f5bf71f37caed8069150af478d643feccf03a41889132b7c46f1e1bf92e7b708a0d744b3c715dd8cadbfc8aff3456f334fd4943b67600bef592ac1e95ab07287e059fe423edd3c4ad3d726f66b25cd0e5b4a6a2858d0dfcec0302fa0334707430ee625783d02e734760e9269eacdc0659a325f5b4e0f6e41f771a10728bf65d754f2fbd30eca06950dfac47dbae9cf935f6408b86b65b305855a4f52173c4ed23fecf63c7706caeb62a1519fafab998a0733acdf5c94c5adda264eb787cb1b03c23edc9bea76f44efbfdd8c3639ec7e02e82bfd0c48846090a55aa268c1a7d730da9176b74595bcaabae07231c84d0a46a48fd5593f643ab63aa6136aec92c8f9fc3c9627ffd644661c0af1bdad3592ca8765b5db60e7446824042ac78ef35fb7816d64e63e88e46cad4734c3b1082477566915e112d7c3d6c04c5a61cc6e30e8d1dd89682d78f455f38486f5dcebcbcb1ea3ff14764ceb29cab9446fb81a98125cc0820ec8806cb12ee60f1b057d06091308bdfb46961df114b68bcd5b67272025536c7f2317aefadad6afb6935fcde2e58103902cdea86bec5a0bca7667561fbea4d4d2d810ffc43f0175e7006a9e90183394e7a7f3b9260a6b868d20ab53ab8e8be9341a41389d96ce70a7bd96e5a5d45d5943f48e8687e8941aa057fe0c6be1580ecdc131e2c42ed49e7ba48b272f14fccf0efe9b24d1fec3b2753941024e7eed2b2044252062480c0edf3524e803a13a262d34faecf9a1c6e452a51738824be0dbfd8a0705bb4a8049f8b751c9567e46c0c41a776797a778c372793f2bcbd00444c8bcea50cb8a83733c6dabebb9491bc55c4cfdcaa74325e2407fe00b17b23debc9f206a5f034cf221ab3a6d7985c9e5913418044cbdf4adf2d968607137d5e352f591f60e9ed9fb5c0244eac14797909d27fe20d3196e96c5abdbbddd382d9a4e163e17bd5de5bb0be27475d0ac6612a51d0c50cf2c72914ba5774ab7d027fb775161b3b1a1f310a336926f506c17440da2afe60afb7b740fcae0b0c34d5819e35e45ddf5634206fb93d5133f2ac6ceeb529018a38692406023091af15fe88c43f6b9d515ee708bebd3ed1f175794cd2e47c9f02c2d733848b90e5610be17af8cd8c89eaacd72dfd1e3f131a10be38ed1481fa97ab15ece91b908e82a3f7e4fe0659c712128829aa8bbf7385d05bb55d843cf7908b619dfe5fcf26a5e7e5df43b5228153d6b244e38f7612aa928d78195", "ed9f45f86b10e036e5905b18487ac25ecf213041e8035bb0d5d7c933f58071cf6213637f1722e55277df202d1274b744800c62def39367976ec8781ee2b3e5f1b468f12bb78d8bf69a9cb586ff2d24d763be8d6441a376d7dbe75b07b0e1b341c4fd0aafe559a80572a5a2df363e1c9f94b76576dd45c7bfde1b5d911bb148cc9bba03ffae6209360e2a7714fb6d628c5c949df0b067ccf31c74993707c2324c36bba7d95df58827d7ff16270ed25a53ca99147db3212768b35593abeed4c1311d330e1ce451c4b7f0b78bd06be5664bec67fa4589d96c7bda7a0b6f3fca18ea900d63aaee3dcc1c1f4bd76d5a1a95d69e897707d2384a72a57120c0c88a01f8b059da69788a6be94e6735975a353b6f1a95a4e584e12d769ecafc6759f0f03cd847ae67687cf6186dd61c15bfc3267d870b4a9746f2e1a0e6099b75f1e25062b8b36a86e6f294191392a635bd021e45f4005b12d6f1fa047b638147bb17327195586c7f3daa03e70eb1cbaefc42d7c1df9df966b229436a4c09353f06355ef0b8034e2a22b902a4f80cb5aca85ac9062980760fe123d8d9e2743d1d3108be31b9ce25e99527b283c3437010886975e4ee29cb4a10f065d894ef4423c9bdb9644e450e234894d1ebb60c6e770a34b2b6945f3a0ab0ba6404e2b6867623fbfe0ad17ea75a6993f45ddac2064f66f8a02dd801994e7ddb5ce374b31805b4230bc20311c2bfc0e18e5b30bc21ad999129abc62239ab4d6abc0df432f607df79dfb5207864359f8dc958b51d1addcdf66111645ae1572360b5531d282cf4598f3d2f34a0ea3094385c3f1f44fdd7c71af88ecddd01a37e471c3d41ea133b00d1690be53af9c723b728e094d77bcac17d750293c5995583995ad8bed8e5c12f6d113ad5431d1089977bbb496c3648b4be79dffc1be242bd8950716d702a985f8e4b7d6f1aac2d9c6c19727697fb3c4b56e021f04633678c0cff8d6b1f4b20f13baa3ae1f8d9b0a3b9f5d77e36cf7b61e65c4d1cb4bceb680f53b006139e8a2953004d71975fe86db9f1732e5aca82e485885a9e6f6e57c2358610d173f90d119845d6e980dbf744050334e38adb26d80f77d55b178f76e0e84a42b1c4680f825ac246dfd53e1efd1122acc4800361ed45c4cb1c1bbeee0e0b08a4d2c18c59a8e5e0f21fc704cf94ef7cd59ef496860fee65dcb8aba7bd68dfab02b14004c562c812a8e8a7467a2de9316ba476826d713b4183a189207da8512dc7aa913fd4bab2ba4e49412c01d179b1c8afdaeea58455eb984520db63036b3862c4e5e1282b0520329267a2c83452a3640313a5e89b7ed3407ecb2d831f977195d6f8deb6537ec775795cc670128ff30e3f37ce4763c9fd8ad7db5f8bdae72341e1b476d6b0c0d715506adedea46bb44bbcbcbf46e4f25929cee7a7400b4593d3e76b77fc8aa2b74129"}, [0x7f, 0xffffffffffffffff, 0x7ff, 0x1, 0x2, 0x5, 0x7, 0x63, 0x6, 0x337, 0x2000, 0x69da6da2, 0xffff, 0x5, 0x1, 0x7fff, 0x1, 0x7, 0x1, 0x7, 0x6, 0x7, 0x8000, 0x40, 0x601, 0x2, 0x4, 0x611751a0, 0x8, 0x8, 0x4, 0x1, 0x3, 0xfb, 0xc79, 0xb42f, 0x7, 0x7ff, 0x5, 0x5, 0x6, 0x6, 0x6, 0x3ff, 0x0, 0x9, 0x7, 0x692, 0x5, 0x8e, 0x40, 0x2, 0x4, 0x9, 0x1, 0xa89, 0x2, 0x10001, 0x3, 0x7ff, 0x10001, 0x100000000, 0x8, 0x7]}) write$binfmt_elf64(r1, &(0x7f0000000240)=ANY=[], 0xfdef) fallocate(r1, 0x3, 0x4, 0x8000008000) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x6, 0x10001}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000bc0)={0x3, 0x4, 0x6, 0x101, 0x4, "0e055d1293515702"}) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f0000000080)) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x2f23, 0x9}) [ 1478.821156] sg_write: data in/out 4119728/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.821156] program syz-executor.7 not setting count and/or reply_len properly [ 1478.860824] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1478.860824] program syz-executor.4 not setting count and/or reply_len properly 19:47:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0240000000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1492.530546] kauditd_printk_skb: 4 callbacks suppressed [ 1492.530559] audit: type=1326 audit(1718135257.357:1848): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27669 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.533163] audit: type=1326 audit(1718135257.357:1849): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27669 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.538230] audit: type=1326 audit(1718135257.365:1850): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27669 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.541411] sg_write: 2 callbacks suppressed [ 1492.541453] sg_write: data in/out 4119728/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.541453] program syz-executor.5 not setting count and/or reply_len properly [ 1492.543718] audit: type=1326 audit(1718135257.365:1851): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27669 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.546385] sg_write: data in/out 187568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.546385] program syz-executor.6 not setting count and/or reply_len properly [ 1492.550658] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.550658] program syz-executor.4 not setting count and/or reply_len properly [ 1492.551881] sg_write: data in/out 187568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.551881] program syz-executor.6 not setting count and/or reply_len properly 19:47:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:37 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 58) 19:47:37 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000480)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xffffffffffffffff}}, './file0\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000180)={r4, 0x2, 0xffffffffffffffff, 0x2, 0x80000}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f00000004c0)={r4, 0x3, r0, 0x4}) ptrace(0x10, r2) r5 = fork() ptrace(0x10, r5) r6 = fork() syz_open_procfs(r5, &(0x7f0000000440)='net/llc/core\x00') tkill(r6, 0x3f) process_vm_readv(r2, &(0x7f0000000300)=[{&(0x7f0000000080)=""/231, 0xe7}, {&(0x7f00000001c0)=""/93, 0x5d}, {&(0x7f0000000280)=""/106, 0x6a}], 0x3, &(0x7f0000000400)=[{&(0x7f0000000340)=""/152, 0x98}], 0x1, 0x0) wait4(r6, 0x0, 0x8, 0x0) 19:47:37 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dcb3000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:37 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc3e000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:37 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="002cabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:37 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc02000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1492.583597] sg_write: data in/out 11787440/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.583597] program syz-executor.7 not setting count and/or reply_len properly 19:47:37 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc04000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1492.610924] FAT-fs (loop3): bogus number of FAT structure [ 1492.611959] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1492.614409] audit: type=1326 audit(1718135257.441:1852): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27669 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.616558] audit: type=1326 audit(1718135257.443:1853): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27669 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:47:37 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc3e000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1492.627544] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.627544] program syz-executor.0 not setting count and/or reply_len properly [ 1492.660849] FAULT_INJECTION: forcing a failure. [ 1492.660849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1492.662057] CPU: 1 PID: 27683 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1492.662655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1492.663370] Call Trace: [ 1492.663606] dump_stack+0x107/0x167 [ 1492.663938] should_fail.cold+0x5/0xa [ 1492.664274] copy_page_from_iter+0x40a/0x900 [ 1492.664659] blk_rq_map_user_iov+0x138b/0x1a60 [ 1492.665066] ? perf_trace_lock+0xac/0x490 [ 1492.665422] ? __lockdep_reset_lock+0x180/0x180 [ 1492.665842] ? __lockdep_reset_lock+0x180/0x180 [ 1492.666240] ? blk_rq_unmap_user+0x750/0x750 [ 1492.666626] ? mark_held_locks+0x9e/0xe0 [ 1492.666988] ? find_held_lock+0x2c/0x110 [ 1492.667340] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1492.667801] ? lock_downgrade+0x6d0/0x6d0 [ 1492.668156] ? import_single_range+0x24d/0x2e0 [ 1492.668569] blk_rq_map_user+0x103/0x170 [ 1492.668928] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1492.669338] ? alloc_pages_current+0x18f/0x280 [ 1492.669732] ? sg_build_indirect.isra.0+0x448/0x710 [ 1492.670184] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1492.670644] ? sg_build_indirect.isra.0+0x710/0x710 [ 1492.671087] ? vprintk_func+0x93/0x140 [ 1492.671424] ? record_print_text.cold+0x16/0x16 [ 1492.671832] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1492.672262] ? trace_hardirqs_on+0x5b/0x180 [ 1492.672638] sg_write.part.0+0x69e/0xaa0 [ 1492.672996] ? sg_new_write.isra.0+0x770/0x770 [ 1492.673392] ? find_held_lock+0x2c/0x110 [ 1492.673740] ? __might_fault+0xd3/0x180 [ 1492.674095] ? lock_downgrade+0x6d0/0x6d0 [ 1492.674459] ? _cond_resched+0x12/0x80 [ 1492.674855] ? inode_security+0x107/0x140 [ 1492.675209] ? avc_policy_seqno+0x9/0x70 [ 1492.675557] ? selinux_file_permission+0x92/0x520 [ 1492.675986] ? security_file_permission+0x24e/0x570 [ 1492.676417] sg_write+0x87/0x120 [ 1492.676715] do_iter_write+0x482/0x670 [ 1492.677057] ? import_iovec+0x83/0xb0 [ 1492.677385] vfs_writev+0x1ae/0x620 [ 1492.677700] ? vfs_iter_write+0xa0/0xa0 [ 1492.678056] ? __fget_files+0x26d/0x4c0 [ 1492.678399] ? lock_downgrade+0x6d0/0x6d0 [ 1492.678764] ? find_held_lock+0x2c/0x110 [ 1492.679130] ? __fget_files+0x296/0x4c0 [ 1492.679480] ? __fget_light+0xea/0x290 [ 1492.679832] do_writev+0x139/0x300 [ 1492.680142] ? vfs_writev+0x620/0x620 [ 1492.680472] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1492.680930] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1492.681371] do_syscall_64+0x33/0x40 [ 1492.681689] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1492.682138] RIP: 0033:0x7f3e10b72b19 [ 1492.682463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1492.684046] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1492.684692] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1492.685309] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1492.685930] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1492.686540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1492.687166] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1492.690278] sg_write: data in/out 318640/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.690278] program syz-executor.6 not setting count and/or reply_len properly 19:47:37 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0240000000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1492.710526] sg_write: data in/out 318640/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.710526] program syz-executor.6 not setting count and/or reply_len properly 19:47:37 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03020000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1492.746315] sg_write: data in/out 4119728/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.746315] program syz-executor.5 not setting count and/or reply_len properly [ 1492.786723] sg_write: data in/out 33807536/8 bytes for SCSI command 0x3f-- guessing data in; [ 1492.786723] program syz-executor.7 not setting count and/or reply_len properly 19:47:37 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc08000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:37 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc02000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:37 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() r2 = gettid() kcmp(r1, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) setpgid(r2, 0x0) r3 = fork() r4 = fork() r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x361800, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_FT_IES(r5, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="3403000028b75378ceafdfe8ae32011f5f3dc5b80ab8fa3b3a4199", @ANYRES16=r6, @ANYBLOB="000225bd7000ffdbdf25600000000c009900008000004c000000fe002a0010011201f5a34fbab3c13b13a6bfe4b5b343ab076aae8209f5a547ec34739c1d509a42b50f6c103aab19c64bf1d167fa923e4d8acb835ece6ea98f5799e1fdfac2d7faaca5c1946b3ca85ffa51059186f836d568ee3e4b880b0dc2a72585a1621b0c482565473a485686d176c067d9bdf823aeabb4af968d2d22c5fced166588affe5af8469b8c1ce2d0543725fa6c94933d103bcadfed19349b2602811be36196f4237494708476e110c38e311857045a7df2943d9a08f01710af6ebac28e5dff4ca682b45664639a7d9623bb41c29127170844e898a14a23c9a64017b06c916d4d876c08273e567d17fbd84028114b9c2b1492397fb8684ab100000600b100e8000000c5002a008325400606ffffffffffff08000000ffffffffffff0100000000000000080211000000030000003794000538d79ae789080000000000000085d23d101c0cf62a8bee184b03e4f531de6a327dbfca34c9b94a3fdc2774bd144b78a5d43fe522b62c77a4e135d3086ca7d73f8ce621339d4d4c9771555eda1958c77201093c8d7db6f3c6e864e901166223d11ca1945a1dfe8a1905702820397fabdc7353320403e68105010ca0e9644197eb7c150ad88735030a1da25c4823d465dfbe3201026d360000006f002a00054d20f502cc5c2546182647a53c48a8634bbcd7facb25c23525f19d95368ca1bc94c1c843f49b3a0cec0fd768bd75294f5ece3f883df7df8434200e85e88af45de69b0b2a7058f67f10a53118cae52d1a0c001cff07000000000000080001001000000001000500000040000600b100000800001e002a008c181b08cd9b7196179238150962099e435d87327899f7db2dbf000004002a00a6002a003777ff0175b3554201800000746833519cb6a2b6207cc5ed7dc465adccf8ac01354eecfacdaffc540cfb8bb23fc46a3f8fea40b153716ee1a6aa1e6e7a1db81ae3914e3f659d23544381a374ce2396f63a546fa40423e05262e3d0fe5c187471a8d0e9aa0edb6da20e3b9cecf5218b3ded65eab0b95514374b68040080ffff7107ff010101ffff408c188b04493dc9f1ef3b2480fddcdd562c58a7a018b95d3425630000"], 0x334}, 0x1, 0x0, 0x0, 0x4}, 0x800) kcmp(r3, r3, 0x3, r0, r0) ptrace(0x10, r4) ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000200)=0x0) ptrace(0x10, r7) r8 = fork() ptrace(0x10, r8) r9 = fork() tkill(r9, 0x3f) wait4(r9, 0x0, 0x8, 0x0) 19:47:37 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 59) [ 1492.932062] audit: type=1326 audit(1718135257.758:1854): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.938816] audit: type=1326 audit(1718135257.762:1855): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.949027] audit: type=1326 audit(1718135257.765:1856): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.969936] audit: type=1326 audit(1718135257.765:1857): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27809 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1492.984855] FAULT_INJECTION: forcing a failure. [ 1492.984855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1492.987366] CPU: 0 PID: 27813 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1492.988472] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1492.989745] Call Trace: [ 1492.990163] dump_stack+0x107/0x167 [ 1492.990745] should_fail.cold+0x5/0xa [ 1492.991347] copy_page_from_iter+0x40a/0x900 [ 1492.992049] blk_rq_map_user_iov+0x138b/0x1a60 [ 1492.992767] ? perf_trace_lock+0xac/0x490 [ 1492.993411] ? __lockdep_reset_lock+0x180/0x180 [ 1492.994131] ? __lockdep_reset_lock+0x180/0x180 [ 1492.994855] ? blk_rq_unmap_user+0x750/0x750 [ 1492.995543] ? find_held_lock+0x2c/0x110 [ 1492.996181] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1492.997005] ? lock_downgrade+0x6d0/0x6d0 [ 1492.997642] ? import_single_range+0x24d/0x2e0 [ 1492.998360] blk_rq_map_user+0x103/0x170 [ 1492.999003] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1492.999736] ? alloc_pages_current+0x18f/0x280 [ 1493.000450] ? sg_build_indirect.isra.0+0x448/0x710 [ 1493.001236] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1493.002056] ? sg_build_indirect.isra.0+0x710/0x710 [ 1493.002834] ? lock_downgrade+0x6d0/0x6d0 [ 1493.003491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1493.004295] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1493.005075] ? trace_hardirqs_on+0x5b/0x180 [ 1493.005747] ? ___ratelimit+0x1fc/0x440 [ 1493.006370] sg_write.part.0+0x69e/0xaa0 [ 1493.007016] ? sg_new_write.isra.0+0x770/0x770 [ 1493.007732] ? find_held_lock+0x2c/0x110 [ 1493.008368] ? __might_fault+0xd3/0x180 [ 1493.009034] ? lock_downgrade+0x6d0/0x6d0 [ 1493.009691] ? _cond_resched+0x12/0x80 [ 1493.010315] ? inode_security+0x107/0x140 [ 1493.010971] ? avc_policy_seqno+0x9/0x70 [ 1493.011598] ? selinux_file_permission+0x92/0x520 [ 1493.012354] ? security_file_permission+0x24e/0x570 [ 1493.013172] sg_write+0x87/0x120 [ 1493.013703] do_iter_write+0x482/0x670 [ 1493.014313] ? import_iovec+0x83/0xb0 [ 1493.014909] vfs_writev+0x1ae/0x620 [ 1493.015470] ? vfs_iter_write+0xa0/0xa0 [ 1493.016101] ? __fget_files+0x26d/0x4c0 [ 1493.016715] ? lock_downgrade+0x6d0/0x6d0 [ 1493.017446] ? find_held_lock+0x2c/0x110 [ 1493.018082] ? __fget_files+0x296/0x4c0 [ 1493.018717] ? __fget_light+0xea/0x290 [ 1493.019358] do_writev+0x139/0x300 [ 1493.019917] ? vfs_writev+0x620/0x620 [ 1493.020505] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1493.021296] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1493.022076] do_syscall_64+0x33/0x40 [ 1493.022650] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1493.023422] RIP: 0033:0x7f3e10b72b19 [ 1493.023990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1493.026744] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1493.027893] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1493.028961] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1493.030026] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1493.031103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1493.032168] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:47:51 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc04000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:51 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = io_uring_setup(0xd58, &(0x7f0000000bc0)) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000d00)=[0xffffffffffffffff], 0x14) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)="919aa6aa19e32035338fb65fb17ea22b14a0f0d8a1d19ce78ac7e5c69b6a5c5fecd139a29269b0bf59cb282e", 0x2c, 0x0, 0x1}, 0xa3f) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xf6, 0x1f, 0x40, 0xfb, 0x0, 0x7fffffff, 0x100, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x81, 0x4}, 0x51508, 0xffffffffffffffff, 0xffffffe0, 0x9, 0x879, 0xfff, 0x5, 0x0, 0x0, 0x0, 0xfc}, 0xffffffffffffffff, 0xd, r2, 0x4) fork() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 19:47:51 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 60) 19:47:51 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) ioprio_set$pid(0x3, r5, 0x4004) wait4(r4, 0x0, 0x8, 0x0) 19:47:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:47:51 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03030000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:47:51 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc3e000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1507.023983] kauditd_printk_skb: 3 callbacks suppressed [ 1507.023997] audit: type=1326 audit(1718135271.850:1861): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27929 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1507.026725] audit: type=1326 audit(1718135271.851:1862): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27929 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1507.042587] audit: type=1326 audit(1718135271.869:1863): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27929 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1507.043349] sg_write: 4 callbacks suppressed [ 1507.043391] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1507.043391] program syz-executor.0 not setting count and/or reply_len properly [ 1507.045614] FAT-fs (loop3): bogus number of FAT structure [ 1507.048613] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1507.053141] audit: type=1326 audit(1718135271.876:1864): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27929 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1507.055717] sg_write: data in/out 318640/8 bytes for SCSI command 0x3f-- guessing data in; [ 1507.055717] program syz-executor.4 not setting count and/or reply_len properly [ 1507.060560] audit: type=1326 audit(1718135271.876:1865): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27929 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1507.065816] sg_write: data in/out 50584752/8 bytes for SCSI command 0x3f-- guessing data in; [ 1507.065816] program syz-executor.7 not setting count and/or reply_len properly [ 1507.067704] sg_write: data in/out 4119728/8 bytes for SCSI command 0x3f-- guessing data in; [ 1507.067704] program syz-executor.6 not setting count and/or reply_len properly [ 1507.068915] audit: type=1326 audit(1718135271.880:1866): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27929 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1507.075401] FAULT_INJECTION: forcing a failure. [ 1507.075401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1507.077057] CPU: 0 PID: 27922 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1507.077715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1507.078471] Call Trace: [ 1507.078741] dump_stack+0x107/0x167 [ 1507.079113] should_fail.cold+0x5/0xa [ 1507.079497] copy_page_from_iter+0x40a/0x900 [ 1507.079948] blk_rq_map_user_iov+0x138b/0x1a60 [ 1507.080416] ? perf_trace_lock+0xac/0x490 [ 1507.080814] ? __lockdep_reset_lock+0x180/0x180 [ 1507.081269] ? __lockdep_reset_lock+0x180/0x180 [ 1507.081713] ? blk_rq_unmap_user+0x750/0x750 [ 1507.082154] ? find_held_lock+0x2c/0x110 [ 1507.082550] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1507.083070] ? lock_downgrade+0x6d0/0x6d0 [ 1507.083466] ? import_single_range+0x24d/0x2e0 [ 1507.083896] blk_rq_map_user+0x103/0x170 [ 1507.084285] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1507.084752] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1507.085257] ? sg_build_indirect.isra.0+0x710/0x710 [ 1507.085741] ? vprintk_func+0x93/0x140 [ 1507.086118] ? record_print_text.cold+0x16/0x16 [ 1507.086562] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1507.087067] sg_write.part.0+0x69e/0xaa0 [ 1507.087477] ? sg_new_write.isra.0+0x770/0x770 [ 1507.087918] ? find_held_lock+0x2c/0x110 [ 1507.088318] ? __might_fault+0xd3/0x180 [ 1507.088695] ? lock_downgrade+0x6d0/0x6d0 [ 1507.089106] ? _cond_resched+0x12/0x80 [ 1507.089501] ? inode_security+0x107/0x140 [ 1507.089903] ? avc_policy_seqno+0x9/0x70 [ 1507.090316] ? selinux_file_permission+0x92/0x520 [ 1507.090784] ? security_file_permission+0x24e/0x570 [ 1507.091261] sg_write+0x87/0x120 [ 1507.091604] do_iter_write+0x482/0x670 [ 1507.092001] ? import_iovec+0x83/0xb0 [ 1507.092383] vfs_writev+0x1ae/0x620 [ 1507.092735] ? vfs_iter_write+0xa0/0xa0 [ 1507.093099] ? __fget_files+0x26d/0x4c0 [ 1507.093481] ? lock_downgrade+0x6d0/0x6d0 [ 1507.093869] ? find_held_lock+0x2c/0x110 [ 1507.094290] ? __fget_files+0x296/0x4c0 [ 1507.094683] ? __fget_light+0xea/0x290 [ 1507.095063] do_writev+0x139/0x300 [ 1507.095403] ? vfs_writev+0x620/0x620 [ 1507.095772] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1507.096283] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1507.096756] do_syscall_64+0x33/0x40 [ 1507.097113] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1507.097608] RIP: 0033:0x7f3e10b72b19 [ 1507.097970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1507.099707] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1507.100453] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1507.101117] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1507.101788] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1507.102464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1507.103151] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:47:51 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 61) [ 1507.255309] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1507.255309] program syz-executor.0 not setting count and/or reply_len properly [ 1507.270595] FAULT_INJECTION: forcing a failure. [ 1507.270595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1507.271753] CPU: 0 PID: 28051 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1507.272392] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1507.273117] Call Trace: [ 1507.273359] dump_stack+0x107/0x167 [ 1507.273682] should_fail.cold+0x5/0xa [ 1507.274022] copy_page_from_iter+0x40a/0x900 [ 1507.274415] blk_rq_map_user_iov+0x138b/0x1a60 [ 1507.274831] ? perf_trace_lock+0xac/0x490 [ 1507.275194] ? __lockdep_reset_lock+0x180/0x180 [ 1507.275607] ? __lockdep_reset_lock+0x180/0x180 [ 1507.276014] ? blk_rq_unmap_user+0x750/0x750 [ 1507.276395] ? mark_held_locks+0x9e/0xe0 [ 1507.276755] ? find_held_lock+0x2c/0x110 [ 1507.277119] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1507.277585] ? lock_downgrade+0x6d0/0x6d0 [ 1507.277947] ? import_single_range+0x24d/0x2e0 [ 1507.278348] blk_rq_map_user+0x103/0x170 [ 1507.278711] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1507.279132] ? alloc_pages_current+0x18f/0x280 [ 1507.279531] ? sg_build_indirect.isra.0+0x448/0x710 [ 1507.279974] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1507.280438] ? sg_build_indirect.isra.0+0x710/0x710 [ 1507.280877] ? vprintk_func+0x93/0x140 [ 1507.281225] ? record_print_text.cold+0x16/0x16 [ 1507.281630] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1507.282071] ? trace_hardirqs_on+0x5b/0x180 [ 1507.282460] sg_write.part.0+0x69e/0xaa0 [ 1507.282825] ? sg_new_write.isra.0+0x770/0x770 [ 1507.283226] ? find_held_lock+0x2c/0x110 [ 1507.283587] ? __might_fault+0xd3/0x180 [ 1507.283934] ? lock_downgrade+0x6d0/0x6d0 [ 1507.284308] ? _cond_resched+0x12/0x80 [ 1507.284649] ? inode_security+0x107/0x140 [ 1507.285010] ? avc_policy_seqno+0x9/0x70 [ 1507.285365] ? selinux_file_permission+0x92/0x520 [ 1507.285789] ? security_file_permission+0x24e/0x570 [ 1507.286227] sg_write+0x87/0x120 [ 1507.286527] do_iter_write+0x482/0x670 [ 1507.286874] ? import_iovec+0x83/0xb0 [ 1507.287213] vfs_writev+0x1ae/0x620 [ 1507.287537] ? vfs_iter_write+0xa0/0xa0 [ 1507.287882] ? __fget_files+0x26d/0x4c0 [ 1507.288232] ? lock_downgrade+0x6d0/0x6d0 [ 1507.288597] ? find_held_lock+0x2c/0x110 [ 1507.288958] ? __fget_files+0x296/0x4c0 [ 1507.289312] ? __fget_light+0xea/0x290 [ 1507.289652] do_writev+0x139/0x300 [ 1507.289958] ? vfs_writev+0x620/0x620 [ 1507.290287] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1507.290747] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1507.291194] do_syscall_64+0x33/0x40 [ 1507.291524] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1507.291964] RIP: 0033:0x7f3e10b72b19 [ 1507.292284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1507.293845] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1507.294501] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1507.295118] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1507.295730] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1507.296340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1507.296953] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1507.300991] sg_write: data in/out 4119728/8 bytes for SCSI command 0x3f-- guessing data in; [ 1507.300991] program syz-executor.6 not setting count and/or reply_len properly 19:48:04 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:04 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc08000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:04 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dcb3000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:04 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03040000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:04 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x300b4e2, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8914, &(0x7f0000000140)={'lo\x00'}) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={@mcast1, 0x0, r4}) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x5, @private2, 0xfffffc01}, 0x1c) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x560, 0x2000000000004}, 0x0, 0x0, 0x1004, 0x9, 0x0, 0x0, 0x8000, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8914, &(0x7f0000000140)={'lo\x00'}) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'bridge_slave_0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r5 = fork() kcmp(r5, r5, 0x3, r0, r0) ptrace(0x10, r5) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) 19:48:04 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 62) 19:48:04 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x58, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x2800018, &(0x7f0000000240)=ANY=[]) r1 = socket$unix(0x1, 0x0, 0x0) bind$unix(r1, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x40086602, 0xfffffffffffffffd) fsetxattr$security_selinux(r0, &(0x7f00000001c0), &(0x7f0000000280)='system_u:object_r:etc_t:s0\x00', 0x1b, 0x2) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)="8ee2309c47995455ec7dced68eb160c46014b839663252e10fdc61f5e2e2fd88054934d706470c49e1ecb5911b279caf9597c38f7138e265a9c0895eb5c08249a2c2fffbb7cf7c5a067a39e016d7a7be11e2a0359da88dd80144d1175f50989065d52c715c0fec711859e0ef0d7a51407b3c7d181c7a613c92ee0fb23ccfcc9ad88560cba56f1d1efc1e673619d9a31f9815bd4010524cce05589faf", 0x9c, 0x2001}, 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r2}}, 0x7ff) chdir(&(0x7f0000000040)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) setresuid(0x0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) [ 1519.983593] sg_write: data in/out 67361968/8 bytes for SCSI command 0x3f-- guessing data in; [ 1519.983593] program syz-executor.7 not setting count and/or reply_len properly [ 1519.987782] sg_write: data in/out 580784/8 bytes for SCSI command 0x3f-- guessing data in; [ 1519.987782] program syz-executor.4 not setting count and/or reply_len properly [ 1519.991090] audit: type=1326 audit(1718135284.817:1867): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1519.994490] audit: type=1326 audit(1718135284.818:1868): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.005205] audit: type=1326 audit(1718135284.818:1869): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.020456] audit: type=1326 audit(1718135284.818:1870): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.026684] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.026684] program syz-executor.0 not setting count and/or reply_len properly [ 1520.034685] sg_write: data in/out 11787440/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.034685] program syz-executor.6 not setting count and/or reply_len properly [ 1520.035941] audit: type=1326 audit(1718135284.821:1871): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.042455] audit: type=1326 audit(1718135284.821:1872): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.046909] audit: type=1326 audit(1718135284.821:1873): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.051436] audit: type=1326 audit(1718135284.821:1874): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.056494] audit: type=1326 audit(1718135284.832:1875): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.058828] FAT-fs (loop3): bogus number of FAT structure [ 1520.059963] audit: type=1326 audit(1718135284.832:1876): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28156 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1520.060729] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1520.066452] FAULT_INJECTION: forcing a failure. [ 1520.066452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1520.068619] CPU: 1 PID: 28165 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1520.069667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.071051] Call Trace: [ 1520.071593] dump_stack+0x107/0x167 [ 1520.072231] should_fail.cold+0x5/0xa [ 1520.073012] copy_page_from_iter+0x40a/0x900 [ 1520.073691] blk_rq_map_user_iov+0x138b/0x1a60 [ 1520.074518] ? perf_trace_lock+0xac/0x490 [ 1520.075242] ? __lockdep_reset_lock+0x180/0x180 [ 1520.076097] ? __lockdep_reset_lock+0x180/0x180 [ 1520.076953] ? blk_rq_unmap_user+0x750/0x750 [ 1520.077644] ? find_held_lock+0x2c/0x110 [ 1520.078368] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1520.079305] ? lock_downgrade+0x6d0/0x6d0 [ 1520.080134] ? import_single_range+0x24d/0x2e0 [ 1520.080917] blk_rq_map_user+0x103/0x170 [ 1520.081624] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1520.082413] ? alloc_pages_current+0x18f/0x280 [ 1520.083128] ? sg_build_indirect.isra.0+0x448/0x710 [ 1520.084037] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1520.084847] ? sg_build_indirect.isra.0+0x710/0x710 [ 1520.085768] ? vprintk_func+0x93/0x140 [ 1520.086462] ? record_print_text.cold+0x16/0x16 [ 1520.087179] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1520.088074] ? trace_hardirqs_on+0x5b/0x180 [ 1520.088737] sg_write.part.0+0x69e/0xaa0 [ 1520.089338] ? sg_new_write.isra.0+0x770/0x770 [ 1520.090002] ? find_held_lock+0x2c/0x110 [ 1520.090603] ? __might_fault+0xd3/0x180 [ 1520.091192] ? lock_downgrade+0x6d0/0x6d0 [ 1520.091823] ? _cond_resched+0x12/0x80 [ 1520.092391] ? inode_security+0x107/0x140 [ 1520.093134] ? avc_policy_seqno+0x9/0x70 [ 1520.093817] ? selinux_file_permission+0x92/0x520 [ 1520.094711] ? security_file_permission+0x24e/0x570 [ 1520.095448] sg_write+0x87/0x120 [ 1520.095951] do_iter_write+0x482/0x670 [ 1520.096524] ? import_iovec+0x83/0xb0 [ 1520.097085] vfs_writev+0x1ae/0x620 [ 1520.097616] ? vfs_iter_write+0xa0/0xa0 [ 1520.098333] ? __fget_files+0x26d/0x4c0 [ 1520.098926] ? lock_downgrade+0x6d0/0x6d0 [ 1520.099529] ? find_held_lock+0x2c/0x110 [ 1520.100138] ? __fget_files+0x296/0x4c0 [ 1520.100728] ? __fget_light+0xea/0x290 [ 1520.101300] do_writev+0x139/0x300 [ 1520.101815] ? vfs_writev+0x620/0x620 [ 1520.102375] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.103270] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.104245] do_syscall_64+0x33/0x40 [ 1520.104845] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.105585] RIP: 0033:0x7f3e10b72b19 [ 1520.106224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.108835] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1520.109936] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1520.110962] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1520.111989] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.113018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.114035] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:48:04 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03050000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1520.181999] sg_write: data in/out 11787440/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.181999] program syz-executor.6 not setting count and/or reply_len properly 19:48:05 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0a000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:05 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x40010, r3, 0x0) ptrace(0x10, r2) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) r7 = gettid() ptrace$setopts(0x4206, r7, 0x4, 0x10002a) wait4(r6, 0x0, 0x8, 0x0) [ 1520.292248] sg_write: data in/out 84139184/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.292248] program syz-executor.7 not setting count and/or reply_len properly 19:48:05 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 63) [ 1520.386476] sg_write: data in/out 711856/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.386476] program syz-executor.4 not setting count and/or reply_len properly 19:48:05 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03020000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:05 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03060000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1520.507282] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.507282] program syz-executor.0 not setting count and/or reply_len properly [ 1520.522252] sg_write: data in/out 33807536/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.522252] program syz-executor.6 not setting count and/or reply_len properly [ 1520.538774] FAULT_INJECTION: forcing a failure. [ 1520.538774] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1520.540634] CPU: 1 PID: 28352 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1520.541624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.542809] Call Trace: [ 1520.543210] dump_stack+0x107/0x167 [ 1520.543736] should_fail.cold+0x5/0xa [ 1520.544293] copy_page_from_iter+0x40a/0x900 [ 1520.544936] blk_rq_map_user_iov+0x138b/0x1a60 [ 1520.545609] ? perf_trace_lock+0xac/0x490 [ 1520.546208] ? __lockdep_reset_lock+0x180/0x180 [ 1520.546886] ? __lockdep_reset_lock+0x180/0x180 [ 1520.547552] ? blk_rq_unmap_user+0x750/0x750 [ 1520.548180] ? mark_held_locks+0x9e/0xe0 [ 1520.548771] ? find_held_lock+0x2c/0x110 [ 1520.549361] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1520.550123] ? lock_downgrade+0x6d0/0x6d0 [ 1520.550716] ? import_single_range+0x24d/0x2e0 [ 1520.551385] blk_rq_map_user+0x103/0x170 [ 1520.551974] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1520.552653] ? alloc_pages_current+0x18f/0x280 [ 1520.553315] ? sg_build_indirect.isra.0+0x448/0x710 [ 1520.554042] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1520.554802] ? sg_build_indirect.isra.0+0x710/0x710 [ 1520.555525] ? vprintk_func+0x93/0x140 [ 1520.556088] ? record_print_text.cold+0x16/0x16 [ 1520.556761] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1520.557485] ? trace_hardirqs_on+0x5b/0x180 [ 1520.558117] sg_write.part.0+0x69e/0xaa0 [ 1520.558701] ? sg_new_write.isra.0+0x770/0x770 [ 1520.559368] ? find_held_lock+0x2c/0x110 [ 1520.559964] ? __might_fault+0xd3/0x180 [ 1520.560535] ? lock_downgrade+0x6d0/0x6d0 [ 1520.561147] ? _cond_resched+0x12/0x80 [ 1520.561708] ? inode_security+0x107/0x140 [ 1520.562305] ? avc_policy_seqno+0x9/0x70 [ 1520.562891] ? selinux_file_permission+0x92/0x520 [ 1520.563589] ? security_file_permission+0x24e/0x570 [ 1520.564309] sg_write+0x87/0x120 [ 1520.564803] do_iter_write+0x482/0x670 [ 1520.565366] ? import_iovec+0x83/0xb0 [ 1520.565922] vfs_writev+0x1ae/0x620 [ 1520.566452] ? vfs_iter_write+0xa0/0xa0 [ 1520.567140] ? __fget_files+0x26d/0x4c0 [ 1520.567830] ? lock_downgrade+0x6d0/0x6d0 [ 1520.568546] ? find_held_lock+0x2c/0x110 [ 1520.569264] ? __fget_files+0x296/0x4c0 [ 1520.569964] ? __fget_light+0xea/0x290 [ 1520.570635] do_writev+0x139/0x300 [ 1520.571265] ? vfs_writev+0x620/0x620 [ 1520.571929] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.572831] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.573721] do_syscall_64+0x33/0x40 [ 1520.574365] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.575254] RIP: 0033:0x7f3e10b72b19 [ 1520.575899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.579024] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1520.580327] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1520.581548] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1520.582776] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.584032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.585279] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1520.621317] sg_write: data in/out 33807536/8 bytes for SCSI command 0x3f-- guessing data in; [ 1520.621317] program syz-executor.6 not setting count and/or reply_len properly 19:48:05 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc2c000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:05 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03030000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:22 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc3e000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1538.115538] FAT-fs (loop3): bogus number of FAT structure [ 1538.116456] FAT-fs (loop3): Can't find a valid FAT filesystem 19:48:22 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03040000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:22 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03070000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:22 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000000280)={0x0, 0x1f, @start={0x0, 0x1, "567bae9093a4dd32e029c766506c59388d47cb5f7ba11e3fa2593abf618b4d2a80cdb443c1fd504c541eaa8a8eecc005b8831c7fe6c8d4e0db507c1d9ccad620c6d231bf8a88523b10d9db77589c082a81f455f92b1ab6028ca7049574ce4c642c0b976106fc85cbc1cfe6501ad3fb1b9c6b55d5d14c6f0be36a1cefb947e54294912755b63e0dba90487a33b0557819764bab6c2ed6188efea8052ed623024efa8d6e83240c89d8e97b1195289264da35395e6de10bd62ade634f4d9bc1afe38a41710bfdd573eedb0d44dd5dc2bbfc7990074fa2696c5b15c17014b7c30c101755ee266322ad70d3242849dd1172a955b1896f230eb718b09a4199f236eebbd7fbe15a9439c6758429a3d255efe5e6083259bbdccbcef9064ea73e55b515988c09e0dbd83d79e0b54e99b10cd65c239d819ed2efd8b961795f12a3652f1f1aa64c032fba7dda863ff0fd07e15e678085a333671797006e464ee19ac78a545e0d0aa3f31f7c43f18a8ae167e062fcf8d62cb5a5cab880efbc0682b15f46c8ed3cdc414736de88a6938b8ed6dc33372cf4d9f9fa51eadf27833d4cf0feb93de388c19b840bd87d5903afefbaa8eb06db1418fd96f1c9f964cdb8f7ea6710241eb1402fbb13d84fb02ebd1a2cf15c60c2997f354b03d1c84b542f65c48bfd0177309c2f3791cc68330167a4c7f9838efde2c5ada45d191166a83a077b97b775811886d342002f3beaefaf28cfb6c197c815c4f09bf0d39286f0350e1968d7d8386e65f91e09f104f6cb2da3b047d092d21aea7975b9edf56dfcbd5aca770ec27a0a306bba93e0692d6713198295979ebe909f9b44d0a051ceade877f5012e4cbdfb3434c70bf5c9e1980eb5320721c3e2a5d86a1f943ebbe64bc44942f22d8c7dc68b6f77a21a04d50d6691109e204c8071595c280f0abf64f60fa82ba0b354feff26998382a425f0005eb4a58c06e4bfd8ddbac79ec1db0a0108446388f54f32e7ac7a04927795ba34b30911bd632cc0890715000783e4331b4aadd373d69ff553c0d5ec89118b5893ce631619041677c3dc095d0daa5a66dc06967bebfcd2888a5048d1b0e7f2fae1b9cf2f0dfc92abba77f3b54dd65a1a4d3ffdc39166a4220987cfed7163c16d9334126bdb24d352c875b59c87764c1ab73b415b7354e1aa270811dc97675ec991240738dbe9b8182b939f8fc94bf81ac8a8ac0cb9845275b972fa307e9616d6f850bbcce4e71454ef55f01092daeed02f404d0ae71cb94feb86b4425d0e1e7134e57555194f512aff655e5f4f5b7c7d342009f640bd3bf3cc748917a6ea90fe54f41789890734d9a1338eb01a83136b3fe2f97c30e065f1c97cd0da44e2b36594e36f25c585ed265e9d5144bc136751c1b66469588550699dcb4f4bdf902977bea9218a07aa0394ce4cba26d669390f95e0bf62cf57e79e39", "368b035e15cbc13e66f1d7e6a187e63a9baa4cbfb3d8a33640311a44ebe932078d9d8788d7676bee20f1283ea23fd2d3bf39ae169df8f99e69dc9c04eff8ad4768efaa4d825b023bde0251c36fd5ad6ff5a8cd0604999f9ef0516ad19effd59fbe0535e8c9f07863ce514c683aaa0eea03101c070c066924a4bd1f82b9e974f90197d0bafdd2f094db7aefd33a64fb6d30537c1a2f8fafec64dbc95b5a6b1ff23fb989e3914ea39f8dde7ccc9268b959b7f7b83ee7cbea19b8d5c5300dd5fa99a6e464ab7af414019df3c20aca339b651800c8ff2ade2561525202b4b2ce14f35ec0e875b752c70389a406c1c2faf45e559ef5208767d5c23d5ba802ba67d03dcbfb5a396e4a864b69b416c07bf326ffd711960566592e4934b624be931b8b79b230648072bcea609a6cf2a44c01ea3a8a72d1a2d3843bdfc5bfe77cfe782b5ce54b9242e4010e12a37f545fe0f856bbf1c355865418d7ed37b08adb14b8a65d56e8a3afbfd4c9ad9a82fd254891b42376181f8327c7b40ac9727456ef0a987f4dc47db03b1f724448770fe8f86e85fc704eb187f53f2e64e9bd2417dc4c4092d48e1c0e3e37c78bd61cf3f5eefafae93d38d3528c3d5a5c23e054363e8d9837f0ceceb08ea398ce00cc29b486fee58d7394b494ebc7fffc1e5743ae917e75f8743672fce49f333eb1a37c0219112d644fdb3e1d95c04907c0c497d3364c119a49e69d49159ff05eca72354a354818eac0de679a1c67c7b62ccea5df3c4cce6ae18a772ae8d67ff4ce22dd835be45f488d19812537d72543e6ead5906f9b4cc9cbb4ea8f4cf50f438ac854b5c9b99f01c61e5a2722a463de6a8b1e8dbe400d8c47f5216b5115573ddf0e972c63fbf34208a2a75687630a0adfb5c7e80f7b9842c0fea1f6eb93b5d4fbf2b11695c2dd57b8fcda1ba934bddb21e57bfee0a6b5eeeb1a9c34e3f87a0c663a8094ec89bb363ba19421a7ded5b8dc40ee91f4c39ab9ee73209d4205a128ad70498ee04d779b470cd5dab7f8c73c8b1f4fe39efaf7e724434fb267dc5cdb760d2a7e128ceca54cf051a18c948c98197affd76d39036c1dd8bfcf6b3960d7e63c902a3befa6c99101248414ffb8a8348fa2431f30e2becf248ae28f316964aaeed97012d8b1e66baa89a1080e38d247d1d68f5170d8be09758e3878fedbaee7ecac988a63f9a267c0d571f621b74c9f33cb0e1d99f66afd2158c972a8efcc93804b9a81e440e59eddfa88c4805f8bf303cd2b48ef74a5726c231a1272c3a476d25913eaf9b623b491a0757b27727b94e26eb08ec01fc3a24b3ebf1db847605b75445cf73662a7b241a1f04cbae6b2bdf116954c93e7111ede5054f5708b703bd9653623a8e611d20df64864f60f6b9b21c6389878ccc560c5bd11f92a3d10b49b08485224f66835d6cb45f1954145989b2506ca531fc134"}, [0x5, 0x200003f, 0x6, 0x76e, 0xad25, 0x7fff, 0xfffffffffffffffb, 0xda11, 0x401, 0x2, 0x725a5845, 0x83bfffffffe, 0x6, 0x9, 0x9, 0x6, 0x1, 0x8000, 0xfffffffffffffffc, 0x3, 0x6749, 0x7, 0x70c, 0x7, 0x2, 0x9, 0x450, 0x2, 0x80, 0x5, 0x8, 0x7fff, 0x9, 0x1, 0x8, 0x8, 0x9, 0xe8, 0x1, 0x3, 0x100000001, 0x7, 0x1ff, 0x7, 0xad31, 0x1d, 0x7fffffff, 0x59, 0x0, 0x0, 0x8001, 0xffff, 0x0, 0x9, 0x9, 0x100000000, 0x100, 0x5, 0x49d, 0x2, 0x8000, 0x1, 0xff, 0x8000]}) r3 = gettid() kcmp(0x0, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs(r3, &(0x7f0000000100)='net/kcm\x00') r4 = fork() getpid() fork() ptrace(0x7, r4) r5 = fork() wait4(r5, 0x0, 0x8, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000008, 0x4000010, 0xffffffffffffffff, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000080)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r7}}, 0x7) 19:48:22 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 64) 19:48:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000", 0x15, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:22 executing program 5: syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = dup(r0) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000100)=0x5) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000002c0)=0xc) ioctl$CDROM_LAST_WRITTEN(r1, 0x5395, &(0x7f0000000240)) ioctl$CDROMREADCOOKED(0xffffffffffffffff, 0x5315, &(0x7f0000000300)) syz_open_dev$vcsn(&(0x7f0000000140), 0xc1, 0x1ad000) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x6, 0x4, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4040884) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) unlinkat(r3, &(0x7f0000000040)='./file0\x00', 0x200) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0xc5, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x8}, 0xb600, 0x7, 0x7, 0x9, 0x8000000b7a, 0x1000000, 0x7fff, 0x0, 0x1}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0xb) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) keyctl$chown(0x4, 0x0, 0x0, 0xffffffffffffffff) [ 1538.153588] kauditd_printk_skb: 21 callbacks suppressed [ 1538.153607] audit: type=1326 audit(1718135302.980:1898): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28516 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1538.160339] audit: type=1326 audit(1718135302.986:1899): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28516 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1538.182216] sg_write: 4 callbacks suppressed [ 1538.182236] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.182236] program syz-executor.0 not setting count and/or reply_len properly [ 1538.186658] audit: type=1326 audit(1718135302.998:1900): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28516 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1538.196209] sg_write: data in/out 117693616/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.196209] program syz-executor.7 not setting count and/or reply_len properly [ 1538.201775] sg_write: data in/out 67361968/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.201775] program syz-executor.6 not setting count and/or reply_len properly [ 1538.207671] FAULT_INJECTION: forcing a failure. [ 1538.207671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1538.210241] CPU: 0 PID: 28513 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1538.211270] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1538.212473] Call Trace: [ 1538.212870] dump_stack+0x107/0x167 [ 1538.213409] should_fail.cold+0x5/0xa [ 1538.213983] copy_page_from_iter+0x40a/0x900 [ 1538.214735] blk_rq_map_user_iov+0x138b/0x1a60 [ 1538.215453] ? perf_trace_lock+0xac/0x490 [ 1538.215703] sg_write: data in/out 4119728/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.215703] program syz-executor.4 not setting count and/or reply_len properly [ 1538.216080] ? __lockdep_reset_lock+0x180/0x180 [ 1538.216104] ? __lockdep_reset_lock+0x180/0x180 [ 1538.216131] ? blk_rq_unmap_user+0x750/0x750 [ 1538.218769] audit: type=1326 audit(1718135302.999:1901): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28516 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1538.219030] ? find_held_lock+0x2c/0x110 [ 1538.219060] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1538.219085] ? lock_downgrade+0x6d0/0x6d0 [ 1538.219902] audit: type=1326 audit(1718135303.004:1902): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28516 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1538.220376] ? import_single_range+0x24d/0x2e0 [ 1538.220402] blk_rq_map_user+0x103/0x170 [ 1538.229682] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1538.230388] ? alloc_pages_current+0x18f/0x280 [ 1538.231067] ? sg_build_indirect.isra.0+0x448/0x710 [ 1538.231808] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1538.232592] ? sg_build_indirect.isra.0+0x710/0x710 [ 1538.233326] ? vprintk_func+0x93/0x140 [ 1538.233906] ? record_print_text.cold+0x16/0x16 [ 1538.234590] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1538.235337] ? trace_hardirqs_on+0x5b/0x180 [ 1538.235987] sg_write.part.0+0x69e/0xaa0 [ 1538.236595] ? sg_new_write.isra.0+0x770/0x770 [ 1538.237281] ? find_held_lock+0x2c/0x110 [ 1538.237887] ? __might_fault+0xd3/0x180 [ 1538.238474] ? lock_downgrade+0x6d0/0x6d0 [ 1538.239104] ? _cond_resched+0x12/0x80 [ 1538.239670] ? inode_security+0x107/0x140 [ 1538.240280] ? avc_policy_seqno+0x9/0x70 [ 1538.240872] ? selinux_file_permission+0x92/0x520 [ 1538.241578] ? security_file_permission+0x24e/0x570 [ 1538.242308] sg_write+0x87/0x120 [ 1538.242819] do_iter_write+0x482/0x670 [ 1538.243400] ? import_iovec+0x83/0xb0 [ 1538.243974] vfs_writev+0x1ae/0x620 [ 1538.244518] ? vfs_iter_write+0xa0/0xa0 [ 1538.245103] ? __fget_files+0x26d/0x4c0 [ 1538.245692] ? lock_downgrade+0x6d0/0x6d0 [ 1538.246311] ? find_held_lock+0x2c/0x110 [ 1538.246928] ? __fget_files+0x296/0x4c0 [ 1538.247539] ? __fget_light+0xea/0x290 [ 1538.248123] do_writev+0x139/0x300 [ 1538.248649] ? vfs_writev+0x620/0x620 [ 1538.249212] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1538.249988] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1538.250741] do_syscall_64+0x33/0x40 [ 1538.251301] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1538.252058] RIP: 0033:0x7f3e10b72b19 [ 1538.252607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1538.255283] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1538.256376] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1538.257422] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1538.258470] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1538.259518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1538.260562] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1538.316332] sg_write: data in/out 67361968/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.316332] program syz-executor.6 not setting count and/or reply_len properly 19:48:23 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 65) 19:48:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03080000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1538.438451] audit: type=1326 audit(1718135303.265:1903): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28516 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1538.442261] audit: type=1326 audit(1718135303.265:1904): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28516 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:48:23 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03050000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1538.495697] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.495697] program syz-executor.0 not setting count and/or reply_len properly [ 1538.520382] FAULT_INJECTION: forcing a failure. [ 1538.520382] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1538.522215] CPU: 1 PID: 28707 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1538.523239] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1538.524429] Call Trace: [ 1538.524821] dump_stack+0x107/0x167 [ 1538.525355] should_fail.cold+0x5/0xa [ 1538.525921] copy_page_from_iter+0x40a/0x900 [ 1538.526572] blk_rq_map_user_iov+0x138b/0x1a60 [ 1538.527259] ? perf_trace_lock+0xac/0x490 [ 1538.527969] ? __lockdep_reset_lock+0x180/0x180 [ 1538.528648] ? __lockdep_reset_lock+0x180/0x180 [ 1538.529316] ? blk_rq_unmap_user+0x750/0x750 [ 1538.529963] ? find_held_lock+0x2c/0x110 [ 1538.530576] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1538.531457] ? lock_downgrade+0x6d0/0x6d0 [ 1538.532163] ? import_single_range+0x24d/0x2e0 [ 1538.532847] blk_rq_map_user+0x103/0x170 [ 1538.533438] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1538.534129] ? alloc_pages_current+0x18f/0x280 [ 1538.534796] ? sg_build_indirect.isra.0+0x448/0x710 [ 1538.535540] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1538.536317] ? sg_build_indirect.isra.0+0x710/0x710 [ 1538.537046] ? vprintk_func+0x93/0x140 [ 1538.537617] ? record_print_text.cold+0x16/0x16 [ 1538.538292] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1538.539014] ? trace_hardirqs_on+0x5b/0x180 [ 1538.539667] sg_write.part.0+0x69e/0xaa0 [ 1538.540260] ? sg_new_write.isra.0+0x770/0x770 [ 1538.540930] ? find_held_lock+0x2c/0x110 [ 1538.541568] ? __might_fault+0xd3/0x180 [ 1538.542148] ? lock_downgrade+0x6d0/0x6d0 [ 1538.542808] ? _cond_resched+0x12/0x80 [ 1538.543525] ? inode_security+0x107/0x140 [ 1538.544130] ? avc_policy_seqno+0x9/0x70 [ 1538.544722] ? selinux_file_permission+0x92/0x520 [ 1538.545431] ? security_file_permission+0x24e/0x570 [ 1538.546156] sg_write+0x87/0x120 [ 1538.546656] do_iter_write+0x482/0x670 [ 1538.547243] ? import_iovec+0x83/0xb0 [ 1538.547890] vfs_writev+0x1ae/0x620 [ 1538.548592] ? vfs_iter_write+0xa0/0xa0 [ 1538.549179] ? __fget_files+0x26d/0x4c0 [ 1538.549894] ? lock_downgrade+0x6d0/0x6d0 [ 1538.550501] ? find_held_lock+0x2c/0x110 [ 1538.551252] ? __fget_files+0x296/0x4c0 [ 1538.551856] ? __fget_light+0xea/0x290 [ 1538.552546] do_writev+0x139/0x300 [ 1538.553181] ? vfs_writev+0x620/0x620 [ 1538.553791] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1538.554552] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1538.555375] do_syscall_64+0x33/0x40 [ 1538.555974] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1538.556713] RIP: 0033:0x7f3e10b72b19 [ 1538.557256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1538.559886] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1538.560983] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1538.562046] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1538.563116] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1538.564139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1538.565159] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1538.637817] sg_write: data in/out 84139184/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.637817] program syz-executor.6 not setting count and/or reply_len properly [ 1538.677439] sg_write: data in/out 84139184/8 bytes for SCSI command 0x3f-- guessing data in; [ 1538.677439] program syz-executor.6 not setting count and/or reply_len properly 19:48:39 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000", 0x15, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03090000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:39 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x8, r2) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000000c0), &(0x7f0000000100)=0x8) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:48:39 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03020000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:39 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03060000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:39 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 66) [ 1554.526604] FAT-fs (loop3): bogus number of FAT structure [ 1554.527499] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1554.547841] audit: type=1326 audit(1718135319.374:1905): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.548345] sg_write: data in/out 33807536/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.548345] program syz-executor.4 not setting count and/or reply_len properly [ 1554.557211] audit: type=1326 audit(1718135319.380:1906): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.569069] audit: type=1326 audit(1718135319.380:1907): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.574233] sg_write: data in/out 151248048/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.574233] program syz-executor.7 not setting count and/or reply_len properly [ 1554.582651] sg_write: data in/out 100916400/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.582651] program syz-executor.6 not setting count and/or reply_len properly [ 1554.588882] audit: type=1326 audit(1718135319.381:1908): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.594316] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.594316] program syz-executor.0 not setting count and/or reply_len properly [ 1554.603026] audit: type=1326 audit(1718135319.413:1909): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.610809] FAULT_INJECTION: forcing a failure. [ 1554.610809] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1554.613345] CPU: 1 PID: 28760 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1554.614547] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1554.615907] Call Trace: [ 1554.616473] dump_stack+0x107/0x167 [ 1554.617049] should_fail.cold+0x5/0xa [ 1554.617755] copy_page_from_iter+0x40a/0x900 [ 1554.618464] blk_rq_map_user_iov+0x138b/0x1a60 [ 1554.619328] ? perf_trace_lock+0xac/0x490 [ 1554.620131] ? __lockdep_reset_lock+0x180/0x180 [ 1554.620939] ? __lockdep_reset_lock+0x180/0x180 [ 1554.621696] ? blk_rq_unmap_user+0x750/0x750 [ 1554.622381] ? find_held_lock+0x2c/0x110 [ 1554.623040] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1554.623867] ? lock_downgrade+0x6d0/0x6d0 [ 1554.624609] ? import_single_range+0x24d/0x2e0 [ 1554.625456] blk_rq_map_user+0x103/0x170 [ 1554.626114] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1554.626846] ? alloc_pages_current+0x18f/0x280 [ 1554.627597] ? sg_build_indirect.isra.0+0x448/0x710 [ 1554.628480] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1554.629362] ? sg_build_indirect.isra.0+0x710/0x710 [ 1554.630303] ? vprintk_func+0x93/0x140 [ 1554.630945] ? record_print_text.cold+0x16/0x16 [ 1554.631683] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1554.632581] ? trace_hardirqs_on+0x5b/0x180 [ 1554.633261] sg_write.part.0+0x69e/0xaa0 [ 1554.633982] ? sg_new_write.isra.0+0x770/0x770 [ 1554.634853] ? find_held_lock+0x2c/0x110 [ 1554.635831] ? __might_fault+0xd3/0x180 [ 1554.636484] ? lock_downgrade+0x6d0/0x6d0 [ 1554.636992] ? _cond_resched+0x12/0x80 [ 1554.637533] ? inode_security+0x107/0x140 [ 1554.638029] ? avc_policy_seqno+0x9/0x70 [ 1554.638494] ? selinux_file_permission+0x92/0x520 [ 1554.639088] ? security_file_permission+0x24e/0x570 [ 1554.639676] sg_write+0x87/0x120 [ 1554.640106] do_iter_write+0x482/0x670 [ 1554.640545] ? import_iovec+0x83/0xb0 [ 1554.641009] vfs_writev+0x1ae/0x620 [ 1554.641519] ? vfs_iter_write+0xa0/0xa0 [ 1554.642159] ? __fget_files+0x26d/0x4c0 [ 1554.642673] ? lock_downgrade+0x6d0/0x6d0 [ 1554.643157] ? find_held_lock+0x2c/0x110 [ 1554.643558] ? __fget_files+0x296/0x4c0 [ 1554.643929] ? __fget_light+0xea/0x290 [ 1554.644268] do_writev+0x139/0x300 [ 1554.644597] ? vfs_writev+0x620/0x620 [ 1554.644929] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1554.645406] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1554.645851] do_syscall_64+0x33/0x40 [ 1554.646192] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1554.646630] RIP: 0033:0x7f3e10b72b19 [ 1554.646970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1554.648597] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1554.649362] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1554.649962] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1554.650560] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1554.651158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1554.651791] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:48:39 executing program 5: ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, &(0x7f0000000080)=0x7a) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r0, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, 0x0, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r1, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) perf_event_open(&(0x7f00000018c0)={0x3, 0x80, 0x20, 0x0, 0x81, 0x9, 0x0, 0x81, 0x4b443, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0x0, 0x86e}, 0x0, 0x5, 0x7, 0x1, 0x1ff, 0x3, 0x400, 0x0, 0x2, 0x0, 0x120000000000000}, 0xffffffffffffffff, 0x6, r0, 0x1) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f00000001c0)=@md0, &(0x7f0000001800)='./file1\x00', &(0x7f0000001840)='ncpfs\x00', 0x2100000, &(0x7f0000001880)='ext3\x00') mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000001940)='nobarrier', 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0xf503, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}], 0x7f, "9656c75f04ba4d"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000001980)={{0x0, 0x7, 0x8, 0x6, 0x6, 0x100000001, 0x3f, 0x7, 0x5, 0x55a65449, 0x200, 0x2, 0x2, 0x6, 0x6}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) set_mempolicy(0x2, &(0x7f0000000100)=0x2, 0x100) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x7, &(0x7f00000016c0)=[{&(0x7f0000000240)="ec0655d28bb51a453caa14f4f5442d84da64ad59161dd0368f261544ca95802ff827c9288bb19b4ba8b174f73a07a98a5e7585337cd23d8d0058d62b192e2b3e55897cc0d102e3610bb33ba25f90162fd352873375cd8b47a03ea0297d34dbfb8caeaaf9f998091ca7f99815fea7a982d521da6c2b7630c38e9ba8027819c90369e97c0c66737a1b56540231af349486a63223af6af32c29b19825fd8080fb1fc8a58bf4936e1ceb72a934b541b58797886db90b6b1863cac4f2cfc83752796480bb2bff1870482babafdb0adf72715f5ae775015a486a67f2c061abecb1026f99e467788b55ce3cea06970c185f369ba0439156b24b6047", 0xf8, 0x4}, {&(0x7f0000000140)="56f79317d462fe35f5616d4ebd8d9feb6d67c3a051fdedbbb8b688c4", 0x1c, 0x5}, {&(0x7f0000000340)="c26007d0f9740fe6e2d93212589b54de2dc8b789b22ae6de8822b71faf140e63a53c3a49a0b8f946cb648e8c41f1e97140a113ffcf6f785bf5d6986a420677449042042cdc93418ef62094173bf50dff787c8c0c4d903c3fb230fb402a419d0a073adddc93ca863d98201e0a28cca2e7214456cbfcb31489ccf5665b1949de5ce5048c54632d3cccc6743b121090bad1a51c68f91292dde049a1014f1355ab049a673629871d913c764ef777b12e91ec22579d3ba3b5dcdb15a08ec84c0ade90700aaea191dfcefdc34cd906360bd17fa3419b", 0xd3, 0x4}, {&(0x7f0000000440)="fff296e70d3c3505679c96f7b4c008f9fee8fa2a4aa85f885ee387003a05d130ed8cc72b7c195e94a56722fe2ff0f3c429d17f3451de91a1c1ab4388e71a4177793cfc061b79c4ebc79190e26abede2fbe1733c36b8f0093ea0829b92649fdc8b11a842df83f43cb562e450b1a8c4feb1bc5ee1c6a249ea65fd4636cb956d3c1b61547341dd727042e2858f641b137ec37a5cb89b7233d840d1b6a93235c68b24e49487e551fa7f3473a2d0866502c2c867d8bec9b66905ad2189c046cdc", 0xbe, 0x3ff}, {&(0x7f0000000500)="9eb57216ba8b76f64849aad1e9768571c5dd67ec16b9393fee67c07a1a180df888ca1757fa09de0dc4d5224ef23c013fdbfddacb4278f3fa43cdd425feb05c7437afb88434b84cf6007387891f55c647a11ecb675ae984893f4c784c7ae676a778f9a60f32b01610b1a35fec2112f11ab8dc10ce14bf919ce0752b401819b9561cf790e82e8e7e265ad7b0d89c49acd0763727d94e86d14b7c4dda6d2a57826362921ffd8b2674068b679d87ecf1999041b912e7fb94de792747591836ef2d85a576584873529c3006d30e", 0xcb, 0x8}, {&(0x7f0000000600)="e0533ed5cad3ee0ce6bad9ec5c5f78ceadd363daeec0f63e903b32ef96c0bbf316a9a5645c26c496c88302302ba89487aeabde9263fd8b5be50c1b9cb8e158ab030252f93da6f28973ec6ff37ec04ea17131725352595df8908c1d013a524f54c7cb6c83d5d47320ee6c2d4e2206cb2f6108080e3e683655dd65e0d05579dc30c24a611402edf75087dc3424ef2d", 0x8e, 0x7fffffff}, {&(0x7f00000006c0)="b7fea7de6708cd45b49c5ceb0ec5b69e79ef6acab283fcc85a6def9d1182dd75e6ac361198bdfaf2b5b89f006f4e3d264c6d98e5d97fb23813cd1e8e0f8eca4a644705b8d3b70bc14619203891f7a5f4172fc903054f2d36a8db1016ec88a3a2f8c68e6a1480ce4651bae0308d9413aa42d014cc14d73667701ec3bdfdb3fa91053faa2568edef4a80f867f9acd7b77211c2bd3471326216e93822c332b447418984e5ee26cfd20768eb1b65346625b3a1a2192af3c4bd0f8003f94403302ade9754fda3923103cd6a0c0454cfbb04a8a7410ee23ca92d998982d032bcb0015af1abdb0793de7cd8e4cc6575e40581124d637aa4449bf42f4e467cd6d70b4b37a2227153ba95b40be5b7bba231d74e3a413219bfec6091985d0b9765ca1b898cc1c8e2a6cbf15ef9a325b067900cc6ab4a0baae76e0cf4aaaa39ed584d654fb1add58cedac2020d0037a28081299ce17c2b1c2eb2f7b2f0468554cd04ea2a948530351dcf51f070a4677f0cfa8886818ce39dfa7236a9dc5d639e96fafb4eeea5a1a6d5d79e44e6d8e496d498e482f476c736a02a7cb4f826a7d838d6eb3621e1099afafcd02741b28d034b6a2abdc8e9aa2bbd51bab744860b15f6d01656cf8c2513d2d7593a34befd342cf0ed71e36c5512deafff2a9d17b3d6fdf4390b24338e273fd78fc6420b03327358ee275982275ad0c333b7304878faaf8d8e290dcf7597e165d26f49f32519975137dfdd4aa8e9164d27be4567c162a0ef58b3547cace4f1bfa3fb0e56028771b3b9e8fa97b2df630c8d1bd8e5bab2dbfa5f9431c88afec7b3ce8e9256df49a025b3b5c9f398a0ab0ddda9eeb75ec72bf68e41a86166a902af4fdc0e4a1c4405b9505412337becd035ff1e861773614015285fe4ec4054b77641e5d527e763a58beedda3a58f20046dc2b1c623aadd77dd85992948f722c3ebab38d969b8ab6158513a8794ed99db4fefb381cf739e7203e454ed555280ccf56eaf2c50240e2ed02150faec9d61e5205abfa136ab2913f82086824766f7695d7ef3c2ac9e2371cb6fa02c306f617e430db134e59d2f65ae9d623ff1c0864d4db0543dbf0a3f4de5efe96317e118471da1a3674a22c959ca63e5c9428a8312396d6494e62816bfacaf933dd88d8b18cc527d83a67305a34cb3df881545635890f45aaa15ac02112c4270b907f035430163017386ce9cb720da672fec1aadec54691e684a3318fa497b61e5bb92f297c8a85961eef382a0b761e9102eb196498f5beeb8b87289ea40e1831485a6fecba8458c8078b6bce87bd0d9f8810e4e0ac67fdfb20dc63b6ea16a7715546525d5cb9eab7f5ebe85a04b72e5cfb7c9fb592d406057f93e7098fa9a65e1c0e34d02f3af3afc9ffecb092a1f00069c8363497375419895dd8fc2088b250d598e1721e612771a6a84d70a6d01919125cb5a5e4e7a4f73c1e8d899906c565bda1d7dd807f504ea38d4f10f644caf65883bc3ef9057e662548e4fba374c47521e6569231153fa7c48cd260ae8a7c3c6cbffcd62a882a47896d8f66e91640d51bf7016269c5824a323005b8f9f5550402eafe19b1570bd04989055fdff00a7a1c8d530fb1402ae8629ace3f8430cdfee92a084b23bb3b6af646675365a906c80c2fe14a2d6ab24d4736b5e7449d5135b9f746ea28a26d7e35fc266d2ac21aadd8131b95bd8706e9710d4f231ece302e87bfd67c51597ace58ba2c43f009f85194b949a31584bc687cb5a7e95b15a7f5232159ab344d97452d3f3a446e7f7c2b585cc97d11c354b654373555d57a1b47df47c41f2cd1efbd0d305e62f5b9789367ecf969a3df1fc0ee7505adc8de549abae6ada7336a721651e46f3c120b5379c02fa20f43a5ff91d1d8da247eacdde9eb905dec6920526a71a7c3ee17a88d404262d7e106059b78a15c64ea4fbf393ff2245bd63e6f085e3ad525e417f78c8682146e70f4cc8d7f72761ea2051d4c9fa3c5be76a58789794ae405c90a7e64aa87c2db95104b9475d227a19b1ea3a2881c63656b5a731553a80757c8ab6ba9e1b4bd4b770159b9a5ea1fc7987ad034196f83f2e1db4f6d8a8da29cf4bad5ed8ce7b7e95307d7f099be91e437ba0f9bfb3dae1ee298d47047f0a5534cf77446ef4f920d13308d169fd1990ec2017c1e043c3d3d75e50ebe7593b7ed1f6c7deb708d31a521d91789e5a8f58b631a2416740f07a28c3eaae59e54d67f95576e3c70a9efb6dde226193b163d9401dd030cbd41f763394697bf89efaad5faac30fcb281cd037c4d9092f812be1769bf30c19f9cf807bbc8aafcd8962ee5fdf01524f7e1ca01db568ebdacec89e61b28e1eee40a3f5267757232b3c85771c216ca936d85f957f08ce52f4e051d45b35386bbd06a8398051d3b931de2628d8ab25f79be7f1ec6ce30ddbd4784adc051bd006fabcbb2d7fdce0c29032eef7fa689844a51a6c292a3210537d0255ce2212588d3d6b6f0030d0f4241e6df25e44ae0c0d7a82b1ff94c4d4a21b77ea58c97ea49a900e6967d36b59d0b4c9bf70638851c29f71858d2fafdecf83082e3da0cee9cab733064aef77a54e5e29fd4397c6c1376aa2e59aab711fa126154fbc0daaafe645f91029beb2a796c477b508103815a2f651a0b7574fc9b4e14c025ffaa75c777dcfa46ec304e3d4ea02970210d2337c3298c9661ab9be86beb4e9cdcaddb44b0dfde8e713445c8a40e905bc5f9277b5aaf14ac4f960d7504048ca27bf06ef3b47ffee3e5c010df4fa0f5c80c5c5ce0c7fe3341649e0bb9b3347a474cdd49ec9f6be2daf4043d393cf81da991d7494a87f2bf3922cbc95b8c9c794d9185c4d524ee166539382bab7e82b42b25ed9f89325a9892851458a4b8140e80c103ed8349f40b908a53c0629ec9bfd56e3803932a5ebd320d7f906f42f56b63908109ba35997b0a39ae4a6a7786d31fd895e1db28922b1ab7b5ce6aeda373830bf38b080eb4584d3c438b81410307a748b74ff0edb4f29f16cb7941193de08a13837fa05e6ba257805a83bb10e1cbae456b276138040da067c547d722f695b5d33b3139abd3302e239f558087bfc2cd32331c18b459ce956b545b5f04ba4c245da3fc33389ca677e6952eccfef4ae619d28206ba6364c025f3351a3d7615e0c32cb8d1d8063f63afd2d4907914a625f453cf26ee38035e3b64a93fbe5288104c5b9b9382f923212a1983efc0e55f4eb0fa74f5743a9e76e55c61d5afa849ff9df79745a5a9cdd3197a24febc19b779c0b74636641c813d15fbb317eaa237680272c39723ff611942fdc8cba7371e5eb0a1906540bdb5b0dae5bb3813a9ce3b641fd1db5b2df822e27c6f81051cdc958cdecb463b03ad35199898dad39bfa8933e3201f9f0d44a6fd5cc68848db535e6c3989fa99877c475527d477cec93c4a6bb3308d3d46968bc98e21a2dbac1cbce31404fa8e4da2ddbe5349a68e2dbbb82a8dc318077465b698096cec7a6800bce28defd2b9853a71bece3317ce0bf19ae0c13f09847a07c3832ad709f4301d28019560251460cfa58e69916b5f3dfe73f0d2181a24dc20ea718fc13370a768347fdec3414e7433f81a8ae0d43009af870dc7e9b04d7418dcd2e66a56cfaef4dac563b5a3b588dde42cfa25c02203be2c379546002d224a308d69df56d76c8cd07587176c065fe303460f9371956edbf7770cfef2a4222419546d9073204efc809a3e087500f4b7107427f6bb025604e8b5bbb6ffd58bbcb5da55aeb2c76f89516cb41c52b57ad0758ef653bab7af918c568cc52d4421382fd239ce8be02bfb29c3c9c0f316500832071674d07d12e45d7c2bd485e5c3d27691e71b6db6be983033af7cc1f3569e57234f9d7e705860a1e51a77f5c973baa28766f9e425dac6e5e1a3474289c5541e4fe7a859296d9b7a5bc4b90ae25763b1df83c1a9d75b5ad1972293936fb1b577afc745b17f2569be1ebfa206db18dba2517d67a0b37aefc9698fcea413a2344ec007f097dce59fc7f77e458db9e4fc8db7019aaed4d829b27006cc24382080859536998da95f8cc92c011aaa5539811d1cc9ff5466e4bd9cf1ec02632d42a90965b633301b6a3e9a782173be1eded7c09aa926b2d4b9cfd59ffbe22b1c56b8d2a19d6d8964fed79bd4204b40422694237347b20af1d60e422df6e205eb09e213059d71e225be576f49a5a51c110e82eaae76a779fd59b8613c47620f8982f8fc1f3ac1ff09b147dc2363bf1bdf480d9bb3e9d7e659c3a6dcdb6f15017d45bb0fda6bdec8bd522532992220748910511d9c718a83f5461a8e9e60bf474885252215292a5fc79303755f5a4aab07c5785d710ca3b0197fd24c3c0e925b9c058a9a60848525bcb515d09a9889431e2b65b769a711f4d7fa0d916d57a369fe899a7ae7486ce9dcd34c2a848820f100591b0205567a1a351193fc97ff52691e89219b980d9e2f5e166bbb54dbac4fd7461f7bffc01d02df104503fe2dd52946fcb2f4cac07948b692e6076ad5fc1f4d5687463c70e444e5e1cf5d12eb9c51a03529da3306c94779cdcd754f1ce986280f13367096109221223ee1ad421ab610d82f0712a521b9dff2326e2cf347378b4638d341bdfd895e8312b4804fb66496bfbd8c8207a48f95eb500d59908c6932a5659d39a8e7cee4b88bf8fc5a1536d48142683401420796e9a396aa62e6950b1afbc7093086e10e6fd34714dc2c4e01a62c9b9d1e8b14188a21c766a3f46bdf46b811f16a78ab00739b0773d1db13187239b5af11f04b5263646956266295b1623b69fea8f2443537a4e35d282b80a2c5c0cac94b17e94f9ecfa2bc39f63d71fa3b73090fbe51aa4ddfc54b138fbfe21b84df83f067e9f86ed83c7243bb9f1e337a7a06557f4e20e045661e370a344fcdec2c7cd60e9d9462aafb6e2d95e18b21424694225b203c276abf61418016c8c11888fcb3d62c0c6fbcb71311003984e898b9b03957f663afc7c26a0f1e538e4418ea60bf375288362ee6e4db90089b2ad320d444029665942d7df43b96677314b86b3aab8b1d7d4c17c59ea1763645577bf0deeb8b3f514f4adfde0c62702804071b01cb2f8092563bf6aac3e7fb860f41d0857504d4e7cf66fd268bb561a19a56827dd023260d25a62429a4566433798fd6273995f5817cf1f2ca056dab1ae684509318f8b9d748ad043da7d333462b1341d76d0b316921eafba14e9592330c849c079e356b06b01e6a5dd4669ddb57d2fe76a5e54fd3f600459415adba28b8be61c2633f5c216d0ad9ee3f281a9d5acfe182f6f033af386f32eab096a46abcbcea543241a946a7d2bf9b0d81676cd84d085909b6a54c4163bae4f84a573647ed638a29821e8949b732a8661e5bba158a555b44f41d34578331d2712d303db4f506279d9b7c6423197c9aedc1ce76865b39014b4dbc3fbc3db517b957970e646e8e95f0956b3183bd67d31533fdb650d758c8ff548e13b50acc3661388eab438bd3d829f49ac037ccb09db2e4e8070737803b659f17de891e928e4eeb2af585d1c3e779412cdf35039c55b0aa78c616bd8d812a0a0729ba8fc1d059e5d4e962c6b060528123bb9ae9519f95aa64e8fb1e8606704945de91c7924c38e78f10150d721076e147b3485f566bf6ab5f1c6422ad0ab4a76483d64067f219cfdad06e25993c9ad04fd26edb1b7ce0fe08ae962fc5fa0283fbf7267d1dd31acd7382e1b7d108b0f3af14148de5fea087689aa0b1e3b8f977a30edebfd569a29a5e299642072b69e2987fdf42e16f6852b851800b9", 0x1000, 0x3f0e}], 0x800, &(0x7f0000001780)={[{@nobarrier}, {@grpjquota}, {@dax}], [{@dont_appraise}, {@measure}, {@fowner_lt={'fowner<', 0xee01}}]}) 19:48:39 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03030000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1554.677749] audit: type=1326 audit(1718135319.416:1910): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.683280] sg_write: data in/out 100916400/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.683280] program syz-executor.6 not setting count and/or reply_len properly [ 1554.701308] audit: type=1326 audit(1718135319.416:1911): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.705797] audit: type=1326 audit(1718135319.416:1912): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.734929] audit: type=1326 audit(1718135319.416:1913): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.738542] audit: type=1326 audit(1718135319.419:1914): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28752 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1554.744282] sg_write: data in/out 50584752/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.744282] program syz-executor.4 not setting count and/or reply_len properly 19:48:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030a0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:39 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03070000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1554.811657] EXT4-fs (loop5): VFS: Can't find ext4 filesystem 19:48:39 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03040000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:39 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) ptrace(0x4208, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 1554.855469] sg_write: data in/out 168025264/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.855469] program syz-executor.7 not setting count and/or reply_len properly [ 1554.866551] sg_write: data in/out 117693616/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.866551] program syz-executor.6 not setting count and/or reply_len properly [ 1554.909978] sg_write: data in/out 117693616/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.909978] program syz-executor.6 not setting count and/or reply_len properly [ 1554.913764] sg_write: data in/out 67361968/8 bytes for SCSI command 0x3f-- guessing data in; [ 1554.913764] program syz-executor.4 not setting count and/or reply_len properly 19:48:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030d0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:39 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03080000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:39 executing program 5: ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="5213aa46000000", @ANYRES16=0x0, @ANYBLOB="20002cbd7000ffdddf25120000000c0099001f060000530000000a000600080211000000009c0500740002000000"], 0x34}, 0x1, 0x0, 0x0, 0x24040091}, 0x40000) sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, 0x0, 0x8001) setsockopt(0xffffffffffffffff, 0x80000001, 0x0, &(0x7f0000000000)="d6547e36fc54c90660b7476ebee6fc625172f9fb41501b197b5f3f70983636a6339e1e85d66136c9ab9c4c4ac9f47e62e803b9ef933f94e7743dd3f042e684ce17f03e969718e964ee18366ffdfce76af1d45d6363a4174148eed0ed680f244413688cf5740d20bfec520e6a149e3680f24f23ef267afc48c0982fa7", 0x7c) signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0x9]}, 0x8) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r0, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, 0x0, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r1, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000141bc8b5e82b7b00355affad03002000050000000000443cde61d7b8f84c08857316bbe7ecab1ced8e58767e2ab3f8003a0576385b492eae557b8734b97689401fc428eebbe075d7c8482716cb28e4065bb4b66ffa336d887b48e53c831205913491ce874806000000d1d4645cfdf13b6b81f922ffcb926f90e0e1e7"], 0x1c}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r4, 0x0, r4) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r4, @ANYRESDEC=r3, @ANYRES32]) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0xf, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x9040, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x900, 0x0, 0x10000, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x7) clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1555.030791] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6932 sclass=netlink_route_socket pid=29048 comm=syz-executor.5 19:48:56 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x0, 0x20, 0xff, 0x400}, {0x7f, 0x7f, 0xb5, 0x40}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0xffffffffffffffff, r1) ptrace(0x10, 0x0) r2 = fork() getpgrp(0x0) ptrace(0x10, r2) r3 = fork() ioprio_get$pid(0x0, 0x0) tkill(r3, 0x3f) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)={0x0, 0x0}) r5 = fork() r6 = gettid() kcmp(r5, r6, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x8, r5) sched_setaffinity(r4, 0x8, &(0x7f0000000100)=0xdce) wait4(r3, 0x0, 0x8, 0x0) 19:48:56 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03050000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:56 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000", 0x15, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:56 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:56 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03090000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:56 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03070000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:48:56 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 67) [ 1571.309298] sg_write: 3 callbacks suppressed [ 1571.309325] sg_write: data in/out 151248048/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.309325] program syz-executor.6 not setting count and/or reply_len properly [ 1571.320330] kauditd_printk_skb: 16 callbacks suppressed [ 1571.320348] audit: type=1326 audit(1718135336.147:1931): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.325234] audit: type=1326 audit(1718135336.152:1932): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.330700] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.330700] program syz-executor.0 not setting count and/or reply_len properly [ 1571.332759] FAT-fs (loop3): bogus number of FAT structure [ 1571.333816] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1571.335012] audit: type=1326 audit(1718135336.161:1933): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.341365] sg_write: data in/out 84139184/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.341365] program syz-executor.4 not setting count and/or reply_len properly [ 1571.341748] sg_write: data in/out 235134128/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.341748] program syz-executor.7 not setting count and/or reply_len properly [ 1571.350390] FAULT_INJECTION: forcing a failure. [ 1571.350390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.352279] CPU: 0 PID: 29217 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1571.353286] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.354489] Call Trace: [ 1571.354883] dump_stack+0x107/0x167 [ 1571.355427] should_fail.cold+0x5/0xa [ 1571.355996] audit: type=1326 audit(1718135336.161:1934): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.356013] copy_page_from_iter+0x40a/0x900 [ 1571.356046] blk_rq_map_user_iov+0x138b/0x1a60 [ 1571.360204] ? perf_trace_lock+0xac/0x490 [ 1571.360815] ? __lockdep_reset_lock+0x180/0x180 [ 1571.361501] ? __lockdep_reset_lock+0x180/0x180 [ 1571.362184] ? blk_rq_unmap_user+0x750/0x750 [ 1571.362826] ? mark_held_locks+0x9e/0xe0 [ 1571.363432] ? find_held_lock+0x2c/0x110 [ 1571.364033] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1571.364807] ? lock_downgrade+0x6d0/0x6d0 [ 1571.365406] ? import_single_range+0x24d/0x2e0 [ 1571.366077] blk_rq_map_user+0x103/0x170 [ 1571.366681] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1571.367371] ? alloc_pages_current+0x18f/0x280 [ 1571.368051] ? sg_build_indirect.isra.0+0x448/0x710 [ 1571.368799] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1571.369583] ? sg_build_indirect.isra.0+0x710/0x710 [ 1571.370322] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1571.371130] sg_write.part.0+0x69e/0xaa0 [ 1571.371738] ? sg_new_write.isra.0+0x770/0x770 [ 1571.372416] ? find_held_lock+0x2c/0x110 [ 1571.373018] ? __might_fault+0xd3/0x180 [ 1571.373600] ? lock_downgrade+0x6d0/0x6d0 [ 1571.374221] ? _cond_resched+0x12/0x80 [ 1571.374796] ? inode_security+0x107/0x140 [ 1571.375407] ? avc_policy_seqno+0x9/0x70 [ 1571.376007] ? selinux_file_permission+0x92/0x520 [ 1571.376715] ? security_file_permission+0x24e/0x570 [ 1571.377447] sg_write+0x87/0x120 [ 1571.377952] do_iter_write+0x482/0x670 [ 1571.378528] ? import_iovec+0x83/0xb0 [ 1571.379092] vfs_writev+0x1ae/0x620 [ 1571.379645] ? vfs_iter_write+0xa0/0xa0 [ 1571.380226] ? __fget_files+0x26d/0x4c0 [ 1571.380813] ? lock_downgrade+0x6d0/0x6d0 [ 1571.381415] ? find_held_lock+0x2c/0x110 [ 1571.382025] ? __fget_files+0x296/0x4c0 [ 1571.382615] ? __fget_light+0xea/0x290 [ 1571.383194] do_writev+0x139/0x300 [ 1571.383729] ? vfs_writev+0x620/0x620 [ 1571.384289] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.385056] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.385807] do_syscall_64+0x33/0x40 [ 1571.386350] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.387098] RIP: 0033:0x7f3e10b72b19 [ 1571.387654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.390294] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1571.391404] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1571.392438] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1571.393470] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.394501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1571.395538] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1571.399157] sg_write: data in/out 117693616/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.399157] program syz-executor.5 not setting count and/or reply_len properly [ 1571.407302] audit: type=1326 audit(1718135336.165:1935): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.419974] audit: type=1326 audit(1718135336.165:1936): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.431687] sg_write: data in/out 151248048/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.431687] program syz-executor.6 not setting count and/or reply_len properly 19:48:56 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc033e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:56 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030d0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:56 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03060000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1571.547822] sg_write: data in/out 1040440496/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.547822] program syz-executor.7 not setting count and/or reply_len properly [ 1571.567236] audit: type=1326 audit(1718135336.393:1937): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.574653] audit: type=1326 audit(1718135336.401:1938): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29204 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1571.595509] sg_write: data in/out 100916400/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.595509] program syz-executor.4 not setting count and/or reply_len properly 19:48:56 executing program 5: ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x2, 0x3, 0x0, 0x0, 0x5, '`\x00\x00\x00\x00\x00\x00@\x00'}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) preadv(r1, &(0x7f00000005c0)=[{&(0x7f0000000100)}, {0x0}, {&(0x7f0000000bc0)=""/4096, 0x1000}, {&(0x7f0000000240)=""/215, 0xd7}, {&(0x7f0000000340)=""/60, 0x3c}, {&(0x7f0000000380)=""/114, 0x72}, {&(0x7f0000000480)=""/141, 0x8d}], 0x7, 0x8, 0xffff) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0x0, 0xffffffffffffffff}}, './file0\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x20, 0x0, 0x1cf}) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f0000000100)=0x2) bind$packet(0xffffffffffffffff, &(0x7f0000000580)={0x11, 0xf8, 0x0, 0x1, 0x7, 0x6, @random="9ba495311632"}, 0x14) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000680)="5ae5e46a71266a3a585fcd0b200948913c75743158c3f70c87393bf3eeee13a0ae920f6da01fe45cf1a260638196789954ae71649ed0d0cbad2eebeef61d38e02f", 0x41, 0x4000084, 0x1}, 0x10000) r2 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r2, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xfffffffffffffff8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@updsa={0x168, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private0}, {@in, 0x0, 0x32}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x70, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x120, 0x40, "976ae46d07d1812fd0664e95dee18314b91df2e10ff98153074f6a02e3550c030000001b"}}, @XFRMA_IF_ID={0x8, 0x1f, r4}]}, 0x168}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000008180)=[{{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10, &(0x7f0000000ac0)=[{&(0x7f0000000740)="e9f23638276a641e066622f338c2855db3a6df25ed6f180283ced03ae4d268c6b1ddd903fe5dd1755f5b4c41ed848a35daa9d8886f044482628bd20c809b3b5473eaee6dabaf2569d100dc2db3f1d4ee8de3b15722ec40e1", 0x58}, {&(0x7f0000000140)="cf0b3bbdb7edd9c008dcb24446c24d7fd9c52172", 0x14}, {&(0x7f0000001e00)="316bd018e7d44a0c5dc37f817d3a3a28b007dab1b7cb86919e5fb5a3a49f65e8b78801edd2c077102bd5c3be9221ad085a5186c1579de9ea5a78f1cd550f2b163231829cb5702e0e5a8b4d229c7441cc253a20a281bfc877fbf32dd997d496fcb2e3c6452724b78e56adc2d979c4ff81106d0952934d5bd2bb24460b217ac0dbcd12da34117d05fcc1880780359dec9d232b5ffd76ad946b615ba98d581cbdaf013bc83f45aa96ea2d75c35f9dc34579eda6753da01e1aac95c5e8d9b56b4f3ccf89f16144f1becb0b45fb1e397781944acb28003f04ec8f7ebe53f07fed34da96448c16fc4d6fa6537f2e0c5d0bc4438d0c221de9339ac9ff2e5811f8e15b645f836cb62596452d479eca08f45bdba886fbdba83f7e3eea299e6adc7585f98f9f21249b5d6e22080fba527c7a87205182a1d9c17c26bfc60ede63a8bc82ac8e4373d6f2b05d7984ce5d0af71c277f321b9fc1985cbe089334bd6800856f5085ba444286464fa44a55f4242c38ccc32ff8aa9106412f2fbd5393d5fc7f266ba5a547c0adc81de72466196afb9a8844abb144d950bec18138b373ef2caa309411d25e86c834f3bebeb439d61caea2012cfad79e6ed55f094182843dfd1c1aa656c28514a2625e98f73d59fce37f4794b671befc99ca3f0e51d62d758cd9d1a09b54cc9ec78600a68a569e911f4969df6a13bdaef13502b4919a8b42b36a10b2a4697a7b3a1f6d016b04e400c0d7a9be34685de13d2b84f2916f3422543ecf05b330f6ff1f2aa20a11f7a93aa530e970e8fc4ad049052e6efe35c2ab266b086ad2a9a58e19a207d9d4961a1a2160a95c6c961f261a3972abf85d947f7d72d38bb09eecb8a96da7ca6657b33ee53ac098018d95f5f952cde042aa0b97c9cc9db47bb8fa9863c7b9405a921752671e2d2ec5f62b08174ab208419c58e6c00ac69f77dc33e08fc0edcfdcc401958ba0ebfdb94bf3010888fc6ab9b2e1126df1449fb40fc11cc5938ced5fee455eb7c21b9bb7c3ccd8a8f0bd31531c84641e5d402361c84cf20d17cf3ccfdaddadaa2ac56ec4c6b3c915751b6c08e6ff2be93c0618e1a6dbfdf49bccede1065eebdf77b08a9f4adeb81c593a199630ecbeb52b27e58ebe5abf252fe950fdd76b535cccbf634f7e59f73e23163288cf4b9aba9365c3062c8861cc9774d5c27e64cf08322f4cf8dfcbc2784c3dd1d902ee2c1302bb0ebbf002d54bb07ea0f296279d73d84e7c12ab7994f728ab91f304c18fb36a344f3722b130536774d6f0fcfc881250edef361c91bc158a877f4e39f5c00feacbbb7239cd1eb875c436d79fa75003e88af9ba169ecc3c4dc98003992c011afbf171b8fe8d7948582c47bfadd70e4b3ab574975fa1c85df5c24a41f3c442dedd2ec040fe8379a1c6d8e2986c867ffea7a2ecd5a6a29cb0cf9807f043c90a57dbbfd740234d7cfe0833d92042bd1cd98b3e3313b8454ad354a40d6f66445c07f91e064d255f811b7bf13157ef2dcf3efdbfdd574cbaf489643d3b262a4cf72c2d6d5ab71b1d207d3fcaa18926616be32373d0d6c4db7996cf4b06704dc0183919e4d3b5735a06e2e54da8d5be03ae03bcc1f07619d13f01d0a2101027b97cdb43de01ad09ab99be9932bc899d3f66c09dda1d4c82f2fa3582d6720cb2a823f41abbc098dcaaab5f1c635b1568541620b9473751915fe7572b21bd946b1e24c2d7733a98a7ce4739e3182fd7b7d7123cdb93f2fe4df487cc16396ff1cb44a0dae9ee302c92f8048f17351ddc58462b610b0cf4b76c069bc453cf1a7ef053468ac54619c90986315d9e9e74ccf1d855ab43d9782234255504fb72ed8c02542b0e1e2af243d5d50add604204fcb5c5fc1e2295d5c91afe0871d8ad454ddb544b2d7f2121a6a33ec80b59a10c1604d8f721f29c32216be5339699abd38789524aa7ea3c5476b2c1cf1563bc2d0dce399f8fe9a4841e932c77601cffe4d9c27cb9da2ba24fafd1d8f76feb21a0e87b7a15489aa62d800600eabdd5cbbb8cd438f9f92660e049d5e3bf92aa5799f07182b1552366b49f639e23f89cee3d5e04946719dcc702285467ab98d6cc1354bb0992fd105386e6113bc66fe5750c3399478b7c702aca15af7e47ef40ed296ced5457f1c8d8254dbe4e0d8e16968457d21955162cc67f2d848abf11888aa6b92640562e14bf013067d5c37f261fa20df8f3f3509db59177afad6ead3142329b63109f65c392c252e49d3300a0aa83f7c0f8a3da4ce3d6d44c949fce49ba45b1d45b53f2cf6bf6c84940ef97a361914fdf0e30d3e0c9dc556fe7e33bca73cc1544a52cd6e51d4f0dbbfc9424ba702c93522a4099aeeff2aa7e1547f3524d56d40692bab69a09f99c6ac5625cac2647cb3572a743b5f55e499e277e29887654e2ed401c1d6cf637a5254f7a8fddb1c8e7b189bbcb3af71b27fa6a81084644c4fb61b39824dacd3e1cfa94697c3be7dc3b0d37e4d5db12008f91abfa5fa2a1ffaa73ff0828578d774c07aab3c9c6b3f9dc15104871ad887001f86aad2af272acedabe93a0f5d6418118d6ce2ea32461e12d74b032da24e57a8ffaf0fa79755f75ae50b2fcee38fb3de6b367a85e6a134fee003eb8853f3bf544ae82c4a36bd86dc3dec59aee7409b42dbe858f29d633935041ae51838e935ff4e7b9d8d36182d822835b973ac59eb107bc4ecdeaeb7ffce6a6fb34a01d86124e3c6daf566be6de2594f49632e84b90ca886861fa0979b322851c03ad7bcaf9ddb33d0bbfdb93d4ba32c9499dfe717c92ed1bd18d55bfddd3438e80659c16de966f565dd4b0abf97205019a570be16af5371ca9d072b1d86771a8ec4c62a7d0ff4f203549ddccf57b623807f7c099207907b68d02b5d2ed4e26df92e8938d74d30c73c5e215fa46b5ec7666bd86127d3a01b6349182fd0b081130216d6608d6d783805b8b7469ada1b69481480283569e4c61ff41da38990a27088a0f9aea5635cb326ba72100e225237f5b36178417ea3577743e1ba1559f593028675666e1fcd9af9e17d431c60765a49f9d73a1a9cd412fac3add92626761c8556293dd09bbeea721e21e15262df0ad477dcc32a45c216c77a9fe9b52ddbfc299547055805a04754d0dae5496f8d7b4390a5cd84f9decacb731c8e091c5ad3ff7562bc3d86b1120c888ba2714283600ece24a9ce29e6fb191f4e789e11c261eac795626994c49a641ceb5eff231932d128cdc0c6e7d4564eaf7be4a705ca5d663574da52302e0ea5f0467f3f1b14fe8a6625c0ddfc9caa561a10ea4655f41a92a063f388213e2123aa8edc2a31641a38dde4157c8801e1b440a09381a712003e242681b8c614de25c1961c4efc90aa99df2e71fbad0e107cec6e6cec23339aa8a23bd17939e850816ab58da7c0432fa260ea8e78fb8cb0852b279b56f4ab7a88eb482ee31a4ce3ba9218a4340b31a5eb69e6dc1b3cd2386f59c055df3266cb93276a9c18742eee61fd3826c6f31935ab11d6e24733eef93af234141b4e8a73947c79daccd3747b58018c491131521447accf4ecdb94a9ef1bb3f8a70dcb137ab10a685ceb2f0c0f07fddbb5af7600bc5194c4e6e111a4bba05b387912874d96ca8e47d5da11ba5124b69b8304a315ef7451d8ba48002ec267b4c445d7454fc05e32793aa44f10188a224cf8166a60ebf025f79a3dc9308be2bd5ab63a24bf2dfff076125717a0536511c6fea37ca927fbb2db98949427daf511fc4f0306a89d9221805be2b744a6f9e4b12d74aeb9906810363a419544c9a9a9a853e29d4454679c178fbf03391693c71c175725df48e08147d98c7e06cd8d736a134d67cb946e5188b3f78eff8f3e169ce78326a5b7ff49fac1abccca63142b74d7fbb871cbb2077440215cee7dab736517492a9d36c6cb79477a1e56f3f05dbb26f874ed86b70e9a0ea8ca3bdbc129c92ed50e685ae87d4d1ca90c8b73b906993e936f48aa10c1ea4530f596f1c95ebfdf61fa4b869127668763b6ce6192ed972d58a1e31d45a025b1155930f74b21dbe87e1d463ca298df6bd90400a20d71bc3e043c891d65464c80e6877f825aa8ad5cf7cd51d1aacbfcd49f9c8c8b5b136c375b59531c8f4957feab758e86ef6d15ee0042ff4f0ffe3f6025ad6cb657f889168cc647d3a6a758c84e33b78f62976c4b6a2440c232a8e3d00fdd2e8d209d0f36988729c19b58acc44aca6062d6ef4849ec4801699745614384e896ce4614e55f2abcd13febac519e5030d4e10e7d05f0ec2eb2a7da6aff03f8fc5541302538c45200c31beb59a9aafc485a00157a90fbea12d3a42514d05dcbcc412167d687cc5531b79ad1923ed46f97e29b574b62f87036b9f9b77ef66d84208946150aa074b80923835e3ed433ceab7c4e7a578eba4279f65dea3a8cf145cf384cab43d8e9a38187f7371ae5ba8ad51308afe9376bb414f8daa22a2d3da28b432fdd9311bfd445642c5ff291d6e649eda131e6a660ea6148c77e6803900eca47f64ba3a2ed2350134d817928e3af35c5f6e894e0af80fda248099e3186918ebfaa4ccd5da670295230c2a8cb3af7a03093aee79bb2b331af257466e1316872a55584d33e4b4084e5939b1791440ad98f80a307425a0dd44d394011e6a333a4fa7e8aa6c0e88e30831a33e1eaae173202f9085c3c9fea3149b3ad332336190305d7837f9dee53a5b731f5add8d7dccb4b8f4804be0ae2faf9b6e4dc53da9129fb06c6dc236eb0e2026bf13bcf27ca629e34b97a21e99f454ffa4ec7865e5225af6cac357e872f2ff0ad6c743925bb719b09667462adf80bec607474279eb71658dc0f3917cacafcbf099c8c7f6e33498d0c8e8d6273ba2fdbf543c68a059da4ab709ed903ff12cd8e8e67941928f93fb18318178c20fa798cb5d650e4f1f7afe7d36894d2f4dc0a0b079e462f181e01011a42ea1a4563d1fafcfcbf8d6ad7742b8bb70b2ee70c065e3e7edc659cb6e6f984b29ab14e9e4fc3e591ca87b6f1678fe7793c1dcf1055b7e3e098ea34d6eb246d15f6f23b1cdf02c5c327c1ea8b45bf23860782c5171402d50c4a077e008965ecc6cbc98a36650f4e7756e16db0638991a42d63e8c7b42ad553366aa41b661b0973cccd0f8d6389dcc6e03fc8141fb3de59e24e83ea62513b43f8627296ac25b4e74d21589a02c415c23cc204e20ca302dffe30c7efbfa6bdf2b3488736a9b1a0177221980174e6668892e9f38ecc8fa2172ef21a8ceda32a3427fa48b119f325d81d834679092b68c8f4855ef8318c6cc6e0f13fa27270c3c0cc0b7fc70ab887bc9ff08709d4d4ad31bb83d1a35130dead54a9fe9ad7fe5aff9e9673a4c5255d625d7c095844ddcc96827c7466fedd35386577e49ea18d556ebabe26fcb76e688c69dbaebcc29db182121f7bb39685712a639d72646f0fc57e9e62c98abbd95e1b21ba4606b649874bfd8b6fe0a5eefab005071a0f1c08aa6618aaec474ff42c98e68761cd04fd6af749e99e4905e4a5b044a55b30108dcdcea19e46fa2718bc2a967238b53415fe6e772e8b75ac83a934853b850e4134c9c39b14aec03d9bfb179e0923b2d9669b9a569de9b121a0788c3ad0e28a03d0d7a247caa4662cf1492c3908915fdcd7f1e1ba764c6e5076af6b46a4a27679b687ed021a40d0934ae2d1399ef94b9ee2e537e86ab2862fe6c7c0d46abb73b8de7139a129b71b305dbf6c0fd8641e66cd4211899424185045b426665c9ed6e6d33550afab75b41871e55cc486725e2b5763a643aca5c6e48ac70d5f5ea7a8c7da2c07a13a2d8cb", 0x1000}, {&(0x7f00000007c0)="b34a901446f6bfc74fbf93a3da63780694a08c64c64f4c863b19a3246ea2a918571439559d3019a64eddf9c53d7276d68b6b5a7c774f8de03d17eb0897d62fa9ca27fc22a32e650e5908c298cb94a9ec3bd6b895cc819224865e52f14eb894a64fe0f61ea1d9fbc10b508c51249df30287b86c0d7edbec9c1f4faa94fcc3b2435594a6e5603e", 0x86}, {&(0x7f0000000880)="20fdec419fb4b3b6abcf2f3b1081bea542d0cf894056dfc8caf4eb53a8f78c4af070c5d83962ae101f17ea8f25ce5a8807f915c37dffe39f26c6c205a2f67142394b873aad274de6e2a6541c181016a1bc2454e1b861dd1a9bcc5a7f24fac29e60e93a7307548d65df438f4deef282fa1b373a08f7c3766fdd6587c8d6", 0x7d}, {&(0x7f0000000900)="b72ed8ebd934e2d052333d932ba6b9b1b6fae0f6303a9edd553511b2a218b4ad025f131141f53070d55e236d72860451314dc43b23fa3d73455727a55367af0235d32570efe8d5e3a14d43129f854ef586a16d5561765b08df3724f964f552fc3c5c5c4f3d6495f7c181e7de2b805d4bba1400506766816b", 0x78}, {&(0x7f0000000400)="5d558a603bb9343af2461eb68eaa47a8ed3d1bf49662909f5ecd625e1ad93723719af668318efa2b97c4d49f32811ad8fea045313d95dd749e98ebdb8f", 0x3d}, {&(0x7f0000000980)="80f8de73c366a30c30ca05c390ad4e6600131c1beded80ad574e3feade6ff8a3219b372bbd0683095b4cae164765c233f5e8a3cae4436ef26f223567265473fc7e7b427109", 0x45}, {&(0x7f0000000a00)="397473d1bc1a95a115b0e9ebd01429e1ddc6d0f5e057941aaa684dbe52f4f880e55272a103a642a37ee5f723af645da19b3097c179d7fb40d9e3adeb3f1c8ebb0de894cf325ec0e3a44813e2c3a50d9e6f7d759c2074b6933ad267d40e882a7bd1ce670afc9444fd7346ea306ba061cafff955bba930161e17f7d2ce3a45805172c73ef2edc57b4c8cea35c87826c1cc1122f0e8dd8acdebd652", 0x9a}], 0x9, &(0x7f0000001bc0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x6}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6d}}, @ip_ttl={{0x14, 0x0, 0x2, 0x10001}}], 0x48}}, {{&(0x7f0000000540)={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000b80)=[{&(0x7f0000000640)="1191", 0x2}, {&(0x7f0000001c40)="fbb0da216c95fec36dfba0cfe20d5a573792afa40a8f9a3ceadac14d0c01f596ae9f33b4a35add6e8ed50d4ab22b77e03b5016dcec75edbb5408472cd1d045873e3e03224cd5cb7803bc0717385812f782dd9a430b212c251c9c638f0414b6d787abb032ba7eef7b7748da38472f8d3cd001c2c878a79684999fd1a9efbdfca1bc67482fcb66a807775796b3d05e03ad97e689ba", 0x94}, {&(0x7f0000002e00)="99f17df978a46045ef54b14abfe08c198b086920ab0b6d455f32a5f69f8cfb9833cbb3720cf529c590085484919efc24ff8709bc756d04b13744ec209ff49a37fe4b4b32bbfaf7d48a2bcee08b5ba141fb9ec550bdaa63c27d6bf868689a56bbba23e1ce8648c161e501107ee63257ad0b96ca366a7813057268390d2facccd0b7f7a8eee7ed989c059fdf7f", 0x8c}], 0x3, &(0x7f0000002ec0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x18}, @loopback}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @remote}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3f}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x8dd1}}, @ip_retopts={{0xec, 0x0, 0x7, {[@ssrr={0x89, 0x13, 0x2a, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @loopback, @broadcast]}, @timestamp_prespec={0x44, 0x4c, 0xa7, 0x3, 0xe, [{@broadcast, 0x200}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@local, 0x8000}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x5}, {@multicast2, 0xfffffff7}, {@rand_addr=0x64010100, 0x101}, {@local, 0x4}, {@private=0xa010100, 0x4355}, {@multicast1, 0x20}]}, @noop, @noop, @cipso={0x86, 0x64, 0xffffffffffffffff, [{0x2, 0xf, "39017ae8996783da4d0ebd79cc"}, {0x5, 0x10, "df877dd51b596e2919c5a0be0bc6"}, {0x6, 0x7, "f143f76d94"}, {0x7, 0x2}, {0x5, 0xc, "717bbb1a3b8384c984f5"}, {0x7, 0x7, "16f6b730ff"}, {0x5, 0xd, "8a6b6046950f1e37e593d9"}, {0x6, 0x4, "0332"}, {0x5, 0x8, "85358957d912"}, {0x6, 0xa, "218e11b48f9c32f3"}]}, @timestamp={0x44, 0x14, 0xbe, 0x0, 0x6, [0x5, 0x3, 0x0, 0x5]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @local, @local}}}], 0x1b8}}, {{&(0x7f0000001d00)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10, &(0x7f0000006400)=[{&(0x7f0000003080)="5da55d5c96427ff3f8ff3bf4e04aec5b5ae613a6d0876276708836b2f04b425ae1840c18a6dbb06d26ab53164dd89d7c3412b006f470e62b9ede362c9a02b2a7b0a00a666e726cce923955fcb405c133856ba2f1f88f3f8fb1e5b790213d56531639b651261a0e68fd985d8ca4886d9c6128f3718d37502a9e9b50a5c5d5b687852994867bdbc48aadcc80c4b35231ef4f4f1d361b90c53b402105769283b7030f0acbf941812b90ee6a5c48da408762da0d9fd538c491e8e1297dc22099dedb087f716dd285d67d7924f3aa2ec06ed1952726348088f14b66cdd8a2f5121c2794b88742b16033a162d71e103d0b5c356a1940bd6a32349bbe65ed5616cf516e2bc71291b4dc4a123a2488243ad9f03f0b19ed2722c2b40f7730ac6e20029e787e74f8bfc4ae7cc8b2219447fb56bc3e78fde71a2c9a93ed352c930efcc4370709585efd23d7fb264dcc8b37e46b54f1160f48ac78945d2e4d3670d9bb49e63ca53904dbb8e4b2de4552a12a7d65f5acda9335650fab868aabef41ed8a5b05059243057c4234000967545e2b58ded36ca1fc58b3f65e14d0cfcbf7ade38fb075626be6af15dabc82e2750671f1e546a959417b8cd74b5ab8c3451b1bb8df866aa9f49f8d7ace05acbccda38459c4eb9bdc482a9527c20793dd8040ceb4d38b062a7395606dee1bcf3125d11d575fbde8197ff4ba544a8074db0751aab8382343d86b00f4325f3cdc08c69ac2d1397ba750673aaa6f6c3ea2025717b3406e3eb8e75d01e5296a73e171f8d23deeb23ebf5191a355dbf89904c4beee438df99d36b5ff52e2afa124b39adf8cbbc0ced84f73b9f96c0b47d170b2d3ec5c8850b9b196736cdfeff788562d892b5023a7a44123b8e0d4631a5b22677c049276bfc0d631e7acdb40c019ac35fe068ec528d83917424af9ec29609ee79d81f92e0b85840cac62c726632da70a24c7acb3a5c236e1055cdf3f54696d689a0628af48395ce30f93a1a6e5b4575121d2c0a4257be8929d652cc5caf9a4480d73695a104c71c470cea571ec4cb55f5d45f421e6c2da5648aab1f132295bf1379c64a00f63ccf3e579353b80da6edf384f2beb409afe51774138b9c4471d058689ba5caf158427c2d40c2f46e9b7c6f6014574af40d4df0d91826d1bb5d9ae4a9ac74f0adad277d9d454b60e99fbdce3ce2c4ee92f074ff5bcbd15e43ce3188835a38b113d0316864aad49565a0b953af72635788fc5cb849a8ea2a3070086d9f74c52c12023b51b77a483dfe30d44fbc300e833fe38d41801d976d3ad4ed8c90d0253fd2fe292753f6dd1e74fae6b73d5656482fc9b945558db5c83917bdd7afe83f69ae16770e5e115c4f133afc009c4838ea4f514f01974a34c2c705f47920e5d1ba92b0d2b9719a861c5d460f8a638cb472e7ced6d1d24c50486bd1b80570b2983d15b24453cf7bf8badb50cd1f7a98e4ae6b9bc0e6e71518196389db4fa53070a72aa44f2f005bc07be7104eba90be27f484af1cc5158fccf37d9c73807c4b618ffb56a47756eff7088ebe7ff8067f2270cf3f3526b93299f368375022d8e8764722d087350eaef1c51c045aab24b06dd06b98d6b5030ba1a87f85c62aded389574317622cc69c4f8158579f85817e6fe908171b55871529c1ce4a7cb323e51fa866ab33826fbb17a9b86482d6585cdd12c4ca39b8be24bb4a258028158cf5eb61e34930f003448d3e4dabe0408ca222b9adb052050ba44301f149a2bc49c3b434f7a26fb9df5b56365d9a65e4d20d485f4e2434f769106d1c164bbfe79a067d7ccb38899d0e54a28312dc7404703bfce46083d29a21c3713f51b1da6d72058d683439ccca210183735ee89bf86baf72d865a3ce1571dca870063b9115e1265f2cbba0f629bf7c9e81bec39257dfbe69cdbd90bb2f1265f329ae3dc1e9be508018ad9e7d8cca1cfa97aa562ad515879c7ff707e7fb589a3b3646fc6cc346da7b5f28ae0503f5d5f00033ebf5364f362e7d5481184b34ed7e0aeef34c3932066f0d863f84a89ad27603517c08b9a5f8d3a2a8dbaa9f4e31095b77f9fd0620810df0e306229e5392ba10eaeee3c797e05d745e3ff18aa8ed7ecdae46098fc541de44bbe902098f43d23132d5895efc5856f41874e3ffc766b8911b4b26f6c5074d2b5d674b98fe362ee216fd02ed3df05e9d36847def2ab42cebaac0a423ecbf959b0ae78220ab8e12846a4db276b5baffdcb9734b541455d44a795351ccde3d6a1589386d4faff7e905b615c60492a59936eb9272d8660fb4fa5376c9130a67fb8f8ff1f48aab1b20de8a7b5d4c7292feebb47e855491d2365e218595c005963ec7143636f8471906225685a6fd716edef00e45632a93b2c96dacb76c6181b0c619d3f9086f2b3bf5fcb95eeb42a854873e4ccb664deb34c5ee4ab19ee1921c3ff6732010a93e3006256fd2a521b69e617999c9bb35aa053b39a6b119c2ab1147908bc05cc816f87ec7154dcb9afe253ae65bc74e992ea915908bbf88bd340bf0bdaf5bf753aaef0071059e117f53a21a01e5971009cdb98054723f028fe3195231d677847133b7e27a879b0130d61f69435b5cfc8dd4fe8003de1d0a0c4a79efe78f292d1aaf6a9c21e4df4823da269ca849be3fc6600d140f5175fd600b0012646f753f713d1892d7d6d78b494f075c6c03529c265e1c5a728064d8cf420ffb23257138b66615458546cd7e017f886e946ae24bb8c4ff891c5de79b8823c09b8a91046f1297224488313f0f4c2feb8e73ba9f282ad52e55a43a8b489993287d24dcba48205ad5cc60446586b4793e8c370e5b1b694369764d21cc95ebfc31ed8a179edda10b9a057f15abf768f8d98e9c21941b91b594f35dba5176fda16d32c115d07fe96ba4bc771c84692ea607be999949eb4594b43a887af2a4420051a2fd081835739c77da7b335606aa70409db061c7f22d6ea27590c0911ad682a454153c6d667bd1a73fb2d9676bf654916e086c6318f471680ba77d0bd61d2b1741ea0f85573e0c8eef2afc54533b5069ad58f8ed645a2569f43d988b0b77f8e4a26753958347a460a0c4c042eb9e7a41dcb4a670d54d1c3a6fcee8988a4c4ee99de7dcd831fbb0bdf54f2213fc3e2dbd07872d13dcd5225c2ca80efa4219b42b6b0e75bf29c34605fcd01f87c7bb3c92142193521ee9f28133fdf5ea359c4ab7f5a06d35536272498bccc2c8ca075acb31fbdf8ab96163d507a226821d7919bee362953a0336cdab81bcbc95a41f52289b7f8c7c1e5b1e3182f728bb75fb4ae60e31c9a9f329859ae9aa5b10146ad061cb3cc6c35ddf78c7a1713c4d18b1bbb7d11980be901915dd699ade9c2c18fbcd9aafec7af68524f747bb726214a002554f0d5463c6c3d381e901358e7b29cf452937712f9f14e79ce3615a0ee44654b29b73c07d5e981217d47bc8a9bbd1875227fdc44023583634747ed1da4f26186a295bedc38b84b7a86c549e30cc5472db81d7a61c9e9208c4cd56b51f73f73e4021770c5c9519fdb523f37f8a33911100877e6101d577ef90887d44f85719cb37c549a2dc08750f48167acb63ebb514b94c5092b8fe28620b65e9b45e50edd7e655d2f04e9d5093b86d38e125ce4d6498229df1bd64e855134fcc37f53f4747df5d7839d4ac7930eaa1d76cbf7fef29d71d1c8ce50336830bd81b66f10c10accdebe2db946459798e36c72d33a6118b4a5402ad9c4045ae193b23fc4599dd762e9eb0806c545229d16e644fdb90cab7b0fed8573fb95b881e1a6403e9d07b8b6242314fb6a32b9cb21816b750a95486e2730d4bc29abd3a97a8951ce3704e85db77545b2abc050f65f74dd64dd0a3b7866295cef6c80cfcb34fd950645df77bb4c5916cfd4aab20f7efb9bb085ad460eb991a5460b6ca73e1f2bc7e7b023c75b367db13f44989e8805548c02086d15b97ec6bba881914af7f070f1355b03a9eb2912928c4b4aed6674a880da08c8e9adf7d72e6dd13bfacc0507c33233f7268dfa6a85d1b80aaee51f35f540fb07bd95c00f0ca58beaf0a74d897b1924bca971f878a51e04785801ec8aae420f856ebdeb9cb6d94f5d83e71205d493abccfc06eace94cb0d31de13fd5f7c99054ebf611ae1b3caeb77283bcd8971fb5d6dbb0c5e2b8824a593ee671b865742854a0dd46af08f49d862be34e334463d012651c67fbf3bbdbdbb09aa422772148fc7c1c108b63df41bfe0fc571169bffaedd2f90693b6f985caab9ee5b48567db8e1d3ca4ec36c0fc023248045949c89f5eaf96fc5f6987b2f8c8d2586dcb663a5c898eada13c2b375c8fbe5d0f37130f469f3b84f3ca3f361cc0cd1bc3a54fdfba2306209a4735c756bd63a3bdffa781a7cacecc5679df8bf71174c0b3cff676c44082f04e07aa2293603b66cf3847ab197ba39e95b3ccd2cdbdf710ffa3fbad476073e3701a434008b980e6088cf9351ec04d41a1ba0a0ae58980abba018307881157f30caea6a199382130fc0ded08d79ccb4389e7ffd917f85d258435468fa4f0b2cdd27f9d8580ec3ace8d2f567038f17ec9398a9d68f6ffaa2a05507819e19daf607aa9900c1179c9d5d81ebcbb1672aaaac10bc033a3e9b26abb513540c5a593e7eeeaf6a2e152b9a949b86f3857198f7ed63bed64279ee4502b00aa61f3e5921a09ab2c227033507afd8aaee688d25506020c56e73c5be5a5aae574e3b30e259e1ac2c0f74309740ce514199dc725d7cbb20734807277a5435d6907f26608a667d6bada86566b03678d324af8a33a03eacb51fbf3ac7bf090af9f68de7c6513900a403be5f77d2cfe2002f9abd7e613051ca8def7eeef10cb7e062d85b3b9afbac498872dca9249e117fd34b289e0f0fe9b59ca274c778a2490400dad74b0f8dc345430ae78127d35cd45d7824a4c103a58345fe50b110b036961505ed724c03884971f93413570ca875e9b24d9a1fc5c49b75a731a02b9afcd91bf11a70c8458c5fdaa87a637a69b01db170c2c766b86a061355fe1c7d4720ecdd0c3e924503e77cad973801add27948ee0bcd7005d9e0dc58707d30ae782e21ec3ab52a4e2d069d15e16c838a3070f5ae062c6bc14b95514489b92d1ef38924cffa7bb03cac402830346c2ba7bfe9d15f856a1fd0505d15e6dd35f28c37132f37c978221e7a526f69958836ac90fc7c29eaf7da7ea075a398648b6c488f0a36fe2a3ceee06bd5c527025a55282cebb1587c5508276062494147e3f3f630db11e63f9030cd13f06458c5d9787de596ce7fb2729184f8e8001270e6c6f236cd9b8e32ef2be2f9044ab74689e8c07038062a66f2f147671e28e92052cc1d13acc0a66134631a5090af058f3ab4b33a5bdba9a86ae72500e30b5d6b27ff36d3ac0485abc0cdf444e063df6c64c1c965191654e19b557fd89b91533d0733a34e2881c98c24a7670c837adc1a881acd0bfa1aed9da1dfd4fb3ec3a04f2008aa36e5834aba6185a9403944bb729ee5c7b28f1017546b14a72a10ffff72ad5b70a970f3787fc4c34070eb0fd80ee16bfa3b0fbe1da0579e737e9b17dddd5a4690073e54cb651bd934604ca2b20c9522ac17e04bcfdb9c9a6a9c8b480d2f2ad4aa5d027c317edde06ea4cb10f2a7ae932a6e04ffc17073306f7ac91024938c998188de8c5b6678c3ca849decbe72e8b996d537fc354bb0515c34c4913936347af577509bdf86a18decf3b0a79bc5c9776b2e92800cce00437303052c527a56b357fc3f5cb581f37a74e945261644ed4ed392a7097daa4f82d099c826622f1d", 0x1000}, {&(0x7f0000004080)="fc2f1b4154e85808220c8a87515e3f4bc312341727436d2ca8f9210ebab3b4c9e5150b080e6925615a186b1bb39a715a5397f40c81c73e14464d9aba8f1c2ce89f6d1c56e7b0178fa7be9637735b2deaf25efe45f0c99c214c4380553e90e3295dfbf8d3caa5cb7a1bb0f94a61e57601fcec5bf7d0dc24c9b1912c6c3ab416353caf454b8bd947abc4bb7c7a5ad194932f62019b9ead30ccbab2ee27993aca3e9d3bc9399391abc1e933a5acc939297e0508775341f7644027355149de3148a00b3526723990bc32f9ec94948b5ca7e128a918348ec8ed4f3df2ef7eb9bfa7463f79bf9cfecd5763675ef12bf2d499eecbbe0e271278725dea5897fd0be085", 0xff}, {&(0x7f0000004180)="3b6cd6327bd5e4806ceb18dde5aa0627950e329b4f77310c2cdc546e72ec0b6974697a4194fddbad895cc36eee0fa58fbe76ef346a086db784931aea6d1d5ed942b4d9760c1e7726b9fe7b588246fff34fb7ab6689b220fafc9e6b16a9566cbbeb22ed57d5209c295d08700c9bde434a999ab39fa10a3dbc0019520b1b5c8547a6bc7d7a1c5e0e6d04cb510167a5455303b05f320458abc32e2ad5cb7b0486a8e1c65fde1d1bdb92c0cf929476dafcbbdb20d7060f46d9c71000f25a4167d3d16d922d7557b1e3da42e66c8b4829ecdb10c30da42d477a071bbe6835baa95d5a27f514fd6db9602f999d12e42eac4600e932cd6e4821748cf17ec5735d787b262586ebddfd1049a8cb7fb6a2b5bc9c6380ecbd336640661db6a0660d553545e5ad379b1f8f001fccd1f653bf9d056c183874aded459a292d28e0101a6b2d6c5a10b1f0631daf2f84fc71e2ee7c1527dc839237aa10d444d956d773ee587e751b34a3a0046eacbfab824dfcaa626c68a1d312665b837e1abd3718bb25d681f34e53a803d800fc22a9d7b3b4c3656ff479532884bb8e63aba82794e77eea061262aaea6176c1ab1742fba18502b66e6284eed18ffc00695f5ce8ff6076bdd3d6f48ea5c6a3802bf6d21171e5695b3e542ec93e6f523f08420f467c9a82c184d931269b9d554ff103f7817590fcc8e90c5ff6c5a245c9276b4e5633d8dd22cce70f3a7cc4782f32541938bbb8eef26380f37a677e4f1e25459af2a9b0ff43c0f1c3d6b97d7a655f2cfbb142fc0def7ede5d193cff886eccf30e4a8bb6fb05dc7e2bb437420451adf81b591ab4a90936ec7a82232a63c00708c6810851678eaa4a63495ac4b27ff454b0c56eb558985ea60b29673fef7ca0b8eb87d6bc6f966ed6dc0a4d54fa585f2ba31afa87aa357b10b1c542dc6ee06eb3a63cf29d22e1c448362e2d9e91da058965a7a3ec69c4e9f9611a5651eb29e2a613e066b82f59222a4da6db29651d9c92bd64580bfc54011e6f8e414568adbee7f7ec637c01c6e085fbeb46b88cb04d7647da987d012807d8dde286cea1adfab5312256410c014e92ed2555a4c061a5ba2c1ee9c74fb71e88c3301183d4bf08f964192b15f956c534ee86a7ddd50001ff87815e35f8282f9b0287e35eaac1e06647b91a78b6b74cd806532e3a6d41cefc8cac5c6fe5a74bdd675e82a58b25c539ea9a1f8e1221845d12016d0127730ab0d34538ab06242b0ecb4f068e2bf2e6110b512c7c0a8ede435342c486cff09b6c8ae2db95597403860e51b83b9994828d54832a15f3d7a1d52163b5a6fa1d10f2b0171fe01a3708a0ccc965d8ae651edfdf3c1a9145e83a042d05ba5bc097e88d2861dd111a9cc1c4fd600c36ade3385acad6207ee17d4850711792194564cf67bfaba027e270bb5ad8246f0246ef5cf69ddbc21668083b6982c743fc8f4dc43db1d3a859f77a63d380bfb552a42ac001a32b7e6085228d121669f7b404ffb6db0bd6ff957037abf4fd2df5fa1cde431146041ce1f67d0161c29d2438ad9cc5d7e7bd491741a0c3abcecbf5730495ad1d52c0853a91b18f5b17e423fbd5bd79df71a5520d8076a277d8797fbc1f4cb9a5a37df638eec615efe485cc81f38b1fe1c34d4d3a6b886d3c5d90424df59be3a9b71599d79b35f22e3b4593bc8c468d9ee76e38d41e29c41b58458d18670226d674b968866fc5816be9278e1858a2bacfa54ef2722aa38e462d9445aad76050d414fe1d4ca888729ecf4ab4068f0c0fdb74c55dcab35d8ef915b3f400fab41876a4b149c208a6b9f28806c300dd4c79c29d41c82bda51019c83d8192e2671f3d81d188bd7b21aa4b1795be81b6f41bd7e66fc377ab48741fca158ae5f61c2e7adc86f53015c50bca6df44e581aa6a558becde821e09fd55de43486bc5e6a851f6f93efe56189032b1d02470b6d4a94fda3b3c88d4f1b039538c2868f7baddb7def99cba4b6446aa91fd805655bd214c412601b2ef601e621776c8e37642d4f1669bddc604f1b761738f8bcaaf8fc497705514857e7ee6135a8dbdea1ee25280773806fc4bf6a387d61cc546b48c71b3f91cac646faa9ad34dbbf0b5b90b3eb4c520d1cbfc0108e7e288f21b149a73cddab6f09476c0ab0f81ef87864d9b129a635f9fda50a25432b05dcb59ee1e0aa6c88dc39263fa104685bbeede7166fc2c59ffb7d30d1315562fa23d34dac60efe1b39fa29a67374dea111859295fea89b8754867a19f8fcd7b2143472f4c3312aa7586896357117ab95cb4e472c710760f266aef4ea264567d8a68645fb12abe503c9a197f6d07b63b270867714e095abf206ba9c0ef67ec350bc83dd6cf771b9c2b5f9322a830f3aa8bef37a72340132924543e3a96c627f25b59a01911308abd924e5f407a4b563303f85fece443de1ea30db4e172f0e422a3fb0b8bfdc5b32f11c8a137dc1991b60509c8266014516567712e45335c089b8d28771a8442a2077136e0c36856e444473cb3f10b07e1d84f04fc72facb3d94ac68343129428b081d29874f97a666f8af5eae3c1f045e11b82f64901297c7c30ac4907361420cbd1a7f12afdb1a25b84c3e7e80b3b16e2131a5646d12fe612adecc58c22a20e84104cb2512d7686f6ed6608356ca8dca7ce58a12b9edc2b09339b8e4f2479eac9fd342ed9cf3c27e1eab1c0b56c6d0683031b55794a11742cdc0e59a1e7559d1311ee3d345095377b65a96be33f2fde1f813208fa8e7b3fb61aeda47425dc898c1e71c761eda7c241c26e2160e83965fea517233b0c97d7663454af3bd37894171d26b9af3fc76961ce53a7a8739d933a2b8ed6d678c36c2b18e0a6f13f874d863d572a01457198d8ff81b5feb47c3691bc55da72fdeee6e2d4cf3d7acfd447ee739875cd4616bf0e6707b1a22565159fe987cee36b9d023d8c503c9f7032a33efdc8e665f49bfcc9372161021275c9e6eca373ee2b069885e476defc827f08f19904aecd077c3e670134721327343c72e3b02703f381a83653b8c0f753774fa53591ea0526af23b0c4227900b520a543c9b5073cede492568428e59a7c7a6b21bcfd45fcedbeef163d62a1eea08ff125689869562c4d6cea90991b5fa771598578eac83e6ca526d5826834d0e52c3d7cf3cd66b287320e9ae849b41c73931f68c847af190b88fa8ad7baccc41c6824871dd7c3c7a6be8bba1e5131149fe55756ef25c0015988fe15e90c5a192541b9e0cc803bd36ea8f0be8d9a824611bc280fb5a149e117b352172159ce0cbf0cb5321f4ee68dfd5558ea4e18c0717e819706bb739b4ca504b8628d28d2a2a0b549f9b610ac3a9bb525b59bbf930a473d9641fa5aafa9739a4bddf8afb6eeac019c8de1e8cbde79bb56882e857885a84fe5bd447c25217d5af1332c3e9c81e798586a272cdbec2ea22b535d0d29b014d6ec77ebbae004ed9040161a6c10f1d5925c7f3c1344162bd3d09d0203eec491ae1301721ae996ccb344595099ce8708831927de1a16671a97ae5a7010b8594ad0f63ab022a735eeaf14f84ca8fe2089791622841ec1fa2a80b5d798305bb31aba7c36765a0c145cde3af063893570437e04d988f81f4f7d993f18028e807ff6aecdd85193e1297a30e9b32caefa6a8077bbce27d8dc5678ee19866cd195a1855323d359d8fd265567b6263ef5c0340f11bcc395924a130f122fd14234191229ed3c8651e012f2ab348d243651be47877dcf5296d4cdad985a7c1fac362a85c3f4ef0f2557b612f439cabe90e0279eeabdeece44136090bf80977d8468dd0cb38bd756320e92cf872b6b6375bf103c26debcd81b5ea80b0a8615248df9689370de84f683eae04c936a3bd2d2751616f8cd21f7b29a1ddc1775ea9812109022ff57284eb8c91f3c173e48737dea106d7aef13bff0b85e951a8006992131437a9bf59ad320c91aaeb81a96f2393a1ffc420be0e5cedfb13961c9c8cb897ee9dce29d047cc451378bf4a46ec181375f66ac332bc0a5b745695b88cad1fce1ca6dfea0df8416d7f2e7de7378f0403895b10aa9da40ab1c9fa3e5e022d478700a601a6768ace85693a39c0d2719dd9d4d3f53e3cd08068db3809a9cf21abfb997d004b08d84f3dfb5e460ea729e787b43e99179260f5e0ce5b4674c2418d65152a52082c4aa42e05f059577e225a5560b7dc1fc858e66df482e84ade0072208ca577abc1fb733cb081ca655630ed443e814950d6b66df4fc85908eaf369574bfabf65de8b6573d7bc9b3708a916d6ae9178bb57c14f7b94b54edf4392a681a69b25446667fe79d0bc4c255b9721053223180df775d7e764e0468189b899f628feb0aa550d52ffb8757eeca62318645706f15ffbc4e296dab95223a3ffdfd23991a936a26edbe24ded341970811779fb0154e614c263a2d7d11d68934a11219cebb06c87e0509bb730fc811fd0855eade14dde1e40f0a407a5113ddb262aa85e1d44ee21bc1f9ce8b62eb0844f1fc9b9241847c07eb55dcf362ed27a71de700e1dc83db54c7fe85b333a1c1e72630e978561b7dc455a3c8cf36e17c549255abf69346bfe83d76e78d1f46311d21758e04f51d5490fb58b0079a07722751044ffc8ab09841d91be9562bd93d2a8834a7fe9e47c54add078d3677b1bce862d7fb3ba450393adf35e0e633d794aa6076591e3c104003f825d22dcc7d23b80241a6dc593f692eef8c1c7b173b0bd5c8b0e0c3ef77ecb4dbfed1d948df3d63e3529f47a0548874a7dacb617d0906c167cc9e3a70b984a625e9341e208b42009a248bc769c4a81e8e32dbd858a38fe86844c40982ebb4c6cae2f4df092c54aeb59044789c3eae29b0442db939ab5ab9da76207c5c97719e262d6e15112b67b554c00942622b82644958d50b714a24b6bb11606c0287218f5f79c87ff181a3ef3ebd319f79fc81f882db0d030907c3fdf26c2a8ffbd183806896522f96c90562c91d0f0b0540163ce039541e4d98be9c1ee8b88e95a242f947b9da34aca09b7eb7fd59c240a6740ffefb0d8d8fdf2fef42b848a317c42892114d3a63ce8ea5a52c90f2fe95d7e23b8724d653f821d354a546703825aa162f8cd488a21b95ea427b4d608cca4d60a31c096a9b8cb959ded15e3ba6c355d09d7c5116204f613221297236409eb710049dc2f508d07634c410ed46bd58394bf58cf480d030714f1987cac4af14383c89f6c66a5cbdd38e9624fb10b38e8beafc532dffb2eb73eb58a70e0f3b0fb6be6f5c5afc4166b823792cf4702e80d377b8ae76c5e6d1fa8ec5d8c4e01b62caf526991afcc848038eac45198b466d5be09102d3556e26d6ca2698785dfeceddfd457a2721b50a9f1e075f64af508f71480182cd3cb6fb754fcc731fca950260f71af7cd6d1dd66e87c1afa175bfddce6ac9a3c7ca447f0c23c244eebeebf9c7ac561908da59b9ffabc71aaa95f81bfa78dd84373c606b7a593458e5430ae8bdfbef3b662ab47b48c07287133c0ed48f883daaa93fe24d49a1cca6cc99eff70c90bfd35d375a07e41ba2a772906260decb082a6fe0b185f43e3705c7c9affcc1682b71a96f981b4c5707ca789ea426f0fd1878c89fb32beb3771e8b432b118070082d71e8f6ccbe235431545388fe4946cd45890791cccb8b8bdadb8cbd9f328f1f5eb8a5f2e9a61e2f70a9cde72f71781c0199dfa05f4aca2344c899217751b8590e5209c9f19718094acb8e4aa96407c1372e84c32d0625462c768a7117c11e5915a57c8ae01203c0aede37bcd1c33f05694c04d5eaf7a5db67ed130e", 0x1000}, {&(0x7f0000005180)="6fda4b0cac35c330a162e7f6eaabd7d5804fc6b286112bf5274e429b5ab4832275916e8457a092a06681d1163d8ad3bb74399159ad75516c7886fd0d58ca5489f8738b826cfc17d38f474ff6fa1a42faea1fd0dc105d8bd9938339a71364a430a423d00b3e8e36958d38d75ffff4a02e0e5000a5b8b3df58ec2453b0558e187940911e3542c7c85ca08c0246b0616e8a47ce3ed4edede0e135ec54b85c736f498faa74da94992f17cd9aae47624133f2e7efa7c5a9fafd97b7ab1cf4be2ab3391788683eaa7d97332d73f5d4d10a36017e8ced4d37802f4ca3792abe3f46154afc87e6f29a2fb03eb8167478737f4f3ca9418204eaaa89fe604dfc", 0xfb}, {&(0x7f0000005280)="8016a8971819885622e2692d00a27ae4b9d00b9d10a2ee19a1669928e8c7e3d78aac2d23c1e20230020c6b1d9838a452c9033aa1643af40ff58e68977d7a676499456bf00f6237145dcd86729d580b34b1012434ef30c95dbe53f8de333db59795075b7aac7577b058484b3e2d9928d20b3209e7969712f533c9db1c8c080e8bd45f21c5b3abec6d3fe6815d57139d9e879c54eb251d5a1762e4270d56a046212a79887ca1b3746c2e9a0bad155ade695f20cc35a880f2f4dc1287291648462e57b6aa0286a0475dbf6e135e3507362e3984c1a311647069300f51b9b721e5527a3f2ef075e419f6a4847ef7cdb2bd888ce390858e77be65ba3b1893a23117a60e6f9b61e674ed90c8b86f0a1ae3105f619d174176b878d221462632c6221acc9d13de5da7d9938632aab065b7327047df4ce35ba7851009554939e1a70a4f65712219e01eee1a0613b53d47cf3a4b2ba39faeb7f5e54c2eb939357486ac53d23021db70419c658d8d60b6dfd41de98d6c1556222d3287a3a67f968dd9874dabf480c3786cee38a496994aac33c992e2474898b21e60203ed9b76d7e6bafdef2277f0fdf6d921972ebf12c760350bb881b15985959b211ff45c11d445429be839a04449c41e70e2989694a5f88163de75d6506aaa73e5426b6ac92670e8b954fa77a16e0d9542c39c5d19c5300678353dcc20d6cc463d1f9d7d970d2af29262dd21b8d05602310ed7c87d5c6da04734b98f65e4327906feb287f648cfed90ec49979258080203510054fb91c06982c50cd1b9fccabde5ac3d3d524db24f6788592dbd3c94e42b4c0470d5fad5a1b899fa21b649be40999a40574023a27bd23cc414b36c7d07d3c6f112367351700900ca23bbfec122fb506f427899fa6b8f573399939170430628aaf119c2ec57dda16af2f2228b261fe2d33ff31c8269a2d2c27b239a81555747e0b602a0bd777e490f44cb3ff0f37efd8c6e3d05fb4b9e7508f779045ced062694790ff4ade7cfbcab6a4ecda3353dd41f26486d76797a112467f2ab95694ab930d380aea7aac291cebfc663bfd346b8e1decdef2f44689adcd653faf2038cf0094e287862d8e93864e9e5136855217ed0004b1ec0f2133ca0142f8e4e36eed2f593bde9a93350748485b1d37e4f189661f5709703eebeaa78ffb0b14b1c5d5ff4752ccf28ee17f0568226162410ca76ffc60a002df71c1970e3e7c4b10d299615d757e1d1e371c8469598dac8048505eb538552e5731cd2e20819966c6a6b6e7b1a48c40d117ffd4c01cf5e09d1539b8d3e8f3443815e34b39c80f4116cd6711e37046010372c5d0cbd66a2e8e61842eb841d5b0b72a4914b2d0bcf49c75c57d387cc2a47c9d475366e69abd77567408e8dd1ed9d22c28f04a7a1c58c86bf774db3d11b9a0f979e85bdf31491a77d2854b7bb6759a599e519cfbdbd3cd16a657804963e243afcea5c366be9861323815c1b127dbafec122e8a923b921d947ba1574b6339024c09903008ed9f233795a4dbeca2ec252984afc25f3bf68b102a4f38bcab09d8c13fc7699d68d07883bfacd9b8247c1cb40e5120f628c18551fa24f6d2267b0752bd5a8d6c81a3db80bec1e1c1017df62cfbb5fe8fd90eccb55956ad6f545cc684829a49bf4d454521698abdd680b1374a9d92b094e6432251d581c533964d5fc2b586669e64f44aaf716d85e6aa6dbe263f071c019d3baccad196512077ecb14837ec5071bcce24527bb9a4c11b695d721180ed9ffe9feddae0231a850ce457ad43d71f6da2ceb9c6992a730d063754ce26a09b9487479f8ef6dde576868ded7eea939e50fbeb0bbdef6c3a50a9179c2bff5e1c53ab8d69c39c7fa6c1fc0558abb6c8d2766c6ee5fbd56e06dd22cad1a45f500f5bc24333cfcba2dce5d61d984f466fab289b392bf79f483b17ae9f4f616f0c2ca84c89084783538e603e520aaf3a5cf0712cad149c3ffb29a7be369c3a1cbf9c86516512c9af17fdc05b95b2fd7444101bc6beff561c78adb6e09347b02b129555d4ff0a1a20b0dc89c80e93b65006b511f62750cac0d1e1663675bf2159c3c4e3e974c6e311cee20403c9a5dbaba860aaad1d84fd2887cea64ecf1d7e76576dead88275db392d5d3102ed815c47d29de27f9bb42692b40c0dc945fa3af87c9f2faeb89b21d77c9aba0e09aa199ef17705c316a924bcae1fbb263eb836929c635a449760d03a27e9fdf526b5e37f6545b71022e3ddcc845dc59acf32809b0142eecf34dadd6fb1ac1796c2c44a8cba2f41a5dcba0554171e935b707737a1e26b87fc6950d14f20929ffaf24e1e063272ea41adbb415d4405b53bee3f1cddc5ef2b044941903e96468ce1c182a6cb4dc78a25749da76e8a03a0ac81bf37ad37a34c1252ce29a5553559bfb854877795affe254c82c9c6f9680105e4c3a20871fcddd37b794aefb7a408e13dc77c7be72f4687c5f585a5f390e481faf5a090a9383ab87ad3dd53d6f623021453a018c017bb2f1da4de65f603dee339381eeff7668425a2ed8aa857e8a25a2907afc05f1b0323f8680d8e5d634528cd30e921bbf3144070e07aba0dcf96a7d887ef22e20e1f2969e9dc89dfe905675298c7646c044456fefcc401e60a69aaf17c7557bb6ee4bd89fb7307e2beb24fea91ebeb274fb789446ab0e33a8da52148ee62ca3f32667208263f3d89713bb6971d4e7d23851e78aa7157c1030602bb9499f5e5b03c5b9ae94417fe44736957b265e2f6dba889cd5943694a4b70dabe45d105a758603e853d4a6e71e16ce3f80f1ac494a43dfb872e94051d5559a7531094fefff8e2288be818b846185f623e7e78e43b186d81ab998ea49ca3b3ec7a34f86ae5a1c5fff8b7d0f055018dd6b64ac57fb2ae15ebba3a37c48e4280ccec76f08824a4095cab756cae5c89bd1e18194a617384420478eadc7adc7061660ecda8dc928266a032c46d090189b41d65c556fd4790cce6a29e442309e710ecf2e8afdf99024e84df0a248e790df3d3afa42b75f1f7ea1d9d58aad3f0a29dcdbcf9042fdc622d12cd3269275f03f5b4e3d97f81fe2d9977fed3d86166268666616c7b9cb4c2da96405c873edc1ec9a0d1ed1435f7279e0b9074c7b4c9aa5b092c1cfdf29c261d4d65885f988068decb4a357c72e812df5da7d50f998e048067d6472d20f6078f7ea9436ff14a220b9595922d72c3ee24e772cc78564f8da44024c124443102a293f54840fc2fa043606d396ca5a288edd851c7e176458a5a4c8f0bd23d1461ad3a383c03febef74385b0af18f8f92181ddd825c05b6500919f5cdf96c648a2cacac96d6f826e6c54e361046e3986cabc1e1b05a2c1e0f7acb632b9656fbe5e4bfc03467caa1a0dc5f4252b079ed700867426cd94cde661b04efcb654ecd40dfa0e160666383053e8c59aece325ebcf776e83aeac23352e999d8c6ac9a1640c4dc3e1e7b06240502beeb9fa34df08b90631943d218824e68873924e626cf0650c5b948ce8ce96875daaf4bd07e919ebdea692d03943d30d0d0013399747b11b795265ce144c23ff3f37fef395aa447c2507281a9b30f55024c62a2f8812220049bed1b7e4779ac2f6fcf389a31b20da8c70ed39b18a479f7b01a53e3f13fd03c772159c365358b26e535ba9cf66e1515d3568cd412053189e979645ae17f1dc490cc5f0de0773c462d01ed5c3d1deb623766358120c252258ce18596f53da4bcab4d6ecf6f7c36dce6301f738181ed34905363b0b0bed9ad9b26a16b32c43e05c32ea937bf056a480c8684617c771171173f9f28042a992baf69343c875a75170a933f0b8adade94cff63e368103230f3ef61250bba49513c1ed669dacee2573de63bb9cc9a9618ba3718bdc35463db83a9b43f5fd871335519a4f8ede44b47feabd8fbf89846c8c1f0d992ba96754b9277253e307b73aa66a1a479904a6d1e126664b059774fbef0f6b43e657f3ac10bda32986bad21f5cc2219f17b3f413d28f2f84cd132f3266ac53722b12726dc616f482436c457d819459a89c9c66e71d00678d7be8c435eae342ac3b8710515c3bcd93d462d9418058791431af5d3814a19bfa45541ad6883c50884ff11dcc8231b7cb8623b821eba5d6ed3344c7acc0d82423a3ac90330208a62820fad4dc4bd3557aaeee0f1e843dda8fe0c606a3ce1dbe16874efaefd761bfb017c4f4064708bafd5b298a559a07eb8c953266e7d2df636ddd025c70f456249de07b1ce68cb64b3d086b2fc4667b6ee6caa98615eea99af1a77902c59f9ef06871ed8b4c3b5815a851f2dc7e0664e5ba3341ea3c20e735fd6a070cb9e98209cd8599803734fa7a385397d5ed731824517aa56e5461ca0661b6602357fa0c0df20da952b1fe3bac2318fa43f00267efece6a6242a02ec73e5c7159c49710183830330d429378f9211307b4dc6725d864b2d5db714fd39574beb4e1ef8a15f910345e3ad060f13752712f9de0286a28044798fd15a33b39b8b20bbaeef17116063e3a169ed701754f845a8ee1a2c8b6cf109a008a97d1822536b162a553b862b36ccfeb168eb24534f4759a1107cc8e756a55579a0a194677a5cd750673bda276f1e172f9b883633241e9bdc0a0c2b078fd0a4b922b9ab5f82fc1dd567d0fcffd05341bb073d1e38c305d2123e7508c32cffdc62a246de8721332cc1613dfc931c4b4664f96b270996a90eac207bd6f8977a73bf0415a8b606f1fcf96180f4a40096c0e3168efd1dfc5f3d8368a9844b8cc0526dc29cbbcb6bacad56d01f10010b865dfaed51754056ed7e4032b38b491c87ba12c55f9dca97a8b5672cd5eda16c932109c7d29062ddf6cd6d7bcac2eea8c74a077f852e98324a322c34beea14bb56fbfd97613835eee77639307360c9fd004a8876edd7a4d0e109eed90d6f27a87829f164d54abbf6c63467babdb49a5cd61a36c60a872ea8935230394ccd413757c3120be2695ffdae14f93c0d12b75ab3d5b3e073ac69d6c0beceee12a243287aa580f4f60f260e70fb2c59a5bb7cd0a669f57914fb34b001f0b1e99024b8eaf1e3d2a9ab01cbd24abd826b791989284eb22e47c8de94e6a9057fa0869064d912875a3bca60d5ce7221c16fdcffdb7eba1ce6c1b019eec575620312f7a9fccd7a5b9e992aa2641d5e891b5d44f4da445d708a1bd49772ba6dfa2839c4bd58deb617e147cfc9d62e2f8e92ea44fa3f1c11f1756b91e8f2194e2a155777c8c4ec5219fc05bb3151b13c9e223eac9ed70b518b25f083d51e0d0483bfaa31f6f3cd3de473c0068ff8d55c2ec0512683ba55063f3efeae2c86a744e53d090a4eb7e040831035d97fae31926164b6dbdd11bab7291d55bf8df480a95d04105d6d769b0c1dc323f7d8a4af8fbed8eb798f935cc8834efe1d286281249b5067efc0e239df67c2e0ad783a7c19b3112eb2778b5e306b94843e128c28a99b14ce359088a73f7e5db68dfc02b372851f7bcb8e10458dcbba13e719e3c1dc4789925cdcc03eb0651423eff8dcf4979790781bcad6ec99dcfdd567a1c3974a2ffa4959d801158ac269f542de3e2bb90a1aa410bd44c342652c06e075d0d81b28f023eee90ac5ecf517f458afe55156c182beebc355954ebfec98c1869d0e5e836e414ebdaa6d594c787775d43c0b8b44c673358b138b7740a9c35dd127a19ac35ba64ed7e05d760ff7118f010a7d64a250f7dbe8e78f3a4802a56471b1f863cea613a0f09878a6a4c07e9df57cdbf6e29d7771175a86d58494a10b9ca985a96e87d65aa1281b76c9e8244", 0x1000}, {&(0x7f0000006280)="8b58c560e1c8a2db854062ddd67cc10cdde49ec6dfbf3aed311526776ed9e002a4da2d721d0fcfb3c7cf35ec152e7d2d3624173222e0eb69afb0ec0b0130d2864cd08a13f4dc9bd76a8b5ee391f14a8eee5498120acc4b5c8d06c76a8e733841e54cc8b6362e3005fd7a91a22c3d7b4d72138aaa1348586675aaca0e667c64442f9ec88dd13ba57b4e2c3b6d81e47656ab369d48a58d880cfe0dd49073b25a3fb8769e0a33628f207dde3684d1ee88e99f5b38e8b209e69c9a36898799d33ff57203dad90a07df4025efb6b98fa812a48977a09c8b090d539a9264dbdd6b632ee8695fd42b277fbe9f3cc955443bc02716fb", 0xf2}, {&(0x7f0000001d40)}, {&(0x7f0000006380)="86b5944ab310471f5a479cfbe5a04f62e5aa5b89650cf70640df285504cd47a6e4b744c075d160db33f3300b84b1dbe660c2ea82704d21eb97741b3248f5787f75a3017569a0797628", 0x49}], 0x8, &(0x7f0000006480)=ANY=[@ANYBLOB="14000000000000000000000001000000090000000000000011000000000000000000000001000000d80000000000000064000000540000000000000000070000004434283300000000000000080a010100000100017f000001000000080a010100000000080a0101020000f7e3ac1414aafffffffe820201831b690a010101000000000a0101026401010200000000ac1e00010000000000001100000000000000000000000100000008000000000000"], 0xb0}}, {{&(0x7f0000006540)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000007b80)=[{&(0x7f0000006580)="5cf1f4473b48171e4d74bf06cd555366c440b287fb78dc62629c25a92006bd9151ca27c58a61cb8f0100e864a527c2e41c747a75b3cd5166eea61493463a4a64e19b0890f0e6171d556a1a8d386650accad462c71be159c04c9344bd9de6d8bfee122f3438d40c10a11878dd9ecc249066e45b707be53d9562b8d0b2df84792fc48fe67c2276f0c8e647437571b3448abebde52db8da9d08", 0x98}, {&(0x7f0000006640)="dff2807332cf6b28001a9fd78df62c274d5ffb612e3b4d3a528b065292bb2dcaf675a91ce183006bb79ea214673848eb50af89577139799e44d1d21caa6e5262d8ba71625e46aac92e02425705eb19c14cedcac58dfb5d74f33a0f606f8fd6546e1602694be4f0e1bae3a95eadea491ce1cd616e1429cfa34f86f4bfb62981d64f264a348aeb952e3b719ad3144a14a50c45ba3d4718ea9d67bafd64a6690b08c7a5ca16799dab1c8c193d45f1027aaf21e7e0cdaf40bf066bbfd8", 0xbb}, {&(0x7f0000006700)="80919a4bd7a21a010f0f22ef32dcc28d437b9207249b6d09a1227753931ba90b86b9c83f83778019ccf05277bcc466ea67861758c33cbef039604657556920d46af81e5cd1762f0c2e0b0619504fb93b51ab335f682475a7380ca17642c38a5bc1493d0550df01fc19d693375b08299bcc30ca2f4290d64a3f1504c3c8c37cea72cb6d7f12cfa67d862fd507ac69b5567e911b7cb753b858c99832e17806624c4e0f0efd2ffb11967b632e7543b7985dea7494ff99a2d8c55100957ab2ce9bccef9b183277305a3f3460901e68abdbead1364b37f3eeb2159d4aff80ebdbd88e3e9cfa2708a7343fa7e17e2961ff69bf32a6", 0xf2}, {&(0x7f0000006800)="418575e1391ab42adfe8805c3b1283267929a0340642b3d6f79eecb2875ff09e3e675ab4960a9bcb943e5fb3ed9b99c4b6ed373167add81f231daaf3eb5fef026794f49342a420c822b20cfffbcc52a2271d5af8ca502d6f73bf8aeff73084ac7d40036ff626e773119b4d7f0f491a38271388d76d4475835264a3d49ee70a29e146e55789517875f06be26c7e0f4fa872556531bb377ab490a9c32de83c21c39c8d6362b3e8afa5b5736b115e849befe9222480c9", 0xb5}, {&(0x7f00000068c0)="05fd8f749b6e095e5d375fd1ceef34c7d673c527e0e93e1c7a26d831089e378f1a06e3b73f4ba18ae969d3de7832623a12192d4caaf0bc9a51345ddecc4c42d7f0c7f2508a89c5ec96a292b39b1c8d89d18f4013a0bdbf6e012676569c1cc412d7ca319c3d0874f23ba2f944838d36738c201fc301ada924282afd89ef08a56ee0df5304bf3255d60bcfd8d59921aa3cc68c29b3bb9029067c053f11205be265ba252dbc20e2ad1f5267dd61638a297de765401c89430827c7", 0xb9}, {&(0x7f0000006980)="92e558c4359fdfc812166eb6a531b5ab4ec1", 0x12}, {&(0x7f00000069c0)="5deb5c9cde6a82a9fa12d5aa010d3cdcdbd36984d6d38b67628fc677138de4d46514bb4c440d97f2a9bc6e69cd", 0x2d}, {&(0x7f0000006a00)="f0c51745beecc065915b30223ff4954461bed8b1a1bfe95f5a503664064b3df1713ff5f10f2ccff2c565ed35cc66fb0b0479ae25bf5d703166f002b380decbef6998bf6826a80f52a9fdf510aec5483a3d15015e87b9c0fe2d1df5e2105f45212e79b5a8a0566146c67776eb16cf93aea4b9cdb46f7fa44c7bd759d5a1f6e24e77f2550e38a098d73ec847886ff381476e1defffe63bfc0a4b77b954c282aaa685bed06fbf456b8cf1e6792cd486c24e3a8168cfa4092648f39ce4a31760201bd317c77b7ae2478f2132e61d2db0ed039453cc63acdb24a3dd621c5827e0faafd751d7bb8ce1d1169e8e557acac92fefe8dace36d679faa8c15a5917a48300a35f540cecd1f18ad8f618b29551404a9aac70d4605ff613d3ed69c87598c346fae7355dbfbccba02f45b1da87dc7b3ba8d4ddbe0540b89e2458f62125b080f7a4cf3262eb4682fafe94c9a4eb6325943f5b7af64304169232772ac7a7e267cb46c9b1b16f67e617f85efeece516d835b9e7555a9ee7bcd1871ef7801423a6e99a925cf91855fa690e1f59508c37dc09fb7cc49c46cad2f1cc341d9494cb47e44839bea779c5d3d19f9cff12d6e24c5439e6985f8d2e2e469202488395f1e75e8c7fd6be71439644c842381f71da8aed413a961874259e0b718cab22efc29c91cc569912feb982e7f47cb3fb3d0363a687d98a0c67e5925dd756afaeb15c3084541da5fbb0e3f5cc618622bee340226a65e47bde4ff5f9b8092808ab98ee1575e9797583ebcf159b448998b8894d2af0a4e644d13c293e759b421b5cdb941957177b3d6194d8cb2000b41f6e35b294555cb98b7fa7f8de75a4bb033371236284840472c0b42fc47b238ea84c069c78ac2c05a162522e514671489462f23054caa7f9dd4769cbb6af96ed0c2d4d7b1eb1ee144181b876c62bd0fe220dd06a03cb72933b2cc3eeda259bca2a2e425a1481215e3b1c2f3286d2ffbd92e12335286e82b39c41ffe490750d0978349965849602464d8a2ef1e8e3c0a09b0dc168bcd9653490a45115bd764939d43492e243e3ffe94698f93ab68d336b3507bec0ad0a2b46a9faccad511e4fbecfdc82371e7ebed585749fba093ebffd6ac6d644613d3d7cabf758323c88da3b0f25d849db180a3c45d92fc7f3b978a7a5f0df6a47d9c8f5bdff5d1dfb541329989527a5c40940f24973380ed374e25b0d3612b8b238b4b1c577519983b76bbd6d9984b16efc31f5d9d31faa4398688d561ee5cae372946162611e1ecf818b23231c3f6e6cfc9e84b7e3872269db088d0e31ddcd73c38121772cc73b71c5c099a20d71f6fe4226ed8a7e30d9800d9dc591d210aa255a4bd20faa8415497e31fda977f8fb6be155d80d3b28bbb51894058a8d58404f1f285e4066e0285af60219f027459e71b85529d0d66f24078aab66ce68ffd9c78c1dbe90c05ecd0c5629327e0be90a14e7f1c4a53729faf4e321984165cd6a95aafe9594f6b836ffd280f71ddca16032a278d495201cf73dad14865dfee874daa76fa44f4492b2afe8352ba2e2f44311ceb3520125e5f07bd2aac3d749f158291926e6edfa562eda35fa041af1773422171c2f8f156c4a518ce0736806879a275775a679c4a2354587210145e06b0fba8758d8339e8a5d936ac4a67fffb159c68378dbe64bbb53436a8f27fb43e37122cf7c0ca11e25a6b01580c3cd1431d37b834799ad3eadf555a49b4612986e8956515fed3562d9d55bbac6c6609ca84cc512da331f7706de6b4c05a032d70977f23e3369dff8dca7532af52527c1924869e34c905594c54a49a254d59510c3135be8ea58dbc0f2e4a00b13bc13a1411178979a8d06a41bb96f01ec9acddbcb510097f14b1fc2e7a019bf731c05df445d3a97d60879e635d96d87e7e9baf0e12b58d991b63d497e493fe2536b3361a3a24d3c155d4cced2360fcb917a9f5a800fd6e8efac5b8db5606c9a3364cbf036d8726094c826e747a9d22cc7ef99404f63b33294bb7fa88c96efbe2ec7f1244ab2e9837d16d891bc86b1a7935c3ba7a475630776c24f1f5a8fc725c59d5e0efc95aad7814283f2b7a85d1cd2ee5d52c59fcfac79206ccde9f08ebe31f264f76251fbebb3c24e5480a957e6deeae2a00a144963979116a79a6fba73d914d10fa57c3b7360aa96a7344e6c13c4973398b7918b90d0d60f866e4557e768e6a7a5bbe86ea7bbfa0360d53c62d108bd340b9cacf3ce6fa8c82e60d1d103067727251b1a7029f631b100eb41971cd963444a7db5168fc0a7dfe80a3c6419eeb551bac9a8b8769822769b178b9f6914d1771c6cb7893e01ba9476c8c6193063d2df6cc515bad57d83a313c3b533ed9250406c50687aea3429e843df8456e7b225ee81b5290b23d6e4ff125b3c7e24ead1a9e5675b819cd57f3bbe8138595c6a6ba52dffce8e8aed63bda64d34c4c22adf8ed5431eadc7061057f03c09343e903af4e5ecedf74452f2e40e022f78b0bf77d2cf071dd954c3e761d9b114131b8d5de993f9d198c13f7dddd2faddd9499bd458b581c74cb77f01c9bb4ee563edd791ac646c3315d2297d14bd7cc3eaf22d7a7e162e113acd94f05cdd3531f629986959dc5762becd018f1fce0dcc1dd6a4384e319d0d59a493d62a8ea73e6c8c420125d793e7986220163ba53354dfb8ee83c615ce2591a3ce73e2697fb796b3252872b82ee44e24cb075fb02f38c806ca30adaabec5adab219d468ab4dd74a60a973084ca8bff51f3ad101d1c4d0c3ed06c15cfad0d039cd9132e7e5c9a1ed1901d334d87b59896fa224d0df49003ead60ac5253cd6b67d3648f17207bacff726f5cfc4adb57e418f2df89e990f35fc2d297b4348a0208c00d29b71a4f2eda777b19c1d82f1a0566a9c781d6063bba677c9048d085cd80e848f9d3761c2029fe6f9e3544b2c9ecdfa03f48163ac0136db35e371043bdf8ff2954afdae0a821be49172e1672afcee8fe344dd868d18d5137a0964f1a1c6565f1736ba3dc740f6ea7648f3aed880b94f297d5edc14523024759add691e776938309ca9ea8a3b479e962981fd3ccc4c9dd2d3b7a5e1899f705a330f6521b3becd9435bf81003cce7df156c8c52fefa4dcd29d31cc4bf94e0a4ee1ad3ae01bc0f8d3961b5a8066faf42227df7866839bbe50ae450afc0333a3073a9f0411f39a518e9815d40ec067bcb6778a3bf7ab3401d95cb5283aa861486762202d27a0b36b7770d723f0f7e8211cab306c53c3f67100e5f6ad2216d87921960479038e76d5a55afa56b9bf26111cf6035c97e7c5724135ea6c25842c7e75ce2673f8f3a5de51f3318b98ea9170cf1ad05ffb803281d7a44d2d26ba4193b7617aff417ec0d5f1bcf6f299a8a532fc0e0235896206d33ce930971711dbcb432bc9bbfa90ffbb18e5cc4340012ac1d0da06107ef1a1e74ded196dd47d69c21dad5893380a613dfab009e99c0a2108ca378b7224efb44dec62438b9fd7e007cb23f3d61ed3827a0661457039d83c4f2f257495d3433cd63478c96f3a39547dba37f5050909520fa0b92efca0af295b16c068845336bfa1b03fc74e9c148a986a613650e8a2ccd1476410929de0b2f879ec2cab2c7994607b958d242f2ec75537ec593e70f09d0a9f7e4190ccf4a6f5ac6e1eb9119a889922b34f8b59a39631d74233da13151d0e63b43ca53b1daa224e3a7bdcf23a82d3d6f08c40c09418bbec1362707f8880041d49493f1ace32f22fd4e36ba097e85c4e0e1d59ad401f6f378a165f0d98e69571744bf299b6f8d4af9777f65ac88a02b09949784476dc5fa542de41f00de437324b9b23eff062fb35fe15829026994481d7369601711d9b112e282c387a4ecc83a6a00acb96c2564fbfd1cb56d822acf8643e59c269fcb1e90d8e930d3c7b6c73de6354ab82d8eba73b3531d255a625e2585f0f863f20838f26258a37120353d76fc0c88a6b927cee3226653f8d7e9f6f79315c8cebeb00da27260dc7ed7167f796f00e8a2a22ea7c1764bfc20bafedb9e4883d94ff98ae304c7330adabeb173138875d4cc0604da8617d2a854716f76a19dc774d9c6612846f67a37ca5a5f944ad137d38a9b634661c80b63476f980e913f66b56f3475389334de7fa166d8eb74865d618d4523c653be6ae47d30b28cb5be17077c6356da3d50a6fe9ffa6dbf6e125e162d6e7ac7976a1dac2228fbbdc7f78c1de3184195cb0fe560050fc8b0178c9d03ea7a41aa91464b28f3e4e8bb6b43eb71ba7610582197acc5c56943b91c4a87e5aed2bcc8bf01d0d84ae23c9598d4b38d11445f598ffcf6e3b3392a0d5ec42fb19a748eabb1a984979ec5ff0b61afb5f9f6b725ea0e2094539c2078501b4e96a34c83b1b264ebcf95003c4a5dfc1062a48dfa8dd22711c6dc8151a4fa7e7e129edbd5aae6e99d0c7666d4d9c56f9872472d659caaedeb266cd52195e5c7aac7958ff95dffeb11a941c1006218ed1d143ab00feed20bf5bf0a7d18098ff2ba4c260fde8f4c1a8ec5f8282af904106d3be7aaf052a7e9915f9c364e16edc08011d8e22e883a81eb2fcaa6bd27ccc8322e5757a92d3bfdce621624227ac0525bf938f1024b3ee3f1c9eede9ad4a9a1ed177105e16dba4c074724b76d3bf0001a7d86e147c119df90fd495e65944d5da3cedf5364cd00f6a320d1b68e65515f4b13b28340f7bf4ad815f94d57714780c82436d37435a19e447d0c4c8b9e3975625c7f662c1c21d71ae601e5c6effea3f0dacd4307a2528b5e2c935cc6f37834315b1ad20ca4f1958a3eec36e3afda806f667690d41e9d4932308d969c0250c16c2118f045347fdd544f1f34cf289d78dd6386543006f0624bee2818e78fdb87fe05b6dceea7a05847f1dfb56be397d886939c2f8ab194034d89a0b6e99e1c8c9641f7fdafcae8bfcc39b41da5c4b88b87f4ebaf5346df20fc22ea25064172adf005a8f2caff8f03f931a975bc311c0fb911686d763aee73c2716b55a776493fff5ea4c639b7c178a6fbb45569e9f1be1721e9ea3821fe6a769f8d43bc25025fabc9fc3dce2c646b044f430aa24c2d58db68f6dad4e6c2bf20382af9160798c42dcc1ea1151ed6f7d96d70e12536f97d50e416f576744db973d0ab7b29800c492be6899fffd061546c367775995c8c5cf7be7c6f216634ee8c6df22550f10e9ea02100fb1f7fd046cdd9df4395a77400876627c0262f429061a7eb3fad1f33dc0f80b01a05e26bdc21e0ee5453358bfbea9293b15ab0dec21f2473216a665205eb156f71ca71ab210fb3f07580aefdb4feed6f6d8a5ab8d3d6391ed5b39b8c63432d84d4fd4321f0da3de3fa872f3e8fb22ab5a8d1acfb84b2f3aec18f4c23c65bef1136fcb2556d39ba99964eab96b67bd6f99528d19152d84332026c57aa71cff004087272a3e98a41463a6b88ed347e0321a55b0a2a32dd2a737575729e7952146a091603cac4791f16c5ddcfa985eb9ed2001edf5aee4efe24de2d153703fad7c55eb69043deb6bd3f010f66ddb017fb39fe6d00c704754ded05eafaabd760ba31bd66d0b11d0475ab49a6a881c6c2e6f48530c10e14c3ca165ad1cf1cd65cf6cc43ec47f65d76638db22fabb334b6ccc3b7cc687dba08b53db547db79bd470574a0564c4659010b5b66d134f6c17c61b6339067baed618d5a9c77d16069d617eda4a20a280d22f56dddfe410469d6d981b4dbedb57ddef246cb8a62a72c9578f7a45081f5437692b90aa51714ba59e81eabf880b592f6da7173246b382cf873d4a96001916d9c8c60d7d724d", 0x1000}, {&(0x7f0000007a00)="b9f574f5193900c74764c8bee26dd3a26f5ec94ea0e136486903fa68172578aba81d043f4779d35e464ce4c26ff98d480651bb7d05801da03538eb82ec35e25d4c1fd70a4faca7e43f0eb2601b6897a0438f82ac17bdb43b8488f420853874067851694299fe1553f7ec", 0x6a}, {&(0x7f0000007a80)="caf92d198199407b8d78234bb4b91db4c7dba63ec42c82a017a3e11dea7322be4ef1b406cc3882dccd9e0703ad701d428716bb36496069b3ad2b6f330bc67efc396e27d6cc5a360ae88b730d0e033ebd1e7dffde803d3e4aa99b50e351aed322d13fa86f397a747c9e75ecd56aa01066e81cf292a52552f441467f9b41361072d0fdfb959d91d93b1c556f75ff2222210370a57e16ef418e57796ab5214635388166ffb808caa71427dcdf07f0d6bca7de907ffdfd789907ec10703481f7bda47ce46abe17e929961b157df7ab379d2dd7b7fde258ded592320550c05cfd66290935e39ed3460148e851bb48e6c741336348c9bb993f24", 0xf7}], 0xa, &(0x7f0000007c40)=[@ip_ttl={{0x14, 0x0, 0x2, 0xb0}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}, @ip_retopts={{0x80, 0x0, 0x7, {[@cipso={0x86, 0x38, 0x0, [{0x5, 0xb, "5a702e850d8df47457"}, {0x0, 0x10, "76d22ee1e1fdbfcea453ec9c45f2"}, {0x1, 0x6, "dbb892ba"}, {0x6, 0x11, "8624cd754e9a6968de6f29d96b1756"}]}, @ra={0x94, 0x4}, @noop, @timestamp={0x44, 0x18, 0x19, 0x0, 0x5, [0x954a, 0x0, 0x2b4, 0x400, 0x7]}, @timestamp_addr={0x44, 0xc, 0x9b, 0x1, 0xb, [{@multicast2, 0x7}]}, @ssrr={0x89, 0xf, 0x1f, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1400000}}], 0xe0}}, {{&(0x7f0000007d40)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000008040)=[{&(0x7f0000007d80)="4a1a65547ea0f483", 0x8}, {&(0x7f0000007dc0)="942af1eb1ffd5ef5487859f8eb6cfacb5e3ece4b995073eed913c8603b49b0981f10a5a9af0706b82784e8e005858df95f6d43f74480c602d8ab49f91fc23fd653a317380a399e8a37099874100cffb2935cb072437051c077d4347ddd676fc385858ffd4995601233d598b402a75fa506cc82e2544fbe0a0b4050506b8fd6ec7239e06c1893968160096954f9907970e192d8dfbce8ca2daff09fe5d348042ebe9f280bb9f72143d81c6ddbceef242d7738472adfc2f68fbd9d01bd", 0xbc}, {&(0x7f0000007e80)="8507fb8751bfecb16ce4b905aef5138543391c7c3b57a6be436fbd07803b5cb16a21f6692728bb7e5e37957a424374deec6becd0fde94b63c8c51f95fad934bef17d38ef45390646b003e657db10d934febcb64c12ef90a3dc0b37bae74f65d6b0eda57407ccff502cf6a3badd881728b789f6cd4c883f8603b5a01ef0cc16f6c27b572be87328eb851ac1d5df14343f36818b41450fc13680e316de2ba6165dc00e90c2da7b7853f094bed67d662f22b7aa4cc6c360925e1bab73f9e8f99203d281e5eb8afdae096514bde63f31fa9696413b498cc29c7ae49ccf9958b476ebea9f679f66d33140c657dc21607056bfd65ca081", 0xf4}, {&(0x7f0000007f80)="9c752f74625ffff06cfc8fd45422e3727ccd9d740a7b408c6a18527c4922ba28ca2096bd251d051a405ffe6411885f45908261b379aca24b30dd706e61709566c762493796ca5f6d3ea61653457c3742bfa061cf0a4e7e2b30f4fad2be6cced01ea57ea7f4deed46034d3b3aef76d1547f23a541ca7c48d6351e46f2fcf0ddbbfe6b32bd49bacf", 0x87}], 0x4, &(0x7f0000008080)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x8000}}, @ip_retopts={{0x28, 0x0, 0x7, {[@ssrr={0x89, 0x17, 0x79, [@rand_addr=0x64010102, @remote, @local, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}], 0x70}}, {{&(0x7f0000008100)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f0000008140)}}], 0x6, 0x0) dup3(r2, r0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {0x100}, 0x1}, 0x4) 19:48:56 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03070000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1571.668247] sg_write: data in/out 218356912/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.668247] program syz-executor.6 not setting count and/or reply_len properly 19:48:56 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03480000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1571.766450] device veth0_vlan entered promiscuous mode [ 1571.771751] sg_write: data in/out 117693616/8 bytes for SCSI command 0x3f-- guessing data in; [ 1571.771751] program syz-executor.4 not setting count and/or reply_len properly 19:48:56 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:48:56 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x5, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7ffc0000}, {0xaeb, 0x3, 0x7, 0x6}, {0x2, 0x0, 0x5, 0x6}, {0x5, 0x7, 0x8, 0x7ff}, {0x7fff, 0x1f, 0xd4, 0x7}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r5 = fork() write$P9_RGETLOCK(r3, &(0x7f00000000c0)={0x21, 0x37, 0x2, {0x2, 0x100000000, 0xa54, r5, 0x3, '\xce*.'}}, 0x21) r6 = fork() ptrace(0x10, r6) r7 = fork() setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x10, &(0x7f0000000080)=0xac, 0x4) tkill(r7, 0x3f) wait4(r7, 0x0, 0x8, 0x0) 19:48:56 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 68) [ 1571.973524] FAULT_INJECTION: forcing a failure. [ 1571.973524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.975563] CPU: 0 PID: 29374 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1571.976661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.977903] Call Trace: [ 1571.978299] dump_stack+0x107/0x167 [ 1571.978836] should_fail.cold+0x5/0xa [ 1571.979411] copy_page_from_iter+0x40a/0x900 [ 1571.980062] blk_rq_map_user_iov+0x138b/0x1a60 [ 1571.980737] ? perf_trace_lock+0xac/0x490 [ 1571.981342] ? __lockdep_reset_lock+0x180/0x180 [ 1571.982016] ? __lockdep_reset_lock+0x180/0x180 [ 1571.982688] ? blk_rq_unmap_user+0x750/0x750 [ 1571.983322] ? find_held_lock+0x2c/0x110 [ 1571.983931] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1571.984685] ? lock_downgrade+0x6d0/0x6d0 [ 1571.985282] ? import_single_range+0x24d/0x2e0 [ 1571.985942] blk_rq_map_user+0x103/0x170 [ 1571.986527] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1571.987212] ? alloc_pages_current+0x18f/0x280 [ 1571.987881] ? sg_build_indirect.isra.0+0x448/0x710 [ 1571.988608] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1571.989373] ? sg_build_indirect.isra.0+0x710/0x710 [ 1571.990089] ? lock_downgrade+0x6d0/0x6d0 [ 1571.990702] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.991460] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1571.992180] ? trace_hardirqs_on+0x5b/0x180 [ 1571.992809] ? ___ratelimit+0x1fc/0x440 [ 1571.993390] sg_write.part.0+0x69e/0xaa0 [ 1571.993982] ? sg_new_write.isra.0+0x770/0x770 [ 1571.994644] ? find_held_lock+0x2c/0x110 [ 1571.995237] ? __might_fault+0xd3/0x180 [ 1571.995820] ? lock_downgrade+0x6d0/0x6d0 [ 1571.996435] ? _cond_resched+0x12/0x80 [ 1571.996998] ? inode_security+0x107/0x140 [ 1571.997595] ? avc_policy_seqno+0x9/0x70 [ 1571.998174] ? selinux_file_permission+0x92/0x520 [ 1571.998879] ? security_file_permission+0x24e/0x570 [ 1571.999609] sg_write+0x87/0x120 [ 1572.000101] do_iter_write+0x482/0x670 [ 1572.000666] ? import_iovec+0x83/0xb0 [ 1572.001222] vfs_writev+0x1ae/0x620 [ 1572.001748] ? vfs_iter_write+0xa0/0xa0 [ 1572.002315] ? __fget_files+0x26d/0x4c0 [ 1572.002892] ? lock_downgrade+0x6d0/0x6d0 [ 1572.003490] ? find_held_lock+0x2c/0x110 [ 1572.004085] ? __fget_files+0x296/0x4c0 [ 1572.004669] ? __fget_light+0xea/0x290 [ 1572.005238] do_writev+0x139/0x300 [ 1572.005756] ? vfs_writev+0x620/0x620 [ 1572.006314] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1572.007064] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1572.007814] do_syscall_64+0x33/0x40 [ 1572.008354] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1572.009085] RIP: 0033:0x7f3e10b72b19 [ 1572.009623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1572.012229] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1572.013310] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1572.014327] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1572.015340] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1572.016362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1572.017377] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:49:10 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 69) 19:49:10 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03080000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:10 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r3, &(0x7f0000000340)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x21808000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="b000000008c774f6c983e7807440a86c938a34ee12d6f753bb493c914b25e27ea1e757bdf5315f69476eed2662cf7493798cd00b5089dbe79a9b6f1c13106149b07f4415d4c6dc9a93c28d8ac4af03abc69e897c966dff1014e59fd86d07cdf8523fee4e645e1dd470fc496bd19aa3aa3a8e2a092b924a41e95d30032b0d68e7caeb657c661657ebc1", @ANYRES16=r5, @ANYBLOB="020029bd7000fedbdf250a0000009a000300989f7bba604d2a05021bd7d4bbdfdcfde72473b3b96d9225bbafd77dfe3d655b7c8d6d9204343b48f719ad601915f7da773c95f71b41d625cb3435e6c96b03b88626705e3bf6074e154a3d95b7c2f4dd94a062004000000000014dfa04845dbd91be720f1c5c79644db1d6f1a8ffcb8a68939de3051c679dff0eb82f49a86595c1d7b2329e6f6d1ccdcc68038afea0017653862587a9b3c4503a72059253044e84ed76cbce465ce7ed62b427be8880eda61e88"], 0xb0}, 0x1, 0x0, 0x0, 0x20004001}, 0x4000040) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="0a410008000063bdb83f0c68", @ANYRESDEC=r2, @ANYBLOB="000335bd7000fedbdf2501000000080001002d0006000c009900060000000a000000a321601f6753aebda3e4738c8d3fed653f17619b057b4126a9d6199ed8761e2cc1b709e7e09da9f615b6d3b2e0cded1c99a8c4a6fa8d97aa09ffcd179aa654bf55ec64a159f53f06d8bfee639f8ff24763dd692569c6718d3013b4dbc2708238930e9b02d2c961d4b11bf4e44d5041725ad823728e228d907d77831f6209e9384fb6c067173a27e1d49e856b9fcfefe9393f2014c164ea15a3b93714fdfe07d07711a0b8003276a0347ac72a92fcf26cb7548b798903e1af186e586a95916101da4234389086c02abc1d970ee828cd9a41542bd63113bf7e961fe69f54e446575f1e0d11dc7b927c68e82e4d64694a199e02642e18b9494a88c39c43fd20e170345917848e0039591bb998288d8bf59dbb86c7da709b996d8e9112df31c5c5b1ec5a5c5861472bcd60d2147fad67601a1b390e3df64e63f9004fc5793e61d964dc0b67cc400835f0fe7059cb66be0d99bfe5c228d402ee6310d9d3974e799edaa5e3112480e0185d769dafd1133210ceee610845dc9ffc6ab15c3ad15689517c8fee5692e68788fb2c3b599a5f6a37dcc4b4"], 0x28}, 0x1, 0x0, 0x0, 0x28048801}, 0x1) ptrace(0x10, r2) r6 = fork() ptrace(0x10, r6) r7 = fork() tkill(r7, 0x3f) wait4(r7, 0x0, 0x8, 0x0) 19:49:10 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r5, &(0x7f0000000040), 0x12) write$eventfd(0xffffffffffffffff, &(0x7f0000000140)=0x1, 0x8) write$binfmt_elf64(r2, &(0x7f0000000a00)=ANY=[], 0x98a) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0xf8) dup3(0xffffffffffffffff, r1, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000180)={[0x3eb]}, 0x8) flock(0xffffffffffffffff, 0xc) acct(&(0x7f0000000040)='./file0\x00') 19:49:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc034c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:10 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc033e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:10 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f8", 0x16, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1586.021800] audit: type=1326 audit(1718135350.848:1939): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29565 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.024457] audit: type=1326 audit(1718135350.851:1940): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29565 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.038176] sg_write: 4 callbacks suppressed [ 1586.038200] sg_write: data in/out 1275321520/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.038200] program syz-executor.7 not setting count and/or reply_len properly [ 1586.041142] audit: type=1326 audit(1718135350.864:1941): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29565 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.048948] audit: type=1326 audit(1718135350.864:1942): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29565 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.056818] sg_write: data in/out 134470832/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.056818] program syz-executor.4 not setting count and/or reply_len properly [ 1586.058858] FAT-fs (loop3): bogus number of FAT structure [ 1586.059847] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1586.060973] sg_write: data in/out 1040440496/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.060973] program syz-executor.6 not setting count and/or reply_len properly [ 1586.069704] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.069704] program syz-executor.0 not setting count and/or reply_len properly [ 1586.075578] sg_write: data in/out 1040440496/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.075578] program syz-executor.6 not setting count and/or reply_len properly [ 1586.081160] FAULT_INJECTION: forcing a failure. [ 1586.081160] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1586.083318] CPU: 1 PID: 29576 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1586.084329] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1586.085516] Call Trace: [ 1586.085906] dump_stack+0x107/0x167 [ 1586.086438] should_fail.cold+0x5/0xa [ 1586.087002] copy_page_from_iter+0x40a/0x900 [ 1586.087659] blk_rq_map_user_iov+0x138b/0x1a60 [ 1586.088340] ? perf_trace_lock+0xac/0x490 [ 1586.088963] ? __lockdep_reset_lock+0x180/0x180 [ 1586.089644] ? __lockdep_reset_lock+0x180/0x180 [ 1586.090324] ? blk_rq_unmap_user+0x750/0x750 [ 1586.090961] ? mark_held_locks+0x9e/0xe0 [ 1586.091570] ? find_held_lock+0x2c/0x110 [ 1586.092173] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1586.092983] ? lock_downgrade+0x6d0/0x6d0 [ 1586.093666] ? import_single_range+0x24d/0x2e0 [ 1586.094334] blk_rq_map_user+0x103/0x170 [ 1586.094918] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1586.095607] ? alloc_pages_current+0x18f/0x280 [ 1586.096271] ? sg_build_indirect.isra.0+0x448/0x710 [ 1586.097004] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1586.097770] ? sg_build_indirect.isra.0+0x710/0x710 [ 1586.098492] ? vprintk_func+0x93/0x140 [ 1586.099061] ? record_print_text.cold+0x16/0x16 [ 1586.099738] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1586.100461] ? trace_hardirqs_on+0x5b/0x180 [ 1586.101094] sg_write.part.0+0x69e/0xaa0 [ 1586.101704] ? sg_new_write.isra.0+0x770/0x770 [ 1586.102381] ? find_held_lock+0x2c/0x110 [ 1586.102988] ? __might_fault+0xd3/0x180 [ 1586.103577] ? lock_downgrade+0x6d0/0x6d0 [ 1586.104189] ? _cond_resched+0x12/0x80 [ 1586.104750] ? inode_security+0x107/0x140 [ 1586.105354] ? avc_policy_seqno+0x9/0x70 [ 1586.105940] ? selinux_file_permission+0x92/0x520 [ 1586.106643] ? security_file_permission+0x24e/0x570 [ 1586.107366] sg_write+0x87/0x120 [ 1586.107866] do_iter_write+0x482/0x670 [ 1586.108430] ? import_iovec+0x83/0xb0 [ 1586.108989] vfs_writev+0x1ae/0x620 [ 1586.109518] ? vfs_iter_write+0xa0/0xa0 [ 1586.110091] ? __fget_files+0x26d/0x4c0 [ 1586.110668] ? lock_downgrade+0x6d0/0x6d0 [ 1586.111266] ? find_held_lock+0x2c/0x110 [ 1586.111879] ? __fget_files+0x296/0x4c0 [ 1586.112468] ? __fget_light+0xea/0x290 [ 1586.113040] do_writev+0x139/0x300 [ 1586.113561] ? vfs_writev+0x620/0x620 [ 1586.114117] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1586.114873] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1586.115621] do_syscall_64+0x33/0x40 [ 1586.116164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1586.116899] RIP: 0033:0x7f3e10b72b19 [ 1586.117445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1586.120071] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1586.121164] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1586.122195] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1586.123222] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1586.124253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1586.125278] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:49:10 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03480000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:11 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03680000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:11 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03090000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1586.214664] audit: type=1326 audit(1718135351.041:1943): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29565 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.222314] audit: type=1326 audit(1718135351.049:1944): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29565 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:49:11 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 70) [ 1586.237992] sg_write: data in/out 1745083568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.237992] program syz-executor.7 not setting count and/or reply_len properly [ 1586.254760] sg_write: data in/out 1208212656/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.254760] program syz-executor.6 not setting count and/or reply_len properly [ 1586.286381] sg_write: data in/out 1208212656/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.286381] program syz-executor.6 not setting count and/or reply_len properly 19:49:11 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc036c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1586.313778] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.313778] program syz-executor.0 not setting count and/or reply_len properly [ 1586.328796] Process accounting resumed [ 1586.330146] sg_write: data in/out 151248048/8 bytes for SCSI command 0x3f-- guessing data in; [ 1586.330146] program syz-executor.4 not setting count and/or reply_len properly [ 1586.334674] FAULT_INJECTION: forcing a failure. [ 1586.334674] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1586.335975] CPU: 0 PID: 29795 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1586.336607] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1586.337342] Call Trace: [ 1586.337589] dump_stack+0x107/0x167 [ 1586.337918] should_fail.cold+0x5/0xa [ 1586.338265] copy_page_from_iter+0x40a/0x900 [ 1586.338680] blk_rq_map_user_iov+0x138b/0x1a60 [ 1586.339101] ? perf_trace_lock+0xac/0x490 [ 1586.339486] ? __lockdep_reset_lock+0x180/0x180 [ 1586.339910] ? __lockdep_reset_lock+0x180/0x180 [ 1586.340342] ? blk_rq_unmap_user+0x750/0x750 [ 1586.340740] ? trace_hardirqs_on+0x5b/0x180 [ 1586.341203] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1586.341731] ? import_single_range+0x24d/0x2e0 [ 1586.342154] blk_rq_map_user+0x103/0x170 [ 1586.342528] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1586.342962] ? __mutex_unlock_slowpath+0xaf/0x600 [ 1586.343411] ? alloc_pages_current+0x18f/0x280 [ 1586.343846] ? sg_build_indirect.isra.0+0x448/0x710 [ 1586.344296] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1586.344775] ? sg_build_indirect.isra.0+0x710/0x710 [ 1586.345230] ? vprintk_func+0x93/0x140 [ 1586.345586] ? record_print_text.cold+0x16/0x16 [ 1586.346005] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1586.346457] ? trace_hardirqs_on+0x5b/0x180 [ 1586.346856] sg_write.part.0+0x69e/0xaa0 [ 1586.347227] ? sg_new_write.isra.0+0x770/0x770 [ 1586.347651] ? find_held_lock+0x2c/0x110 [ 1586.348033] ? __might_fault+0xd3/0x180 [ 1586.348388] ? lock_downgrade+0x6d0/0x6d0 [ 1586.348775] ? _cond_resched+0x12/0x80 [ 1586.349126] ? inode_security+0x107/0x140 [ 1586.349502] ? avc_policy_seqno+0x9/0x70 [ 1586.349867] ? selinux_file_permission+0x92/0x520 [ 1586.350310] ? security_file_permission+0x24e/0x570 [ 1586.350770] sg_write+0x87/0x120 [ 1586.351085] do_iter_write+0x482/0x670 [ 1586.351437] ? import_iovec+0x83/0xb0 [ 1586.351790] vfs_writev+0x1ae/0x620 [ 1586.352124] ? vfs_iter_write+0xa0/0xa0 [ 1586.352482] ? __fget_files+0x26d/0x4c0 [ 1586.352845] ? lock_downgrade+0x6d0/0x6d0 [ 1586.353221] ? find_held_lock+0x2c/0x110 [ 1586.353596] ? __fget_files+0x296/0x4c0 [ 1586.353959] ? __fget_light+0xea/0x290 [ 1586.354311] do_writev+0x139/0x300 [ 1586.354636] ? vfs_writev+0x620/0x620 [ 1586.354979] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1586.355448] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1586.355923] do_syscall_64+0x33/0x40 [ 1586.356256] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1586.356707] RIP: 0033:0x7f3e10b72b19 [ 1586.357049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1586.358675] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1586.359356] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1586.360010] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1586.360638] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1586.361285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1586.361931] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:49:11 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() r2 = fork() r3 = gettid() kcmp(r2, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getpgid(r2) kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:49:11 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc034c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:11 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc034c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1586.430578] audit: type=1326 audit(1718135351.257:1945): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29801 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.436245] audit: type=1326 audit(1718135351.263:1946): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29801 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.440049] audit: type=1326 audit(1718135351.267:1947): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29801 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1586.443162] audit: type=1326 audit(1718135351.269:1948): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29801 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:49:11 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030d0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:11 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03740000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:27 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 71) 19:49:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:27 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f8", 0x16, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:27 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1602.471221] FAT-fs (loop3): bogus number of FAT structure [ 1602.472346] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1602.491872] kauditd_printk_skb: 2 callbacks suppressed [ 1602.491892] audit: type=1326 audit(1718135367.318:1951): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29932 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1602.495178] sg_write: 6 callbacks suppressed [ 1602.495195] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.495195] program syz-executor.0 not setting count and/or reply_len properly [ 1602.501335] audit: type=1326 audit(1718135367.328:1952): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29932 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1602.508979] audit: type=1326 audit(1718135367.332:1953): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29932 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1602.513387] sg_write: data in/out 2047073456/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.513387] program syz-executor.7 not setting count and/or reply_len properly [ 1602.516022] audit: type=1326 audit(1718135367.333:1954): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29932 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1602.517721] sg_write: data in/out 235134128/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.517721] program syz-executor.4 not setting count and/or reply_len properly [ 1602.524700] sg_write: data in/out 1745083568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.524700] program syz-executor.6 not setting count and/or reply_len properly 19:49:27 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='numa_maps\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000001740)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84003beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdde5b8127adb1af561b7a2b5eabee567cd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf4411d01a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a1b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb00000000"], 0x13c}}, 0x0) getdents64(r1, &(0x7f0000000100)=""/168, 0xa8) readv(r0, &(0x7f0000003700)=[{&(0x7f0000000200)=""/216, 0xd8}, {&(0x7f00000003c0)=""/121, 0x79}, {&(0x7f0000000380)=""/51, 0x33}, {&(0x7f00000014c0)=""/160, 0xa0}, {&(0x7f0000001640)=""/256, 0x100}, {&(0x7f0000003640)=""/128, 0x80}, {&(0x7f0000000080)=""/51, 0x33}, {&(0x7f00000001c0)=""/57, 0x39}], 0x8) readv(r0, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) lseek(r0, 0x27b, 0x2) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000000)={0x7, 0x8, 0x2, 0x2, 0x2, [0x9, 0x6, 0x2, 0x101]}) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000237}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x2, 'veth0_to_hsr\x00', {0x400}, 0x639c}) newfstatat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) fchownat(r1, &(0x7f0000000440)='./file0/file0\x00', r2, r3, 0x400) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pwrite64(r4, &(0x7f00000000c0)="fe", 0x1, 0x0) fadvise64(r4, 0x1, 0x1, 0x4) fallocate(r4, 0x14, 0xfffffffffffffffa, 0x7) 19:49:27 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03680000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:27 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc037a0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:27 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) r2 = fcntl$dupfd(r0, 0x406, r0) vmsplice(r2, &(0x7f0000000480)=[{&(0x7f0000000280)="7713adc024f488fa02b1f40d58cc7ae638e735e5a5d8b59060ea5d138b5637903cc5b4c24d586748705ab60575be4df4db687a3d4c520a761607f3599c0b9f4ea42809576e2a52670416066ca50ef1631df210391b9c36a6c5cd0ce11c3ed1576ca4db0e5e2723a96b4c48ca961b6801f53f4cd7442aca9bfa649f0a3b122c44c9a2941db48643932c9ab6d92ac7d75114868091c8993813bf43ab0e569eecd3a10f35c9b12aeebec2d7aef5f3a1703c11952da5a2d9f65a291c34bdc5b9fc99d2a9c89152e1e204bc63", 0xca}, {&(0x7f0000000380)="742ecc595583a83317cb27977904130f5fae43cf8aa1107b9b806825a0ae10dcf5a141cbbdf09171275677f22955c4f2992818a4a8e5ac0dee3444534761cc564ae20ec33e2bb1e0c908e92c69e19c655ff3edecb383a002538aeed1c6d4ab61e18ff8b2ee178446af879bcde5aa992a068acfa08fba1af812b3b3707d8a000c7f38740d1d4ed9abe9f860aaf75a6f3af0bfc426ac0f3e646265bbb8508f875527d307d2abdc12a89011e1ff4f4688dbd1103ab99ac2589f824ced9416a0582a22ff870968e5c85509b7cc5f84fcb913452bae8007d9debebe85df0dc6886bc8ad44", 0xe2}, {&(0x7f0000000100)="39623b46033e8dd52966040a553cb2d6e61d3d5f2bad1cceb8934b7984e60405719d8651a70eb61ab90f59a32800f2ac0031a01c5c973d0d8be9ed03e21e2a622b68299e61b68bd0e9ae554adcca03ed345cda41ca0e2b2dfe12bd07e7d95b8071e47f2fe658bdd3e73fd5649d200cf0dd19c1bac7ae", 0x76}, {&(0x7f00000001c0)="542bb69d0bf87170249e0ed879e508672fb850dc6200a32b5f945b946399b2192829616709139b5b31b35cc753f88b4f313c7d4ab088bbdd72cd33e4fa129e05b33cb5d7f8ab5c91b51619f2c5a616641add8db80fcc866d2a6a0fd8813cb654bc4628c5ec", 0x65}], 0x4, 0x8) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r3) r4 = fork() ptrace(0x10, r4) read(r0, &(0x7f0000000080)=""/91, 0x5b) r5 = fork() tkill(r5, 0x3f) wait4(r5, 0x0, 0x8, 0x0) [ 1602.548376] FAULT_INJECTION: forcing a failure. [ 1602.548376] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1602.550078] CPU: 1 PID: 29922 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1602.550726] sg_write: data in/out 1745083568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.550726] program syz-executor.6 not setting count and/or reply_len properly [ 1602.551036] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.551043] Call Trace: [ 1602.551074] dump_stack+0x107/0x167 [ 1602.555330] should_fail.cold+0x5/0xa [ 1602.555867] copy_page_from_iter+0x40a/0x900 [ 1602.556487] blk_rq_map_user_iov+0x138b/0x1a60 [ 1602.557125] ? perf_trace_lock+0xac/0x490 [ 1602.557695] ? __lockdep_reset_lock+0x180/0x180 [ 1602.558333] ? __lockdep_reset_lock+0x180/0x180 [ 1602.558968] ? blk_rq_unmap_user+0x750/0x750 [ 1602.559563] ? mark_held_locks+0x9e/0xe0 [ 1602.560129] ? find_held_lock+0x2c/0x110 [ 1602.560694] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1602.561414] ? lock_downgrade+0x6d0/0x6d0 [ 1602.561970] ? import_single_range+0x24d/0x2e0 [ 1602.562595] blk_rq_map_user+0x103/0x170 [ 1602.563148] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1602.563797] ? alloc_pages_current+0x18f/0x280 [ 1602.564414] ? sg_build_indirect.isra.0+0x448/0x710 [ 1602.565092] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1602.565828] ? sg_build_indirect.isra.0+0x710/0x710 [ 1602.566506] ? vprintk_func+0x93/0x140 [ 1602.567041] ? record_print_text.cold+0x16/0x16 [ 1602.567665] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1602.568350] ? trace_hardirqs_on+0x5b/0x180 [ 1602.568945] sg_write.part.0+0x69e/0xaa0 [ 1602.569498] ? sg_new_write.isra.0+0x770/0x770 [ 1602.570124] ? find_held_lock+0x2c/0x110 [ 1602.570678] ? __might_fault+0xd3/0x180 [ 1602.571218] ? lock_downgrade+0x6d0/0x6d0 [ 1602.571799] ? _cond_resched+0x12/0x80 [ 1602.572324] ? inode_security+0x107/0x140 [ 1602.572885] ? avc_policy_seqno+0x9/0x70 [ 1602.573429] ? selinux_file_permission+0x92/0x520 [ 1602.574087] ? security_file_permission+0x24e/0x570 [ 1602.574757] sg_write+0x87/0x120 [ 1602.575224] do_iter_write+0x482/0x670 [ 1602.575765] ? import_iovec+0x83/0xb0 [ 1602.576292] vfs_writev+0x1ae/0x620 [ 1602.576782] ? vfs_iter_write+0xa0/0xa0 [ 1602.577313] ? __fget_files+0x26d/0x4c0 [ 1602.577869] ? lock_downgrade+0x6d0/0x6d0 [ 1602.578420] ? find_held_lock+0x2c/0x110 [ 1602.578982] ? __fget_files+0x296/0x4c0 [ 1602.579525] ? __fget_light+0xea/0x290 [ 1602.580067] do_writev+0x139/0x300 [ 1602.580548] ? vfs_writev+0x620/0x620 [ 1602.581069] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.581775] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.582467] do_syscall_64+0x33/0x40 [ 1602.582966] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.583643] RIP: 0033:0x7f3e10b72b19 [ 1602.584155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.586963] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1602.587980] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1602.588916] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1602.589854] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1602.590790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.591726] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:49:27 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1602.701888] audit: type=1326 audit(1718135367.528:1955): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29932 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1602.705437] audit: type=1326 audit(1718135367.528:1956): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29932 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:49:27 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc036c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1602.773434] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.773434] program syz-executor.7 not setting count and/or reply_len properly [ 1602.794480] sg_write: data in/out 1812192432/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.794480] program syz-executor.6 not setting count and/or reply_len properly 19:49:27 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 72) 19:49:27 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc033e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1602.833984] sg_write: data in/out 1812192432/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.833984] program syz-executor.6 not setting count and/or reply_len properly 19:49:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:27 executing program 5: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8}, 0x11010, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0x6, 0xffffffffffffffff, 0x8) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x0, 0x0, 0x3) r0 = pkey_alloc(0x0, 0x0) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ffc000/0x4000)=nil) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000200)=0x33e0, 0x4) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, &(0x7f00000001c0)=0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="980000002000210c0010000000000000020000006c009680080022000a010101acd2b2c7e98b6167be6b59663e303cbc6ca0f888bb3730e2fda73b5ea9b662f1eb0a17c5c0545890e2289546e55177d0c25b5c7e3eebf4f98129b521ac995853622f691db5a3bc250e461095362e1a7f5dcd1783eb255cc953405e0ba35a380c00ff00c8990400000000f2c0001800ff800a0015002c5c282d000000000000000000", @ANYRESDEC=r1, @ANYBLOB="1c7caaa0053700000000000000000000007864e75d164f368899118f212a53436fa6acc83a2b9abb5c904a7dd2bb6c0c0c93455a7dc362a6b9b767e4fd65785c3d0af776d59da2238b3dbcbeec0525326b9e8a156c30c0bd25be39909e2384b86d46aaf8acf6086200c418f33bd98f982600000000532024997e7e557afbc4f1112363f4eb0e058aebef4b3650880926945e6767e6a61945951fa9ba41ab36c2b0261d04bfc925f475811a60db"], 0x98}, 0x1, 0x0, 0x0, 0x4000}, 0x20004004) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2) munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000) setsockopt$inet6_tcp_int(r2, 0x6, 0x2, &(0x7f0000000040)=0x81, 0x4) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3c196920d8b85fc5, &(0x7f0000000140)=0x5, 0x5, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, r0) sendfile(r2, r1, 0x0, 0x9bbb) [ 1602.928263] sg_write: data in/out 1040440496/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.928263] program syz-executor.4 not setting count and/or reply_len properly [ 1602.930722] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1602.930722] program syz-executor.0 not setting count and/or reply_len properly [ 1602.939421] FAULT_INJECTION: forcing a failure. [ 1602.939421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1602.941024] CPU: 1 PID: 30154 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1602.941770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.942655] Call Trace: [ 1602.942950] dump_stack+0x107/0x167 [ 1602.943352] should_fail.cold+0x5/0xa [ 1602.943780] copy_page_from_iter+0x40a/0x900 [ 1602.944275] blk_rq_map_user_iov+0x138b/0x1a60 [ 1602.944783] ? perf_trace_lock+0xac/0x490 [ 1602.945237] ? __lockdep_reset_lock+0x180/0x180 [ 1602.945738] ? __lockdep_reset_lock+0x180/0x180 [ 1602.946257] ? blk_rq_unmap_user+0x750/0x750 [ 1602.946733] ? mark_held_locks+0x9e/0xe0 [ 1602.947180] ? find_held_lock+0x2c/0x110 [ 1602.947629] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1602.948227] ? lock_downgrade+0x6d0/0x6d0 [ 1602.948673] ? import_single_range+0x24d/0x2e0 [ 1602.949174] blk_rq_map_user+0x103/0x170 [ 1602.949618] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1602.950134] ? alloc_pages_current+0x18f/0x280 [ 1602.950631] ? sg_build_indirect.isra.0+0x448/0x710 [ 1602.951177] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1602.951768] ? sg_build_indirect.isra.0+0x710/0x710 [ 1602.952319] ? vprintk_func+0x93/0x140 [ 1602.952744] ? record_print_text.cold+0x16/0x16 [ 1602.953251] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1602.953799] ? trace_hardirqs_on+0x5b/0x180 [ 1602.954269] sg_write.part.0+0x69e/0xaa0 [ 1602.954712] ? sg_new_write.isra.0+0x770/0x770 [ 1602.955213] ? find_held_lock+0x2c/0x110 [ 1602.955657] ? __might_fault+0xd3/0x180 [ 1602.956094] ? lock_downgrade+0x6d0/0x6d0 [ 1602.956554] ? _cond_resched+0x12/0x80 [ 1602.956972] ? inode_security+0x107/0x140 [ 1602.957421] ? avc_policy_seqno+0x9/0x70 [ 1602.957858] ? selinux_file_permission+0x92/0x520 [ 1602.958380] ? security_file_permission+0x24e/0x570 [ 1602.958923] sg_write+0x87/0x120 [ 1602.959298] do_iter_write+0x482/0x670 [ 1602.959719] ? import_iovec+0x83/0xb0 [ 1602.960149] vfs_writev+0x1ae/0x620 [ 1602.960546] ? vfs_iter_write+0xa0/0xa0 [ 1602.960991] ? __fget_files+0x26d/0x4c0 [ 1602.961434] ? lock_downgrade+0x6d0/0x6d0 [ 1602.961889] ? find_held_lock+0x2c/0x110 [ 1602.962338] ? __fget_files+0x296/0x4c0 [ 1602.962778] ? __fget_light+0xea/0x290 [ 1602.963203] do_writev+0x139/0x300 [ 1602.963592] ? vfs_writev+0x620/0x620 [ 1602.964024] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.964583] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.965147] do_syscall_64+0x33/0x40 [ 1602.965552] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.966111] RIP: 0033:0x7f3e10b72b19 [ 1602.966506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.968468] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1602.969291] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1602.970037] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1602.970787] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1602.971545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.972313] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:49:27 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000500000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:41 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03740000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:41 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 73) 19:49:41 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f8", 0x16, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:41 executing program 5: r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x50000, 0x110) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x4, 0x400}, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f0000003f00)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000003e00), &(0x7f0000001d40)='./file0\x00', 0x80, 0x1000, 0x1}, 0xffffed79) fallocate(r1, 0x0, 0x0, 0x8800000) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001bc0)={0x0, 0x0, 0xe3, 0x40, @scatter={0x7, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000140)=""/224, 0xe0}, {&(0x7f0000000240)=""/102, 0x66}, {&(0x7f0000000080)=""/14, 0xe}, {&(0x7f0000002e00)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/111, 0x6f}, {&(0x7f0000000440)=""/13, 0xd}, {&(0x7f0000001840)=""/147, 0x93}]}, &(0x7f0000001a80)="2b5687a6d8abcf49c24f0b52d3279e4bc9adf469c5a28865b36342db348b0b48e409343bc952b2dfbcd1c549f32860836599b86f72343a43839a07db65c5f2dabc2d595e2351a037ea1d644c94e495d6568109463880a1665dd533634f98ce2d540b6bf78ce226687dcef964f02ae0d3dbadd738b6e78922bb8c0f642093a0ab4452b4c8f68e6a47f69ca29a5c342f695decd0781bae568f78b9a7850ac115070d884b8e8b3c9bd2be61df7dd4b6dfcdf90eb95875c06ad7f80d7b50a6c6045e0e8b4060077e6ed7e5e99398dad402eda0c8b35d13412f8c1d28e316c1fe61d57b11ab", &(0x7f0000001900)=""/44, 0xc0d, 0x36, 0x2, &(0x7f0000001b80)}) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x8800000) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000300)=ANY=[@ANYBLOB="1839e10101000805000000003b0869a602259460233fa2dd852823fc77093c08175790216376e919a8266e33918a0f2c48f3039601c22e36de0077176e1ba3b8ba910d914786f3bb130f12a2414403a62fc560314bddb756267ff8b944425dba24c6fe7d176b8a31be82eb32f1107343e40a5a17560de07b2b0142", @ANYRES32, @ANYBLOB="0008000001b10000002e2f6669b04412311656d5c62520295c156e5b6c6530"]) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/netlink\x00') perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x100000000}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readv(r3, 0x0, 0x0) r4 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x8800000) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r5, 0x0, 0x0, 0x8800000) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f00000000c0)={0x1, 'hsr0\x00', {}, 0x6}) dup2(r4, r5) 19:49:41 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03480000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:41 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000600000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:41 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x5, &(0x7f0000000080)=[{0x2d, 0x80, 0x5, 0x8001}, {0x4, 0x1, 0xe8, 0x7}, {0x81, 0x4, 0xc1, 0xa1}, {0x7d78, 0xde, 0x8, 0xef}, {0x4, 0x8, 0x4, 0x7}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000180)={r5, 0x2, 0xffffffffffffffff, 0x2, 0x80000}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f00000000c0)={r5, 0x0, r0, 0xfa}) tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:49:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1616.998750] sg_write: 1 callbacks suppressed [ 1616.998773] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1616.998773] program syz-executor.7 not setting count and/or reply_len properly [ 1617.008215] sg_write: data in/out 1946410160/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.008215] program syz-executor.6 not setting count and/or reply_len properly [ 1617.025916] FAT-fs (loop3): bogus number of FAT structure [ 1617.026474] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1617.038741] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.038741] program syz-executor.0 not setting count and/or reply_len properly [ 1617.041142] sg_write: data in/out 1208212656/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.041142] program syz-executor.4 not setting count and/or reply_len properly 19:49:41 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000700000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1617.045778] sg_write: data in/out 1946410160/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.045778] program syz-executor.6 not setting count and/or reply_len properly [ 1617.049545] FAULT_INJECTION: forcing a failure. [ 1617.049545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1617.050923] CPU: 1 PID: 30288 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1617.051557] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1617.052322] Call Trace: [ 1617.052575] dump_stack+0x107/0x167 [ 1617.052919] should_fail.cold+0x5/0xa [ 1617.053278] copy_page_from_iter+0x40a/0x900 [ 1617.053692] blk_rq_map_user_iov+0x138b/0x1a60 [ 1617.054121] ? perf_trace_lock+0xac/0x490 [ 1617.054624] ? __lockdep_reset_lock+0x180/0x180 [ 1617.055110] ? __lockdep_reset_lock+0x180/0x180 [ 1617.055534] ? blk_rq_unmap_user+0x750/0x750 [ 1617.055942] ? mark_held_locks+0x9e/0xe0 [ 1617.056313] ? find_held_lock+0x2c/0x110 [ 1617.056688] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1617.057176] ? lock_downgrade+0x6d0/0x6d0 [ 1617.057554] ? import_single_range+0x24d/0x2e0 [ 1617.057974] blk_rq_map_user+0x103/0x170 [ 1617.058350] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1617.058781] ? alloc_pages_current+0x18f/0x280 [ 1617.059202] ? sg_build_indirect.isra.0+0x448/0x710 [ 1617.059661] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1617.060154] ? sg_build_indirect.isra.0+0x710/0x710 [ 1617.060609] ? vprintk_func+0x93/0x140 [ 1617.060968] ? record_print_text.cold+0x16/0x16 [ 1617.061393] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1617.061849] ? trace_hardirqs_on+0x5b/0x180 [ 1617.062252] sg_write.part.0+0x69e/0xaa0 [ 1617.062627] ? sg_new_write.isra.0+0x770/0x770 [ 1617.063050] ? find_held_lock+0x2c/0x110 [ 1617.063425] ? __might_fault+0xd3/0x180 [ 1617.063787] ? lock_downgrade+0x6d0/0x6d0 [ 1617.064185] ? _cond_resched+0x12/0x80 [ 1617.064543] ? inode_security+0x107/0x140 [ 1617.064922] ? avc_policy_seqno+0x9/0x70 [ 1617.065291] ? selinux_file_permission+0x92/0x520 [ 1617.065730] ? security_file_permission+0x24e/0x570 [ 1617.066188] sg_write+0x87/0x120 [ 1617.066502] do_iter_write+0x482/0x670 [ 1617.066866] ? import_iovec+0x83/0xb0 [ 1617.067215] vfs_writev+0x1ae/0x620 [ 1617.067552] ? vfs_iter_write+0xa0/0xa0 [ 1617.067917] ? __fget_files+0x26d/0x4c0 [ 1617.068285] ? lock_downgrade+0x6d0/0x6d0 [ 1617.068661] ? find_held_lock+0x2c/0x110 [ 1617.069039] ? __fget_files+0x296/0x4c0 [ 1617.069411] ? __fget_light+0xea/0x290 [ 1617.069775] do_writev+0x139/0x300 [ 1617.070101] ? vfs_writev+0x620/0x620 [ 1617.070453] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1617.070926] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1617.071396] do_syscall_64+0x33/0x40 [ 1617.071732] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.072205] RIP: 0033:0x7f3e10b72b19 [ 1617.072544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1617.074196] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1617.074878] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1617.075525] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1617.076171] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1617.076812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1617.077454] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1617.108213] sg_write: data in/out 1208212656/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.108213] program syz-executor.4 not setting count and/or reply_len properly [ 1617.110564] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.110564] program syz-executor.7 not setting count and/or reply_len properly 19:49:41 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 74) 19:49:41 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc037a0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:42 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000900000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1617.197713] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.197713] program syz-executor.0 not setting count and/or reply_len properly [ 1617.216596] FAULT_INJECTION: forcing a failure. [ 1617.216596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1617.217644] CPU: 1 PID: 30396 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1617.218231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1617.218934] Call Trace: [ 1617.219165] dump_stack+0x107/0x167 [ 1617.219486] should_fail.cold+0x5/0xa [ 1617.219819] copy_page_from_iter+0x40a/0x900 [ 1617.220220] blk_rq_map_user_iov+0x138b/0x1a60 [ 1617.220622] ? perf_trace_lock+0xac/0x490 [ 1617.220990] ? __lockdep_reset_lock+0x180/0x180 [ 1617.221395] ? __lockdep_reset_lock+0x180/0x180 [ 1617.221795] ? blk_rq_unmap_user+0x750/0x750 [ 1617.222186] ? find_held_lock+0x2c/0x110 [ 1617.222547] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1617.223002] ? lock_downgrade+0x6d0/0x6d0 [ 1617.223354] ? import_single_range+0x24d/0x2e0 [ 1617.223754] blk_rq_map_user+0x103/0x170 [ 1617.224112] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1617.224515] ? alloc_pages_current+0x18f/0x280 [ 1617.224908] ? sg_build_indirect.isra.0+0x448/0x710 [ 1617.225345] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1617.225803] ? sg_build_indirect.isra.0+0x710/0x710 [ 1617.226235] ? vprintk_func+0x93/0x140 [ 1617.226574] ? record_print_text.cold+0x16/0x16 [ 1617.226982] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1617.227417] ? trace_hardirqs_on+0x5b/0x180 [ 1617.227807] sg_write.part.0+0x69e/0xaa0 [ 1617.228166] ? sg_new_write.isra.0+0x770/0x770 [ 1617.228568] ? find_held_lock+0x2c/0x110 [ 1617.228930] ? __might_fault+0xd3/0x180 [ 1617.229279] ? lock_downgrade+0x6d0/0x6d0 [ 1617.229656] ? _cond_resched+0x12/0x80 [ 1617.230000] ? inode_security+0x107/0x140 [ 1617.230355] ? avc_policy_seqno+0x9/0x70 [ 1617.230715] ? selinux_file_permission+0x92/0x520 [ 1617.231134] ? security_file_permission+0x24e/0x570 [ 1617.231584] sg_write+0x87/0x120 [ 1617.231891] do_iter_write+0x482/0x670 [ 1617.232254] ? import_iovec+0x83/0xb0 [ 1617.232592] vfs_writev+0x1ae/0x620 [ 1617.232925] ? vfs_iter_write+0xa0/0xa0 [ 1617.233270] ? __fget_files+0x26d/0x4c0 [ 1617.233627] ? lock_downgrade+0x6d0/0x6d0 [ 1617.233991] ? find_held_lock+0x2c/0x110 [ 1617.234353] ? __fget_files+0x296/0x4c0 [ 1617.234705] ? __fget_light+0xea/0x290 [ 1617.235048] do_writev+0x139/0x300 [ 1617.235357] ? vfs_writev+0x620/0x620 [ 1617.235699] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1617.236163] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1617.236613] do_syscall_64+0x33/0x40 [ 1617.236944] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.237380] RIP: 0033:0x7f3e10b72b19 [ 1617.237706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1617.239267] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1617.239934] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1617.240529] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1617.241127] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1617.241500] sg_write: data in/out 2047073456/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.241500] program syz-executor.6 not setting count and/or reply_len properly [ 1617.241739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1617.241757] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:49:42 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc034c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:42 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) ptrace$getregs(0xc, 0xffffffffffffffff, 0x3, &(0x7f0000000080)=""/193) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 1617.305283] sg_write: data in/out 2047073456/8 bytes for SCSI command 0x3f-- guessing data in; [ 1617.305283] program syz-executor.6 not setting count and/or reply_len properly [ 1617.308803] audit: type=1326 audit(1718135382.135:1957): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.312267] audit: type=1326 audit(1718135382.136:1958): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.323069] audit: type=1326 audit(1718135382.149:1959): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.340124] audit: type=1326 audit(1718135382.149:1960): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.350920] audit: type=1326 audit(1718135382.149:1961): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.374866] audit: type=1326 audit(1718135382.149:1962): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.401943] audit: type=1326 audit(1718135382.192:1963): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.416376] audit: type=1326 audit(1718135382.196:1964): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.429266] audit: type=1326 audit(1718135382.196:1965): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1617.432630] audit: type=1326 audit(1718135382.196:1966): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30506 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:49:55 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 75) 19:49:55 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:55 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:55 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r0, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, 0x0, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r1, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89050000001b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0130244438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fdf058fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab4766635d623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb2e5deec5a9fd5d88bacfbcee963646c7ad3bce605c14d003627dae63aa7d376a5a6013a8c9ddeb8f9e5738d77202a0c70343c6e9c399d186ca3525d1686f18b79f56163f4f9ca1e2cfc5000dc5ea3b46ae30ca96848c6f2a26fbff633dca77777aac559d397015d83179fb704c95f428fade187af5bd7d6c0118a418bcaacb4cfa58f0262def06c0a30fe726dee1b6db1f9019602d6e608e872bab"], 0x13c}}, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000080)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r3 = fork() kcmp(r3, r3, 0x3, r2, r2) ioctl$BTRFS_IOC_DEFRAG_RANGE(r2, 0x40309410, &(0x7f00000000c0)={0x4, 0x8, 0x0, 0xad, 0x0, [0x10000, 0x20, 0x4, 0x1]}) ptrace(0x10, r3) sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000980)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)={0x5bc, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x100}]}, @TIPC_NLA_SOCK={0x88, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x100}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xb4f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffff699f}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0xc8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3f}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1e05}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x34}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x598072ad}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa44}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x101}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_CON_NODE={0x8}]}]}, @TIPC_NLA_NODE={0xc0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "2a306c7d4b06dfe230e190f6e54fcd181322f8d9ca"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x75, 0x3, "f003c9b423aa3e86a182f161169180bb0141e80b6eedb2086c4767e10304d987b5b95b3e83052987b95ba8323cfe7bf9212ae815e9aa71c5f1de91af810c59ca01118436854ef9a9680c3b09e60c3b10d04fc04e09fa33522d8be9ac50ca063d8d61ce3ba1f5518833aca48e12265ac320"}]}, @TIPC_NLA_BEARER={0xcc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffe01}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x4, @private0, 0x7}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe60c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_NODE={0x20c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x32, 0x3, "c76230725dfca4b3db2ee32f3b05ee5342da9863e6a6d52e8059ba29fe92629b8bfa0c0de60d60f64c6307212f20"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "0e6eaa552ccb2bc42a6c5e363e9f9ea25cb199e6e6203635da39dc9c273c03a8a2"}}, @TIPC_NLA_NODE_ID={0x1f, 0x3, "2daded25d48d0104bb03385d8e18396862227f0df3f209421f1aac"}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "027c9a9761195a5b93b261b5106355091037a0644764231669238035936e9ea2c0b4e966"}}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "eeaaa8bbe853273f4c2718657ad16f0052ecde316ff30d1a43"}}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "fccb2e9afb5c11a8040893d6fb83b4f703ed971d"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x89, 0x3, "7e17ca2e1f8b28530066fac6abf58d389c32b4fdac8b9fb1f38582691fdd60116e95b6a4e207da7a8b90d5343caff56761d67068642916b09acfe2f3dc1011bf9416b0a8a28b2758a75ea647ca1cfd6b94aca30980823ba13b004c3b05add8848e2b7de36cc4ee984cc4bed5f0cc2d7146aa899ceb303636fbd02917eb5a0e216a3b4ef40f"}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x40}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK={0x58, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5e6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x265}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xdd5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}]}]}, 0x5bc}, 0x1, 0x0, 0x0, 0x20000040}, 0x4) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x40) wait4(r6, 0x0, 0x8, 0x0) 19:49:55 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) setpriority(0x0, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r4, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, 0x0, 0x0) sendmsg$nl_netfilter(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r5, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, 0x0, 0x7, r1, &(0x7f0000000000)={r2, r4, 0x5fc6}) utime(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)={0x5, 0x5}) fcntl$setstatus(r0, 0x4, 0x42c00) 19:49:55 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:55 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03680000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:49:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1631.041332] kauditd_printk_skb: 20 callbacks suppressed [ 1631.041352] audit: type=1326 audit(1718135395.868:1987): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.045772] sg_write: 2 callbacks suppressed [ 1631.045784] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.045784] program syz-executor.0 not setting count and/or reply_len properly [ 1631.048350] FAULT_INJECTION: forcing a failure. [ 1631.048350] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1631.049445] CPU: 1 PID: 30622 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1631.050085] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.050833] Call Trace: [ 1631.051080] dump_stack+0x107/0x167 [ 1631.051419] should_fail.cold+0x5/0xa [ 1631.051771] copy_page_from_iter+0x40a/0x900 [ 1631.052186] blk_rq_map_user_iov+0x138b/0x1a60 [ 1631.052609] ? perf_trace_lock+0xac/0x490 [ 1631.052987] ? __lockdep_reset_lock+0x180/0x180 [ 1631.053406] ? __lockdep_reset_lock+0x180/0x180 [ 1631.053827] ? blk_rq_unmap_user+0x750/0x750 [ 1631.054231] ? find_held_lock+0x2c/0x110 [ 1631.054604] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1631.055079] ? lock_downgrade+0x6d0/0x6d0 [ 1631.055453] ? import_single_range+0x24d/0x2e0 [ 1631.055875] blk_rq_map_user+0x103/0x170 [ 1631.056249] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1631.056674] ? alloc_pages_current+0x18f/0x280 [ 1631.057094] ? sg_build_indirect.isra.0+0x448/0x710 [ 1631.057551] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1631.058033] ? sg_build_indirect.isra.0+0x710/0x710 [ 1631.058475] audit: type=1326 audit(1718135395.868:1988): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.060415] ? vprintk_func+0x93/0x140 [ 1631.060768] ? record_print_text.cold+0x16/0x16 [ 1631.061189] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1631.061639] ? trace_hardirqs_on+0x5b/0x180 [ 1631.062034] sg_write.part.0+0x69e/0xaa0 [ 1631.062402] ? sg_new_write.isra.0+0x770/0x770 [ 1631.062814] ? find_held_lock+0x2c/0x110 [ 1631.063190] ? __might_fault+0xd3/0x180 [ 1631.063546] ? lock_downgrade+0x6d0/0x6d0 [ 1631.063927] ? _cond_resched+0x12/0x80 [ 1631.064281] ? inode_security+0x107/0x140 [ 1631.064657] ? avc_policy_seqno+0x9/0x70 [ 1631.065026] ? selinux_file_permission+0x92/0x520 [ 1631.065468] ? security_file_permission+0x24e/0x570 [ 1631.065918] sg_write+0x87/0x120 [ 1631.066230] do_iter_write+0x482/0x670 [ 1631.066588] ? import_iovec+0x83/0xb0 [ 1631.066935] vfs_writev+0x1ae/0x620 [ 1631.067266] ? vfs_iter_write+0xa0/0xa0 [ 1631.067632] ? __fget_files+0x26d/0x4c0 [ 1631.067991] ? lock_downgrade+0x6d0/0x6d0 [ 1631.068368] ? find_held_lock+0x2c/0x110 [ 1631.068744] ? __fget_files+0x296/0x4c0 [ 1631.069116] ? __fget_light+0xea/0x290 [ 1631.069472] do_writev+0x139/0x300 [ 1631.069806] ? vfs_writev+0x620/0x620 [ 1631.070162] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.070639] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.071101] do_syscall_64+0x33/0x40 [ 1631.071437] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.071892] RIP: 0033:0x7f3e10b72b19 [ 1631.072236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.073855] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1631.074532] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1631.075168] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1631.075798] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.076439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1631.077066] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1631.082483] audit: type=1326 audit(1718135395.907:1989): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.089263] audit: type=1326 audit(1718135395.907:1990): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.095550] sg_write: data in/out 1745083568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.095550] program syz-executor.4 not setting count and/or reply_len properly [ 1631.103502] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.103502] program syz-executor.7 not setting count and/or reply_len properly [ 1631.111308] audit: type=1326 audit(1718135395.919:1991): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.143150] audit: type=1326 audit(1718135395.920:1992): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.159779] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.159779] program syz-executor.6 not setting count and/or reply_len properly [ 1631.171119] audit: type=1326 audit(1718135395.920:1993): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.173392] audit: type=1326 audit(1718135395.920:1994): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:49:56 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r4 = getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, r4}}, './file0\x00'}) lchown(&(0x7f0000000080)='./file0\x00', r3, r4) kcmp(r1, r1, 0x3, r2, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x4219, r5) r6 = fork() ptrace(0x10, r6) r7 = fork() tkill(r7, 0x3f) wait4(r7, 0x0, 0x8, 0x0) [ 1631.183015] audit: type=1326 audit(1718135395.921:1995): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.202998] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; 19:49:56 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc036c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1631.202998] program syz-executor.6 not setting count and/or reply_len properly [ 1631.211167] audit: type=1326 audit(1718135395.921:1996): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30619 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1631.219550] sg_write: data in/out 1812192432/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.219550] program syz-executor.4 not setting count and/or reply_len properly 19:49:56 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 76) [ 1631.247587] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.247587] program syz-executor.0 not setting count and/or reply_len properly 19:49:56 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03740000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1631.254261] FAULT_INJECTION: forcing a failure. [ 1631.254261] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1631.255289] CPU: 1 PID: 30768 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1631.255871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.256562] Call Trace: [ 1631.256796] dump_stack+0x107/0x167 [ 1631.257114] should_fail.cold+0x5/0xa [ 1631.257436] copy_page_from_iter+0x40a/0x900 [ 1631.257811] blk_rq_map_user_iov+0x138b/0x1a60 [ 1631.258203] ? perf_trace_lock+0xac/0x490 [ 1631.258551] ? __lockdep_reset_lock+0x180/0x180 [ 1631.258938] ? __lockdep_reset_lock+0x180/0x180 [ 1631.259331] ? blk_rq_unmap_user+0x750/0x750 [ 1631.259699] ? find_held_lock+0x2c/0x110 [ 1631.260044] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1631.260490] ? lock_downgrade+0x6d0/0x6d0 [ 1631.260836] ? import_single_range+0x24d/0x2e0 [ 1631.261217] blk_rq_map_user+0x103/0x170 [ 1631.261557] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1631.261952] ? alloc_pages_current+0x18f/0x280 [ 1631.262331] ? sg_build_indirect.isra.0+0x448/0x710 [ 1631.262751] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1631.263197] ? sg_build_indirect.isra.0+0x710/0x710 [ 1631.263618] ? vprintk_func+0x93/0x140 [ 1631.263948] ? record_print_text.cold+0x16/0x16 [ 1631.264347] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1631.264771] ? trace_hardirqs_on+0x5b/0x180 [ 1631.265140] sg_write.part.0+0x69e/0xaa0 [ 1631.265484] ? sg_new_write.isra.0+0x770/0x770 [ 1631.265867] ? find_held_lock+0x2c/0x110 [ 1631.266210] ? __might_fault+0xd3/0x180 [ 1631.266542] ? lock_downgrade+0x6d0/0x6d0 [ 1631.266895] ? _cond_resched+0x12/0x80 [ 1631.267221] ? inode_security+0x107/0x140 [ 1631.267568] ? avc_policy_seqno+0x9/0x70 [ 1631.267908] ? selinux_file_permission+0x92/0x520 [ 1631.268318] ? security_file_permission+0x24e/0x570 [ 1631.268732] sg_write+0x87/0x120 [ 1631.269024] do_iter_write+0x482/0x670 [ 1631.269353] ? import_iovec+0x83/0xb0 [ 1631.269673] vfs_writev+0x1ae/0x620 [ 1631.269980] ? vfs_iter_write+0xa0/0xa0 [ 1631.270310] ? __fget_files+0x26d/0x4c0 [ 1631.270645] ? lock_downgrade+0x6d0/0x6d0 [ 1631.270993] ? find_held_lock+0x2c/0x110 [ 1631.271342] ? __fget_files+0x296/0x4c0 [ 1631.271681] ? __fget_light+0xea/0x290 [ 1631.272011] do_writev+0x139/0x300 [ 1631.272318] ? vfs_writev+0x620/0x620 [ 1631.272641] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.273077] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.273505] do_syscall_64+0x33/0x40 [ 1631.273813] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.274239] RIP: 0033:0x7f3e10b72b19 [ 1631.274549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.276056] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1631.276691] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1631.277279] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1631.277867] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.278457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1631.279042] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:49:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:49:56 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000d00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1631.347758] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.347758] program syz-executor.7 not setting count and/or reply_len properly [ 1631.380589] sg_write: data in/out 1946410160/8 bytes for SCSI command 0x3f-- guessing data in; [ 1631.380589] program syz-executor.4 not setting count and/or reply_len properly 19:50:10 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 77) 19:50:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:10 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000500000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:10 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc037a0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:10 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2c, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 19:50:10 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x6}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r3, @ANYBLOB="0400064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba6368aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b0500000000260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b593205fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d4ffc07de0c741a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ced7982e2ec2b431b05cb993a2f50000000000"], 0x13c}}, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:50:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:50:10 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1645.641805] kauditd_printk_skb: 69 callbacks suppressed [ 1645.642953] audit: type=1326 audit(1718135410.468:2066): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30975 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x0 [ 1645.644623] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.644623] program syz-executor.0 not setting count and/or reply_len properly [ 1645.650041] FAULT_INJECTION: forcing a failure. [ 1645.650041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1645.651218] CPU: 1 PID: 30972 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1645.651861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.652638] Call Trace: [ 1645.652896] dump_stack+0x107/0x167 [ 1645.653238] should_fail.cold+0x5/0xa [ 1645.653600] copy_page_from_iter+0x40a/0x900 [ 1645.654021] blk_rq_map_user_iov+0x138b/0x1a60 [ 1645.654454] ? perf_trace_lock+0xac/0x490 [ 1645.654855] ? __lockdep_reset_lock+0x180/0x180 [ 1645.655300] ? __lockdep_reset_lock+0x180/0x180 [ 1645.655732] ? blk_rq_unmap_user+0x750/0x750 [ 1645.656142] ? mark_held_locks+0x9e/0xe0 [ 1645.656526] ? find_held_lock+0x2c/0x110 [ 1645.656910] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1645.657399] ? lock_downgrade+0x6d0/0x6d0 [ 1645.657785] ? import_single_range+0x24d/0x2e0 [ 1645.658211] blk_rq_map_user+0x103/0x170 [ 1645.658589] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1645.659058] ? alloc_pages_current+0x18f/0x280 [ 1645.659475] ? sg_build_indirect.isra.0+0x448/0x710 [ 1645.659943] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1645.660443] ? sg_build_indirect.isra.0+0x710/0x710 [ 1645.660907] ? vprintk_func+0x93/0x140 [ 1645.661277] ? record_print_text.cold+0x16/0x16 [ 1645.661703] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1645.662170] ? trace_hardirqs_on+0x5b/0x180 [ 1645.662578] sg_write.part.0+0x69e/0xaa0 [ 1645.662961] ? sg_new_write.isra.0+0x770/0x770 [ 1645.663391] ? find_held_lock+0x2c/0x110 [ 1645.663765] ? __might_fault+0xd3/0x180 [ 1645.664128] ? lock_downgrade+0x6d0/0x6d0 [ 1645.664524] ? _cond_resched+0x12/0x80 [ 1645.664881] ? inode_security+0x107/0x140 [ 1645.665265] ? avc_policy_seqno+0x9/0x70 [ 1645.665636] ? selinux_file_permission+0x92/0x520 [ 1645.666087] ? security_file_permission+0x24e/0x570 [ 1645.666547] sg_write+0x87/0x120 [ 1645.666875] do_iter_write+0x482/0x670 [ 1645.667241] ? import_iovec+0x83/0xb0 [ 1645.667603] vfs_writev+0x1ae/0x620 [ 1645.667939] ? vfs_iter_write+0xa0/0xa0 [ 1645.668320] ? __fget_files+0x26d/0x4c0 [ 1645.668683] ? lock_downgrade+0x6d0/0x6d0 [ 1645.669065] ? find_held_lock+0x2c/0x110 [ 1645.669444] ? __fget_files+0x296/0x4c0 [ 1645.669825] ? __fget_light+0xea/0x290 [ 1645.670184] do_writev+0x139/0x300 [ 1645.670514] ? vfs_writev+0x620/0x620 [ 1645.670868] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.671365] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.671833] do_syscall_64+0x33/0x40 [ 1645.672185] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.672659] RIP: 0033:0x7f3e10b72b19 [ 1645.673010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.674669] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1645.675373] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1645.676110] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1645.676918] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.677578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.678224] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1645.683096] sg_write: data in/out 2047073456/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.683096] program syz-executor.4 not setting count and/or reply_len properly [ 1645.687630] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.687630] program syz-executor.7 not setting count and/or reply_len properly [ 1645.695773] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.695773] program syz-executor.6 not setting count and/or reply_len properly 19:50:10 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 78) [ 1645.760319] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.760319] program syz-executor.6 not setting count and/or reply_len properly 19:50:10 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1645.876039] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.876039] program syz-executor.4 not setting count and/or reply_len properly [ 1645.883348] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.883348] program syz-executor.0 not setting count and/or reply_len properly [ 1645.888461] FAULT_INJECTION: forcing a failure. [ 1645.888461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1645.889460] CPU: 1 PID: 31192 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1645.890039] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.890728] Call Trace: [ 1645.890961] dump_stack+0x107/0x167 [ 1645.891268] should_fail.cold+0x5/0xa [ 1645.891594] copy_page_from_iter+0x40a/0x900 [ 1645.891975] blk_rq_map_user_iov+0x138b/0x1a60 [ 1645.892374] ? perf_trace_lock+0xac/0x490 [ 1645.892728] ? __lockdep_reset_lock+0x180/0x180 [ 1645.893115] ? __lockdep_reset_lock+0x180/0x180 [ 1645.893502] ? blk_rq_unmap_user+0x750/0x750 [ 1645.893882] ? find_held_lock+0x2c/0x110 [ 1645.894230] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1645.894672] ? lock_downgrade+0x6d0/0x6d0 [ 1645.895017] ? import_single_range+0x24d/0x2e0 [ 1645.895403] blk_rq_map_user+0x103/0x170 [ 1645.895746] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1645.896149] ? alloc_pages_current+0x18f/0x280 [ 1645.896541] ? sg_build_indirect.isra.0+0x448/0x710 [ 1645.896967] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1645.897411] ? sg_build_indirect.isra.0+0x710/0x710 [ 1645.897843] ? vprintk_func+0x93/0x140 [ 1645.898172] ? record_print_text.cold+0x16/0x16 [ 1645.898564] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1645.898982] ? trace_hardirqs_on+0x5b/0x180 [ 1645.899351] sg_write.part.0+0x69e/0xaa0 [ 1645.899693] ? sg_new_write.isra.0+0x770/0x770 [ 1645.900089] ? find_held_lock+0x2c/0x110 [ 1645.900438] ? __might_fault+0xd3/0x180 [ 1645.900782] ? lock_downgrade+0x6d0/0x6d0 [ 1645.901140] ? _cond_resched+0x12/0x80 [ 1645.901470] ? inode_security+0x107/0x140 [ 1645.901826] ? avc_policy_seqno+0x9/0x70 [ 1645.902169] ? selinux_file_permission+0x92/0x520 [ 1645.902581] ? security_file_permission+0x24e/0x570 [ 1645.903009] sg_write+0x87/0x120 [ 1645.903299] do_iter_write+0x482/0x670 [ 1645.903628] ? import_iovec+0x83/0xb0 [ 1645.903954] vfs_writev+0x1ae/0x620 [ 1645.904282] ? vfs_iter_write+0xa0/0xa0 [ 1645.904625] ? __fget_files+0x26d/0x4c0 [ 1645.904961] ? lock_downgrade+0x6d0/0x6d0 [ 1645.905308] ? find_held_lock+0x2c/0x110 [ 1645.905655] ? __fget_files+0x296/0x4c0 [ 1645.905998] ? __fget_light+0xea/0x290 [ 1645.906326] do_writev+0x139/0x300 [ 1645.906628] ? vfs_writev+0x620/0x620 [ 1645.906949] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.907389] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.907820] do_syscall_64+0x33/0x40 [ 1645.908136] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.908568] RIP: 0033:0x7f3e10b72b19 [ 1645.908890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.910413] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1645.911052] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1645.911649] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1645.912249] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.912844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.913436] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:50:10 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000600000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:10 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000500000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1645.968424] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.968424] program syz-executor.4 not setting count and/or reply_len properly [ 1645.977668] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.977668] program syz-executor.7 not setting count and/or reply_len properly [ 1645.983034] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1645.983034] program syz-executor.6 not setting count and/or reply_len properly 19:50:10 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) fork() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000001500)=0x0) ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 1646.049209] audit: type=1326 audit(1718135410.875:2067): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.053895] audit: type=1326 audit(1718135410.875:2068): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.060344] audit: type=1326 audit(1718135410.880:2069): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.072374] audit: type=1326 audit(1718135410.880:2070): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.099390] audit: type=1326 audit(1718135410.925:2071): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.103602] audit: type=1326 audit(1718135410.930:2072): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.108891] audit: type=1326 audit(1718135410.930:2073): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.123432] audit: type=1326 audit(1718135410.934:2074): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1646.125260] audit: type=1326 audit(1718135410.935:2075): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31207 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:50:24 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:50:24 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000600000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:24 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x0, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 1659.913000] kauditd_printk_skb: 21 callbacks suppressed [ 1659.913013] audit: type=1326 audit(1718135424.739:2097): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1659.915974] audit: type=1326 audit(1718135424.742:2098): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1659.918273] audit: type=1326 audit(1718135424.745:2099): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1659.933427] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1659.933427] program syz-executor.7 not setting count and/or reply_len properly [ 1659.938969] audit: type=1326 audit(1718135424.758:2100): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1659.940681] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1659.940681] program syz-executor.4 not setting count and/or reply_len properly [ 1659.943660] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1659.943660] program syz-executor.0 not setting count and/or reply_len properly 19:50:24 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 79) 19:50:24 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:24 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000700000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:50:24 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r1, 0x1, 0x37, &(0x7f0000000300)=""/2, &(0x7f0000000340)=0x2) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000047040)={{0x0, 0x0, 0x8a, 0xffff, 0x6, 0xd63, 0x8, 0xe59e, 0xffffffc0, 0x9, 0x100, 0xd9f, 0x100000001, 0x100000000, 0x4}, 0x18, [0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001300)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}], 0x7f, "9656c75f04ba4d"}) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000047100)={{0x0, 0x0, 0xba, 0x1ff, 0x0, 0x2, 0x4, 0xfffffffe, 0xffffffff, 0x20, 0x9, 0x4, 0x0, 0x1ff, 0xd2f}}) [ 1659.947959] audit: type=1326 audit(1718135424.758:2101): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1659.956324] audit: type=1326 audit(1718135424.762:2102): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1659.961981] FAULT_INJECTION: forcing a failure. [ 1659.961981] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1659.963251] CPU: 1 PID: 31319 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1659.963274] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1659.963274] program syz-executor.6 not setting count and/or reply_len properly [ 1659.965290] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1659.966043] Call Trace: [ 1659.966298] dump_stack+0x107/0x167 [ 1659.966632] should_fail.cold+0x5/0xa [ 1659.966982] copy_page_from_iter+0x40a/0x900 [ 1659.967402] blk_rq_map_user_iov+0x138b/0x1a60 [ 1659.967826] ? perf_trace_lock+0xac/0x490 [ 1659.968213] ? __lockdep_reset_lock+0x180/0x180 [ 1659.968643] ? __lockdep_reset_lock+0x180/0x180 [ 1659.969078] ? blk_rq_unmap_user+0x750/0x750 [ 1659.969477] ? find_held_lock+0x2c/0x110 [ 1659.969849] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 1659.970366] ? lock_downgrade+0x6d0/0x6d0 [ 1659.970900] ? import_single_range+0x24d/0x2e0 [ 1659.971310] blk_rq_map_user+0x103/0x170 [ 1659.971679] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 1659.972104] ? alloc_pages_current+0x18f/0x280 [ 1659.972528] ? sg_build_indirect.isra.0+0x448/0x710 [ 1659.973128] sg_common_write.constprop.0+0x10ed/0x1a30 [ 1659.973608] ? sg_build_indirect.isra.0+0x710/0x710 [ 1659.974056] ? vprintk_func+0x93/0x140 [ 1659.974535] ? record_print_text.cold+0x16/0x16 [ 1659.975093] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1659.975548] ? trace_hardirqs_on+0x5b/0x180 [ 1659.975944] sg_write.part.0+0x69e/0xaa0 [ 1659.976314] ? sg_new_write.isra.0+0x770/0x770 [ 1659.976770] ? find_held_lock+0x2c/0x110 [ 1659.977239] ? __might_fault+0xd3/0x180 [ 1659.977596] ? lock_downgrade+0x6d0/0x6d0 [ 1659.977990] ? _cond_resched+0x12/0x80 [ 1659.978338] ? inode_security+0x107/0x140 [ 1659.978712] ? avc_policy_seqno+0x9/0x70 [ 1659.979076] ? selinux_file_permission+0x92/0x520 [ 1659.979514] ? security_file_permission+0x24e/0x570 [ 1659.979963] sg_write+0x87/0x120 [ 1659.980274] do_iter_write+0x482/0x670 [ 1659.980636] ? import_iovec+0x83/0xb0 [ 1659.981014] vfs_writev+0x1ae/0x620 [ 1659.981441] ? vfs_iter_write+0xa0/0xa0 [ 1659.981887] ? __fget_files+0x26d/0x4c0 [ 1659.982354] ? lock_downgrade+0x6d0/0x6d0 [ 1659.982791] ? find_held_lock+0x2c/0x110 [ 1659.983160] ? __fget_files+0x296/0x4c0 [ 1659.983527] ? __fget_light+0xea/0x290 [ 1659.983974] do_writev+0x139/0x300 [ 1659.984309] ? vfs_writev+0x620/0x620 [ 1659.984659] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1659.985132] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1659.985595] do_syscall_64+0x33/0x40 [ 1659.985937] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1659.986395] RIP: 0033:0x7f3e10b72b19 [ 1659.986733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1659.988382] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1659.989244] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1659.990091] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1659.990726] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1659.991475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1659.992103] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1659.997570] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1659.997570] program syz-executor.6 not setting count and/or reply_len properly ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001300)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}], 0x7f, "9656c75f04ba4d"}) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000048100)={{0x0, 0x25dc, 0x9, 0x1f, 0x8000, 0x2, 0x8, 0x2, 0x10001, 0x81, 0x17b, 0x88, 0x1, 0x1, 0x6}}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000049100)={0x4, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x9, "b88d78d045f640"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001300)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r17}, {}, {}, {}, {}, {r15}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r14}], 0x7f, "9656c75f04ba4d"}) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f000004a100)={{0x0, 0x2, 0xc2cb51, 0x7, 0x800, 0x2, 0x51ed, 0x9, 0xff, 0x20, 0x3, 0x101, 0x401, 0xffff, 0x8001}}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004b100)={0x1000, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2, r5}, {r7, r10}, {r12, r13}, {0x0, r16}, {r18}], 0x8, "41d7a67a790d14"}) [ 1660.071542] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1660.071542] program syz-executor.4 not setting count and/or reply_len properly 19:50:24 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000700000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:24 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:24 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000900000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1660.080676] audit: type=1326 audit(1718135424.907:2103): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1660.087691] audit: type=1326 audit(1718135424.914:2104): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31317 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1660.108846] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1660.108846] program syz-executor.7 not setting count and/or reply_len properly [ 1660.152042] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1660.152042] program syz-executor.6 not setting count and/or reply_len properly [ 1660.177118] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1660.177118] program syz-executor.6 not setting count and/or reply_len properly 19:50:24 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) fallocate(r0, 0x68, 0x3f5, 0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r4, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, 0x0, 0x0) sendmsg$nl_netfilter(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r5, @ANYBLOB="04001c00fe0a96ad064918d8622cc9ea3145f0b92775255aeb09c911ad89bb3808c51b3920ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b760118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a280000c31b03b21ffab476664dd623b0e630a40e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, &(0x7f0000000080)=0x1) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:50:25 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000900000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:25 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 80) 19:50:25 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1660.230213] audit: type=1326 audit(1718135425.056:2105): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31451 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1660.233734] audit: type=1326 audit(1718135425.060:2106): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31451 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1660.251711] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1660.251711] program syz-executor.4 not setting count and/or reply_len properly 19:50:25 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000d00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1660.311254] FAULT_INJECTION: forcing a failure. [ 1660.311254] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.313531] CPU: 0 PID: 31495 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1660.314559] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.315764] Call Trace: [ 1660.316163] dump_stack+0x107/0x167 [ 1660.316713] should_fail.cold+0x5/0xa [ 1660.317276] ? mempool_alloc+0x148/0x360 [ 1660.317871] ? mempool_free_pages+0x20/0x20 [ 1660.318505] should_failslab+0x5/0x20 [ 1660.319072] kmem_cache_alloc+0x5b/0x310 [ 1660.319673] ? mempool_free_pages+0x20/0x20 [ 1660.320314] mempool_alloc+0x148/0x360 [ 1660.320902] ? mempool_resize+0x7d0/0x7d0 [ 1660.321525] ? perf_trace_lock+0xac/0x490 [ 1660.322152] __sg_alloc_table+0x24e/0x390 [ 1660.322772] sg_alloc_table_chained+0x9b/0x1f0 [ 1660.323445] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 1660.324157] scsi_alloc_sgtables+0x236/0xaf0 [ 1660.324814] ? lock_downgrade+0x6d0/0x6d0 [ 1660.325425] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 1660.326178] ? lockdep_init_map_type+0x2c7/0x780 [ 1660.326889] sd_init_command+0x516/0x3550 [ 1660.327514] scsi_queue_rq+0xe5e/0x27f0 [ 1660.328126] blk_mq_dispatch_rq_list+0x372/0x1c40 [ 1660.328857] ? elv_rb_del+0x50/0xa0 [ 1660.329388] ? elv_rqhash_del+0x119/0x160 [ 1660.330002] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 1660.330726] ? dd_dispatch_request+0x1c0/0x990 [ 1660.331406] blk_mq_do_dispatch_sched+0x7f4/0xa00 [ 1660.332131] ? blk_mq_sched_mark_restart_hctx+0x80/0x80 [ 1660.332920] ? do_raw_spin_lock+0x121/0x260 [ 1660.333558] ? rwlock_bug.part.0+0x90/0x90 [ 1660.334182] ? hctx_lock+0x7f/0x200 [ 1660.334731] __blk_mq_sched_dispatch_requests+0x2d7/0x450 [ 1660.335540] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 1660.336282] blk_mq_sched_dispatch_requests+0xfb/0x180 [ 1660.337065] __blk_mq_run_hw_queue+0x12c/0x290 [ 1660.337737] ? blk_mq_start_request+0x3f0/0x3f0 [ 1660.338422] ? __blk_mq_delay_run_hw_queue+0x365/0x550 [ 1660.339193] ? check_memory_region+0x177/0x1f0 [ 1660.339873] __blk_mq_delay_run_hw_queue+0x4f1/0x550 [ 1660.340629] blk_mq_run_hw_queue+0x170/0x2f0 [ 1660.341282] ? blk_mq_delay_run_hw_queues+0x1a0/0x1a0 [ 1660.342044] ? do_raw_spin_unlock+0x4f/0x220 [ 1660.342690] ? _raw_spin_unlock+0x1a/0x30 [ 1660.343306] blk_mq_sched_insert_request+0x384/0x440 [ 1660.344051] ? __blk_mq_sched_bio_merge+0x3d0/0x3d0 [ 1660.344792] ? sg_remove_sfp_usercontext+0x420/0x420 [ 1660.345545] ? blk_account_io_start+0x11b/0x170 [ 1660.346240] sg_common_write.constprop.0+0xee9/0x1a30 [ 1660.347013] ? sg_build_indirect.isra.0+0x710/0x710 [ 1660.347743] ? lock_downgrade+0x6d0/0x6d0 [ 1660.348377] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.349170] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1660.349926] ? trace_hardirqs_on+0x5b/0x180 [ 1660.350576] ? ___ratelimit+0x1fc/0x440 [ 1660.351193] sg_write.part.0+0x69e/0xaa0 [ 1660.351808] ? sg_new_write.isra.0+0x770/0x770 [ 1660.352504] ? find_held_lock+0x2c/0x110 [ 1660.353122] ? __might_fault+0xd3/0x180 [ 1660.353707] ? lock_downgrade+0x6d0/0x6d0 [ 1660.354348] ? _cond_resched+0x12/0x80 [ 1660.354924] ? inode_security+0x107/0x140 [ 1660.355530] ? avc_policy_seqno+0x9/0x70 [ 1660.356129] ? selinux_file_permission+0x92/0x520 [ 1660.356852] ? security_file_permission+0x24e/0x570 [ 1660.357596] sg_write+0x87/0x120 [ 1660.358105] do_iter_write+0x482/0x670 [ 1660.358682] ? import_iovec+0x83/0xb0 [ 1660.359252] vfs_writev+0x1ae/0x620 [ 1660.359793] ? vfs_iter_write+0xa0/0xa0 [ 1660.360387] ? __fget_files+0x26d/0x4c0 [ 1660.360982] ? lock_downgrade+0x6d0/0x6d0 [ 1660.361601] ? find_held_lock+0x2c/0x110 [ 1660.362215] ? __fget_files+0x296/0x4c0 [ 1660.362817] ? __fget_light+0xea/0x290 [ 1660.363400] do_writev+0x139/0x300 [ 1660.363931] ? vfs_writev+0x620/0x620 [ 1660.364503] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.365275] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.366035] do_syscall_64+0x33/0x40 [ 1660.366580] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.367338] RIP: 0033:0x7f3e10b72b19 [ 1660.367887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.370553] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1660.371666] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1660.372712] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1660.373751] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1660.374785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1660.375820] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1674.389462] kauditd_printk_skb: 5 callbacks suppressed [ 1674.389481] audit: type=1326 audit(1718135439.216:2112): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31679 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1674.394095] audit: type=1326 audit(1718135439.220:2113): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31679 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1674.400325] sg_write: 4 callbacks suppressed [ 1674.400385] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.400385] program syz-executor.4 not setting count and/or reply_len properly 19:50:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:39 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 81) 19:50:39 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:50:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:50:39 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000d00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:39 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:39 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/tty/ldiscs\x00', 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x8, 0x0, 0x6, 0x8, 0x0, 0x6, 0x2010, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6, 0x2, @perf_bp={&(0x7f0000000080), 0x4}, 0x80, 0x3, 0x1, 0x6, 0x7, 0x0, 0x7fff, 0x0, 0x1, 0x0, 0x6}, r3, 0x3, r5, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x8, &(0x7f00000001c0)=[{0xfff7, 0x3, 0x3, 0x5}, {0x9, 0x80, 0x8f}, {0x9, 0xf7, 0x7f, 0x3ff}, {0x0, 0x1, 0xf8, 0x6}, {0x8, 0xff, 0x0, 0x80000001}, {0x0, 0x7f, 0x3, 0xde}, {0x6, 0x3f, 0x1c, 0x20000000}, {0x40, 0x40, 0x5, 0x3}]}) 19:50:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1674.417663] audit: type=1326 audit(1718135439.227:2114): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31679 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1674.422239] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.422239] program syz-executor.6 not setting count and/or reply_len properly [ 1674.428133] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.428133] program syz-executor.4 not setting count and/or reply_len properly [ 1674.449229] audit: type=1326 audit(1718135439.227:2115): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31679 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1674.460215] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.460215] program syz-executor.7 not setting count and/or reply_len properly [ 1674.470605] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.470605] program syz-executor.5 not setting count and/or reply_len properly [ 1674.476333] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.476333] program syz-executor.0 not setting count and/or reply_len properly [ 1674.481238] audit: type=1326 audit(1718135439.307:2116): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31679 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1674.488757] audit: type=1326 audit(1718135439.309:2117): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31679 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1674.500217] FAULT_INJECTION: forcing a failure. [ 1674.500217] name failslab, interval 1, probability 0, space 0, times 0 [ 1674.502301] CPU: 1 PID: 31686 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1674.503303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1674.504481] Call Trace: [ 1674.504880] dump_stack+0x107/0x167 [ 1674.505414] should_fail.cold+0x5/0xa [ 1674.505965] ? __lock_acquire+0x1657/0x5b00 [ 1674.506583] ? create_object.isra.0+0x3a/0xa20 [ 1674.507238] should_failslab+0x5/0x20 [ 1674.507793] kmem_cache_alloc+0x5b/0x310 [ 1674.508383] create_object.isra.0+0x3a/0xa20 [ 1674.509032] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1674.509761] kmem_cache_alloc+0x159/0x310 [ 1674.510368] ? mempool_free_pages+0x20/0x20 [ 1674.510989] mempool_alloc+0x148/0x360 [ 1674.511562] ? mempool_resize+0x7d0/0x7d0 [ 1674.512161] ? __lockdep_reset_lock+0x180/0x180 [ 1674.512833] ? mark_lock+0xf5/0x2df0 [ 1674.513391] __sg_alloc_table+0x24e/0x390 [ 1674.514004] sg_alloc_table_chained+0x9b/0x1f0 [ 1674.514658] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 1674.515362] scsi_alloc_sgtables+0x236/0xaf0 [ 1674.516008] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 1674.516741] ? scsi_init_command+0x4ee/0x750 [ 1674.517402] scsi_queue_rq+0x1dc9/0x27f0 [ 1674.518015] blk_mq_dispatch_rq_list+0x372/0x1c40 [ 1674.518718] ? scsi_run_queue_async+0x1b1/0x1e0 [ 1674.519396] ? __blk_mq_sched_dispatch_requests+0x236/0x450 [ 1674.520215] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 1674.520928] ? do_raw_spin_lock+0x121/0x260 [ 1674.521560] ? rwlock_bug.part.0+0x90/0x90 [ 1674.522172] ? hctx_lock+0x7f/0x200 [ 1674.522709] __blk_mq_sched_dispatch_requests+0x263/0x450 [ 1674.523504] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 1674.524235] blk_mq_sched_dispatch_requests+0xfb/0x180 [ 1674.524997] __blk_mq_run_hw_queue+0x12c/0x290 [ 1674.525655] ? blk_mq_start_request+0x3f0/0x3f0 [ 1674.526343] __blk_mq_delay_run_hw_queue+0x4f1/0x550 [ 1674.527078] blk_mq_run_hw_queue+0x170/0x2f0 [ 1674.527716] ? blk_mq_delay_run_hw_queues+0x1a0/0x1a0 [ 1674.528465] ? do_raw_spin_unlock+0x4f/0x220 [ 1674.529110] ? _raw_spin_unlock+0x1a/0x30 [ 1674.529722] blk_mq_sched_insert_request+0x384/0x440 [ 1674.530460] ? __blk_mq_sched_bio_merge+0x3d0/0x3d0 [ 1674.531178] ? sg_remove_sfp_usercontext+0x420/0x420 [ 1674.531910] ? blk_account_io_start+0x11b/0x170 [ 1674.532592] sg_common_write.constprop.0+0xee9/0x1a30 [ 1674.533347] ? sg_build_indirect.isra.0+0x710/0x710 [ 1674.534065] ? vprintk_func+0x93/0x140 [ 1674.534639] ? record_print_text.cold+0x16/0x16 [ 1674.535314] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1674.536039] ? trace_hardirqs_on+0x5b/0x180 [ 1674.536687] sg_write.part.0+0x69e/0xaa0 [ 1674.537275] ? sg_new_write.isra.0+0x770/0x770 [ 1674.537937] ? find_held_lock+0x2c/0x110 [ 1674.538529] ? __might_fault+0xd3/0x180 [ 1674.539097] ? lock_downgrade+0x6d0/0x6d0 [ 1674.539712] ? _cond_resched+0x12/0x80 [ 1674.540269] ? inode_security+0x107/0x140 [ 1674.540874] ? avc_policy_seqno+0x9/0x70 [ 1674.541456] ? selinux_file_permission+0x92/0x520 [ 1674.542155] ? security_file_permission+0x24e/0x570 [ 1674.542883] sg_write+0x87/0x120 [ 1674.543374] do_iter_write+0x482/0x670 [ 1674.543938] ? import_iovec+0x83/0xb0 [ 1674.544498] vfs_writev+0x1ae/0x620 [ 1674.545032] ? vfs_iter_write+0xa0/0xa0 [ 1674.545601] ? __fget_files+0x26d/0x4c0 [ 1674.546173] ? lock_downgrade+0x6d0/0x6d0 [ 1674.546776] ? find_held_lock+0x2c/0x110 [ 1674.547372] ? __fget_files+0x296/0x4c0 [ 1674.547960] ? __fget_light+0xea/0x290 [ 1674.548526] do_writev+0x139/0x300 [ 1674.549058] ? vfs_writev+0x620/0x620 [ 1674.549613] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1674.550361] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1674.551102] do_syscall_64+0x33/0x40 [ 1674.551634] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1674.552364] RIP: 0033:0x7f3e10b72b19 [ 1674.552909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1674.555502] RSP: 002b:00007f3e0e0e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1674.556595] RAX: ffffffffffffffda RBX: 00007f3e10c85f60 RCX: 00007f3e10b72b19 [ 1674.557611] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 [ 1674.558636] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1674.559649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1674.560674] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 [ 1674.582566] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.582566] program syz-executor.6 not setting count and/or reply_len properly 19:50:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:39 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x0, &(0x7f0000000180)}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:50:39 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1674.705359] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.705359] program syz-executor.7 not setting count and/or reply_len properly 19:50:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000000)=0xb36, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) sendmsg$nl_generic(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x9c, 0x24, 0x200, 0x70bd2c, 0x25dfdbff, {0x10}, [@typed={0x8, 0x67, 0x0, 0x0, @u32=0x4}, @generic="ef7400b39caeb29750d0979f0cd80f830b", @generic="7d94d37451e4ae976e3089687f7245206503a058c8db3bdbe57fc61f8571c50b029897fa35bf14b064066ca2a66e715bc1a4736b3bf1ce72174e7a42e73b30e4a0f1b592d44bc424ca9e2331f649e1a7fc0a7584c1cfc9ca5a9fd3644224ed97d7aa6cf2ef624f37c323eff7e5c6e0"]}, 0x9c}, 0x1, 0x0, 0x0, 0x20040}, 0x0) r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0xa2843, 0x0) fallocate(r3, 0x1, 0x3ff, 0x9) dup2(r0, r0) [ 1674.716953] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.716953] program syz-executor.4 not setting count and/or reply_len properly 19:50:39 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1674.789111] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1674.789111] program syz-executor.6 not setting count and/or reply_len properly 19:50:39 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:39 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 82) 19:50:39 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:39 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1675.016695] FAULT_INJECTION: forcing a failure. [ 1675.016695] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1675.019180] CPU: 0 PID: 31966 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 1675.020197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.021405] Call Trace: [ 1675.021797] dump_stack+0x107/0x167 [ 1675.022327] should_fail.cold+0x5/0xa [ 1675.022896] _copy_to_user+0x2e/0x180 [ 1675.023459] simple_read_from_buffer+0xcc/0x160 [ 1675.024139] proc_fail_nth_read+0x198/0x230 [ 1675.024783] ? proc_sessionid_read+0x230/0x230 [ 1675.025449] ? security_file_permission+0x24e/0x570 [ 1675.026176] ? proc_sessionid_read+0x230/0x230 [ 1675.026837] vfs_read+0x228/0x580 [ 1675.027350] ksys_read+0x12d/0x260 [ 1675.027870] ? vfs_write+0xa70/0xa70 [ 1675.028424] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.029200] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.029955] do_syscall_64+0x33/0x40 [ 1675.030498] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.031244] RIP: 0033:0x7f3e10b2569c [ 1675.031785] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1675.034408] RSP: 002b:00007f3e0e0e8170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1675.035499] RAX: ffffffffffffffda RBX: 000000000000002d RCX: 00007f3e10b2569c [ 1675.036528] RDX: 000000000000000f RSI: 00007f3e0e0e81e0 RDI: 0000000000000008 [ 1675.037566] RBP: 00007f3e0e0e81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1675.038590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1675.039622] R13: 00007ffec116c6ff R14: 00007f3e0e0e8300 R15: 0000000000022000 19:50:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:50:54 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:54 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) r2 = fork() r3 = gettid() kcmp(r2, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setregset(0x4205, r3, 0x201, &(0x7f0000000080)={&(0x7f0000000280)="10b22c3039bc06bb9a450555ebea65ff56fe1cd4b6e1e3b3c54d446adf1b54f729c46440e4331856fe0183c82875e60d6d13406e4f862c31b219fe770f58335cc86ecd386bac67e0ad2c1b43e21fc25da325329f8cbec1d40f3ede2f9ac219d05878632df6e25ed4489b56ad495a10d7b1f68fab170b402aba8368bf79e78e7fde7a6c35444ba5e4b2f51e5e6c160b8c46a38b6cbe47901728ff6f976e7d832afebb1cb5864d7171a73ef8c07100f9412d53f0965866c0f9fdcc056b022725b32d25d6d2a93aab5e74a1a24a10f685d1b14d23be8df4847f7dfcd85aca564ec7ca00a046d4bd3ab3684626860a7b5f90e909d8802ff4fa846b2c702d6854c38b4dd04fbb11bba737be07b6eb4ec539ca98e9d92090a2a0ed067aa7034f85c02accb2bc817722e016cf14f80c1af2e0d3b628b521b84c353bc50bbab4491ed3540324637842b9f6e16e32a862c07ca3a3dcd22fd81b81ea073ad8ec74bbd7991258971c4d5a92393b42f2ea448b24d5e238c3d2956dafb487b44306de93495012294155185396770a413f6d8e5ab3930fbb6307e30f71c239f9cf33f9e8612ed689e21937f5a9c2e57d7715c1031c15db3cdb077bb1829021ca7fb4edca04267d33404265b2506f14c14c05eefb63819c2b5b97b6b336ebb98a1b00a9e43155a9e915442be781d53f9335718dade6bc98704f701157a4699d6bc2b0ec9edc27e9e38e745dfab42e193d2134c9c7386f0e6b836f8fe245af23954c0f9eea75014b859b36005da6adbefe135f770bb8da8da71d6ba8ab6af3e4ecc31137db734a38a272a8adf16179e413e964d8ff16d3c84aa9918ba9ff0494e2f308ee727ebdb45508026994213c844c3f2ed85f20d6f011756bd22e3d46ff89865cc960e01cffa69d03b6c88505b389380b2f547957bd2669afa49e80c82a243fb77de68e0f5b7d899c73907751706615121618abbfd1fcbb82a5f6b77dd1235ca7af831cec6d53a009fd5e0f56d9bd212cfd48dbdbd773c3eb5970f37b2a972a0c7ed68ae25f169790db01581b9dafa87a6dbfefbe9b4c748103727799fe3e02cddf0b3111bb538c05f75fc91610dc638222ed971e553dd325ccc4bbad2be5428c37f1edec9d34425618c98ea424c4379720956f47b298a959c3f5e1262bbad66d2ace597fa58d47633f65e51d5c2b13491bb23a0433427af3d7a2ebe6e5108317cc2cc3a121989964a2475137c39c99df57b4ab49569d2f28920b350f43fff4437e5d204aa3a2cdf6e2f50f541513829277bb41b4d2275cbfbb03fec1cbbe43ed554e28ce5be18ae2f25d9561365ccca278fa8a31eb2eac61b7f47a7e8b495289ceedb2be17681808dc3830f3bfc30ea133d458ff2531263576ad12970b1cc4ffc04798ed0419c8db3fefe7fdbc6a05b866316a999ec31d7ba04cc492156ce3a262ceedc6477e65ab77ac355c167553c3d0fb200c4e975a08b679efebe09091514d26131451957f38d71d33cf6f78ea31889a728917f8cbf8094fb5472e3fc5e07b51eb1830c8ddd44045ca20ba612b631b118af2f0f4fe58bbe3ce83891edc00e7f8da23e7c2b6d8ed8cd0052306444ddf049cd10da4082846e7f774cc0fab37c9cdb5f7cff2d4308639b9f40d565e6b4f3637adf1c10d75a14de9f341d925b96deb06795645cf0ab01d7ce2d4b5231ced6b21f1190472158bf16229432a64bb15f7b73e87f43116f6d931ffcbcb772ae9eec4a2cf8dd4eb371a7f2f7c4620d70113f058a5c234ddfefcb2c5204428f3543a9f55146ec96d7abfb81222fc21829ef440c6162760910c179d34f82a7ff9ba0e8dbfc202000ba12f2a0780721c0347ede78e60eea05867c6d0c8a801bd8e992801eb881581d8a9cb985e6799846907127dd2a0af89a6fa616b52f7d6b932a06b108765a44ae146b8dec85fbc2e0a6e4c2245457dfaf6b784f9df5feda1feed7f172f61bae7839da83afceb66927b3fccf13a054ffa21f2d58b1b3904a7cbcc38146890784b98256860e4aee3c4893aa8b6dd3b39244ddb876a451f5522416ca8ef3abcd138a7ac9c0361f258cdef49b00d438ab268145ddc2825c5dc09bc70c1400ddbb71dc3212be874febf0ff588093967459c83b7e1466f9443ffd8989343c8c27f0282f0e0fcbe7e8464317d427d09fa379e50bbca0f20ee6eef9e9a7c28262cf4c38918858795297d4ab44de76dcca527db0bdd44d222eaca8e134fd8a0ec0cbf86231605795ddbe46d017dd63116060450f0c0c891c855c86d51eb9a71ab1c95be2b2af3bef481bfda781c018d315705cb50c18e7c15f53eb380fe058f5870dca086b16fa66fda6ff03eef25019369c4e0f3bfa1d178a975d6971a16b2550833d1480370a71dba5bfee5231db85145306d4c8cddf0881a45da46df9ac49aa7d13a91e030aa0af464fb55093a46ccd7fc73aa25337ca2266837a6acf4e5821ae792dbaffc5451f5357114d28925b80fffb0e7a3fdda20f6cb5d2b5e2cbfb72b2853122504ca3ab06d68b946839abc1f084f0c320d5cdf9333a8801fe9636e22ffa9b4dbad2c396419d3abb3913467ae2025d980f1b68661f5f5759e3cab109b32fcc642f7c3019f30eb661563c8f892cff4642213b83f7e1f0d6056b875872a74cebd6b8080a3eb51eaefefe0da37c244f64f374190f3ecac3fd3332a8f4df35906d6f2f0b98395675ab6c8eced1db95e7df9ed773f6f18dc2d7fd71727ec1c7e45b99c8a392fe042f93f9e2d9484f5b8bc774365dcfa14901531858e2d3fb6ea7a4f9345bbb8e8d773e5b52bbd0ae024cc3048652a896ae106f9438951762d91e3f647ce6d798d8cfab3e678e620886ae2b3ce85886f8bf9dc3de10b9d8e48884b480d0b5ebfcfd98fe66507e39cf2644da0edac6f10590590a926ee73d479f040f6b8cf11bed1eb0097c9d0f6a7f8d568be11b8d552ff41238f1b75d24142653de9fbacda2b842005eafda876125537b6b3a7886658459e0883fa582b8b779451e4441ed137c4e2518aa2d3c170bec8c48a887ba16f11dbef846c1806072c85cd0ed4bed7ba7037618dbaa0f63574cf64e31bc413a34e247baa8f68d8fadd3f8294ff66d51b5485deab55082e2df16d6f06812d538ef74d93e5d910d8b01ab3e3e76a01595db9ee09313313bf8544813b3cde0f5ab0f69b5872eb45842de781ab7d9fefd405f95a1ff51f441cba3a0d85a397184717ee632415ca98ceee5359b3e62475a242ca89deff5b995ce3bfb6d4d825fd947804a9206e8029a28a6e2cf62ed197b76375545b9ae36cbb4ad0ec9b662a357138260992ad8caf53118e8ab018bb650acb877055f518412de141f24de0e7d5ccd1f6e14b6317bd5fa13ba84adcb772c217c6ae574f0794154a93c7a084f1a1fe646b6c6371740641e46f677da037b5b50588e586a316a07fb527515f4d008b4438b065acffc965b092687095a6dbdec6b2d3398b900e57606bc9d1a3a4a7b8a6533b61e63563cb8f58a2bf2ada8602d13fe0e13c83c5b4479af410021b28fbf54609f9c23d5cc260b3de4a582d2d9792f0185152205ed8633d8c647b98f4df5fede226daf60d463039387fc7212ed1472759e8a3c2435e1dc3a710d1f64b0070b6d3dfbb648e89d813cd3a05681de1b67c50788fd69a3d3483af3a5d3f93fc2121447b4e9e2335e3e8dcb4e2e23598aeffc421bc782572cfdb7b713e7f9d43d595c463ae3601b6cf756a8d3a5aec45949baa85c7b06afa5a52068848378926821c1c56577d3e7b688e3bd4bd5953035fd0506b042d416aad39b9d7268e590d07b447ab74a119e8e2c21a643b5afadbb6c859b550aaa73f7806ca1e243d2f41370b51dcbd85e939e3d8ff1ab6e8c379ef6a368cec8908253c4d21664ab3562871e31ad066a99cccbb7420c21fd7d900b6657d6b867cde53f8d583432e73f1403ae01594fce18937d2407d0ff87bffcafbb372c1d130ff3b7322a6a786484f81603f74edcd7dd21b0e37778af73bf8a55e29a4dd11ee774e0e1d940976e3777892ad18a9eb7a1b1e6b1b055ab7fc2e68011a7c64706de240ef1df662587afb7caf9d63e9378611f36123352e5762f53f859f1fa36309d05e998f2c3e66605880be9945cbf448da0d85c97ffcb619ce4089f77078f13beaf9c6397ad63be78ec53b86d9e31991dc947c3cc46aefe1f364d88e259ca18de246ca24b568452230c6acadaaa519686707e1b3af14fbdbb0f259fdb9a82bc51afe84769fa09fa889c1dd5ad799fe60904a09abb59f0781680b2efac8a0747c4a1c82e2c67f101f621e3967cb2a6a50e28fe5604619ea0952b7f30d1aa0240a39e9a29c1221b3a033a51d361459f635fc8f9415e2d1820d4b20c04020b17093311ab603487aa62037edeb6823661a6db1d801ed68ed36a47b0a68aafe6ac949537e5cf88080f2acdc8e55e441575b7eb31379279dbd83864b42a4088507ab7ae52eb708330625a36365f5597fda07f192a87167c931a784410efd0e12d4a18e860f903504dc3b4a15ef62ce72bf161470cde1a3ee5db9707f3dc500a8965c3e03ac70f8ae02e98d25c9f99cf2d3d3a343b2bc34b2f0c33168c561573271568363c259e73cf74b8401320e765411266a40838dbf4b5df9f2abe9912ec6dbc640ca3e84c383dc2d618e70bf75a63d418d652cdf9c4701d90afa18e7921c1cd4128f5b95af7f6a561a4b89c345ead8260e431cc2a2b7c8097719231053c300e2fe5a38ddb67c2c84d935bd03da10875a0d60ed8ed6c567517f20ee5369d3a9e3f8c0a9ad8531966028e5b5eb7d3efa4c528026bfd90779fbf276d741c7a513875aba27351fcf2305d307ac8218f553847e96f4662e932a421d48c28f9a3690c97e3fa1c6067040151efcd3bb15b7fd4fbdadf22b958fbcd96ab2170adf32e32cf85460ead70546d7b4ed2eda29e9e01d6d3265cfa5270565deccab68183f55dca301dd41e87318501bb2265ea72227ba3090e88bd8e3f3111ac58b2a7fee454d116307bd0796864588b8e6706b11df6ca3d4477b482d73be21c566fee51248cb24d32f5194058c2409d0a7c5913735853c19710f44c37a46060ca4877cee169e400dc893624256709339f67de7edc160724964e4935584adede464b7cc7a8403a429e2d05455d587b39e59551e933ef9c688a50af39e1ba0b2e0d9c3061e6305853c23c2d1fabb192f97940e56209b4883e94e3d17f1513051f3c8eda2ca66e6b5994cf7afa83a4b790b342ab20051fe7b56418e2ef3a7e49029657eba7f8147a23b09eaab158268b5f807fb4c368d62e00bce87889589cc23f791376030945a029ce96e02ab4ca8c944c104e8f347476f4c73450a1a1a9d9229af35717bc4b64140211e90b41f3d270a275a9d3e0459bede45aaab6450f7c5c67ee618016d1e704f453f294b1700e3eabf03f0b8e5eb0ed690640385c8be8cce32fef8038db9e8fe72584c3c0fff47391b1adb8e1480dfc49a88dec03c491c7cca2544c2b3012bb0cd27686f83e63c5da4d95e09bc1268d1087f17562fe082cc85ec723b675189211d55895ef436eb3ca31eadde447249a1ffc5799a04323252a8e8d157039aa3bcc705ba43762a660ef7a3fe2a257347a32722bc17f9b96b685e9dfe5be44abe2404c6bfc554cfca4614e3bdb5cbd4c8c9fbe3f1241175df8d39cfa15fbde81c0741ee56ab9b5cd4cf79aa2cb3b413f1f60318022dee6af18bd35c3b78bdc687101279b64b30399a66e5c4ed6fca8163336bb6ad4c8d89f03f15078d816afdae1ec91db0f23c", 0x1000}) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x11, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:50:54 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10) 19:50:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:50:54 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:54 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1689.291688] sg_write: 7 callbacks suppressed [ 1689.291713] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.291713] program syz-executor.4 not setting count and/or reply_len properly [ 1689.298335] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.298335] program syz-executor.6 not setting count and/or reply_len properly [ 1689.301204] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.301204] program syz-executor.0 not setting count and/or reply_len properly [ 1689.306376] audit: type=1326 audit(1718135454.133:2118): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32033 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:50:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1689.317303] audit: type=1326 audit(1718135454.144:2119): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32033 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.318786] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.318786] program syz-executor.6 not setting count and/or reply_len properly [ 1689.322961] audit: type=1326 audit(1718135454.149:2120): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32033 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.333416] audit: type=1326 audit(1718135454.158:2121): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32033 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.342207] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.342207] program syz-executor.7 not setting count and/or reply_len properly 19:50:54 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1689.378360] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.378360] program syz-executor.4 not setting count and/or reply_len properly 19:50:54 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000010000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1689.512364] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.512364] program syz-executor.6 not setting count and/or reply_len properly [ 1689.521587] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.521587] program syz-executor.7 not setting count and/or reply_len properly 19:50:54 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="021dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:54 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1689.546779] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.546779] program syz-executor.6 not setting count and/or reply_len properly [ 1689.555625] audit: type=1326 audit(1718135454.382:2122): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32033 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.558221] audit: type=1326 audit(1718135454.384:2123): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32033 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.573928] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1689.573928] program syz-executor.4 not setting count and/or reply_len properly 19:50:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000020000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:54 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:50:54 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) openat(r2, &(0x7f0000000080)='./file0\x00', 0x2000, 0x40) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) [ 1689.694206] audit: type=1326 audit(1718135454.514:2124): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32274 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.697547] audit: type=1326 audit(1718135454.524:2125): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32274 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.700968] audit: type=1326 audit(1718135454.528:2126): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32274 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1689.708887] audit: type=1326 audit(1718135454.535:2127): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32274 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:51:07 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1702.881352] sg_write: 5 callbacks suppressed [ 1702.881376] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1702.881376] program syz-executor.7 not setting count and/or reply_len properly [ 1702.886949] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1702.886949] program syz-executor.4 not setting count and/or reply_len properly 19:51:07 executing program 5: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fd/3\x00') ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201) stat(&(0x7f0000001180)='./file0\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r6, 0x10000000) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r6, 0xc018937a, &(0x7f00000004c0)=ANY=[@ANYBLOB="4091565cdbfa48931fc20a1542ffd55db5ea6d18e3b27e753db9825124b9a2b5bc", @ANYRES32=r5, @ANYBLOB="0852000004d3735500c761460f66690022e90453fd69e999b910f2a30943b8df0b83d0d6485f6c24f7c349dbeca81404975bd625bc89ee53b5ecdd35165ad2054b99ee1cf928d8cd086bc736901c546534382a701baa9b436e5bdb893218703a915e47dc92b801bee0915ec83f33bd31bb6a33450db196b2a7605c54bf712f66f16c3b9cfaf67d1827ff40432de2a179147330590d479218ef7954"]) r7 = epoll_create(0x7ffd) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r6, 0x81f8943c, &(0x7f00000002c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) ioctl$BTRFS_IOC_WAIT_SYNC(r7, 0x40089416, &(0x7f00000001c0)=r8) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000140)={{r3}, r8, 0x4, @inherit={0x68, &(0x7f00000000c0)={0x0, 0x4, 0x100000001, 0x7, {0x11, 0xffffffff, 0xdc0000, 0x2, 0x3}, [0x1, 0x3, 0x10001, 0x7]}}, @subvolid=0x4}) 19:51:07 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="031dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:07 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:07 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:07 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000030000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:07 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x2, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) fcntl$getownex(r0, 0x10, &(0x7f0000000080)) r2 = fork() r3 = gettid() kcmp(r2, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000140)={r0, 0x43, 0x81, 0x1}) r5 = perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x3, 0x67, 0x1, 0x9, 0x0, 0x2, 0x12, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000100), 0x5}, 0xc04, 0xba, 0x40, 0x8, 0x3, 0x0, 0x5, 0x0, 0xd44, 0x0, 0x81}, r2, 0xc, r4, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=0x0) ptrace(0x4207, r6) r7 = fork() fcntl$setown(r5, 0x8, 0x0) ptrace(0x10, r7) r8 = fork() tkill(r8, 0x3f) wait4(r8, 0x0, 0x8, 0x0) 19:51:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1702.894944] kauditd_printk_skb: 2 callbacks suppressed [ 1702.894963] audit: type=1326 audit(1718135467.721:2130): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32394 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1702.902588] audit: type=1326 audit(1718135467.729:2131): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32394 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1702.921892] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1702.921892] program syz-executor.0 not setting count and/or reply_len properly [ 1702.940463] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1702.940463] program syz-executor.6 not setting count and/or reply_len properly [ 1702.948569] audit: type=1326 audit(1718135467.734:2132): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32394 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1702.955172] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1702.955172] program syz-executor.0 not setting count and/or reply_len properly [ 1702.974111] audit: type=1326 audit(1718135467.734:2133): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32394 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1702.983628] audit: type=1326 audit(1718135467.736:2134): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32394 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1703.013739] audit: type=1326 audit(1718135467.836:2135): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32394 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1703.017852] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1703.017852] program syz-executor.6 not setting count and/or reply_len properly [ 1703.024439] audit: type=1326 audit(1718135467.836:2136): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32394 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:51:07 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:07 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000040000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:07 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="041dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1703.097371] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1703.097371] program syz-executor.7 not setting count and/or reply_len properly 19:51:07 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:07 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) r2 = fork() r3 = gettid() r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x10, r5) kcmp(r2, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getpgid(r3) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r6) r7 = fork() ptrace(0x10, r7) r8 = fork() tkill(r8, 0x3f) wait4(r8, 0x0, 0x8, 0x0) [ 1703.159964] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1703.159964] program syz-executor.0 not setting count and/or reply_len properly [ 1703.164519] audit: type=1326 audit(1718135467.990:2137): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32618 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1703.167357] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1703.167357] program syz-executor.0 not setting count and/or reply_len properly [ 1703.170136] audit: type=1326 audit(1718135467.996:2138): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32618 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1703.189234] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1703.189234] program syz-executor.4 not setting count and/or reply_len properly [ 1703.193868] audit: type=1326 audit(1718135468.001:2139): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32618 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:51:08 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="051dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:08 executing program 5: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f00000000c0)='.log\x00', 0x2, 0x18a) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000040)=""/96) r1 = fork() r2 = gettid() r3 = fork() kcmp(r1, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x20, 0x20, 0x3, 0x9, 0x0, 0x6b11, 0x20020, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000140), 0x4}, 0x10c8a, 0x1, 0x1, 0x4, 0x0, 0x2, 0x4, 0x0, 0xfffffffd, 0x0, 0x1}, r1, 0xf, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x4840, 0x0) ioprio_get$pid(0x2, r3) sendfile(r4, r5, 0x0, 0x100000001) 19:51:08 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1715.734881] sg_write: 4 callbacks suppressed [ 1715.734923] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.734923] program syz-executor.4 not setting count and/or reply_len properly 19:51:20 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x80000000001f6d, 0x0, &(0x7f0000000240)=0xfffffffffffffffd) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ptrace$cont(0xe586f4f6bcabbbf4, r1, 0xfffffffffffffffc, 0x4538) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r5, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r6, 0x0, 0x0) sendmsg$nl_netfilter(r5, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r6, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x360, 0x39, 0x4, 0x70bd26, 0x25dfdbfd, {0x9}, [@nested={0xd0, 0x7c, 0x0, 0x1, [@generic="afad246db5fedf1e6c8f84305c3eb09eec7cf2b7bd22a82c01a129a54606a95d4776a2c5cc78e15299b96e759c4b4277a873d167f9a6ef8ca2755f208f3f63220881b5711f0a3be894823210d84abf4fdc4efe561adc07be16c5b3dd340fdebb71631437d63fe16030db00328c8cbce4d4b128a9f683f0691ca76e545d7da331926b1275edf89a0d98abe2d0948ed8b959351c20e2e28d3dadf8ac439c1effe22ff641fad279795aec71b23d57e6d0192765b8ee05584406f7b2ef3684eb798fe1461848f321d05bd51df345"]}, @typed={0x8, 0x27, 0x0, 0x0, @u32=0x1000}, @nested={0x20b, 0x37, 0x0, 0x1, [@typed={0x8, 0x49, 0x0, 0x0, @fd}, @typed={0x8, 0x41, 0x0, 0x0, @u32=0x1}, @typed={0xff, 0xb, 0x0, 0x0, @binary="d5fa417d55a38048aafe9f02e2d3a4e1db6f619f43b6f79facdd63b71f1b7ad6e3bf1c97b53c2fa400965da8b07f27053eebe38e0abaca8680654f09f875b91e166c0761d1e733e94da473322c0e2a534b9bb6ec344912549545c02afb9f62bdaf61adc2cf51128314e2a4de2f1a86e25e6d84030004a34a990b0a9ee585e72b637e73094da9cdd5461b0b62f07fed0f08d2812d4cf35bc46cec63b72312c8d8be42fca46753707b7a21b5cf6d8a05e3f87a993682468a6b82f32c466c33dfedf9bd024949f63ba3bbbea27f9619bd7e295c18970388f7852a81686daf97ca3b3832b2344dbffb765c29e874a404f297ed183f65a3f832f09df0f3"}, @generic="229bec312bb6ddba4fe7b1f476f225a8ba0583d0ac7b67618cb10ec6e5555c0e0a81f22c817a90c4c75858d59ec166fe917eda10ccea141bca1efd677e1d48544dcdc37f82918194731377796b16345dd8a9426c14401f892feffbbee0cd086aaef083ae7f3629db9f7eabbbf6a6895dbb8f0a017455c7432d12c73d18b9135d0b143879e32b3a7883d2308d9f771fb66e0540b7c156fbb8eaf6527b959e67424ae3a7c0c7ecde6b0734df6cb6a3f83d5b32d7999c659f479a8c0a1167dbeefde9042d868470f655be2e95df204746bc74", @typed={0x8, 0x7f, 0x0, 0x0, @uid}, @typed={0xc, 0x40, 0x0, 0x0, @u64=0x9}, @generic="3ae5355c39772ee7923c3c08434a4c74643d"]}, @typed={0x4, 0x57}, @typed={0x8, 0x21, 0x0, 0x0, @fd=r5}, @generic="4113fe62002fd7945c7499a79f0b53c65d1df7d7f5a6c98b8fcc2aebb1c82bf911f656f515d8d2df5601b0906ea07d6115d8ecbb9c949402d5bd5d305b0cc57c1116f999a57f8abeedb74cd5d2face7966547242f07b24e973536604"]}, 0x360}}, 0x4000000) tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:51:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:51:20 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:51:20 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="061dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:20 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f0000002040)='./file2\x00', 0x10040, 0x100) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r1, 0x0, 0x0, 0x8800000) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000580)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001440)={r2, 0x0, "50894ed0593298b48fea99513cc34d9d9f3a3b39fadbbfff81f960db4d59044fc4782777e49af271301c552aabe9a6d48685a588e6ef39de0bf4afbcc8f68709a9fc963489d6ddf9c552f0bff779618b790f5b46fe99c85a21b7e434bba9c623e4839e9723db7e1fad110d65a1b4f77e03b56dca0356d71611e79b87de629534e222c5a71252a1863c3ed0ab63f7af5435f01445745039d0f11ad1bd15824f65f726643e6bde0cb112d96e2aeba8c9ca702b141d6fc39f0f048980073131473b92a2a66d8032e8fad1e903e6cad82546ad18b9820da873f449c699273f7f01fd5c797150a8ebc02f667ccf2cb4dda4bea36793597e998749c0627397e53b77b4", "f2d4f367d3f8735604c753b376910e31cabb7c34c3306514be19b9a4c07818b6c4ee2212e34ec63feae572254fb9a5d518b0ce3e86712fde0504fc1de0f7ba24b575b85ab9eb952210b30a74fd801929d65d7734d8b8cb87d7885fe2cb20a1570ec5f570d16f1c6312e9fe6d89ae26639b62de8e743e7c51b6de26b6410c10e18bd47ac39bdb4317d28cf35c70c1644629585847cb1460ffb2986892af040b7eb9c3c676918ce7bfb0b05db021e785be9cd4fdc5cadd66bc16f6630c1d9d43e783e51ab01fa3cd892f5e4e774653499fcf886633cc0d2e89199ce46ab9cfac51073d0f5f22b997e5dcd41db06bc68912be9ba4f7e42439228a6457fc96af40756430ef67586f6fccd5370f358f8ba4947e8f7498d59a62e0b5f87584b24cab23deb31ab346ef7d50fefc369bed4b2664ee073c283b10ddbd85651a15798851f0cf6f94bad16b6cfd53515e1bcbac52993ad0398cfd4eba09611f4860c487cfea8208f52bc3c3511cc49bd6fd81065cdb51ea84f4f1cbcff8b06ced4d3102d69d47365450be9093a6fda085fb3dc6b198c87b0e58ce8f8a00dfc813fd056d5899d00035520c1d0420f72bf9f30cbe5f527c528b209849711c7a59768194a5851de178521c73dbeacc5dcaede110d20b0dead9bd30c1073f556792f383596819f0b22129ec6f0adddaed104c39a0aae4f2c55877df513d8a55fa5f2483a7912ac77e9da7560abe92640e322e226dc2c35de427cfff6ce2f077fd067f4bc832321115b1786f69be9e48aa8d1dbb31ca052d3186260efd0c88a48f7dfd33f767bc770cd9c86c8fb8e00a72620ad9b9e11caa6e69f6de7a34df03e28ec812bdf18d456d2d380c8570a5bfd1b5d3bef1d2b99aa6ff3db85c29d710357e3f96759abc20c974fd6742b70bbadd22913c06d7d7ef4e1674dac1ee6f99abf9bd65f2f7eb660e80d5c84464b19ab3e93c117d1f962ef647340e0ad7a5dca9560ec413ae156e1772c35c8fb5ac830578c7ff30bb08217fc006c75aef2da1ab84812fed20b496e2659d590c051f11e25aee6444beaf43480b68f501d009907255a3fb3dac289db58bcf096c39fc3a05580f456a2d4fc69b7b627133717aa95a713e4bc0b0a94743ffd8efa3396b1fd54c7ec59e11d1019a7be5447d9848b7e58ff8d78bde1c0d6b41e549c794f26478ad2d68f980797b12b1d1ac90c9da6a6fca5fa088f95680db5ed04f4dea00b43af2c4579e61860cd5e2c60da7e7505ab74639850b9df6974dc0b283a8d979d50c6c192de19cfeaa28069d397820759020f8380bc558c7a75ee3d145462debc2ea0915891245912637470dd216ff6d13bafc4a01994d0a1937ec73f8d15bf46a777f5490ca6f8967589b67b4285fad5deff3c6f80106595058d410c557ee962a41307fbff69eb97c11f1bd6be89605ffdaf557f4d29d5780437e5d741305f100bc6c49afb99dfea5f040ac6753de5576947bd9a4eaf04b313fee98d54c1e3dd77348524e1ecbbd942000309af7e28fd2b1c9d0d82eb8018323c467544f5b7236c731c8998270d0e266e320378651eaecc49c31d5fa2447f818ba08dc6a232de99d9deccc624c573ba8ab5e3c313e62febbb93d8c8ad1739bbe4d5130cc4530fbe8d5026b5010cb271d74cfb08f307d0953099f10949e140b84f0722df1582be7f32ad1f2ece103361055c14c792631ce51b31cd27a9f8aff5370549243bbbe3ec88eba3cd352e7b01974a5cf21a86b29e8b715ca2a879053db5503aa6b33198b808130cdd0d8f5a767cdafd2b4c7884224ff9671b7e205c7fde7b901d09a31b9e81607d51368cc4ec8778c684cb8e29a57ca315c5ecf0b1518b39d3c1c00615bef5b7b095ff312caf245b5f3c57abfe95bf577406fd262a0f9bd5a3c9f16f4712ca02d1496ddfb4a8e8bb9682559ebe58b6b2d0545aa0e866e35ec8d70828cf045d4e29c0349ebe3747b2b3b4ee4cc885adbe8ad7c0c939a3a809b01769c5d384b3a7fdc9d5bd30e16a392cec814fc158ae1ad8d4a6c1e366803bd96448195f5b6817299910e1927bd569c03f6ccc39ab152ca59eb4361de94e1a40f377ada6cc0150bbb3401ac5fe1197dfb79931676850213c5d9cae93571ccf74da89b7e789501e4f7672931b859798e7bcbe0c43a83b98cf5269780548a3813f600a08a724c3988a8b648083d0f0abad0003daeecb53318a0231d82033a3b705dc34022591aac5afccce73764b17f68c59bca5d514eb5547c10b9446b9f020b0de25ca40119dab56ddf284f7492b72943d3a515ce67849400b2ed5e3fc8ec00cc6e165aa752d41be7a24350ffc61a9d3f6bc6f8206b1e78cc8c4e7b2ad10c5078598bbc40d0ad2a06793aa1b39b6a1b92e4066e0f011b12ad949edef6d27ef8e1293b4bc447527a2ffe1b4e8419893a44e82f6e5992e7576dbed90631e1c532062724b560379e1e2da5427f0a89f21ed54d99799626fea2958da89d6aad33494940a98eff4c876d64d6a5f106a9407c877d25a4d181351179957c34b5a9cca680d4f6c8b76455ab79d729ce90a94c848c1c316edb26680b034841485bad639cfd8bbf7c767a706fecf20ace9b78e00a92062f6a0a10307785835d3a13bab429d4f9b555ddd37e8324550660ab384ed5bfd46a9ec900af4c6c4fe4f04c5b4bb9f9de045efee56e5aa8687e3c26b654544c8550b1b172833179b7ae5968b36456ba40cd21e87ce628d8c09f196d7086ff16f21975183647ee99d9dbdb9b71f5a7bba9d8779bb02f30a88b90e86d828ce71d3b1521d62f7458bfda0da1bcba0617abc6741fb32d74835ab7a9bc7aad0d0180ebf3ad103c204b9a3939ddba8b24f49572abd1c5d0a5da3ff060b6b40d3f02125e3dbf19e0f915b7d0f4db5a0a67d7c109131b5b53f4cfa287afa3f20b45d09d4c989079092eae96bd390762714d5bbb07f79e2ff131244004f4a029752b5f1691a23502788e3648b6db3f3f686f2db22d85a7ff0cf527deaeb416948c4930f5b5bdefd9965f74a9bcd55aebe44b44d5605edcea02885703b557220056151cba378cf01431fd0f7dc6eb82776127b1188ca8aacc5ecc80fe60ee120ae81b2af2849d1f6f9dd0633991040ab8707b94e173971a8ef2ebb5cdc2284f6d529a387a60bfa7df20442fe396e9cfb1598258563495bd73ab4a5bfb022b0c68d757468271bf958bd2a64110a932d38e86fd865b0ca7347ebe6727c4d5daec7825a6b7d99be1bad3e1e2536fdecf57883305212c4ea902076b5b2914d21f79f5e444abbff0786dad43aa628d7b8de185b73d4cf7c202f9c818285b54d93c4391559023a954818dc42e93c6b1e8a25f4d5dbf74a0c01fa18289e6f20ceda8e2e980e4f7abd8d25629351d6ebd5ae36ac06133c904eb7d74532e41d94cd28b65033768d86007ce3902530e8b9f44fdb3cf64f212a879b4026a84a0e901889487fa576cb9b848f6b2bbfcd551035c9b01ccbe12ef23a8da7bf2ee20f5b83ff2b04307453b684b11601a3e3f5704b2b374aab90b93167ebfbe8d4d7aec9862d2108505aecedea7e6472ff6ddc412a95c94c0cc2d12865092a71172fb7f01b0c39f43158614787481bf6ac6ac0100a0b0765d6dcc6161b1137c6a03128bdfffc73dd9151a235c416f80327cc31a042174db33fcfbf07234102c9a22c705193638088e93b9be38eb6f1335e964c2958db6f6ceb64a25965426475e6a09d3b7129f566d8d5fd2d3dd7f39827b9f9ec201c902ec5057a500bef32eaa1e05c0f56cfed5750531d1169c7cf77e82ddd89685daedd7519223e058a6fe2b34784e9094e42628fac309a34aafb67bf9bae9a0ddc8d4ef6a841fe73deff6beb124b4ffb873308e16ee07a5e197b4125263c9b28d9add948e4b1b9bc628fc62a296420c5cd4b3cbc0d5c5cba26fd3ef8a5cf8b384e44971adb7c65b8652b2a5fb77dc2401bc667cdbf62097246f0245e2d5351106bb7b10bfa96887108e10b2557b7ac329ef1dc8f8a646c22059f29caf32f521c8ce78975b6d7157f2fee22c7dd7be1d2f2ddcb28b427e6131c99bfe4163d8af4b0ac68f8c1914cae01feed29d102997707a2e1b756e23c0770efa2941be78b18769288a73ae8b207de087a4dda5b371e17abfe631fc1796782ba0715580923c834d848db352299319964410a6de32b1d2c96b4368743b7862e56a2cbefb293732f33283e86f63c9c3ec313f62ebc6d748c0b154d4612ff7b994192cdc1fe10ee3223392c2dff3f32255ebe2542baf9b3df39d14fd66ac236a002b50702e35860a0fa317bed37d3f7fa5da5890745e80470bdfa0de666f0e51380eaf7b4d7a38c00389258ecb1ac8719f62f165d88d7403b7fe8355fa11b49970a94ef2ad802c769e9ad6d48cbcc582dee640179ccb57f4d8547d45294b183e392dd90941ea6879c3eda9e09dc9cef4d9da0dfac0658872eb4ddb15a092884ca089b47e9e11c948e6d79ce7d6cfd4d4f379fd3bcc9d7778c4423da5960bcd8ffe120368f8a9d4e5bdaebbe2216e4ba6a4c6c2395a99c9758bdb1846718b14032ccc2d746974bf68c997228d8d0a8f9fa944d53591b23cd78961bfe3ba434149fc6eadde00aec8a04aac02ac7962eeeae73e38319d154e0db89839c493f6906f1ad46ebf2cc234762bcbeea7214704c9682c60c8bfbeca6b30389edac776c8ef3521d3127a143b491bfb4925fd4dacfe48f7bfd32f4d32abf1919f149670fb6025b1b5542f8a1b0ee04c8dcf7196d8dd96d34be434badc002a695bac9a575f3455ce719d0f4f4f3c3e4a01350c84d26bf0de2950e566ec24df40c9a00134ed3ef71ebde32fd16c44eefb0d857e28a2175c53df2ff9613ab965afd0422e99ef2ec690282f31ee6646f15c9eab16eefecc712a8fdb2715d801c1703afe6083a01542a308261109e5d33b1b67315a3c6b33f1fe693e9d01e43a96e40d90b04e819e99d28693ad433aa5ff13d46e6edac121d0a14c53917190436031deffc310db1a8b5993b8c4da999b92464b8bed270f26b42a7a4df1de94fee16e3363e39aa9ea3494ea5bf2f7f0be9db4200d3e903ab4207583bed9515dfbfa70d0ab55f407411874d4dfb53e3055de83537f078993514b0805e004cbc80facf549f47b9500d909e644791abbc4eba441272e29dad6050ead5fe5fb90975b1bdf2968a41ad60b799f5a77ca1e26efae05cf95bac9a68ca1e8849571a4d523437151079732c212c0ab458db025d8d8543c845cfff41bce1406a8c5fb89e23e9a6fa1c8f72f2c37fa4b34d0c68f8e9cef6b51d8c72f787aef509ec98b9a7bd021173008c3e3890bbda67d074f6749cb1133cce35f85227518970e523125bcfee83cb86b7a3c6abf33d30944fc66564df21b14006e0fb780e14e92ee528e4f2577aa8c"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {0x0}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000059c80)={0x80, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}], 0x0, "6a9cff01b5cf55"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f000005ac80)={0x0}) r12 = perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x1, 0xfffffffffffffffe}, 0x9020}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r12, 0x81f8943c, &(0x7f0000000580)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r12, 0xd000943e, &(0x7f0000001440)={r13, r8, "50894ed0593298b48fea99513cc34d9d9f3a3b39fadbbfff81f960db4d59044fc4782777e49af271301c552aabe9a6d48685a588e6ef39de0bf4afbcc8f68709a9fc963489d6ddf9c552f0bff779618b790f5b46fe99c85a21b7e434bba9c623e4839e9723db7e1fad110d65a1b4f77e03b56dca0356d71611e79b87de629534e222c5a71252a1863c3ed0ab63f7af5435f01445745039d0f11ad1bd15824f65f726643e6bde0cb112d96e2aeba8c9ca702b141d6fc39f0f048980073131473b92a2a66d8032e8fad1e903e6cad82546ad18b9820da873f449c699273f7f01fd5c797150a8ebc02f667ccf2cb4dda4bea36793597e998749c0627397e53b77b4", "f2d4f367d3f8735604c753b376910e31cabb7c34c3306514be19b9a4c07818b6c4ee2212e34ec63feae572254fb9a5d518b0ce3e86712fde0504fc1de0f7ba24b575b85ab9eb952210b30a74fd801929d65d7734d8b8cb87d7885fe2cb20a1570ec5f570d16f1c6312e9fe6d89ae26639b62de8e743e7c51b6de26b6410c10e18bd47ac39bdb4317d28cf35c70c1644629585847cb1460ffb2986892af040b7eb9c3c676918ce7bfb0b05db021e785be9cd4fdc5cadd66bc16f6630c1d9d43e783e51ab01fa3cd892f5e4e774653499fcf886633cc0d2e89199ce46ab9cfac51073d0f5f22b997e5dcd41db06bc68912be9ba4f7e42439228a6457fc96af40756430ef67586f6fccd5370f358f8ba4947e8f7498d59a62e0b5f87584b24cab23deb31ab346ef7d50fefc369bed4b2664ee073c283b10ddbd85651a15798851f0cf6f94bad16b6cfd53515e1bcbac52993ad0398cfd4eba09611f4860c487cfea8208f52bc3c3511cc49bd6fd81065cdb51ea84f4f1cbcff8b06ced4d3102d69d47365450be9093a6fda085fb3dc6b198c87b0e58ce8f8a00dfc813fd056d5899d00035520c1d0420f72bf9f30cbe5f527c528b209849711c7a59768194a5851de178521c73dbeacc5dcaede110d20b0dead9bd30c1073f556792f383596819f0b22129ec6f0adddaed104c39a0aae4f2c55877df513d8a55fa5f2483a7912ac77e9da7560abe92640e322e226dc2c35de427cfff6ce2f077fd067f4bc832321115b1786f69be9e48aa8d1dbb31ca052d3186260efd0c88a48f7dfd33f767bc770cd9c86c8fb8e00a72620ad9b9e11caa6e69f6de7a34df03e28ec812bdf18d456d2d380c8570a5bfd1b5d3bef1d2b99aa6ff3db85c29d710357e3f96759abc20c974fd6742b70bbadd22913c06d7d7ef4e1674dac1ee6f99abf9bd65f2f7eb660e80d5c84464b19ab3e93c117d1f962ef647340e0ad7a5dca9560ec413ae156e1772c35c8fb5ac830578c7ff30bb08217fc006c75aef2da1ab84812fed20b496e2659d590c051f11e25aee6444beaf43480b68f501d009907255a3fb3dac289db58bcf096c39fc3a05580f456a2d4fc69b7b627133717aa95a713e4bc0b0a94743ffd8efa3396b1fd54c7ec59e11d1019a7be5447d9848b7e58ff8d78bde1c0d6b41e549c794f26478ad2d68f980797b12b1d1ac90c9da6a6fca5fa088f95680db5ed04f4dea00b43af2c4579e61860cd5e2c60da7e7505ab74639850b9df6974dc0b283a8d979d50c6c192de19cfeaa28069d397820759020f8380bc558c7a75ee3d145462debc2ea0915891245912637470dd216ff6d13bafc4a01994d0a1937ec73f8d15bf46a777f5490ca6f8967589b67b4285fad5deff3c6f80106595058d410c557ee962a41307fbff69eb97c11f1bd6be89605ffdaf557f4d29d5780437e5d741305f100bc6c49afb99dfea5f040ac6753de5576947bd9a4eaf04b313fee98d54c1e3dd77348524e1ecbbd942000309af7e28fd2b1c9d0d82eb8018323c467544f5b7236c731c8998270d0e266e320378651eaecc49c31d5fa2447f818ba08dc6a232de99d9deccc624c573ba8ab5e3c313e62febbb93d8c8ad1739bbe4d5130cc4530fbe8d5026b5010cb271d74cfb08f307d0953099f10949e140b84f0722df1582be7f32ad1f2ece103361055c14c792631ce51b31cd27a9f8aff5370549243bbbe3ec88eba3cd352e7b01974a5cf21a86b29e8b715ca2a879053db5503aa6b33198b808130cdd0d8f5a767cdafd2b4c7884224ff9671b7e205c7fde7b901d09a31b9e81607d51368cc4ec8778c684cb8e29a57ca315c5ecf0b1518b39d3c1c00615bef5b7b095ff312caf245b5f3c57abfe95bf577406fd262a0f9bd5a3c9f16f4712ca02d1496ddfb4a8e8bb9682559ebe58b6b2d0545aa0e866e35ec8d70828cf045d4e29c0349ebe3747b2b3b4ee4cc885adbe8ad7c0c939a3a809b01769c5d384b3a7fdc9d5bd30e16a392cec814fc158ae1ad8d4a6c1e366803bd96448195f5b6817299910e1927bd569c03f6ccc39ab152ca59eb4361de94e1a40f377ada6cc0150bbb3401ac5fe1197dfb79931676850213c5d9cae93571ccf74da89b7e789501e4f7672931b859798e7bcbe0c43a83b98cf5269780548a3813f600a08a724c3988a8b648083d0f0abad0003daeecb53318a0231d82033a3b705dc34022591aac5afccce73764b17f68c59bca5d514eb5547c10b9446b9f020b0de25ca40119dab56ddf284f7492b72943d3a515ce67849400b2ed5e3fc8ec00cc6e165aa752d41be7a24350ffc61a9d3f6bc6f8206b1e78cc8c4e7b2ad10c5078598bbc40d0ad2a06793aa1b39b6a1b92e4066e0f011b12ad949edef6d27ef8e1293b4bc447527a2ffe1b4e8419893a44e82f6e5992e7576dbed90631e1c532062724b560379e1e2da5427f0a89f21ed54d99799626fea2958da89d6aad33494940a98eff4c876d64d6a5f106a9407c877d25a4d181351179957c34b5a9cca680d4f6c8b76455ab79d729ce90a94c848c1c316edb26680b034841485bad639cfd8bbf7c767a706fecf20ace9b78e00a92062f6a0a10307785835d3a13bab429d4f9b555ddd37e8324550660ab384ed5bfd46a9ec900af4c6c4fe4f04c5b4bb9f9de045efee56e5aa8687e3c26b654544c8550b1b172833179b7ae5968b36456ba40cd21e87ce628d8c09f196d7086ff16f21975183647ee99d9dbdb9b71f5a7bba9d8779bb02f30a88b90e86d828ce71d3b1521d62f7458bfda0da1bcba0617abc6741fb32d74835ab7a9bc7aad0d0180ebf3ad103c204b9a3939ddba8b24f49572abd1c5d0a5da3ff060b6b40d3f02125e3dbf19e0f915b7d0f4db5a0a67d7c109131b5b53f4cfa287afa3f20b45d09d4c989079092eae96bd390762714d5bbb07f79e2ff131244004f4a029752b5f1691a23502788e3648b6db3f3f686f2db22d85a7ff0cf527deaeb416948c4930f5b5bdefd9965f74a9bcd55aebe44b44d5605edcea02885703b557220056151cba378cf01431fd0f7dc6eb82776127b1188ca8aacc5ecc80fe60ee120ae81b2af2849d1f6f9dd0633991040ab8707b94e173971a8ef2ebb5cdc2284f6d529a387a60bfa7df20442fe396e9cfb1598258563495bd73ab4a5bfb022b0c68d757468271bf958bd2a64110a932d38e86fd865b0ca7347ebe6727c4d5daec7825a6b7d99be1bad3e1e2536fdecf57883305212c4ea902076b5b2914d21f79f5e444abbff0786dad43aa628d7b8de185b73d4cf7c202f9c818285b54d93c4391559023a954818dc42e93c6b1e8a25f4d5dbf74a0c01fa18289e6f20ceda8e2e980e4f7abd8d25629351d6ebd5ae36ac06133c904eb7d74532e41d94cd28b65033768d86007ce3902530e8b9f44fdb3cf64f212a879b4026a84a0e901889487fa576cb9b848f6b2bbfcd551035c9b01ccbe12ef23a8da7bf2ee20f5b83ff2b04307453b684b11601a3e3f5704b2b374aab90b93167ebfbe8d4d7aec9862d2108505aecedea7e6472ff6ddc412a95c94c0cc2d12865092a71172fb7f01b0c39f43158614787481bf6ac6ac0100a0b0765d6dcc6161b1137c6a03128bdfffc73dd9151a235c416f80327cc31a042174db33fcfbf07234102c9a22c705193638088e93b9be38eb6f1335e964c2958db6f6ceb64a25965426475e6a09d3b7129f566d8d5fd2d3dd7f39827b9f9ec201c902ec5057a500bef32eaa1e05c0f56cfed5750531d1169c7cf77e82ddd89685daedd7519223e058a6fe2b34784e9094e42628fac309a34aafb67bf9bae9a0ddc8d4ef6a841fe73deff6beb124b4ffb873308e16ee07a5e197b4125263c9b28d9add948e4b1b9bc628fc62a296420c5cd4b3cbc0d5c5cba26fd3ef8a5cf8b384e44971adb7c65b8652b2a5fb77dc2401bc667cdbf62097246f0245e2d5351106bb7b10bfa96887108e10b2557b7ac329ef1dc8f8a646c22059f29caf32f521c8ce78975b6d7157f2fee22c7dd7be1d2f2ddcb28b427e6131c99bfe4163d8af4b0ac68f8c1914cae01feed29d102997707a2e1b756e23c0770efa2941be78b18769288a73ae8b207de087a4dda5b371e17abfe631fc1796782ba0715580923c834d848db352299319964410a6de32b1d2c96b4368743b7862e56a2cbefb293732f33283e86f63c9c3ec313f62ebc6d748c0b154d4612ff7b994192cdc1fe10ee3223392c2dff3f32255ebe2542baf9b3df39d14fd66ac236a002b50702e35860a0fa317bed37d3f7fa5da5890745e80470bdfa0de666f0e51380eaf7b4d7a38c00389258ecb1ac8719f62f165d88d7403b7fe8355fa11b49970a94ef2ad802c769e9ad6d48cbcc582dee640179ccb57f4d8547d45294b183e392dd90941ea6879c3eda9e09dc9cef4d9da0dfac0658872eb4ddb15a092884ca089b47e9e11c948e6d79ce7d6cfd4d4f379fd3bcc9d7778c4423da5960bcd8ffe120368f8a9d4e5bdaebbe2216e4ba6a4c6c2395a99c9758bdb1846718b14032ccc2d746974bf68c997228d8d0a8f9fa944d53591b23cd78961bfe3ba434149fc6eadde00aec8a04aac02ac7962eeeae73e38319d154e0db89839c493f6906f1ad46ebf2cc234762bcbeea7214704c9682c60c8bfbeca6b30389edac776c8ef3521d3127a143b491bfb4925fd4dacfe48f7bfd32f4d32abf1919f149670fb6025b1b5542f8a1b0ee04c8dcf7196d8dd96d34be434badc002a695bac9a575f3455ce719d0f4f4f3c3e4a01350c84d26bf0de2950e566ec24df40c9a00134ed3ef71ebde32fd16c44eefb0d857e28a2175c53df2ff9613ab965afd0422e99ef2ec690282f31ee6646f15c9eab16eefecc712a8fdb2715d801c1703afe6083a01542a308261109e5d33b1b67315a3c6b33f1fe693e9d01e43a96e40d90b04e819e99d28693ad433aa5ff13d46e6edac121d0a14c53917190436031deffc310db1a8b5993b8c4da999b92464b8bed270f26b42a7a4df1de94fee16e3363e39aa9ea3494ea5bf2f7f0be9db4200d3e903ab4207583bed9515dfbfa70d0ab55f407411874d4dfb53e3055de83537f078993514b0805e004cbc80facf549f47b9500d909e644791abbc4eba441272e29dad6050ead5fe5fb90975b1bdf2968a41ad60b799f5a77ca1e26efae05cf95bac9a68ca1e8849571a4d523437151079732c212c0ab458db025d8d8543c845cfff41bce1406a8c5fb89e23e9a6fa1c8f72f2c37fa4b34d0c68f8e9cef6b51d8c72f787aef509ec98b9a7bd021173008c3e3890bbda67d074f6749cb1133cce35f85227518970e523125bcfee83cb86b7a3c6abf33d30944fc66564df21b14006e0fb780e14e92ee528e4f2577aa8c"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000380)=ANY=[@ANYRES64=0x0, @ANYBLOB="7f00000000000000ff40000000000000a810ffffffffffff00000000000000001a0000000000000000000000010000000000000000800000f700000002000000040000000000000006000000000000000003a274e1a23e4b02dd9f3c040000000000c0b6000000000e00000018000000000000000000010000000000000000003c95eb1cba9e64eba861b82c8681fa5c655c445ebc2a4670b5740dc1786568ab177b60fd91c7139b0ce47f6aea1c1cbe35eba30c992079c3b01d2eacb4a2ee461294255cb23aea57c197f082ee769bb4fd33781fa35297ef5498b5c29b8ef1eb79dce0616ea29de8"]) r15 = perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x1, 0xfffffffffffffffe}, 0x9020}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r15, 0x81f8943c, &(0x7f0000000580)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r15, 0xd000943e, &(0x7f0000001440)={r16, 0x0, "50894ed0593298b48fea99513cc34d9d9f3a3b39fadbbfff81f960db4d59044fc4782777e49af271301c552aabe9a6d48685a588e6ef39de0bf4afbcc8f68709a9fc963489d6ddf9c552f0bff779618b790f5b46fe99c85a21b7e434bba9c623e4839e9723db7e1fad110d65a1b4f77e03b56dca0356d71611e79b87de629534e222c5a71252a1863c3ed0ab63f7af5435f01445745039d0f11ad1bd15824f65f726643e6bde0cb112d96e2aeba8c9ca702b141d6fc39f0f048980073131473b92a2a66d8032e8fad1e903e6cad82546ad18b9820da873f449c699273f7f01fd5c797150a8ebc02f667ccf2cb4dda4bea36793597e998749c0627397e53b77b4", "f2d4f367d3f8735604c753b376910e31cabb7c34c3306514be19b9a4c07818b6c4ee2212e34ec63feae572254fb9a5d518b0ce3e86712fde0504fc1de0f7ba24b575b85ab9eb952210b30a74fd801929d65d7734d8b8cb87d7885fe2cb20a1570ec5f570d16f1c6312e9fe6d89ae26639b62de8e743e7c51b6de26b6410c10e18bd47ac39bdb4317d28cf35c70c1644629585847cb1460ffb2986892af040b7eb9c3c676918ce7bfb0b05db021e785be9cd4fdc5cadd66bc16f6630c1d9d43e783e51ab01fa3cd892f5e4e774653499fcf886633cc0d2e89199ce46ab9cfac51073d0f5f22b997e5dcd41db06bc68912be9ba4f7e42439228a6457fc96af40756430ef67586f6fccd5370f358f8ba4947e8f7498d59a62e0b5f87584b24cab23deb31ab346ef7d50fefc369bed4b2664ee073c283b10ddbd85651a15798851f0cf6f94bad16b6cfd53515e1bcbac52993ad0398cfd4eba09611f4860c487cfea8208f52bc3c3511cc49bd6fd81065cdb51ea84f4f1cbcff8b06ced4d3102d69d47365450be9093a6fda085fb3dc6b198c87b0e58ce8f8a00dfc813fd056d5899d00035520c1d0420f72bf9f30cbe5f527c528b209849711c7a59768194a5851de178521c73dbeacc5dcaede110d20b0dead9bd30c1073f556792f383596819f0b22129ec6f0adddaed104c39a0aae4f2c55877df513d8a55fa5f2483a7912ac77e9da7560abe92640e322e226dc2c35de427cfff6ce2f077fd067f4bc832321115b1786f69be9e48aa8d1dbb31ca052d3186260efd0c88a48f7dfd33f767bc770cd9c86c8fb8e00a72620ad9b9e11caa6e69f6de7a34df03e28ec812bdf18d456d2d380c8570a5bfd1b5d3bef1d2b99aa6ff3db85c29d710357e3f96759abc20c974fd6742b70bbadd22913c06d7d7ef4e1674dac1ee6f99abf9bd65f2f7eb660e80d5c84464b19ab3e93c117d1f962ef647340e0ad7a5dca9560ec413ae156e1772c35c8fb5ac830578c7ff30bb08217fc006c75aef2da1ab84812fed20b496e2659d590c051f11e25aee6444beaf43480b68f501d009907255a3fb3dac289db58bcf096c39fc3a05580f456a2d4fc69b7b627133717aa95a713e4bc0b0a94743ffd8efa3396b1fd54c7ec59e11d1019a7be5447d9848b7e58ff8d78bde1c0d6b41e549c794f26478ad2d68f980797b12b1d1ac90c9da6a6fca5fa088f95680db5ed04f4dea00b43af2c4579e61860cd5e2c60da7e7505ab74639850b9df6974dc0b283a8d979d50c6c192de19cfeaa28069d397820759020f8380bc558c7a75ee3d145462debc2ea0915891245912637470dd216ff6d13bafc4a01994d0a1937ec73f8d15bf46a777f5490ca6f8967589b67b4285fad5deff3c6f80106595058d410c557ee962a41307fbff69eb97c11f1bd6be89605ffdaf557f4d29d5780437e5d741305f100bc6c49afb99dfea5f040ac6753de5576947bd9a4eaf04b313fee98d54c1e3dd77348524e1ecbbd942000309af7e28fd2b1c9d0d82eb8018323c467544f5b7236c731c8998270d0e266e320378651eaecc49c31d5fa2447f818ba08dc6a232de99d9deccc624c573ba8ab5e3c313e62febbb93d8c8ad1739bbe4d5130cc4530fbe8d5026b5010cb271d74cfb08f307d0953099f10949e140b84f0722df1582be7f32ad1f2ece103361055c14c792631ce51b31cd27a9f8aff5370549243bbbe3ec88eba3cd352e7b01974a5cf21a86b29e8b715ca2a879053db5503aa6b33198b808130cdd0d8f5a767cdafd2b4c7884224ff9671b7e205c7fde7b901d09a31b9e81607d51368cc4ec8778c684cb8e29a57ca315c5ecf0b1518b39d3c1c00615bef5b7b095ff312caf245b5f3c57abfe95bf577406fd262a0f9bd5a3c9f16f4712ca02d1496ddfb4a8e8bb9682559ebe58b6b2d0545aa0e866e35ec8d70828cf045d4e29c0349ebe3747b2b3b4ee4cc885adbe8ad7c0c939a3a809b01769c5d384b3a7fdc9d5bd30e16a392cec814fc158ae1ad8d4a6c1e366803bd96448195f5b6817299910e1927bd569c03f6ccc39ab152ca59eb4361de94e1a40f377ada6cc0150bbb3401ac5fe1197dfb79931676850213c5d9cae93571ccf74da89b7e789501e4f7672931b859798e7bcbe0c43a83b98cf5269780548a3813f600a08a724c3988a8b648083d0f0abad0003daeecb53318a0231d82033a3b705dc34022591aac5afccce73764b17f68c59bca5d514eb5547c10b9446b9f020b0de25ca40119dab56ddf284f7492b72943d3a515ce67849400b2ed5e3fc8ec00cc6e165aa752d41be7a24350ffc61a9d3f6bc6f8206b1e78cc8c4e7b2ad10c5078598bbc40d0ad2a06793aa1b39b6a1b92e4066e0f011b12ad949edef6d27ef8e1293b4bc447527a2ffe1b4e8419893a44e82f6e5992e7576dbed90631e1c532062724b560379e1e2da5427f0a89f21ed54d99799626fea2958da89d6aad33494940a98eff4c876d64d6a5f106a9407c877d25a4d181351179957c34b5a9cca680d4f6c8b76455ab79d729ce90a94c848c1c316edb26680b034841485bad639cfd8bbf7c767a706fecf20ace9b78e00a92062f6a0a10307785835d3a13bab429d4f9b555ddd37e8324550660ab384ed5bfd46a9ec900af4c6c4fe4f04c5b4bb9f9de045efee56e5aa8687e3c26b654544c8550b1b172833179b7ae5968b36456ba40cd21e87ce628d8c09f196d7086ff16f21975183647ee99d9dbdb9b71f5a7bba9d8779bb02f30a88b90e86d828ce71d3b1521d62f7458bfda0da1bcba0617abc6741fb32d74835ab7a9bc7aad0d0180ebf3ad103c204b9a3939ddba8b24f49572abd1c5d0a5da3ff060b6b40d3f02125e3dbf19e0f915b7d0f4db5a0a67d7c109131b5b53f4cfa287afa3f20b45d09d4c989079092eae96bd390762714d5bbb07f79e2ff131244004f4a029752b5f1691a23502788e3648b6db3f3f686f2db22d85a7ff0cf527deaeb416948c4930f5b5bdefd9965f74a9bcd55aebe44b44d5605edcea02885703b557220056151cba378cf01431fd0f7dc6eb82776127b1188ca8aacc5ecc80fe60ee120ae81b2af2849d1f6f9dd0633991040ab8707b94e173971a8ef2ebb5cdc2284f6d529a387a60bfa7df20442fe396e9cfb1598258563495bd73ab4a5bfb022b0c68d757468271bf958bd2a64110a932d38e86fd865b0ca7347ebe6727c4d5daec7825a6b7d99be1bad3e1e2536fdecf57883305212c4ea902076b5b2914d21f79f5e444abbff0786dad43aa628d7b8de185b73d4cf7c202f9c818285b54d93c4391559023a954818dc42e93c6b1e8a25f4d5dbf74a0c01fa18289e6f20ceda8e2e980e4f7abd8d25629351d6ebd5ae36ac06133c904eb7d74532e41d94cd28b65033768d86007ce3902530e8b9f44fdb3cf64f212a879b4026a84a0e901889487fa576cb9b848f6b2bbfcd551035c9b01ccbe12ef23a8da7bf2ee20f5b83ff2b04307453b684b11601a3e3f5704b2b374aab90b93167ebfbe8d4d7aec9862d2108505aecedea7e6472ff6ddc412a95c94c0cc2d12865092a71172fb7f01b0c39f43158614787481bf6ac6ac0100a0b0765d6dcc6161b1137c6a03128bdfffc73dd9151a235c416f80327cc31a042174db33fcfbf07234102c9a22c705193638088e93b9be38eb6f1335e964c2958db6f6ceb64a25965426475e6a09d3b7129f566d8d5fd2d3dd7f39827b9f9ec201c902ec5057a500bef32eaa1e05c0f56cfed5750531d1169c7cf77e82ddd89685daedd7519223e058a6fe2b34784e9094e42628fac309a34aafb67bf9bae9a0ddc8d4ef6a841fe73deff6beb124b4ffb873308e16ee07a5e197b4125263c9b28d9add948e4b1b9bc628fc62a296420c5cd4b3cbc0d5c5cba26fd3ef8a5cf8b384e44971adb7c65b8652b2a5fb77dc2401bc667cdbf62097246f0245e2d5351106bb7b10bfa96887108e10b2557b7ac329ef1dc8f8a646c22059f29caf32f521c8ce78975b6d7157f2fee22c7dd7be1d2f2ddcb28b427e6131c99bfe4163d8af4b0ac68f8c1914cae01feed29d102997707a2e1b756e23c0770efa2941be78b18769288a73ae8b207de087a4dda5b371e17abfe631fc1796782ba0715580923c834d848db352299319964410a6de32b1d2c96b4368743b7862e56a2cbefb293732f33283e86f63c9c3ec313f62ebc6d748c0b154d4612ff7b994192cdc1fe10ee3223392c2dff3f32255ebe2542baf9b3df39d14fd66ac236a002b50702e35860a0fa317bed37d3f7fa5da5890745e80470bdfa0de666f0e51380eaf7b4d7a38c00389258ecb1ac8719f62f165d88d7403b7fe8355fa11b49970a94ef2ad802c769e9ad6d48cbcc582dee640179ccb57f4d8547d45294b183e392dd90941ea6879c3eda9e09dc9cef4d9da0dfac0658872eb4ddb15a092884ca089b47e9e11c948e6d79ce7d6cfd4d4f379fd3bcc9d7778c4423da5960bcd8ffe120368f8a9d4e5bdaebbe2216e4ba6a4c6c2395a99c9758bdb1846718b14032ccc2d746974bf68c997228d8d0a8f9fa944d53591b23cd78961bfe3ba434149fc6eadde00aec8a04aac02ac7962eeeae73e38319d154e0db89839c493f6906f1ad46ebf2cc234762bcbeea7214704c9682c60c8bfbeca6b30389edac776c8ef3521d3127a143b491bfb4925fd4dacfe48f7bfd32f4d32abf1919f149670fb6025b1b5542f8a1b0ee04c8dcf7196d8dd96d34be434badc002a695bac9a575f3455ce719d0f4f4f3c3e4a01350c84d26bf0de2950e566ec24df40c9a00134ed3ef71ebde32fd16c44eefb0d857e28a2175c53df2ff9613ab965afd0422e99ef2ec690282f31ee6646f15c9eab16eefecc712a8fdb2715d801c1703afe6083a01542a308261109e5d33b1b67315a3c6b33f1fe693e9d01e43a96e40d90b04e819e99d28693ad433aa5ff13d46e6edac121d0a14c53917190436031deffc310db1a8b5993b8c4da999b92464b8bed270f26b42a7a4df1de94fee16e3363e39aa9ea3494ea5bf2f7f0be9db4200d3e903ab4207583bed9515dfbfa70d0ab55f407411874d4dfb53e3055de83537f078993514b0805e004cbc80facf549f47b9500d909e644791abbc4eba441272e29dad6050ead5fe5fb90975b1bdf2968a41ad60b799f5a77ca1e26efae05cf95bac9a68ca1e8849571a4d523437151079732c212c0ab458db025d8d8543c845cfff41bce1406a8c5fb89e23e9a6fa1c8f72f2c37fa4b34d0c68f8e9cef6b51d8c72f787aef509ec98b9a7bd021173008c3e3890bbda67d074f6749cb1133cce35f85227518970e523125bcfee83cb86b7a3c6abf33d30944fc66564df21b14006e0fb780e14e92ee528e4f2577aa8c"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000005af40)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {r4, r10}, {}, {r11}, {0x0, r13}, {r14, r16}], 0x6, "b0252d6f5f9850"}) 19:51:20 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000010000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:20 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000050000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:20 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1715.770570] kauditd_printk_skb: 3 callbacks suppressed [ 1715.770592] audit: type=1326 audit(1718135480.596:2143): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32847 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1715.793987] audit: type=1326 audit(1718135480.603:2144): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32847 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1715.807623] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.807623] program syz-executor.6 not setting count and/or reply_len properly [ 1715.810432] FAT-fs (loop3): bogus number of FAT structure [ 1715.811350] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1715.819112] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.819112] program syz-executor.7 not setting count and/or reply_len properly [ 1715.827494] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.827494] program syz-executor.0 not setting count and/or reply_len properly [ 1715.830420] audit: type=1326 audit(1718135480.603:2145): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32847 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1715.857630] audit: type=1326 audit(1718135480.603:2146): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32847 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1715.878777] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.878777] program syz-executor.7 not setting count and/or reply_len properly [ 1715.880693] audit: type=1326 audit(1718135480.603:2147): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32847 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1715.887050] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.887050] program syz-executor.6 not setting count and/or reply_len properly [ 1715.909324] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.909324] program syz-executor.0 not setting count and/or reply_len properly 19:51:20 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000020000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:20 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000010000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1715.993558] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1715.993558] program syz-executor.4 not setting count and/or reply_len properly 19:51:20 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000060000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1716.032919] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1716.032919] program syz-executor.4 not setting count and/or reply_len properly [ 1716.039249] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1716.039249] program syz-executor.6 not setting count and/or reply_len properly 19:51:20 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="071dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:20 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000020000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:21 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000030000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:21 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="081dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:51:21 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000070000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:34 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:51:34 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="091dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:34 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r3) fork() r4 = fork() tkill(r4, 0x3f) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x4, &(0x7f0000000080)=[{0x8, 0x34, 0x3f, 0x1}, {0x13, 0x7, 0x7f, 0x2}, {0xdbb, 0xd0, 0x7, 0xffffffff}, {0xffff, 0x5, 0x7, 0x3fc}]}) wait4(r4, 0x0, 0x8, 0x0) 19:51:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:51:34 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000040000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:34 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000080000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:34 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}, 0x804, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x3, 0x50, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002020000082505a1a440000102030109023e000101c1e015090400fb0321550d24ff0000cb0351775d8bc25e8409017d09050302"], &(0x7f0000000240)={0x0, 0xfffffffffffffffd, 0x45, &(0x7f0000000080)={0x5, 0xf, 0x45, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x73, "27d7474d5e78b47fb717d5d3f77cfbac"}, @ssp_cap={0x18, 0x10, 0xa, 0x47, 0x3, 0x3, 0x880, 0x3704, [0xbe00, 0xffc000, 0xde]}, @ssp_cap={0x14, 0x10, 0xa, 0x1, 0x2, 0x5, 0xf00, 0x3, [0x3f00, 0x3e8f]}]}, 0x1, [{0x2, &(0x7f0000000280)=@string={0x2}}]}) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x1, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000480)='./file0\x00', 0x46e2, 0x115) ftruncate(r4, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r4, 0x40086602, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x80000007, 0xffff7ff9}) ioctl$F2FS_IOC_DEFRAGMENT(r4, 0xc010f508, &(0x7f0000000180)={0x3, 0x5}) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_POOL_GET(r4, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="40000092", @ANYRES16=r5, @ANYBLOB="000129bd7000ffdbdf250f000000080001007063690011000200303030303a30303a31302e300000000008000b00070000000600110000100000"], 0x40}}, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f00000004c0)=0x89b2) sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000500)={0x11c, r5, 0x4, 0x70bd2a, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x40000}, 0x20048000) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r1, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0xc8, r5, 0x10, 0x70bd25, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x8080}, 0x4000) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x14, 0x1d, 0xc21, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4040, 0x42) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x7f, 0x7, 0x9, 0x9, 0x0, 0x411, 0xa1241, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000140), 0xc}, 0x2008, 0x0, 0x9, 0x9, 0x0, 0x3, 0xff, 0x0, 0x200, 0x0, 0xffffffffffffffff}, 0x0, 0x7, 0xffffffffffffffff, 0xa) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 19:51:34 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000030000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1730.139080] audit: type=1326 audit(1718135494.965:2148): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33097 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1730.147428] udc-core: couldn't find an available UDC or it's busy [ 1730.148134] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 1730.153385] audit: type=1326 audit(1718135494.980:2149): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33097 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1730.159983] audit: type=1326 audit(1718135494.984:2150): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33097 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1730.161072] sg_write: 10 callbacks suppressed [ 1730.161100] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.161100] program syz-executor.4 not setting count and/or reply_len properly [ 1730.165688] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.165688] program syz-executor.0 not setting count and/or reply_len properly 19:51:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1730.172462] audit: type=1326 audit(1718135494.985:2151): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33097 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1730.178558] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.178558] program syz-executor.0 not setting count and/or reply_len properly [ 1730.195992] audit: type=1326 audit(1718135494.985:2152): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33097 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:51:35 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000050000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1730.219540] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.219540] program syz-executor.6 not setting count and/or reply_len properly [ 1730.223664] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.223664] program syz-executor.7 not setting count and/or reply_len properly [ 1730.236163] FAT-fs (loop3): bogus number of FAT structure [ 1730.237281] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1730.275872] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.275872] program syz-executor.6 not setting count and/or reply_len properly 19:51:35 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000090000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:35 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0d1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:35 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000040000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1730.337682] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.337682] program syz-executor.4 not setting count and/or reply_len properly [ 1730.342717] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.342717] program syz-executor.7 not setting count and/or reply_len properly [ 1730.362485] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.362485] program syz-executor.6 not setting count and/or reply_len properly [ 1730.372037] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1730.372037] program syz-executor.6 not setting count and/or reply_len properly 19:51:35 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000050000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000060000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1745.755828] audit: type=1326 audit(1718135510.582:2153): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.758350] audit: type=1326 audit(1718135510.585:2154): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.764633] audit: type=1326 audit(1718135510.591:2155): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.767242] audit: type=1326 audit(1718135510.591:2156): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.786668] audit: type=1326 audit(1718135510.613:2157): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.796980] sg_write: 4 callbacks suppressed [ 1745.797016] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.797016] program syz-executor.6 not setting count and/or reply_len properly [ 1745.802205] audit: type=1326 audit(1718135510.629:2158): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.806558] audit: type=1326 audit(1718135510.633:2159): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.811513] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.811513] program syz-executor.6 not setting count and/or reply_len properly 19:51:50 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) fork() ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:51:50 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) copy_file_range(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)=0x36c0, 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0/../file0\x00'}) write$selinux_attr(r1, &(0x7f00000001c0)='system_u:object_r:auditctl_exec_t:s0\x00', 0x25) mount$9p_unix(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000002f00)='./file0/../file0\x00', 0x0, 0x1f3000, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x3812826, &(0x7f0000000080)) 19:51:50 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000a0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000060000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:51:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1745.814122] audit: type=1326 audit(1718135510.636:2160): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.820956] FAT-fs (loop3): bogus number of FAT structure [ 1745.821597] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1745.838516] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.838516] program syz-executor.7 not setting count and/or reply_len properly [ 1745.856740] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.856740] program syz-executor.0 not setting count and/or reply_len properly [ 1745.869065] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.869065] program syz-executor.7 not setting count and/or reply_len properly [ 1745.871561] audit: type=1326 audit(1718135510.698:2161): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1745.873169] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.873169] program syz-executor.4 not setting count and/or reply_len properly [ 1745.877019] audit: type=1326 audit(1718135510.704:2162): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33345 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:51:50 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000070000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1745.916322] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.916322] program syz-executor.0 not setting count and/or reply_len properly [ 1745.952570] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.952570] program syz-executor.6 not setting count and/or reply_len properly 19:51:50 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000070000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000d0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="3e1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1745.984494] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1745.984494] program syz-executor.6 not setting count and/or reply_len properly [ 1746.004361] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1746.004361] program syz-executor.7 not setting count and/or reply_len properly 19:51:50 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000080000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$pokeuser(0x6, r4, 0x5, 0x6) ptrace(0x10, r3) r6 = fork() tkill(r6, 0x3f) ptrace(0x10, 0xffffffffffffffff) wait4(r6, 0x0, 0x8, 0x0) 19:51:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xfffffffffffffffe}, {0x0, 0x0, 0xffffffffddfffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='_usrjqumdelalloc,\x00']) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000100000018000000d75839e3ca5869a423a5057d4a6be0f7d4f10ffc50dabfbf7dea7f039c2772c025ece864b836eb620137f4de06af046b3728d0d98e3b57f9b3a0a803278b68b326920d13806bd5f3b61e9abb9a6b8fde07b3d5b2d50a5a9ed4d9d78d687bf2003b6c7dcadd4921c9e9d06dcdfa1f5317194658fd8d47dcdbb90f482a994b4f2cdc6ee86c538157e92e64eafcdfbc15cde3ba860caed9e0d5847b894c64226420e1531baf7a5c1f8859852182077ea45536e2cc8c8f1d011149d7754e51bcc98a03556756ad2eaaaac148c344f493e29ebb7a8df01d2bfbeaad037663ae056bdd7b21a5205252d5e92d8b2ca01491e2881b5118153f99cb312d4ae39605e98b92d98ef29f4db7cd9b2036032154c6ffe29a640644bad10e02d6a9170fb9ea29ef1246ace9b2189bb149", @ANYRES32]) pkey_mprotect(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cpuset.effective_cpus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x71, 0xfb, 0x4, 0x3, 0x0, 0x9, 0x22, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3fe000, 0x2, @perf_bp={&(0x7f00000000c0), 0x1}, 0x2001, 0x1, 0x5dc70d23, 0x6, 0x0, 0x2, 0x7ff, 0x0, 0x400, 0x0, 0xffffffffffffffc0}, 0xffffffffffffffff, 0x7, r0, 0x8) pkey_mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) r3 = fork() r4 = gettid() kcmp(r3, r4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r5 = openat$incfs(r0, &(0x7f00000002c0)='.pending_reads\x00', 0x2, 0x6) sendmsg$nl_netfilter(r5, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[], 0x13c}}, 0x8020) openat(r1, &(0x7f0000000340)='./file0\x00', 0x900, 0x50) 19:51:50 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000080000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:50 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="481dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:51 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000090000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1746.255098] EXT4-fs (loop5): Unrecognized mount option "_usrjqumdelalloc" or missing value 19:51:51 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000003e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:51 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000090000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:51:51 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="4c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1759.813045] sg_write: 14 callbacks suppressed [ 1759.813068] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1759.813068] program syz-executor.6 not setting count and/or reply_len properly 19:52:04 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000d0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:04 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x7, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=0x0) ptrace(0x10, r2) r3 = fork() r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$getregset(0x4204, r4, 0x1, &(0x7f00000000c0)={&(0x7f0000000040)=""/26, 0x1a}) ptrace(0x10, r3) r6 = fork() tkill(r4, 0x29) wait4(r6, 0x0, 0x8, 0x0) 19:52:04 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000d0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:04 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1759.819689] kauditd_printk_skb: 6 callbacks suppressed [ 1759.819700] audit: type=1326 audit(1718135524.646:2169): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33821 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:52:04 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000400000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:04 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$binfmt_elf64(r0, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x0, 0xff, 0x0, 0xffffffffffff0781, 0x3, 0x3e, 0x6, 0x8b, 0x40, 0xc7, 0x5, 0x4, 0x38, 0x2, 0x7fff, 0xfffb, 0x1}, [{0x2, 0x3ff, 0x3, 0xfffffffffffffeff, 0x0, 0x7, 0x7ff, 0x100}], "df485654032c0e04077ae1ece72f84578296d09ccf654de60d416b35e54894cdc3fe9e4e0ef732ce18ff4c747ab9614cd2207422b4d8a696a48e2e629adf9cd0c873e94ea862fc1b303885d631d05a41c215f2eaeff580ad81e1e502b01445735daa6772cdfe35a730031ce29f70e430d1222296d0c0c1b0c26ab67a4dea518979b2", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x5fa) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r3, {0x5}}, './file0\x00'}) write$cgroup_int(r0, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, 0x0, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r5, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x11) 19:52:04 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="681dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1759.835278] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1759.835278] program syz-executor.6 not setting count and/or reply_len properly [ 1759.837520] audit: type=1326 audit(1718135524.664:2170): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33821 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1759.844590] audit: type=1326 audit(1718135524.670:2171): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33821 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1759.846973] audit: type=1326 audit(1718135524.670:2172): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33821 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1759.849071] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1759.849071] program syz-executor.4 not setting count and/or reply_len properly [ 1759.867187] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1759.867187] program syz-executor.7 not setting count and/or reply_len properly [ 1759.882686] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1759.882686] program syz-executor.0 not setting count and/or reply_len properly [ 1759.893207] FAT-fs (loop3): bogus number of FAT structure [ 1759.894341] FAT-fs (loop3): Can't find a valid FAT filesystem 19:52:04 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:04 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1759.953762] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1759.953762] program syz-executor.0 not setting count and/or reply_len properly [ 1759.997202] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1759.997202] program syz-executor.4 not setting count and/or reply_len properly 19:52:04 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:04 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000090000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:04 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000480000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1760.067949] audit: type=1326 audit(1718135524.894:2173): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33821 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1760.072972] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1760.072972] program syz-executor.6 not setting count and/or reply_len properly [ 1760.075056] audit: type=1326 audit(1718135524.902:2174): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33821 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1760.106448] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1760.106448] program syz-executor.6 not setting count and/or reply_len properly [ 1760.131336] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1760.131336] program syz-executor.5 not setting count and/or reply_len properly [ 1760.181470] FAT-fs (loop3): bogus number of FAT structure [ 1760.182368] FAT-fs (loop3): Can't find a valid FAT filesystem 19:52:19 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000003e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1775.129521] sg_write: 1 callbacks suppressed [ 1775.129543] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.129543] program syz-executor.7 not setting count and/or reply_len properly 19:52:19 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:52:19 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="6c1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:19 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:19 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r0, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, 0x0, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r1, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) r2 = perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00') pread64(r3, &(0x7f00000001c0)=""/115, 0x73, 0x40000000000) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xf8, 0x7f, 0x2, 0x6, 0x2, 0x3e, 0x20, 0xda, 0x40, 0x316, 0x3ff, 0x7, 0x38, 0x1, 0x3, 0x0, 0x2}, [{0x3, 0x80, 0x2000000000000000, 0x1ff, 0x18b8000000, 0x5, 0x5, 0xfc8}, {0x6, 0x1, 0x84be, 0x1ff, 0x5, 0x2, 0x7, 0xffffffff}], "0144644fc0a9676f939fc64013bd3430fdac7bf4d82bc7e0288b19", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x8cb) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=@ceph_nfs_confh={0x10, 0x2, {0xfffffffffffffffe}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[], 0x24}}, 0x81) ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000000340)={0x3, 0x1, 0x1b}) openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) openat(r2, &(0x7f0000000240)='./file0\x00', 0x10d482, 0x45) 19:52:19 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000003e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:19 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000004c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1775.153171] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.153171] program syz-executor.4 not setting count and/or reply_len properly [ 1775.162563] FAT-fs (loop3): bogus number of FAT structure [ 1775.163171] FAT-fs (loop3): Can't find a valid FAT filesystem 19:52:19 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000680000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1775.176880] audit: type=1326 audit(1718135540.003:2175): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.180067] audit: type=1326 audit(1718135540.004:2176): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.185222] audit: type=1326 audit(1718135540.010:2177): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.205455] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.205455] program syz-executor.6 not setting count and/or reply_len properly [ 1775.207724] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.207724] program syz-executor.7 not setting count and/or reply_len properly [ 1775.217019] audit: type=1326 audit(1718135540.011:2178): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.225258] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; 19:52:20 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1775.225258] program syz-executor.0 not setting count and/or reply_len properly [ 1775.245042] audit: type=1326 audit(1718135540.011:2179): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.261122] audit: type=1326 audit(1718135540.011:2180): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.270375] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.270375] program syz-executor.6 not setting count and/or reply_len properly 19:52:20 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000006c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1775.285186] audit: type=1326 audit(1718135540.074:2181): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.287278] audit: type=1326 audit(1718135540.075:2182): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34072 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.319523] FAT-fs (loop3): bogus number of FAT structure [ 1775.320097] FAT-fs (loop3): Can't find a valid FAT filesystem 19:52:20 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000400000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:20 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="741dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:20 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000400000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1775.376830] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.376830] program syz-executor.7 not setting count and/or reply_len properly [ 1775.406876] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.406876] program syz-executor.0 not setting count and/or reply_len properly 19:52:20 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1775.437528] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.437528] program syz-executor.0 not setting count and/or reply_len properly [ 1775.443575] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1775.443575] program syz-executor.6 not setting count and/or reply_len properly [ 1775.500878] audit: type=1326 audit(1718135540.327:2183): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34312 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1775.506322] audit: type=1326 audit(1718135540.333:2184): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34312 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:52:20 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000854, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/net', 0x0, 0x0) openat(r1, 0x0, 0x622040, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000000140)=0x3, 0x4) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x35, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x2000, 0x0) openat(r3, &(0x7f0000000040)='./file1\x00', 0x440102, 0x10) copy_file_range(r3, 0x0, r2, 0x0, 0x10001, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000002800)={'filter\x00', 0x7, 0x4, 0x4a0, 0x0, 0x2d0, 0x2d0, 0x3b8, 0x3b8, 0x3b8, 0x4, &(0x7f00000027c0), {[{{@uncond, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x1, 'system_u:object_r:sendmail_exec_t:s0\x00'}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x4, 0x9}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x8, 0x5}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x4f0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x31d, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f00000000c0)={0x2000}) sendfile(r2, r4, 0x0, 0x20d315) syz_mount_image$nfs(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x3ff, 0x8, &(0x7f00000026c0)=[{&(0x7f00000002c0)="3d7e730342d5d0f8d17b9f7b2346d6fd6aef0171b30daabd1864b37f0a9505caf6530d988aac15a16159351b650f810179293dafcc51dd0124c1c61eb299c091fd698cc20ad22d8dd9b6fac6d0f867a16c57ab031d3974d22c0559caa9fa85c812215a839e3fcea8a40ced0f7ab2d1121b7af9bd98ef767735e1c36f32c3fbf63f3350c1dcfd737d144bb458b050ddfc07c623517749b030dbe9", 0x9a, 0x9}, {&(0x7f0000000380)="888aae141b8841faa06d345533cf97f36368b2e782c2f9e313ad93b56e1d9cd9eeaffd43462994da976e8f1f70641cf182195416f47b11de1397190d976895a259506b3ab44e520c606a07b6266dfd039f673653afc82957881c60c6", 0x5c, 0x2}, {&(0x7f0000000400)="9aee691e452852258c193232175f51ba47790932f152ee2d21c95b59cbd59139ae29530f3c262eeb26fd5a82ae991859026ae0bff5d1c8db5530677c860a94ea078642c54d872f835099cc951686db09c6db1052253bf0441b5401881b8cbf35cee3bb2ee712aec9a19d621dedcfdd9c31abfcade8d95213634b9912e59ec561f2f5f6f94f140d4a97677ec0c7ef5e9b8c7082c11ee2f30e32f632eef2d85e1defd9c500bb76aa039847c9578d37ee71522798cc6cbdfcb1ae396bae846436aec964b2b720a90e3dbadbc95d50bc9a1d882358eeba4b672e2ffade0018c430cd04c340ea47598a78e89f11b3fc1f690901cb3ae01e51bf77594de56b57c0c1dabd79b7c3fc738ce4ef8e706e7d4ba45368713ab73eb096984ca74cca03be65d28960373bf4ad975bf0ce9e478ee6ae2f0d35a9d0037a1d745ea3e3fb8c37a00cf4fac24a63b53e7da7ade10a1f7eeb3ac8fa090b0db50473c2da340a14898a1ede96d3e1cdc5b6148af2526b771cfe724379a1d4939a91b85fa6675870fb676748464d5e061ef4b823e44c133b224d91b2cff71bbb1533c0e458f97b2a54b1696ebafe5b7819a9c30699989f459edb7c5663acf105154053fd1d0fdb79e7bb8cb120d03dd959cd77647f4b86297e21cf9e40dce798e4194000b5d10891a17e771afba16d396fa3187e0df7e5c73c16a816b4f41bd4fdb7f2f8c8a76e3b87ce7e258a0c34808c8615aa29e5d9cfbf73a95d7f739bd6aa0741520d2b4a5c2d49e8999105144fac40b508b0c33e4d1c137bc70472154f8bc6a4f2596441a0de51e9e35b87b5306d81d49bcca0e69bf46ef4bbbd2419d27f16041eb0e4970cfcb9852931184f345fda918df50d4c6a6544d198e7c8c434bcf2d8dde54b1e400856ad9c9689ddfac286b8b5b92916f289546ad22906432fcffa4ae88a60d31ed00d5518f49544a2ea988459b0ed0f02065d77447e0d2497695dc4180722b32b05d4aa5f12929304b3dee1f05f3afdab5783ec38aecdb9162b6c30c3fe913025eedf13c495392bfca52eb1a87f7699f8f03c0be89cbcc04f2d7dd50fb1fbe9be26590581dbb5af927e004f39c12035a529f921a5bd5678f17d3d354f15d8693d056e3d0d0f379445e4e7c11c1c6b7b06f74ad10bf27fc05fb7db6fb0e7b1dc027dea173e08efba6eda03af43030c616109e853b41d3ca607f0e5db218037f7a75ccf2b6e7380208d5f6305938f1e61e3b15021f763e856ffcaf72638d9bf110bcf38cd32cf23bc71cb17e3a67c2cda04ef3863e246678c581736e45b99b4b64e93954964957369f86d4ca1f7c9948051090bd54f21ffa2faa75e5b5e8eba01998c243b0d1760dbe94d7de7b76b7299d02a77172300e6252d956c3d8858b8abf812bfcc33850cd4d70be48f151011cd53737f91e3bbb0f4403065130aa1faa1eda959aac5e6f835d9f8f1836fa75040879aa2b0692ecdbac4d3d2fe6d499d9a1d60b6aa4176fb30d2bef4a2b49b9c01e75fd40d7deaf7d0785e25e877ee24fc1c856f64cdac5fb92f03d0597ca8cd7918182501cc3223c3b725ccfb78eb7248e830870ddec152bc328e068f04065a06b71a052cabe20e56ca94a1b613bed97b8e2d99eab2fd7838033f8000d7fc180c2d1e4affd2a4e47247386f0a3c0bbeccb956d81cbf69fb98fad9ebd1b1fc8050aabc87510689ae46e90f726b51dc61a17d0b8f340768713402d439ec506cdb2467dd5ebc23d6dc9497dc265bcd0389b3a226d714aeacdee0e7b34e21f7b26eab344d7d92f539c83ba3d155cd1a76e42f9d61c89786780053dfd9b4bfc4f7b0fca74a219d29d20b8f9e36bd0a8a925b7b455c4402c2fbc1d16ea3b4c35da84648f2a04cee590f2f115c3fefb8a046cbc2efc77299a2b615f376a70fcd67ed871cec599057008a6dafe7acd8df0a78918b9f721ea7dc81e1b641b87506bc99201771e1512dcb353a443a70c355a5dd70970c2657133be276533bb256bdd27e3ae073d9fea4dc32bed8efdeaf31e889d91a8a18368808c15e534d4ae8b30e496c20d6a1a98c3afb100388dfb50d52e9f427ac79e7f6c487a93ca64d1505fa703d4552ce2c8798f0bf70fefafb72c5107de6f39fab908b46924e60afbfccd8f9dd8ea2db8ab95a153836f81d98aabbac68bc3ec996e22769a3c1a9f0724d97aef63639a83718b9861bfafb3d34134e7ef94a89cb862fb589adf5dd1c1e7475fd2c2ba5bd736702a920ef67dae03d1b16533f5bb16d807465e3061c40cf04c8b1141f356f59565553aa5623dcba1a6e618e75c64503563ef8bf46a8d82f48875ab91925422287d5aa3ca68913b6e24f59333d78288c92a4c6650c032f1278f042de58f7e034d4fd32b2eeb2609acdacf77a5765e33dcc513ceceddbbf372cd9b502f133b01903bb2c8416791946609e809154505eae884e8cb842918e6fba14acefac41b2a692d8d3de74d0470428c4d4eccc72ecb8df841128c2b07ffbd36fde1dab053e9f7d3470b9d986d0b9fcd796c696e47bf7492356ad330fe4ef4aa63bfc1379c61b9d6bd6b08dd11c5bc42af8507441c9dd3e812aba1dcf342a857f29a36028e787aa05911e45d10377eb77feb0ce517dd22114e08907a3b5fcd8ef8ac1878cd84463b93da187d7720de97aace1b281fe06dfce55a7892fd89b7f111f5e35c0e8e32c284a885d7d66e3badae3d6ff756a44e582977cab493ed7148a96a226dec516e5a2d3d7c14cf2e7b3bebc04ce1f697ad78a13262896c22d01ba341467b0f63a3e56bfebd39ab49f42a46a41a1635157f6859de2c6cfee1f03f9be980235a18c79bd88d1f2b355e315978444fbd299c6e1754e2719262604d7a6ffb45fa67191951243e918a160b0e35c48f8a8c33cc6a73f93c307246f83c74544b69d378e083145335a3612c4f242339b62a98d60bcdf25151256dae6225635673ea3426e50762e419bb818cba6f096fc109700d37813f197df7ff491d04fe5558d53a9dc362c374d1682253b60b7845847ff5123ba6bcd5dff4b774ac0a49871e21a5ab817c065ea50a2c764ebeafd0b6ae701461798b6d63f65799cda58b8060e7cbce8d2468ea386e4862a7cf22bded6fdd84c458a4a85d9f4011bf7af64d2db3a3d78bfcf2a3569490451dc9c6249a9dbadb44c7937150594accafd279d5e8467e386d82da1c1436cda86d16f5d2dfc102ac13430402295d422c6cdd45775dd3bdc076dc414273dd979c0f3b1ce21571a43e33de2d1fe30c4d7d98d89995e392c58dd3f82d3c4a93c206bcf2247d69807fce61656befd76ebc5817f06ee2247a45c33f394b30389e29ddf0ee62a2134b18ffa4ed58757034c38139e16ceb4a715d5a051ac83ab71664fad8da8e6acec71cfa1265a83e5802667158507f3806bc0c66cc126417dead067d30feb9de8e524e338f799eb1f0820d6f1ea6a14a16c92cf88f11d29d51c1169f188525769d560f98f0ae62718ab299a83026b7dec6562d51cafffc8ec0cb1670f05715c46845c3844588e25d2be9921a0d0eebbc17e69c390e075c4bf7383fa9085d80b735df9d1276b5bc41d6d8daab19a5b06ff53dad641a7d60317e3e1c609798b905c44fca557def8d83a50d39ca7c2aee5e38907107d2193a2bdd2cb79771b32f4da009d7db0d3c41fb68a792b406ec9e0e0d9cea98860d3df8ff02940a996168b331e1a3d221468e3da1cb009a2b6b5e6de81da2220906018706fa4ade8f6fa5ec65c6a519c48904047b295d5d275d2ec9d4a2400d7d26b8edd1c93eb5957b8a2552af821824ce63b53d4c5b6892a4453db8b279234ae25da86d820eb7de1806624386c65479ce2b4095410a239416ea8e4bc7f3c30bc42343d9ad165fa3b87c3c5ecb78690877d5cc73884fc28b49de33e60df155004bd79767486fd0d8bcef925a87fb0db29974c0325ed1fd5e93dde19ef1ae2a36ef9fe4a02f3b726a4c63adcfd2b261bccf25cdd0ce5fdbdb9de5e6c9681756526082d41845525784324f78fbe36bc5df759a9a7517f95769fb8907941e42356dd7586622264fffcb0ccf6ddf00490ddb8a0f6746312f00d7dee8c686efb21aae7289020b49670fd5384d73df9c4be6003615f4935467e3a72905998f3b448911e1b54ea84d200a5f5bda885a4460a162e916904c9e1146a5f46dbe9f9862b1416ffe9c53671a4c5705466878c1a22e009357cddd310338994af340d3a0e0db6f3208d256fa3be2fe2271a94568c20628a3f27b56402e6eb012e072f85b22447b7c8fb47979f580c135185c86344180ce9f0dd81964b77e8779f7065b87708a2f8536c68148edea72740a6b47ae9a9ed8a9512aa749c76ba9222b2a03fd347d61a94de698f74f5022f1524e3c9cfc6cdf44cdaecdba6f5f567ffe576f882c79dd3bb181c2a4b0f1b4eaa2ced72120b8eb2a293f3efcd169a58b6cc4ab7c74537b4bcb8d9552a1c69990d4bd0651452ffa3bf63e1f4513d32ab396860450a42e0f4a51f3114aebe996c676a593570651c553dd2df63af136f6ed59d81534dce6bea0d205a2e0a8aab81eb79fa0337a9407dfada06753f145b7b5633e762af3ab24121a6ec8280f92a84f27691788bab5547346740bb45763301cec564b85663f3ce181d4448505b3da4a3833227a735702ef21ccf0d4d298250662d11f0f579c632c377b6a181c95968ddc4a8d21dbea584ad5cc179b6c82015d0256333b719662fbed3ad7bd996b14156e79f57c564cf54775b16ed8c9ca99f125485c3de1fcb8b6dc24f72d8b381c460258ef6a95df03420bf3d0a4a20f8582dc41c0855b57a88b1ed95e7a7f3bb609292c975dee21229109ac4bf53e8d547f87ae152da797908d001e7361aca8157a2c8279701673a399d4c71b0aa255e52fce0ab3d58c74291dba0f44462abc33c64b28e85e32b870ce081846d1e18089a0d53e8f625e290690e1a8f9de63c68e052932cac210f3e14a06adb3300ba6bbadd8a6945c01cc9719c1eec12bcea6bf0a95369abc36c9184381de6255dbabb847f8d7db953bc4c7018b75241b2139ad6b7eeba2b12d682fcafa14ac7d50a5d089debfeb7dfd4b2c512d3cc6537e6aa4830647cef5419a3a5577338af61c497e048856d527b0d1b974fbef3b64598b0fa25dab7cadbea09bb68ee589aeac02a2034c6dd05fe4b5643a189d3cce9f14839ffe23e05b2423f0f9a5b61315e6186dd1332d29cbdb4fda608792938b55517eb6bdb43b118a76dc5e3bddc8d2c1031813d19c1a95e9e3bf652ba77bcbfc574087eea53be49e779e524cf90c15afc047908ae6a55cb1bdf44c4bad7ae8987b216e5deb8fc48248550ccef0fe0db19e7a148b3d837ee0204e333d27f8af19a27d32537c0daaadc7207437b819b262c58418d2ba7b77a2e579ea4924bf1b0083ba6fd7a91b562943a464b1e2c91550d8ef10a9e516966c518a4a39b24cbc0008f4f7f2e648a62351be62d528e11dc6be7780d951dd25347e8bcc39bbc880a9f683b647bad1487ec3b0eb41ecc40e0c7e9162836cbad43a21dcc321f90d963432907e5dd99fbc4a3d003a063028a940906195f6216f51e1872fee348d63ac810a2dcc4b28a97008c0874021e67b6d55ef52a3ff09e21d1e332db873230b540add492a6cb0f6b074fd35cb58fc4c1ddb81da2cc9bf2a974c3702ad2b9b737b5155d960cd2244837dd45f0de89792a975fcfaa90c7309375c22c5651b42529aa5c708a6a6f4ada9e293ba130a48329b04fed23b3d17519a1ed6e4ea838bfe347e968bdf41bb18ae2013b3720", 0x1000, 0x9}, {&(0x7f0000001400)="fae570b697f3fe4861dabc12cebeede185374b7279a5d9b90e7ece25862cba6ddae97424a72ca6b80419654bfc485c91cc7640e03fe4cc20d9aac11943c523e8c9e23400d0d35c54c5", 0x49, 0x6}, {&(0x7f0000001480)="05e262dd84c59fcc6e7ce666e4c04cc6f3e49579cf7669e2d76cc83a703e51367edb526a0fc2beca721bf737ff60f0eb61310406a51c245833f5d5ad4e85591a05f7ba7a0cda9e9bcae0cc1a756ace085984d10db65e9374e5895badb326f11c840ba0a5ecb4d30b8534eb15983bf270c9de6fe2fd34834d6a08c22e80ae4a3a85d378483ae38710132d415139dbddaea42b19a978da1f8e5ba86143ee24586c", 0xa0, 0x5}, {&(0x7f0000001540)="921d38f91ae04b63716b5f707ca6c246fff1f7d789f2bccf8827b3e2b9db1c43cb3770ba972cb66036955e6e3a757d880d8b8e09c0c0ad00e0a49ac31f011934ea3386b58b77548ae9bd732eba0f968371b2249b72227f6c21625a9796950a1aa873f298b68be36ca93f564bc9a39c6942689248a7667410cbf5576ef7aeeb5d9735667ea4a558b75ecc9baea5b2f77e81662ea401d7679b54660f468cf2e12ad876ff36b575379c8150d0a4fe1c2aa7d1ba5ab9305e9f72b3e6f27f96b1876233d7e713f0b6ba3f507f9a00bebd5eb2b7535c", 0xd3, 0x3ff}, {&(0x7f0000001640)="6f6e06a9866cd2bf988d75d88a2b24f5492c6dbe0f4243e281ff0d6e837ab39721f84b36d41d206a3ffb0cc6250700b003827146a54cd56faf303de26f4390a8a859ebb325896b216ee8c1665f4f5746587b0873957f5d9965f39c41caa6df380d63b01fb9b20eb7ba0fadd0b3b11ab3650d6f68dc22", 0x76, 0x401}, {&(0x7f00000016c0)="fe11bc4acea39ab28ea52bc5c86707d2102e8a93537b822f05667478c4f1e08ac9c56e7c5578c136b8ced421e1eab46a7c162455a362b09ab17aed01ea84d50c7cee8a7f18572b2748e7c7fa4f64369a10175f4f35efdfd77d8a3014d8a163b3ae28c3bbf6154ea1c19ef1aa6665977b6c4e0c1b6939a0a021842e08f0bd2bd20510807b2825d34a946d13172579e927591b8c935edc7b417f0d1de68fdd81e69e0224ca0988ef0f5e58eccd16c7084cc14d808bc01b5d79cd1d65ec294b30a7a59cb8567cccd937eb08ea23aeab4eb272a5dddd391d2d4c9aa11d33fcec33c8a0813b021886c3c0afd341d14be5f6bf89b1e8823f7b611351a5df6819debb40d8b481e00286141b0d4b48d8517dde76eaa4d3024abf9a723c8161fa4df01ae98bec4bce5e8aeb3dc6311dd4af59504ec53e42f789e006caf6787bd401868578897e30583fd6e8662629cf77eba7f704c68c840ef0cb7bc69a6a66341cb2bfce31a5217af7a8e2778d096d9cbd17f7ae7c51c52dfd5ea89649271202765bbd06731a396ab29f9f1f45c6dde666bc59da78b708fefc8e54774c6bd5af6c8c892fb34cfdb66cd5dcb2f6f545b967e0ae25e4ba2ccb9bc3e3a940bcf85f81fdba87e273d4e2bf9803716984d7a53da9e5316663fb6b0dd02848eb114202dad0ffc422e0ac8763a5efece42717f6bd27102812cceffa125acaa642aee1af55c6988de181fd1e575c9bcb534db2a68d20df6c445b25c7864e5b84cb3d882a48950e861f43908727d42abce12542c75a9d48614207f4be63dee885a2bace5e9f5539885c28ef61b03cefbe8506254c88b2a038de97ee983561ca52639b09e1f6f115f51583d753b18b7d0a6cc52f2f9b2385d0fdbc3975f579d8e7de0282328e9ea2c073ebcd1aa6be9560641e48f3ed2bc6391c976fdccc6339509a32c8c76a3cc9d5c80236205528b69c5e14662513a3279946139b32a64bac5a3d27091d5bca945c4ea87622e1e965a44731665ec5197826d5ee8e3e1b603824f6988cc862697bea42e6de2490e01abcb6fe29687cc3f859e0ae740a63dfe66ffa010da6d43e0eaf2a3697f883016a28ff2f7cf7775d1259db610dbd3ab4d569e8b83adbf1bec78508fcb1a2936086468cb56036d69647802bfc21c9a45520c45eff583eb48d65e8e37e0a0c45279f9758e38b19449614c23944ab2edc124f4164646e3e2b43f379ec5f77f01e4a7dd79dab745b5fd467ff9ae98522124cfdba8bcebf7d1fb60d10bc488a98ffe0b79f19fbd6318cdeec67feb6e257fbad898bd8e0f2497a72a34fb74df0afb3b4c9607a6aa9b36e614090624d1027ecd1ef5006c54982d7d271593e688d93db88c23a63abc4c635527910ad13d573818980afcc5934ddba821fec410f5940ddba7f7debd37ef385bc43f3a24ae5dbb2e45867288bae95f405f2aba5dd65e0e04092dd643fbb75878264f26a570233bc67abaae4f78efdf531e4f4ccb043cd553d263fedc05e7784d6ef2de80468be72bca97158cfb83b07d55b6a61d883856f944204eb76f51666c4b678b5d2781c6710cde1453993e0dfdc24f6443763028a77dda38e160afc5f0bb037d41227fe3f7ace481526d5bcf06d5a87432b70acf63c09dedfce961a1a67184f18b007ee76e8665959e75a7686c5674990ee179393ea6b0e92fd2d7bfc1aab81e6a6e525107d072cfc834c9fa48457551339a0c2b26adc5b1536f4e5a65ca36e1578dd820cb370a13ce5dd5264d813edfc7b2e7c3216eae5cd144d210880bc3c83b1ec25a4170b19afb49ae8304e910bf6d96b3b036981b67c8eb0c1381c9e38bf41100b2b8d9acf056e5d173f1bdeb39be079e31d210cf2dc4b5553166d58b9e35bef5f2d8e621cd77a88c0e0ffc13214c728f89f8d795f70813735feff2e3c19d5e2e76556043c06f91cca557474e1ae4dcafc1ed138cc10c1310a3df236ff5752f49db760e1c65cc8f1fbba2691b83485b5ba5ec6c05bfe765dab5238ee868464f51502170168de380c4aa78050fbcd22bd4d15157fbe3de4019e0c9b88a18d3b1cf4a5e32bcf72003c59bfef9398e15e9604708d55a5d770dfab730c83f23f985bb20eaf246829d5b3149bb36d5fb7a010dd63c4538a9d13166931513f12a3ded32929bca2c2c6c05ec793abd0738974609fda6d7886835967094a70dff3580700570df2ba887cc5118894aa75dda04cd4eb94eec7fd7ac935936ab92c8cc77154fb6d9dd1d84c10280fd5365999c83c9ccc1aad0b4eef556e0d7d24f3637cfaa2dbddf7f5a1eb1e162c3bf1abd3197eb5c328f733687cc26ea44cb967de38b1808664c97b1dc49ebf263c21e603b09b1f4adbdd9fcf87ba3f75d2aa5479bd9c4427770738182ab6b26581ada24f5e08ea64a9441cedded34e730f5ef806ce463e245de3f7c5f8d1c5e17b3191cdd8f03da66c8386b9e57cfd9b656f2767aa085cd67e3ed56bccad2ccf19ce93c71daf4552ef188e0337bfefce7bb4038510bf8e86c5c91dac72f8899c2f999bcf00bb72671495ca34c0f43c5ae13e2db6196e9a701de1997409cff80c8da2c6f22df9c9b2c2ea4ed0be70aab7e437188b557ecfe19f059003e2571c9a6b7da72808f5ed871257839fed993130909172dd4ab46140e425c7bb028a3e9e5c0e2fea3de835a6445eae712f9ce04f49d92a6a14298ae150c2c639d6dad9aebf2b6d02bfb2959da870bb576819f1d69494dbca5e9ffa4dd83ef976490f7b207594dc6941e595e3b5f067a99a62ecb064afeabb2541ef4fbaad8123e6fb9da3e7833fa75398425cf696af078729dc03d3b130e91fcd8ef4074d49e282d778b7c2f6285ced5fc3bb9c3e99d4e12a597e070754172c12c44769f0806c3c4409974eccb0d1a7cd0ca39c44885b9173969638b83a280a1db0174a3f643d35fd4dfb4a75d60e15b0730afd728771e4e97b6c181194068b88abd862e65277a57284456b5197d02b665b33a5f28f2d16f9c14eebaa904a07db1f1643b41a495f4c60c5dc6005fc52aa543bad5dac4b156a93890f3b0288f13d404398ffe62a36412475f9beb7cbb7e9151fd017c040020c6d4367ebb7347313ad033b794907689129c70cee2ea407fb6c14fbe48ce9ccb81df84469f85963e3c172dbab9252c7b18e27a21083033ada041846ee16fde5549fea5d4e617759d31fa72672b373a646501825bab5e1853f1769d1a71cd09dc14d4a611770e5f931873ac3d557c48b938fda2caa57b32016776e8c85dd5f408ab718f547d27e17e6f26a869309802c565511c7c985131948c41c9ad1f94aba3299b36a71dd81167287f148d3de541f10b8953aacd8b1b5d1da9bf1f1ea8937954000fa6fd7a78fb9ed20fcc29f0225a096f1e7877a9106794233ab0de9db3d9ba742040a171f6bec1a721d47d1b61b0d77212bd62e3081bbf0022de6cfa59be0f908ad12490d4986cab525601aa3981ea6d8c10e13c02a609ac05abe1936a199c2b9597fcc7859683b513ac2a08f740a57790774543541998905d1891cc2eea800d701cc7b982dc5bc54da0c27edd8bf035e15ca51212aee71c717e1ca1c8d981ce4ad008513807f8df0a7cb1d66e018e2c3df3d80b1cb8e143d2b2a7ef2267744f48a16667cf40f65311c0da8c45ade2e9e9c34ee26175a42e800369b91aa085929c3f8b3a5e0a73ccb6ae4b47b2132ea5ba993cdcae1da2d2330e2a7c07e788fc09d8fc404c47a19448b725e26cd412d8ecdab407e749c5c8965841e3075bc37cea921b085aeb6908d72104b1fd88b97f1b8db192cd0def618e4a5b9b59f967a9032bfdcb9b82d9453e8805e75171f26645a44e27473a4ba6fa8b58e319c596d928352591b9b4977dd7575077883025f9e1a5e7b1e23aea4e9aee60db5fa089366b509fc467282dc2205b8b35203131efa96b897328143e48c6c9b4d2af945026a4acdffc434d8f1ad4160e932adb75f28d3dba58c0fec9488d534b5ea1ffd10262cd796e4948c01efe8bd7d46a3b59ee7040d1aa057f928ac20320b8e18f9c88bedfeac47f93601685ab4aa41d7fa217ee478d938e5f8110e7287b5513d6e7d4b731a79c6fb6914f1f987a632540d53bc6af442e41b3be8a5ca69d19eb1845a22d59f2957646706e31d6f054a87cbcefe972f35c9cd72d32b5f6c5a0552723e0262955c2f9e57cf3fecc3f9d8c6572cb53c0a71928a93c88644d30a960a572020d332ec722d60c5b63247b7b4d1324b5419fee36094de7c23eb5e5145142a4463a8317ee60a3d20c2307f9c28c37129bf3de33a7e0163840a09d45d4f33fc1ccc0de0c5e1b94bf90aed863ee5499f1ec4795e8d2925cf984c6b5a978acb6f71b9a89f54fef54a3dcf4b75c32af47677179a800cd87e1e92d279047f6ceea48d9fb37fa64866134e03b9471fe34d1b58de563e1fd7366bfe184a24d038d9f4dfcf7f698c59b772e8b8da90ee956a20315c89f4cb445510a6401b777accaa9801ddd3d07137f4816d04b2732d2c7ddf23f657c4c641b1a74f061ab800af53e1f492f74ad415710a3e3d0f14e87c383ccee79530603d0acc7bff21948377515617c944010f360ca4d854f8a2fad7d838e6edcc14b0610e8aea2a3b50782c700800f476c9839117256bef34367e29d0ac1bfd3ec15d4ec500560567e9353cbf3e015b7e199df2ab96b66d8a6849746f59617611f054398573bba1bf7bb8da3fb631a116d37929739cad0dc273d31a8c2a0e8b1723be77ad9933ebb6582bbd3288dd2d2197c67f5a5b41978b2d57837f0d9f23584bb2278b4ba0ba9e067219285086a3ac550354af27183f7934577eef391db3ab24f59b464cfbbdec907a0d937a465e3320d860d056008efd98bd1d81487f06ebed70c8301c2d8d37bd014626466a11f5040cbf78b210aabbc4f9d7aa7560d80ad183ba0d8219b0c4c56526ebb68741010ef75ba61ebd7487c7c7d785a41281be87e62b72f549a2beca41ab5c325abc8df66b15c8146e0799409b00f83f079824ab935104ea50cb5c8e3cd09c0eae7e929af1fca5943f42c861c2fc93ebf33d66f0ab2886741dfb4094fe54cc8f7a35a8fd6282994a2aede9762f890d8a0a4a9ff9330e07f0bf996c13b8e845d18eb7bc960ac8b5cd5c646b5381ee2e5b471a115b15c8e2df654a6be87c8a7f9bd9ac031e2c6b7384558d40dcecbbb8461400013a7f28234773849a11be23ed61f2c5520023eae6841b4632b0ba6f840b92e1df40f9577e632979937d04acc20fe833859136d6dc7e1fe6d557a14f627e24c05014db422b76cb5bcf8bfcd3cb8945df42972b3a2cf53bf441b35bcf461d131135cd534c6b4d5fd9eb019471708682e6512fbfdaacdff9fc16ebf6bf8a8029b28053371dbd171b88bf99f0efe1ecd1ffe3f8c0045c422860df450b740c6af644aff2d8fbc8219461d74bd81352abb5383f7627b8cc5ec8159d3b6cd68cb27d4649595e710d8375653d62a3a0920d7f8014238b4b3373e0f4d0ea3d899460cecc781ae4d0c90bd2c44ea08f412c30b7c634ae4ec15f994cf0b2b55debe4e112ea9d5857b2df2e261409f9b62b72eae72bd37b63f2c4d15535f86d2c4b4efbec0ae91177d0841a6fd19f5e6eecf76139b378a6bf53b2c0fab4a6eb0184ba6132407f37b9c1217d39beed4870c9a0e922d11653688b6944b6458f2609ec0de83cf0043733718728b32784bcc0ef4a8d7b46310e2d23a36cdc5d72a91f16b9f08c6dd4c2f8f0f7da6d31ba18321c05f5911eb78c13afd0cdc2d64db9719a6441c5dcd066b3ce", 0x1000, 0xe2}], 0x40000, &(0x7f0000002780)=ANY=[@ANYBLOB='\x00,\x00,%!,n\x00,\x00,\x00\x00\x00\x00\x00']) 19:52:20 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) fork() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) migrate_pages(r1, 0x46d6, 0x0, &(0x7f0000000240)=0x3) r2 = fork() kcmp(r2, r2, 0x3, r0, r0) ptrace(0x10, r2) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r3) r4 = fork() ptrace(0x10, r4) r5 = fork() tkill(r5, 0x3f) wait4(r5, 0x0, 0x8, 0x0) [ 1789.366163] sg_write: 2 callbacks suppressed [ 1789.366181] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.366181] program syz-executor.4 not setting count and/or reply_len properly 19:52:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:34 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000740000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:34 executing program 5: ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x80}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000040)) ioctl$HIDIOCSFLAG(0xffffffffffffffff, 0x4004480f, &(0x7f0000000080)=0x3) r0 = syz_io_uring_complete(0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x2) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) ioctl$HIDIOCGSTRING(r1, 0x81044804, &(0x7f0000000100)={0xae, "8ff0282219f5a36ee6d83f2b44fadc6e5a872a65ac86cde570da7756e125a22312ff0a99d56f17c042885b67959b2ab6e23293cf3f259b2991624a8d3d23aa210774fba1e0c4c26a34a08015b2133ea5e1c5a5f3bacd7960811ebd0f93e4394c7ea37f004d78a7121772d69e7149329aef5e74d12c3ea1044aa897c84388b1998a9cecacd1d15ee31d828e81c6438e868e543f66dfabf96a25e6fe23efcee258ad93dd98a333fe9232c8f18896dc"}) r2 = openat$incfs(r0, &(0x7f00000001c0)='.log\x00', 0x0, 0x34) r3 = openat$cgroup_freezer_state(r0, &(0x7f0000000200), 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000240)={{0x1, 0x1, 0x18, r3, {0xffff8001}}, './file0\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000280)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000300)={r5, 0x2}) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) r9 = syz_open_procfs(r6, &(0x7f0000000380)='net/udplite\x00') ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r8, 0x50009418, &(0x7f0000000440)={{r9}, 0x0, 0xe, @inherit={0x58, &(0x7f00000003c0)={0x1, 0x2, 0x1, 0xfffffffffffffffc, {0x0, 0x1b, 0x8, 0x1000, 0x100}, [0x7, 0x9]}}, @name="419c6ff727e6d8cd2fa5f3a366db51517b7223a1fa0078520319312d854e8d6af04fbb3347c44b0963ed84ac5aee86d935a2bf8065411693c4095cdb55fb5618d3347745b935847312aebb927e4b03e214846df665ff811633d5cab8b078d929f01f4088401e01fb47655fd12db14d0f96d90f29ac880bcbdd18d78e9a3b1dbb8fcf32854bd00c8d6e25258ab879ed66ab6aa75c8c787e164df614bcf2487f05c528db6cc4c7e95c7114f5b773a6e3ab8b7a959789b2409a2e91e37461217e9e766fe9b12f77e71fb0d15d1ba3528e424fede513325d226f878e2235bd68e10762b026f1164c2c38060063849bd4ef8b4e62c162cb775ec22e1ca56a3caeea0c0255a050640c19b14a811ff96ba783a62bdb71de0fe8296128973a8fce1dbd84e44ab1493d2391db9c905755d7a6560165922f80f5b1f9eb8978a098eaffd04c7f295d8cfac6c33451d39d4115a17afa97d382f0eccb4cf649b02005c5183a6256e5b1ac986a492aadfc18526a4a0276169df011e6233c838ac82ba25fb43fa24ffcb9bb2316aef2ca0107a571f2e8b19927726583dd02d57ff7bc02825dd802ad1c541ccffcd2f045260be6f2ef922ab518e5ba303d0194e3abfec7a31cd2a631501dce082e7fbc4e900bb07466d177fcc63e24303734031bbe2bc04d22fd1ef8ae704081be7295c08c04362d9d268176ebf0831a2a0debbca19756bea76c90f3470af4c84085a2085a3f4b9ecc95ea53806c0cd1e799758d459162524f4ace5ef797c386e596b45a4e9fb94dc9eaf31f038334251fdc4947d22c7db672cc96a9d3ba38f8e0a1ea4cf9d7df276fd6bf3f49c08336d198ee71259d20b2bcc1bb9606cba9d6c5987c9c3d5487e1166ab6d47987acac11bc4d43df299ea1f7b4f2c6d1d037d6322d9f710f758591e68d74440e7d1ffc39aa72fc26dd5ca1c80abbe6106d2b9a085115843a893a4d863fec861a13b91b511205c50fdfbc5ecc198349f5a125d8313948fa427d2c78f12b68804079ca5714fa5dd4261fa5eb912161472e4c89f53dc5a3284049e3393a89a989a00afdb9ffd5bf8bd548f77faca2eca95257b54a03877fffb2580bfda153f70b89df93a709dbb334eccfa06d1d6b0c5a3c329c83b9064946eb6035b4e19199bb430bca21a8551e427c835c222fd14da345f49a805258e349aa57c751a6fd1bf86a3586af56a3cf06f264138d117cd915df9925904f82e26f901f08c73563ec9707e5da92ff26c113d6cc22a49e9a4f0186c3c5cf3eec58de9a350145f7f91a84f652c6e9d01eb61711a7608561320d9da29b78e5c06dfb459967f2fd1bc2a18f68005af7e7ff9ac5a43f4e5388e896d238c7ac23657bc002de62490660422f203a07884914b4c31125e5dde0b8937a6539fc9ce10507c45fdbcc9097d442bb88ba93cf67f812449ae443cb41113c36c6ddbcdaf98bef1ae696bc3be711d757058f0c87f24c986a2bfe79fb27cf4884472858e8c227c529443f9c43063e9567d2986163d4b8bc220871abae57b2ff89482c848c88933d15ab47b2b0f949b0473894c90ec48e3d1584e101156fbd36f162035ffec735f8ab2a453d02df23fccf5982ec6b0c29c4102801f371581203c2e42eca6cbf28b38110b39019ec8f92b95284bbe9e5ac87332b0a18eb73118ea2ed3f2e4aa68aba6ab0eef0cfd05c2172565e26d1497daedf21e3ba1aafbfd758a85a12d61f90649bd81a2b2064bd3ebd105ae473bde0b2bea02b7c0341ba530801f071deba76b425d286ab77c36e2cd789e258f9d68b7703eb3c386d58a29029cbf5e62ed8b80d977e231f915181fec351d996d82b0b91b529c5521a070094204da6b4e5b92b9492aca82af2ec5337c8c5c1f3affcbd84995063e587d4289fdc951e2256a0995be5635155e5e8e05c882a532a3e8b5d53c9ebf43e315d9c355a9a904914124b0d3dc7dcedfeb7c2b5417b42960607a3e92c98f9e6ab204b2f570b8c1e702413720bfc8936a852e9acbf06eff8ec141447f6fd930fb248bddc35ff471f3b3c3d8fd1de82d26992702d870d23c6dea0495ac05d14027ee14c353751ef83b621cc601e7040ec825012ab6e608d35a4d646527772a43dd0bfff0c3f43d320b4b2aa389159d52dc1fb3ad5d8fe53b75baed82dcb3779e631d9f57bca7a255b3db94387bd9d532e36881b441f91cc50dd16d753d33bbd7272193a17d1fb1885ba3da6cc93948c0e597b492fb55a542efdfa6deea6b892850aaa80ce9c01c15ed4b40381e3751cf47d5c17e3289629ee894eb3def5caa61c96f624172265e62d23c97b78395fa72f264334f33ae9a6173c60abb6383b40d814ceff46fd6ad32a592dcdcc2d6c343dedeab5b202f06deff328e1357a7ca8378e5b5273f4ec8a7b817f522af23eaf4409fbf80515cac956e3ca7a5213b3e0984127c9628f8a6c218e1399f585069b17e2a2de1c8fb93e5b90dfe6dd891f64b2449454d48f9c2bf9f5cd89c7622b02be295f51b85ec4febd056039dd649b71c1a0d389ddc2182d9d5ee66943ddba2849b68dfb67d129a0f6a4bb6723a8a0586ddef55f74ec7aa3a3706e7a722bed67ddd62f57f7272cdf8c439af0656cbf10905013ce5231a6cc32e874ae93c02c64094978d758577f5aba345f2c076d20ae894c1fec40af1e7c58c6415c4a5c19e9376e18f5e868fcfcbe592f5b31a2ffb2c23626d75540e19d8cd167f53e62e06633c56705c70bbe5d832616b2661d9151bc11168991472012c3908d83c799ccd18d1f6fb7db9d4716c907dfd31b16e67de1a2a531529fa513dd682fd7b719f0a0df4f03dd0bddd221722931fcc58d7fed46372dd135271bd8ae80a452f1d912560c052d4114da7f95170e0a147fc5f63bb406e63c87b8a6e33af943ef0bbce76ddb53110011eae5df0b3da8412aa0f2bca62a02c232b9c1ac5617711c8693e98cdabdf0a1cdd47aaf4879b6c0f2e4cf2a389cd63c973afb4c933eedd381bf41ecd28b8ae9a751845d27e1c1a179ca3a1296e23ef4a1d27cda987378e7e9a5c14ee41168630cd27c6e5a6e9d952f861a8b5b50a830c7e38181b6fcfffbeec52e0d0c3d80568db0950f9b863e569bf6f56671dd4535a2c9cc1d32372a9896dc3985ce1829f9b228710f9c12436b79913fe868844487da4083753a9282570c7bbe16a324d7996c3c46bd4f3e13e50ff35ac8b5ad4e49da75b1fc7aa0f6fe2a32c2bcda30ecdfd426950acbd762dacd6d8249e56857a0350065fa1797613507be753a44b0ffec515181fcc704749502be9c7fae031c73909b57076d1fd69ec6303b099f49091e52ebf81c3d36fd4fa5a6f79cd06f11c5306aff74a415037e231de68d5397ee8e9b5b38b952f477cb381c31038da61568abbf7e22bc0e4a047f33f284c923dda6c5ca72737f53db9b9089fd2e2dd970dc5086761fdfc8e810c01cedf7628ba89f57f3c30dc551ec6567aed6be5e200cd387337cc8f80f35d217c85bfeafeab49d8d2224875191643205b68ac2d2ee056aa9d1a5c9d5dd6e8ec7927a775780792df0d63d42ce69edb3f90c2e804cc9fc2cda4ddad28eb7345148f05a8d8e1cb3165599d3342390525d1bbb847ecef0ba7e27f438599a585b2973993f0f69551f323e7d172e02f66a7c4bee3b56dceae2528bf6645f64f6db2baff25e7bcfb2e0275163bcca319f1b9c2c461d8241cc1b3f466dc4a79de189ef29b8fc04a2feb0259faf001783af2a824419589b943ad47547413f72b295e383871f8a0c569ea72653919e8a60644f74a571f099aecbe610608677c98bf170612f7a16d8ec1d7a3eb0ca36be999588dbf59046259438c740da533f574bb2256e24a99aa84ae909b3240c91a4a9bab0ae9d52dbf1e1eede566f0afdbcfac9794dd7c6056fd43a51123c2640ff3773729e14e11ed5c800b140107158f43fce65dc78281a3abdcd2089dd6f5d7559cc0ed0483d56cb6ad35256df22b6056c4e28e93a55405297f8ea6da79904d56bdec4d4bab282a893aedcfa73c2f252c1844e77f80904de7bb3844e8ed1b3b49d78dbea1f09bb13281efcbb9d025f376a289e46cfee02f7b32dacef65db788f7effbb565dab01e26cfa9ee62605aa17aee4e43141b9539d4c932725c6c83d0677272be641249f390f731238c2ab990ca9360216a4e17b8fe2b7ea38fc58a3b5ff884015082717e748fee2aba9b03fdbd49c14acf8dc1d9abd82c7639c120c914bc37e5d8b55ac274f6051b472a22e4db3f3be2fe28fd6a415bf95a321e27d7d10d66409d7d5f532484516a199b2451fc8208433ba02d9806170a00833d47f1d452b33cc8a4ee7785acaa0a8bd593856848e9f2698a43c06b51f71df7803a90897d0802e9fc41712409d62943e4d62d9b2da6c8b673429d9290ddbcdd0b104c1bcae384883268951a878e05e9c68a4426cd1ca23da79974930dc345155713783c8bd85b901536dd0e86dacd4e49e3513e8da282ef09cba6b378c2ddd633e33ad0d19612f1f7c1030882ee5b21c2b27a2fd5253dad8a0a06eebf09b639b7e75caabc5d32e5cc263bc5cfdf731a6c0004097897869cd042bb9e5f924825ba9c7c28afe1f58c55178b2d592f80ea4db85bf272f46057d156203c6f787a545112d8eb2026863a1d2298570fccff52a99ab086e80389484edade250c383c76ccf71dfb551fb79c301286eb829b07a5c732ccbd06b9a587625f73161637dc4b44ffee110353c3c7873961ef59376e0ea76c0a4d1111d58f5a433ec4d92af9fba7f4d9a4d2578816d850af1dada4eec3e29a5438f218bb1709e61471ec801bdcefadefd0e7aa113613144021d823214730c76a3d1f0a6bf0f42a605c9d2da546ee873a0f1acafe2e172444e191486a19f5690f5325b915939245a8be40c7d7484d0e0c51ad83d72e494b3c98ce7ab3866fab6e0f2490ba21d5fba16e909ed5c0d1f4f7e3f52dfd514cfe798b384df4b8806c076a76e30601118efc445fcb8bed7e2e2fce65215882a1c4e7276d82f4950de1dd6c5b4190d451c620c3d5a34cb4ece4eab91af9640bb9bd4f5e1336f2c78abab457bc9fdf455e19ce6f1808c4c8d6805788f4ec825ad224c4792b218f067e39db1d5cf651fcc4f17abdd8a3797c367f3d07a361bf52debd67c3164334852ff9e15bbd159338447066b627ae282c1be46eb6fc2ee15005716bb11bf70bf170651638baea03ab79d38fa218e62aa181c140e74511f46842754e6a22b6619a1d1c1267b5e3817160b4c6d5bf5e25752a4174ca46aa31580c3750203c56b1add29124c96e5fc18ec7bdde4a5c13800aa9d7e7e9d78030cf58a30a28496ded1fb423238596781cf71cf3b1f24e061438abcb3ce90089e50dc214978f32bafd4eafe84df4f392cee28ca8b3962113ccbc8c6a9c89c99e376cfa8d8bf0a348cdb8b4e0fe53409186445e754b9ef05b5cad63f6e35449a22c246cd937178e98e302813272ca7d654453a1025133e19585e0195724fb43d3306f2f5d487a7ad8062306e706250b3ca9fe2dbcd2740b42ba018c3de5466b74a1c34adb5bf9413f53ff5ed891756091b643af889771f8f84250f16e86298c8ea19ad4dbc2d8e976f4c20d8c0e51f92a914eab813a27952cb2099ee6b0e4cf4e0a69d21fd2647a9e12080f7e8a76e2f1c14b3e20a94ca05823915bb2621c738f85e49317efa67d7d5ac0c21414f6f4438124e9b"}) r10 = accept$inet6(r7, &(0x7f0000001440)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000001480)=0x1c) dup2(0xffffffffffffffff, r10) r11 = syz_open_dev$hidraw(&(0x7f00000014c0), 0x3ff, 0x240100) fstat(r11, &(0x7f0000001500)) sendmsg$NL80211_CMD_DISASSOCIATE(r8, &(0x7f0000001780)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001740)={&(0x7f0000001600)={0x118, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x58}}}}, [@NL80211_ATTR_IE={0xab, 0x2a, [@random={0x3f, 0xa5, "4bc3095a1e64aca0fdd194a63f216082a7fb6519651e2ec88787401b2a377fec09acc8be31fee8b668c5f999b7c52f32b414a93b1c3a87d7ffc1354406ad9a1d20370327e0a52765eda38d5fa12a2ba2dfc7e2576a5c451d6cc99d1c533bc59a40671eb2cf6773b0fc822b9f88c982eec9202fb5a18e8abc39a3823125dc798c1d7b955e831d1f616d8e24784a1602d3a4b2675550ce37e39aea39b0f2f08c7c5db7165b84"}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x6}, @NL80211_ATTR_IE={0x2d, 0x2a, [@link_id={0x65, 0x12, {@initial, @device_b}}, @chsw_timing={0x68, 0x4, {0x0, 0x57}}, @gcr_ga={0xbd, 0x6, @device_b}, @ssid={0x0, 0x5, @random="dbfa846547"}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x4040880}, 0x80) 19:52:34 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000480000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:34 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000480000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:34 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="7a1dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:34 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:34 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0xa, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 1789.413418] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.413418] program syz-executor.0 not setting count and/or reply_len properly [ 1789.432680] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.432680] program syz-executor.7 not setting count and/or reply_len properly [ 1789.448168] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.448168] program syz-executor.6 not setting count and/or reply_len properly [ 1789.452362] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.452362] program syz-executor.0 not setting count and/or reply_len properly [ 1789.465476] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.465476] program syz-executor.6 not setting count and/or reply_len properly [ 1789.469936] FAT-fs (loop3): bogus number of FAT structure [ 1789.470817] FAT-fs (loop3): Can't find a valid FAT filesystem 19:52:34 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000004c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:34 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:34 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000004c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1789.601860] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.601860] program syz-executor.6 not setting count and/or reply_len properly 19:52:34 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:34 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000007a0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1789.656369] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.656369] program syz-executor.4 not setting count and/or reply_len properly [ 1789.663942] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.663942] program syz-executor.6 not setting count and/or reply_len properly [ 1789.765166] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1789.765166] program syz-executor.0 not setting count and/or reply_len properly 19:52:34 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @val={0x3a, [0x33, 0x2c]}}}}]}) 19:52:34 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x1, 0x401, 0x0, 0x0, {0x3, 0x0, 0x2}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4048888) 19:52:34 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000680000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1789.866140] tmpfs: Bad value for 'mpol' [ 1789.883129] tmpfs: Bad value for 'mpol' [ 1789.896071] kauditd_printk_skb: 2 callbacks suppressed [ 1789.896092] audit: type=1326 audit(1718135554.721:2187): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34766 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1789.907432] audit: type=1326 audit(1718135554.733:2188): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34766 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1789.914717] audit: type=1326 audit(1718135554.741:2189): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34766 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1789.919659] audit: type=1326 audit(1718135554.741:2190): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34766 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1789.922930] audit: type=1326 audit(1718135554.745:2191): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34766 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1790.081831] audit: type=1326 audit(1718135554.908:2192): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34766 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1790.087974] audit: type=1326 audit(1718135554.914:2193): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34766 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:52:35 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="00b3abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:35 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000680000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:35 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03fffffff50000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:35 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:35 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000006c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:35 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x430, 0xf, 0x6, 0x101, 0x70bd29, 0x25dfdbfd, {0xa}, [@typed={0x3e, 0xb, 0x0, 0x0, @binary="069a5b38419bf803bce7f48846e6c34b2176ef39c37958fb7b27b618a76e31bf8ce730de66276d38fe90b8dcbffef2e229219d6dabf4695f8cc9"}, @nested={0x146, 0x73, 0x0, 0x1, [@typed={0x8, 0x37, 0x0, 0x0, @u32=0x3}, @generic="3b280f80e2df6ddd60a6e1a91139966deafc22a362946df05739d232f56db248c3797f523ea730d28320b1eca7da5d3ac52f919911e983ec5136dd4eeebef45a85f444c60c13028d4b8a29cd405ddddf972d182a8e9434c82afa321a048916270bdd7dc729aa193a6bd987251abf9192941c1b3518d573b2f7d301bb59bd24f4f1ffaf9d39510766daf334fd9cc71d706e346715bd6325f1aa949fdde9fe2e373d196b9d685cd69e893f09e7c45f8cbc4251646079ba6123f74c5953261141385cac55f78b1ca6b5b150", @generic="218b6dfe4f3fff281ea2caad6928ce58676eb293c4d338b597e4d577814800828572689e592ce950ad0e6641cdc6043c755004b49a7e99a4ed7ebeaf840da8cb0cc50fd509b2400333ebe8eb6f7d0c730dec9a23445e34bc1870434ea59a577f6554a9d81dd5348b1694c7afce5777e5"]}, @generic="bf719509915c4e1867e1de5d066fb88946a30f8adbe0bfda85e76b6433a6c345bf191dc27c7d6fd5c169e8a6995cbafedf72347ab5e3f2a8a855f3f0ba2cda99865a58ee113adfa31a5753cc44ff6e909b559b38d58d52536e1511f312b8d6a77feeb4e575dc9b07a1f742307bccc835c6fb590c5a61c627e5a7c060bcefb6e6fdd75c07d6f9b6c357c1ce8627b100fcdffc0d20d4dac075ba460f3c16aaae3c51d12ad0d2b0138039fe203e3d815421f31c8f974bced01cd3a2bd5750586fd2ee728bb4a8c27a0f61fd3f3137f83ce0645df00ff4aee8478600c787edc5", @generic="72c2bfd318cad5a57aab0b7d53ff035d269e4292e1bb508fc0dff21d2ad1e563", @typed={0xc, 0x1c, 0x0, 0x0, @u64=0x7}, @typed={0x4, 0x79}, @generic="c269ebbf7ed84e2fc967a854860d1ab650a2cb2e1b306913dc0d3c87a306fed695de4f82b22db6eabd73aa70de443f48182e91d84cae513843359daf5828835fb62093ccf2f18a40d0013614227d0f6f0eb50c2a0d693b58498f5e7114937733e8ec42a43952f5d90aebfed24a0efea9fa721d14e5c27727619d36300374fac80f", @nested={0x103, 0x51, 0x0, 0x1, [@generic="f71b7a6650f169382c577c57ecf18a50f32d218ad7b7e1322e7a99a1bccf4ca8d4aeacf51cce36723e788de34d346c8104a5c14490acb8a88c34853d05ecd93f148c6d3d41992e0ce85d9f412738b9f50b74b9132abcd3143348917656ba35113ff2f34956d9eef564b48a341ee901884bbce9ce9a2f8bb435847ea2e1c03d9e11fad85affcedcf8ab18fb938efd23c0c5ca5bbf51a7213082c50887e91198531b6ab6cd2e0dc369907ac04ac87de440796fa18e60", @typed={0x8, 0x8d, 0x0, 0x0, @u32=0x1}, @generic="974e85901a53d79efb7f45d01ef4d1a7c6f656290293ecca776adc91413595f37fcf72904657", @typed={0x14, 0x59, 0x0, 0x0, @ipv6=@mcast1}, @typed={0x8, 0x94, 0x0, 0x0, @fd=r0}]}]}, 0x430}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) wait4(r4, 0x0, 0x8, 0x0) [ 1790.322608] audit: type=1326 audit(1718135555.149:2194): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34886 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1790.325688] audit: type=1326 audit(1718135555.149:2195): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34886 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1790.330287] audit: type=1326 audit(1718135555.152:2196): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=34886 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:52:35 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:35 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffffefff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000006c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x0) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:49 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:52:49 executing program 5: openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000fffffdfd010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e28348dfec8f7c8962dd4f41257f44d000000000008000000000000000000000000000000000000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017d7a6258ba56c75d1e95a5538c93e59db033c4af0e0faf85460245a626153664a6036f9dfa290eee9866bd122047a2328b14ce99a3cf312c3679b8daf9f3ddb73219a2abcecc0c21721e09464a8fab2d8d7f83602446cc4ee20f0d4a08af4c2a824abad4b6287f527fb71d6eb2a3c1e6cdc4c7d3e8f27dae31b266a015ef2b703167371c39e0d037ba99771db10f99848aada7eb9eea6f0e3672841c4520ff3e7b2b028d369847c9796b9bcc986155120b5239382c5ef13a87cb397c5caf521db9131"]) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2c, 0x15, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x4}, @typed={0x14, 0x3, 0x0, 0x0, @ipv6=@loopback}]}, 0x2c}}, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r3) r4 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x6, 0x7}, 0x46230, 0xffffffffffffffff, 0x0, 0x4, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) flock(r4, 0x6) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000240)=0x67bb, 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000100)={0x101, 0x0, 0x0, 'queue0\x00'}) fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) sendfile(0xffffffffffffffff, r2, 0x0, 0x8) unshare(0x48020200) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYRESOCT, @ANYRESHEX, @ANYRES16], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x20004040) ioctl$F2FS_IOC_RESIZE_FS(r4, 0x4008f510, &(0x7f0000000300)=0x3ff) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x0) 19:52:49 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000740000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffefffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0ad2775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b2851b2ee4a4c78b171ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001280), 0x111000, 0x0) [ 1804.494389] sg_write: 10 callbacks suppressed [ 1804.494408] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.494408] program syz-executor.4 not setting count and/or reply_len properly [ 1804.500820] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.500820] program syz-executor.6 not setting count and/or reply_len properly [ 1804.504408] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.504408] program syz-executor.0 not setting count and/or reply_len properly [ 1804.511743] kauditd_printk_skb: 3 callbacks suppressed [ 1804.512636] audit: type=1326 audit(1718135569.338:2200): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35006 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1804.519530] audit: type=1326 audit(1718135569.339:2201): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35006 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 sendmsg$unix(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="f8662a8e", 0x4}, {&(0x7f00000000c0)="79a1d87f81ba4bf3c7e4a3df347956be030fe63d81be7b974e4a26dff3621b55488d56428930fd5e916b83a00049442d", 0x30}, {&(0x7f0000000280)="b46e59b7d62e269badc7158347f2973f6ad2162130523b224a6b530232005ee512a32fa4488704286cfb96eb24c10357ab170fe0680123a0efda6c4c42230597fa8a7fae21743f2a1a0fa7634be27ac4fc294d08ef8418ce819c442eafea9a25b6cbac25fa86d67f5561b52de5a161f1554b2110fe3a253bbaa20393b0a69aeaa10c492c13f4624bde3d431d00249c00a4600cdeec151f3263051b55ad4cfaeb38b86daf4ac514ffb7088328a6d42baadc07cb7a1cf615a4016dd4ea240277d48178d4f46198f488c4743b868df1b6ae53a2d5d58775c7708d8c2b165c34ed9ba18f3ecccd57478feef2f8720cb51f894d8e7227b4c4a6c67ecbe5ed6b4876aee01a41112f8d0b05245ccf95ed017071ddd03c8f2a14a7b47ffafc81044b975884fb7ecec9bd87c15f4f582c41468dcc23543c5eb031e5a46993334fe02f35bc6bd5d3e2f49b49b4174594a25d8115f9e151636da38529ca5f38f9a9ec969e63939759d9bd24099670635c81cdc1e4737fb599881ea69ed212e35ed8eeaa6bbcb1a6f2434181ff2ec2a4b49ce7cc1150b7cf1a0d95a36e2296a7ba285d7a933d8e05e01b4e22683c3c258ef402e780032e72f475ad7becac4d3d999e7b7d73272921d7ea6fed9edc9b5797d77e10cdee3e5d091629f78c7358370581dd4e4eff8da0b79e46689f885645891fe8c50cefe9bc0d12ef42ce7e10e084ab20a721189fbc805bd31d6cca0b0a7fd2d0c796069693d7a0b3c2787554ac17763e9dac18d49544cc94227bd1425f262dfba52417da3e467195ae6067f6d9a6162f502dca4de1cfd3adfb58c497ccae88986d8578469bd23274601ee9b5618ac2632369ca683a083a9cca21d79275bc409b83d60935a9b9892cf9475402c3658e812ca7f716af5ae20f22cf0acda9cf8299f10117d4c0865b446422ee082ff0f6c0ed640cdb367e3b82d5ce89323d0a050ad73e9066dc0ecfa066f0ead980533edf9d0c36ceda97effc84fb410d036a7e40dd6fc8724b32d6249528597f9feb487d18fa6efb88891c0b8c436ab09b5406a5794ff360997ea4b4659b028d729b376ce2b045a7566c58d80342868794082a804c52fe1f6a379c52e9c26d38dff5a3d4489b177e6b873938a74b3de99032a467f54cffbba96bcb415b93085d6e768361e941c5a7190a14c8dc3d4e59ee4bb3cb4fd97b58c009839853c2d68f7db919d10e1c669287ac02bf7f65434684f777c4d494479ba5c9334e437ea1d18ff6c08c33dc5b04b4788346b3bba7a35aefa6d50ef8ca4b520d0a14f4c6389e01f9b0b1cfad6deca8a37bf68d1939349dd24e77d5e7455d3ea422c1aca02ec22ce7f79ca93bd127c0b6cbf4aafd614d360121ffc3108bec6863b6959b570e256cdb5929ac99206e648e735724c4ebfd333bd3148e68b23e15951fc079afd9116bc4b18039b7def840b5ccc61da2d7281c669e1eece5dfb79bcc1ad3c4af90c3213284a8f3737c1ff654a68af1c65dc5cfb673b4a237da758782b131c41ba374ee1210f2b5f5d9a07248b134e1e4ea4ee78d5e486ed82a82b42bfa57975b4e2fde9a6c5aed677937d81cdda1041ecde00e508ae16715b3f96a2860c437f4baef5dfb351570ec69dcdf715e55ca15c100f8bcf166b04bb6994a250d31a71bb1804a701ff702d946ab1b26ba066cb95e054c8a911e3747f408bfda18dc1577ce9bbe603671e1a04f7f657840ece38332a37e6c827b72b2717be149e2c43cfeff24b2c5834da6bb273b464b72d964a624b7f5ee754a2bc36ee1f5c0d3d77912cd1aee29fbc0789b44e8bd5117f48e03e2171c71ce89bfca1eba06105533b7077b587c5a453b2b23b4ba4f8ac99ece06bd932e9f726117bce5c751cc793cb24a45fcb117348caf103262fea48d3d742ecc3fc8f4b88941a855731e16fd17cfe4715ce91ef940f9b38081ee0c03fe991ee3e238091ab8adeb86e36e756fc6637256add5b225d27c7f931f80a360081074de4b2101622b6170a71248abb3b9e9d2722f777b1ddaa776f2cfa45feeea6ff6759fccfd3b6fd07e3107b49fbe0ec84248dcbe665ba03a9dd97bb5c199974158be539236240a06283bf54998c7846b8454c1993ef8b657cdb725f36490967fe3a25a14599a914670067a48515f67a09d4426b0a5a044f898b0168571b661f1b3466aed3ca1d1a8bef8828cdf13c394bdc50efe130d78c591f1de71d20400301855b15a9d5a094cb60f1d1d062064f5dc2c296f87c91efb372b4a56c5249d009e487838842cc2f5614f48f71d6407ed4e4037037a75f1411fa19628ebdc1ab9a70c8ec3883ce626d86b1c4e08e0c7ae2ae20414bdb10e2c290a7d3815ff608dc03825634966c70957f41aa132d52523b4e9cd5d31f418203a10195bf9df959dd32159bcd5c38cb3d2f8a7fb9fb68646bd255339385828d649b50a249140c32c9623572c4947c3b5ee9644a31586d18cfc471b4ec84b95f76f051a67a7ee92992c854c7e8ba4a9010e67024b019537b13064ecca34509d6a8d1c22a00357cb20ffa291b042c3d88beca06ff09d4dcbd8bf4e05cb23ae8272f73d5efbcdccf646c760437b818e802b360cd328539640fe303d0777ddeb00c574f1556890df840a1a942118e4d1f4e26a19210b299d9eb0cdb836a23445a55d39490c990f12f30acf665ca9d20334bb5fdaa8a67e1e932235ff88e809c36809db93baa717a7aecd6bbe10a4871fc9ca12f05c4ab152b2abd2bdea3d97d516d73cb9f3bf2e704a54f0f3b1c215bb36c175ad2f305811af790f2f0b78b616bd3f3354e7b3fe9d4fa4299f5e5c54f105145d2d24809358a4368343f80a511cc443480d17e8041d96466b47681db1f3ac069e824dc61b61d8640b5bfcc79c654c1ff4de0c6139ec042e26d030ea06a3211b9c94d1c25e11200e69db61f70ce2fe75656855308a358f239612e13bf02db4abaded87f7c351377b9b89fa827438e54ee25c0037b8ea1624a08a5161116f3171ccee3aa6c8f87f224f4145c6b829ca8c92809e92c18a8e51f738a6734306ed6356bcd6ecadd2a6b0cfde646fb74bc8c6ad3d4c7aaa7e4fac77e75a264212101f19f8b0c0c77c9d8bf9942d976da61b01f65d46216e4f5250f44bf66f6a5aca772784b11123355d989428f72b3706fc56630cd61a0c73ca57869df293b59d3c96ab4fa2ef94c64b79872eb41b0e621d2e1fdb663a7ff4e5646fa9a6427118261b3863ae49bd29414a2f38a49a12c913e717b8dd47a6b0ffab866518d18b28191e179bd9ab17bf32c2537a0a69422f796bd1a7b86303223eb631c108aa3ed098ec0ca90c6bb65bc18b6ab260a987862523b0c8542fe655ea6400e80785261d39f4b6e4a701cdf09c47888c5585b1afd9be8dee8e3dfe94197fc4e0f1878a91b5b62d01713be08d634da0fc03c921c578e5a0b4b8a3b8a3196d111359e6fd3776ffd28065a011eb7c80e97f5e371143d885116e6140a04c87b71f1bad12696288851a176870be0cff20092aed2bb40fb803c1341ec02316402dfef0d1ca2f6cc25b310bb25439a09500570e86fc571da6182965f7ba974293b63897d23b3ad72d301f7b25178c329fb82259e63e1887f062d42b22ddba077d313ee0faba55488b899546e8365855290edb91ddcfe848684c72ff4fd84966645c61b1d75e5a4743d798f5274cbba758c1f92acb59c70213e1fa239210894da12dd2d3d0119c348cc3a6fe8e6f90bebaf6c0fcafa3eb733d2dd2c245e0edd11ec318b9765c28d2ca75525fb0ed4f1ea2835a25d7fe6a89061a1e8332fc706fb0fa5f8138f4f7d57126d228ab7bf5f01eb5f60b95ce1ee386595bd3b71e8a270f1c0b3be070a643b5a4734b152a39206ed6f964e1663b34ef1a06b8aa2afb4c5ef658af9d3031a2720ec09720cb93cac7100b63608815f83270997d855dd2884c0de7b135c90f673cbf11d926be3634ce8d4b652f3fe255d9238d669d9367de82930319c85098e3fe18e7853d4613179f1259350c32c1529fee966c61f5a923adafacce24926c25de139c15eee39e94e0ec8a15cde5c1787662b2fe30a740a10cc76aa06c3c72ed1e4b44a86d4f3aca97d065776ee2dbb01ba47c8345351f8f6a415cd9ce3bcc049255c9ac6e5ca02094723d2222b98ba23d9b1d0bc2b3108ed4d44462d016ce027512c42aefe85732fb1bacc02bbf7a1cf921ef275791d1df541f9dfe91bcec58d83c3d02d4840f266f97a960c0911f80014392028913be529f32b7eaeb6cf7f0ea1c1c78f48ab75e9afef25c79bff6aa8813c2783bd86fad38d92365495ec08cf705f0ff1d97484f08368c45e9470de7ed4d2e721ac60bbeeceda8f87799a16adbf33bf6d65c9f66fe8cbef0447d6051e7bf4c0646615d53449e022b003b9e83aed0fa48c09a953f2304be33ca7bb0133d087993d08525314b19845c5107bdeea895ded716bcd9e0592e2151de85c36350f27767852756b7fcd5b16031c42b673ab1eb65ba9e8b499e45d23aa8b684345104541884b8c3057cf52414817d01ce7ad69144587e5b684fcefe10bc9719e2e36f36563b7836f95fcdef7cd1c8f307e0a01f7e96e74f8cd6151b4da17d2f2986abff83e3c2562ee9875120bce964e9f654a243f0d93161d5f9588ee956f5fd0b09a04e7465fa6858fa802b50709567d05a3b6ef430c98e622fe4b933674246e553d8a81da7be576c13716cb5908ac28b6098449d53e77994e5528a5eb3cd9085e1ace520d1a9fe5d573c5c21761fd260a7576dd2d92b2563500163b31633d1f3474d7fa69322e24c0bb5f4fdd9e3ecd34ee29f5206baf3bf977eb39c335d961236fb7b6a7e9b5c745d48e9a27768c27b3778b5ae983ff6ca550bbd93f216ca55d01d4c5a63c238f94b14f7cd14db6347ee1a42fb224da4f1070bf1f943f577312cd5c1ec981f6730ba6e6b4d2e85372e2818a3a67542cdc9c5455d5fad780fab5d2365b3b677b9ce32eeea896d81c17e4f576edf84e3eaa127aa73da488ca285136064f7006706351a5c29a5b8586b0fd0348f36cc97f58304baaceacb8d8e89bf8193ffc5101eadff2d76751fc01a822356ad2d2dce2eef167432fed5108b051d6222575ba686ac4bd03df755a3b8ada159a070d72f43fd50b3b51c1820a8e6231f9245418664fe87b64bc174a32bd6e4466a16eee22b18d8519f3b0ac1d03901c1fc665dc4a6e16890f64d3e9e38894d2dd1d80ae49ae9334e8c6602c94f82c83ebe160bec8495cc810cf93176c49a4f19dee6f0a3e63cb77ede737d28196bc081eac8215499bd75645df9b7319e0c0f04ec7ec6797996510b4df01192d52aa6909ecbfc2d3ea37b2677218b14b3c196c2dd043eff15ffa06d96a00da2d3c6d267dc26a38960e0c53b2cf0db1606781758b8e25268b6d4342a18c1be9a3cda46276f076cc5f7c373818c74ded26e2ea93d187a4f52e633c94dcff3a44946c582a63970835bb8b64037311b62be07e0a76153fb89bd7b8005dab993ec53aec24defce056a40883d7d7b0426b180f003229113c20fd0e893e340e9b303ba887eae8c6412d5464e3f8945072fc5cd4c31d2455e504dd7598b33f2efa91bcf231936334ea3810842f125906f0286d429f6d9351097423050d4963034222d026a0ce7cfbf7109d3eff1f2ac7cb85669fb684d60d4f1831513303c290091564d43d5088b6f6a1922edd7de3aadc559d30e0da35b3e360af3f794af39b96a37556a83dee21d41c676f86013983aab7c71eac1e01562fe73487b67ebb7356fe65248334dd944", 0x1000}], 0x3, &(0x7f00000012c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32=r1, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="62503eaa50000000001400000000000000d9c8cd", @ANYRES32, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32=r3], 0xa8, 0x24000001}, 0x4040) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r4 = fork() kcmp(r4, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x10, r4) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r5) r6 = fork() ptrace(0x10, r6) r7 = fork() tkill(r7, 0x3f) wait4(r7, 0x0, 0x8, 0x0) 19:52:49 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="00b3abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1804.533093] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.533093] program syz-executor.6 not setting count and/or reply_len properly [ 1804.535649] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.535649] program syz-executor.0 not setting count and/or reply_len properly [ 1804.540556] audit: type=1326 audit(1718135569.343:2202): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35006 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1804.546200] audit: type=1326 audit(1718135569.344:2203): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35006 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1804.576343] FAT-fs (loop3): bogus number of FAT structure [ 1804.577228] FAT-fs (loop3): Can't find a valid FAT filesystem 19:52:49 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03f5ffffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000007a0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000740000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1804.717736] audit: type=1326 audit(1718135569.543:2204): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35006 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1804.721313] audit: type=1326 audit(1718135569.547:2205): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35006 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:52:49 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001db3e0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1804.838674] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.838674] program syz-executor.0 not setting count and/or reply_len properly [ 1804.882204] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.882204] program syz-executor.6 not setting count and/or reply_len properly 19:52:49 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000000000000b32428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = syz_open_dev$loop(&(0x7f0000000080), 0x7, 0x81) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r5, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001940), 0x400040, 0x0) r7 = dup(r4) [ 1804.901114] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; sendmsg$netlink(0xffffffffffffffff, &(0x7f0000004d80)={&(0x7f0000000140)=@kern={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000004d40)=[{&(0x7f0000000280)={0x1214, 0x3c, 0x100, 0x70bd26, 0x25dfdbff, "", [@typed={0x8, 0x60, 0x0, 0x0, @fd}, @typed={0xc, 0x89, 0x0, 0x0, @u64=0xe2}, @generic="74ffb8ec6afd0ca5797b20f22aac096a6fbb1b2af41fa1fd99d4e6bd086bcdc316971055dcc777ff87afaf9e6459ba3f6d18a06b7c6342d44b3d977e8fbf17bfbc2c2527514c75bb0a82d43f6d3a675a8f671f2d40793dc2fbd33acf1817be22db8d37b093a679b1fe973a57f8c28081aaf4efeffc71e9444e9e1094723a4c0568b37d78f37a442e24cde194a153b1fcc9645d259e3a87acb7759270a6353b8ab0743993550690d5e4065c0ae141b7bddd711435c6b6e0c475b5afb478819c7add128571cb0f17cf804d463682fa213c9e7e54efbaa9402953188265d738c57ed16b98b7837143ad354834fc78535897c7570b27cf2171942b6485811e6688261279f2c4f3a3831ac095dc5c060178d5a57e70db9b5eadf57e8c3ac46dfaa3966cb721a44e6bdd57c51692c8202f03692f26fc19aaf8dd445d477cc11426dd3d0f289e2b01567c34a1117ca9e3629242ce2681637f4fc15fd0eed2e0e750b77e3f9f44411a13884c167550d816029f091e3504616982086622d433156881b5a88d6d12b43f0fa8a0a60b27c83c0a1dbaa02c97cf09173e19421996918f88f63617f84801ec2952e740d467df6e0a1c3636af3b1511ff2a74383445075b5fdaddab1d36438cb6378603d3b301f170aa535aabb19d063eaa1a456599fb059df303743e2a209ed192665bfa0d2d88916d5c5af115aa9651d441fe7058834b9fcfcdf1ff7e9a3cbc7e15fe3ac7390c886a5e3846db4fbb902af1d6122fc32eda56a3ce7214db4d5984ea0e879aab0060e371471a200126c75cabb6cb6bb33c463802cc8b4ddb6503c7f25e587d5317ff279756623e0e4c2ca1bd74b0bbfb2e9f6707428713eb608cf53adbf0e0fd8df1ba263a5bca3861bb102221fc325843e3c6b6a02e8ae128e0818f16d273976f22c123c02ed98f1882e3f3de3d89b78853cad9e6c553e91c7ed2489b165903cbf7e3859d3626887a29eb4dba7aa380f72c2df7c36d5fcebc8ab0280c728b3dc9dce084d19a0c32b476fb86241367263b3d761206d724a5174b6ccee726f93a4fb699bd68d163c95b267d4adbee6bb362c41b1ed193846ab12627b8485b7b39c5025cac3f063445501c80f3caaeee40baa9034870beb7a75ed360ab3f1c49b2be4f17f5212262cf858e82d70391ec72e4c6deb5dce0d1a373697591f3ebc8e30795deff59d8b21dfcd698f257e4da9bb99f263910482632b2cf466253500cc1fca7740c86b262ae490d8273c715b44ef7308726de5bff19a43f12d638b3c55387464cf5dc9c4735d90624ded7929387bd4d60d04c5f59dae594b684055ae66c191a9698006729d339dedea2366ef6415382762325e178409b037601c20b53ba8396354b2dc8cfc850c4f1d3fd4088f4bf7f846ef2e44e4b415d16a1914cdca33058f8173f9ea72dbc5664aee87db889c345ecb0b5b1d250f2ad0dbe1e43ced9be7ffa51cd0ca99569db9b5fec8d62d6989fe007c9754ac1fb88a383c67eafdfb165fc5df3215bbee608eda610d9184e50b1538b334c4301a017f4ded210be7403522338a6f18b68f547aa73024c6f1383d662cffed772eeda7aeb972d1e1de72324fd5e7fec98e2c3ddc11c7583133b9c534a437f9b8eaf08cef891fa62c1b5aedba1cf40fe5d26e001eac9a2a3670299bf4919812a77ad39a1f8833754e6aa87e5e4b6328b6da50687522b34c056150c8021d81f1353895f2e19b993176b83320ea9b07ef01adafcac2597fef563979d494dd579b7a9f7a9d25407a570d7f81780a3449ccc7366ce2450f5df1a0464f6fb32dedc9287c3ab8f9f00c442818380a7cb8ae7dc394c7adefac839c1c3c506eb76bdbf2cda65201a04a7d278ca2cb27924b2a2d6a8ff37f60ec8972ea4eb1d2778033517c7730952d7d4cc0a146704e96ebb5d97159e271e61d0cc3dc421391f70f4cc2a5c3c8e1dfff2ce7d853416e083a2d5331cc30b5a6eb6451c5ed890276c6e1d3793f7b523880139be35d18ab4496b66e16a133d8aa5fb22e7d5a57c8d907db012a2d0905693deb46a876e9777bea3f233487384d293506712efa04aad1ef4ff59be20744de9a57b418253bc808da88a82c19d97e2a2e1ce486663b3ba35870c7e0abf190f835e4bc448ebdeea3f2972c1ec83fdcdb12b9a39f895457750efa3f6a659fb84a9554fc6871e7f8d9432450565c0a28a31d66ebb83d506f6caf06c601dd550f0e0bdd38d7b475c3c36a3868ef52a2a11ee02e75b6c8aab37e71696f021e95c4e98a01573d1d544153eb7a1dc4584ca6e01c0528494d7adf19a246c2fe7084b34dd7f149a1682a033713d0076bfc5182a7dec8031541ed3f6e84d171ff4184cafde3535f5fb0f3d8c84609079f67900a3c999da510d8583dd407db8a9e20a2b3269770be05cd9f79fc6376f3b7b98183bc9952b247d0b44fa46bd7a652222ee7069c06e85f913c4480c9ee0973c81fd356a5f288f7c1fa706c40d431931c96b8f739d438ffe143f558a76866aa5ebc004d82502b2c6e1aa2703c054e96e2624f651e87f80e47f7b2a2e837b119bade14dafdd16a5db939fa165b446998fc5efbb43c5edda3fb6e4b0a749e1863b19827688dfb336241990a911b05b30869efd7e199372bf53830b4f7c84e30957f00eac4378bb19d8c8d176f41b4929a0f113696ec602d408157f787b8200a67c61e646fc1641d85f1c6e17f1316adbdbe0e01cd150644b5d0797f8a88a23bf1e2b0f5a777663dae01937b690ba7857edffccd87896a4eeb8116ff1999d14cd480a298c0235b4cf0295f868939261cb7709b5172e9813b05894ebc89c1cf097282e7d5c26afddcd5d893a31b629d6748ff1a58636a31d5e6107d4f0722befad2c6e54108b958418357aa2cfd23a88293a354153e38d9089215e5969caf6f49c5df2f8b847b8fb6f212e2c9a1e2edd393210fbcbf22b1f99f998142c49f036073627a7929c120e533ef3711937b3c8eb45542806d4d3a3fb220204d0d3837148b4846caeaab4cd6b5599fb5b3e207a8a635274b702933e4237575565a93a21afea427b453fdd8286aa0f0c4969e7e31d7ccc52c703d0a3bd1fbb59a4bb77c05f0605f1ce1fb8abd1d5093f7f0f3e7b45a97a79a8fa8ce934af242f766d3197bddbb76ece98cb1b38c666030a1606ccfcd5933e060c17d0cb51a2c86aa6940821918f343303aec968ce2c8ad315b43be5b074dd5b915ca4d8dd9b16bf9146a2ccee8f956f2011f52ae4e4e5146d2ad5d2b857a0be889676e0f12d1a6807427603c153710ae90eb10e9566589f26455b17bf4b626179b53df483e5763838ffc619ba3046662a1bbb9cb8a09fd9398c0967d1a1b71b2fe0a10c687d48fc8fbe1e6dd60659002cd6866addcc2a0891276de06ed87bbd972a35b1ead0c32adfb932163844a0249519391ad5d6f8ba19efd3b075dafebe0a2db8c23c8ebfb3924a6e1e37ff42daa6b607c8d7b0656a5517a846fd03840b629277ff54e059bb03f248d335b827bd20b5a6c2fc809b2392b75b37aeef20dc959b9f244e45de7e8d16ad495ebcd93b1c4eef30e8c0bab99b106fe40171ac058368f927706525325e38735a11c0cf55d1f43685f21551a6790a9e8fccbb670d06c5ffae3c53d67eb182f81ddce1e4a3f43d657875ea95aefa680eed0d776a9fa3fdbf0aa2802ef5bb17dd83453ca8891156839b7dbd172c620f74550b60b77d0947791ca38d901204283936d626b242b0b4f8d7870a4d1b3718e758a3175a3c8ebc60a7c83636f5fe86c4cad36691c276929956df166ae258bdf36426330f9350b4b332b2ea0341ab50f709d71c6c9ad11981f7b5aea8f7675b35b4735f0517ae4ab229cbdb8038eec75f5ccb6ab12ebf2ffdcd994f3c98db7e7cac26aa6f2a505ff8de1952e6455db367467a2a3460ba18214a345a8e476671342916b083dd0bc00b0eec416475315b7075e9f340cbbe2e39ce31afe53471da7d1dd58b68cae2bb29e6aa228cbed810c77a473a8900d821fdc5143f5eed857e7ecdb11be7f1bac408b71a3e543b4303899f7d41aa6e4d6d668d372c5443a9f7fc8ef823973ae5b62f6136947da87305db62e4a0cfd78efe725d0188a1fe3cd9fbf18e76e43ad82694ea04a272545ead1ca9ab1422444b40cbf50d21d65c3a599d831636c80a78b4861c3b564fa3e21ed7ad956d9939ae0b506cd252c33dcdb5b7c9aa8e379b7a7326ea75feaa37b585c80bbbcd6031ee34b48ff5f5e312605ca7ce3446274958f4e0e79d5d7a1c520d95b4f0c6ce04448979ceb5120d00353064dc2079e93f8d73da5ed8f40d2191d4906b28598a29931289e3be52acb98cd9a26e796efea25d352e8eaf8a6ae827baadb3d5fd488980897d266646451e763448766967171f9b78464c0bf2beeb0332c8dc8a8a56043fa9f5f177d4f8f04cb2e88b112a472ed64795d6f35d5fb37c1c520d4ec779692f1c3b2276873bf7b21194a81d4caed59c8eadaeb1d807538035f7d7d2721ad8783e9e0ad599506dbd6c9a2a2016b4c5420a4b6d763c16927418dde3bfbfc0da61fc4f04da5383b1b25673e20d4ceaa3812827f4f96264c76607eb8ef05dd0e84f734aaef4c31ae1509dde6c23150aeeee4edc7dc52ceae19825277b35c6089ddbf14bc0fd083fd2d94572bce800591eb9f7bb2cb8b853b8502d3a3bf88c13ba580e6a900c80eb757cc78903ca2e703973453c54be3e8a9b80ec366dd82a9cbed15a03c7deeb234667a366d35d442798e8786797784d8ba3d1dd7ac3a09ec7d237bcc27aa6993a245c385cde8c0d6762c44bb8e232dc4a294bbc28d27e51f6055c1016c685d891d18dfa3a2798b7925b255802e644034614077a8cdbe3a74c87f79a53c1ee0fc58dd1fe02a8f2b963d49d80f6b94829d59471470c186ccb850232a898839aca7fbf8970a6d50757f9a590905d859957fbf6b68db85883dd2378a2f486287c9a60a1a161f87905d597a90ee45e4e506718788e6c468a80455a552fb944ea9e9c88253a35a93db1fdd08151620e87164cab21f0b1f20729823908290a638e7e7cf6216e08f7e5ca30288e2d7ff8df8fb7b8a1fa45d344d12b605e6e28d53149a151ebf728ba6bb30074f4b3b241a02458087554fc5856992c496c2262471caa854dc1d435b99a3c89dd5545111a9a6eb3bbccf9eca385371737fb754d2e7634df96d703ed2aa1407df4543b8b9ec551f0c1b88b3bad0f24e14012e5a27e682c8921bc4850f1f643fac6e7ff3de65eb3acfbc9bf99db8c3249bda37e92726e8e4019214659d21e43b3f95b49c77f8ce0fa7efcdcdc7ef49d80c129c2ccb2d40cd44eae084b35d5a532b2c0064fa3380084ede1d69838cbec1fad0fe8adee33e7a1d5d5e5299767a1350a9c607a26ba26b52efd3d181969fd71d7327da167e9da9afe5d77649400541325bb3051fe5cf0e3435c285996e7429b187802772deda2a998083fd9b1f65adb1a4ead4aa59b5d3483e9111ea3ef31bc9e50e6fe733fa8642ae1bac7b94156f34a0363de8effd5fe3e9def0e71b22750443664afa1271b5a29389382f06eb3a851aa41b1a1edb5bf7a17c3395a02ccdc3cc6ae3e537cb17436295cf10f0b544c7a298b4c3af7b6b82df399c21391940bccfda4c1b88cf8eed158011c78689a9aac82ef3674a54bd96a65dd6f2c507039b9566c5f8e056571cb0bf6160317ab2fdce681c4b2f6d752e856299427187cf1b9aa5b5a109147c611bfdfd9402b854ff44b90de67375cbd35471cf241033226373d45f8fdc185a574b86de3", @nested={0xb8, 0x86, 0x0, 0x1, [@generic="eb2fbd18dd788cc8afb77a7bf65185e5be21d39bbcda45275d60c57d55ba2227758563323bb4314907f1344437e65abe1fba5c54ed023ef0b2f5858a8c53851b93adcee2c390fb740dc66c0d7bcb1faca5e6f43ce24fde71b55d8f30ded4fc237e66c7c19a1307bfd216e3eb8f06aa72407da40e0240d1ef79f0de77d4b9ea8b26b548a9379eb89c8bd269e47d03790229535d501b7160120ebf5c2740b4baca45a5a1af80d19521d01dada984e1b06e5208116c"]}, @nested={0x48, 0x96, 0x0, 0x1, [@typed={0x31, 0x36, 0x0, 0x0, @binary="de80f80e31a61a8a6b1343d9b9e842b9c43e438fd159bb66737443f372de034cf67876de7ca1ef1085b72c8180"}, @typed={0x8, 0x38, 0x0, 0x0, @pid=r2}, @typed={0x8, 0x96, 0x0, 0x0, @pid=r1}]}, @generic="bfba6ae92dd54c93ad1f2b9008500cec0467465191c42eac5af965e397d6382359c6c534bb911ade5f248ab1fd8027ad22f6e94c2cc60c225cf0bf2848063ccd36d8fbc7e0e9e24b31da77dc3bfd2f5d219db462b40978b1412012efbc91e36cd6cba090b8eeec3087dcff9ba452dff69e9c82a11c7a19d23ee2bca068109a0584a060a8c5c1b0e6788169ed4d4d36135557d17cd7d3720b6268fef973a8ad0add490a2a3c323586d7552c50864756af7a757215ce0ec3f8e397aeeca8f3baac1f76e0407d7aa0cfb2b20f9c90edd123000d20c5e2a953a897cfe2dbbceccd3f80be7082eee093cae94f870f98"]}, 0x1214}, {&(0x7f00000014c0)={0x444, 0x3e, 0x400, 0x70bd25, 0x25dfdbfe, "", [@typed={0x4, 0x4a}, @generic="6a5573adfa92101f2a9e84978ac1f031006d1d517bc359e450dd2df696b71b1f35b53f9c2d3d3f8b9b83b1fce3408719ae76a5e66ad9d78a101d232440af60a0ecfd9e52c0616298d6cefe6aa63ebce8287ad00f77ed385ad8099043ad7477bcdb611a2e5121c2ba2f98f6afe2e6274d0a0269464f04d7e8d37fd15d2250e1c54c7d8d6bb415f8ae695e904eedb65e9a69137139f14dbb0d1e1afaa32d11ad5b913fb8763b8fffe6182e0fa1a077a875e610b015fc500ac891d7f24f3cd7c810676dd9e1358f80a3d2a342960056fc2c797f512ec4fd3a0ee44b6564f80673c01079dd563c8cc0fc70fe3ff1a2cac5", @nested={0x1ec, 0x2b, 0x0, 0x1, [@typed={0x8, 0x10, 0x0, 0x0, @fd}, @generic="3ca3e3ce63df0d0a1f24551f618f8bdf1ba5893829c06e816963e59b3c926339ae348d00b62414c67df57adbf050989be1ff64184d49", @generic="a334022bb4c581d4ed40aab67f42c92c5e3a08722c1088e7b21b25e325f690497b17e34474950f4c8a002b951d07efef9806e9660210153390c98f75ab9eaf5740dad716f0fe4cfd403d785c3234cf882335f4be4064f00850f12a9124b3567571fde8f12fa41482120e5d44246d912c349ee7fffdb6acefbb48ef054e3891002cd4cfd70fe456452d7c605bfb6a30b971033477c18cdb3b098a18737ad17735e57a69f7498eae7755cc299daec7f246bfce001c9a5134b2df9dfa0d6b913982aded23d85098a4c1f032429ed8282dec92d82f8439aa61c1cb6cd8d32c1ec20c93d40a955797", @typed={0xb1, 0x40, 0x0, 0x0, @binary="ebf434d55052844756a4009afb84b1e159458dd2ae6732fcae5f576e787df856a7f84655be2f19d25f84de139a9c7a5e3e54ee09f469b757c75a431d421f6206afd3fa63c04eff693210e97e8f9c042a626b57563984ce7058eb62d6cb322e027554895739d98195e2f79af8577e60d00319ca2d2bbb7b8bf247f0b8b586c978fad8f6ba59595aadf4faac4dcca20595602b41b31ced0e45e9d810a5a0aecd3a55eebba98583a47442416bcea9"}, @typed={0x8, 0x4d, 0x0, 0x0, @pid=r3}, @typed={0x8, 0xd, 0x0, 0x0, @fd=r0}]}, @nested={0x14c, 0x93, 0x0, 0x1, [@generic="96c053eea113c1f2f7d3575918eded369eed303abe5c8e3fcd92d782027560411eb80128a680c2ad545c5ce21267698aac2548a2f3c6afb2319ff1a6546e30", @typed={0x8, 0x7d, 0x0, 0x0, @fd}, @generic="33bef29abfcddfcd2599f3f08187c9c487a505fe4341363411f5dbff205624b0fc8417e01bb204f33739e8e6bea2d5f5bc6e66302d29190b2b271a2b4c613a6425b6b8694230295214ded6a06f183e8002319eacbc6e6d0606e459854311019c3c65a8effb633b57e7acb69dba9576c0fde188a45146ec07a7c5c11cd075753a57cc9cb5feed0cced5e989f86de79073d23fe38eca2084734e6da22731403114a7e434f0d94859853ac9a24d2e9067356fc94651d8fd0395dcedcf4efc0f2b22b0445a8d90af7912d9f7bb5231d75fb7027751ecfabeefef950dce51442e899f9b1b2be32f02bbbe5f", @typed={0x8, 0x1f, 0x0, 0x0, @ipv4=@local}, @typed={0xf, 0x93, 0x0, 0x0, @str='/dev/loop#\x00'}]}, @typed={0x8, 0x7f, 0x0, 0x0, @uid=0xee00}]}, 0x444}, {&(0x7f0000001980)={0x2348, 0x1f, 0x4, 0x70bd26, 0x25dfdbfe, "", [@nested={0x1024, 0x83, 0x0, 0x1, [@typed={0x14, 0x96, 0x0, 0x0, @ipv6=@mcast2}, @typed={0xc, 0x79, 0x0, 0x0, @u64=0x4}, @generic="374d7fb7d22e54054d8b952c909138418f0b5b53b975dbb61d0e891d6c41f22ce4fdf8db9d25e0285ba3146b6dcdb8b89da0cec81a388951747c3f5ea045fa9bb8dd67c0dadecca81b9721dd8dfdb7ad79951b1bfb7672490e8b253f3607e33d049c3f93a788198062128f68ded589718507366d7d13aaa7d47f2f4e342d9ca94f42cb598a4a835ffaea15c7a93836a3f57586094dc918bd2e28cba3a0de5e354ecce86c5589d3a5272f9ef23003eb7245b0bfaa24485a791b2c79fb30ee2c77c8085d70351d70ef6cf884fad47e858c2bba5a7c243ccf298902e156529011db02d4a1019e1a9bf5cb979eac42ab3817a412bef1f1103a4d2c2fb84314a893f33ad4c59cfe5fb7afbcb726c477bc25a4627a8eb6ece42330056de2badc8d165021abbe5f46f0aec49ddbb15e1329b0585c112712e7c84dfa53a7054ed093847121dfd0f81b2e1660f2e4947ddea2769848754cd5c6e0c2262d5ea8237aca63609c75f85672e32328e6c9219cff33e96be155e22b9b4e4eda9d328705a235a1252783f5423b53fc33a04267bfc2066c7f3719624fccd8b725862c2a46dc511d6b93cfbde08e8892ba0a5cb832d910a7a58727caeb023176a2f3243eca15e1484500d56039bcfe4016cc4d03d8b333667e63c2c74c5fcb2b3e41b0270d9a709ab06f5bbd163b8341b6c68934234206deefa42f936a8055a0b7d2cbd0ce405cd8fbea1798191a2f6d0939e8911498096e26ef69ec2a0bc5243071093749ed21d5789555f2a53c737a5f62a88ed3da123a7cc047534312a15ae55be3f0c2ac86de75668686a6ea220c467404d27a23d1349969de100a16d7fa4cffee96cafd7e06aee5c72c1e031be610b2c38b39b4b20bf36bf7c8b1cb4d9940376fe68edef15fcd69da317f517b76aa7eb29ef5d35aee3ec5f64c107bc5a471b0dfa00705bda2245c9fda3d2d9881d3bda70ab84493fe9600afeab95601d1a046309bef3abc4dac42c7bb72741cb2d8b4828c1c9f9e53cd4d3642dd4c66a61595fb9c38054fdcb6c02f1c5197e32a26285678d146d1139026f6640adf53406fde912dd501a13c2cbc8c9be9f353fac8e671bd01d22bcf1dacaac1bc6274a88935b2e3c103c581372e4cda22487bb49029f5030bc873ad0033f0d116e20c9c046244ffe164ebed3c516248f25eae97267cf98f336de59d8288257777b7247039762c48e723b6c46e6e2e7b0f69ce86b70425b30d8723236929747e1802264ceb7d947d68c6cb022d9e2a570fa27a12361be8cefab78e4abcdf91ec18489f76ca5183016e8857cc0f1e96ef673f92269755455d7fa97c55ea99a875a11ef0bfaf3166ca8482a7f49b0bf8055c9c792ab86a67cc9b2223282f0224f256c1c2f6500b3c882f5241c37b5043797e30499a4657fcbb5e3f72cf14cf227fe82a4e09b152539d5522633ca75fe4d7f393710d4bcc97c306e5a947c35387779e1b69f6eded253bd2e21a71cff20de37dbaa38a75d6398b96f46a43e4faf5993aed73baf64150039e7b63241d5bf0060d9923c2638d976742e742db916be4ccc947ff656af14cc8cf8f45e1879a203e91a7252ea9210741e0f092dcb4d85a5986d58efef7c03b6ea12e5c9cb9be1b19bb8c7d86ae940c68587a0147c374f26e6ab1fc606d190cab7b809504b0436537d63a54e5eacf24fe243fbdf135ee2fa0053e3ade2585eb0f5afeb02b3bb2c6c778bd04007172bc9f7f378d9b5f93d4aad1aa36ba612850f5aa8c82f1910933a444d2386c7502aa325b8a408089719d53f443d5ba4a25f704c11ce1972bb3aa60ad81ab22c6585c0be1e821fa3d56499e2df46512537b6886fec333568a8a0ff9ecbace42ab707941da7036e7bf0635ea30e360b82070727191e6d12003141647301d189ae34dba224a6f8ff34a13c0fbe660da93a1f4bb6c69e4236e971e07cec01d41c84bdcae4d9afb5e628d315bdda1064fae635b05c945a671c90b01b37da1028a1f27edc4473614db5dcfa99031fbc72981e9f293edcc43673e9826bde4cd184922dc67a93f18611e188cd6baddeffbaa8e5b17170c21db042c5f64693f0ad4c5f1e34b38f8977e211a54b030deca9f09ef7e06f024654a39ba3a8aeae34c4cbc6cd54af64bac38d63fd022f54bece34802bef90418bbb256509e1f60049386696c0f8f8276ad3e71cb30d4294c7e9d405b532c22e18d89dcbc06365ca53ba71f1d7cbb4703a921eb6258ae7d65baaeb11e4ee8f8a8941c34b138027fb31b797da70f1d2cd1b004b5e5f02693ff717f27c9ec36ea0f45aeac37532feab38f586e256038b8c252132ce7c21e96a6e92a132fb570188130b56c2e559a15d8974491c5849de79bbeafe956c4009aed6b15bc806178f163c39a38f8b9c0b09ecb1f8a8c0f805ad6d50e1ef9aa7df3862ccc7db414293078cf5d42a6b2ac144c84142953af6358f8fcb4b7b904babdf01499d2bdb21fbada27f41adbd86fc9eb6a4726b7848b6e489e6792fd2f2cf8559449ac2986e1f572cb423d8782365acc8641c932d2e3f7285878a38b3ecec06643cd658ff2fb9fdd745e69ad7ef69ca109839eb2cd0fcba2181b253c50dae02e5071618045cdb1f2902c137c6c8b53c237f21b2621f81a5432d49cbe23d55674f6f033c8cc0621eded929be1999a8741801da1ed224942ccf866a8ea8e9cce18a8f46ac2a1c8bfb6858569b672d1188260b76cbfa02fb2f2f2679d2b348a8545bcf8fcb135f70f78828fcfed6bda47ca0b83afa0cd1b9b3bd3538d830c79bc96fea5b32b80caedc4bbf87db617b14cb3a46e95c990c376cb742dc0d0d80d89b653d4c38dafb42d9d9f6e7dc3bab8375ff29eb8faaa7667f1ee0251ea8469a0c5b393c90faa18783a8b05a52a24ec11c66ddd6c88912f210ed3ea5bc95d3d134ac731cf254aeaef19035da403efa80dcb3a09be49da2bf4365c9678bd5daed5664112731db8bd3431ec52d65fc73abd2c7a0cdd37cb3c185e2a676be39f62d740a67ff5d91f2511d50789253bdd83dae9fb605d43584f7dcf2c5f5ecbb6c2e705dfc178f419452ad055d523ae20ea4209c0c711e77ee9cc68d870e8c165ef37d33011d6bba799d8470f2718d62eb43da0be399f0bce62c8c07c3775c013ffd9b949324d9cd7b82be0e97f8be0b3f72d4bee6dcb1364398c3fd8e7e03fd5ad5735ddb89d4a3aa844a780e15b156aede621fae499482a9650eb4d88c541c354a5a274af1f19729cd92b8b27fb0aab35076be53d20d89005ee4d49aafe4fa817733e93eb9180b1c1a8f06b16900e767289975ef1847f88a2e2eccdbb16a9bead9822640dc6706894051b2b7671512c279a40ae67caf7a92706d2987e4f058cc08f527527366419c1afe4a168eeee19f92e5d816fb2c8bd174e694daa1463099ee91eb661f0503ff72df22d950cdcc25264f0897e734604e5e742eb7b1173880019927a224857b52fdb5c95ebed544db8b26ec64c38f7b3c1ed0a1babe53cac84283491f2026c12ef4fb65218180f5b9b405ad7eb1f70e5198423479269197d810fd63f592f6ddc23ef12c4419d5211ed2fb8ed4a773e79ed9b370e1e0c909ff033a21af796ce3f3a0fd27b1d76301c0b1fb026244fec350ed7ad7e18ab088467cb06119868a0a27dc9a946c6601600f4ca18ac28b52243288c1c1e2ce6681b0029dc6b227e3434b640815a4b7ed061f60c8bc11d0771e7cf85f41e7c61f6bacdec4dd47777740f216192d83ea974f29e86fd30e1b0c7933acf83cefc314c2b2c43f68e5194fcb2ad3051c6f1ae040c1769242775aaca7b332e8988a652698a98b8a502fc9b2c043817d394c2dad9ae462d949f58591494ce8e06c401cf8cb624f958eebc26581dc496f49441e6c3bf876e2495ef365abc90bf7b15b0e3cfd142a01f1b4fdf39b510eadaf86a408a04bf8bd09e5141ad56a88cc882ac03034248c160cac4051fd75134aa5e27f43b44dd91f2dcba03643008fa8c09f1dd8a2ff6c569e274c027a460eec12c09f95fffb2b2ba73ddabccda2fbca191270635c3582aa8d04a72efca88d00cfd79415156022223c1046aa9cb84a18e0a208d42240699813ae0367a0dc1fa101b1a870c2bc239d18af44f0779fe6fab3cd78d528b66dc19e8c16262883b2b3b995f0aa8bfb5c4a2e713d11d9f9599fe0ddd9a6cb1a439ce32eee6135f814f5900faf77f9125d9660dccf444530a0bb052e4c766993e98a3bbd5bc73d544b22f6eb3efe986e5827bc7a184e36f6b2ee39fa9a4ef62a9a52585853f7552e982ec11218ca62136322a9d8f96e41f9c52d6550adec98a1d5206f2e6a9f6dd310521b4700151bcf5b787ad02bcb9e0c45c50554463a1bf6d1122e5de27155480be4ca42200382570509c5402e4a64129833553962276e00f88f213a34b88f0c94181e32f7a1723f31118f34788ecdd66c0de2b0a09e14189a43c1b57d3a9e3da561dab8051a94e44b7bfa58acd6b88e56e7929c7220c73f7c84b6af395f28542a8b5719ded8e47567e88419de3a58b1458496780c726a8e8922fc5654805d3e017f4498cadfb62be30fbeb395fcee2e5756dd661f0b24c7d72addd84410366b59ce4eefb58ba041f3bc8846c9d50aea4c7812ca0ff1b15cadb10cc5c9e37919fbdf5d54dadb007cccecd9a2f50bba981730b92638b173fdadc352639bb9a1d3770e7982fe38c10b8b1f15e4cfa3ec56b38ca2383fdb875b54da544d35ad97d77b9f0913b0823282d91a6121b38e3a613fcd3fd88f1d27bc58f6cec343c9ab62b037ca0942027356cdf26435551a1317d92c42ee632bc5fe554dbdcf8665f3e11101f061f454ebed37c81f71ebc04b2dd67600e890a80a014ad9a3466b171cc77a69b83222621be25b13c2916bf6f2142e43adc77d3b1e771fe4ed2b48dae2e5b2155c3a9d11e29ca0c53342f0e1389756e2214d6cfd201fb3f6bdb22b46c8fddf690885e6d1c74854ffda22d8cba02d560d9bb7c4ee421e139248ae7ce258bd9df61e03748bfd0da6dc3249e7a3ecd2a9ecad26fba5f55419a00bb8143af3cf8db73058ae31c3d1840e9021a7d0fa428e8c3cb60967dcba85b6dc71bbfd082789ba67d126c849df7301547c8b7c944ac5b5899362b6accce52172b51918bcd28000ef58a2f1308adf02cfb82185c37090158877f5dab448872d20ded4c2fd3379e46352f38eeb1176c01dd98b247249a6266646ac004bbd0f6615f1e34108570290c830fc22ff0f0b0019c190df29a4fadfa31a69807304618c5e0749eb03963c3c769568ff7a5f88af1965ba06b14ef3a4c60cd8a13a8ce0627aa07d9f1eee09219a265801d16b9bbe5f5a88e3d51fe571f58aa6ae0133cd1b9f0371f12fdab8bd276a80a953a9f697ac26e8d593ae42346e1a85ef0a7620932296ca34e1ee41fe7577f6b1d1e853c86391a4f2694b166b1d4f63c2f9aafc61e6d431ee4c4400cd6bf241b9b9d0771e0d9646b6d7449f9c7467c2d824e7908fd72e500486901a130a647e733369a9ced477b0d3a0c4033937281a16eede4e31665b61d3593a8f09a886a0b6e63f679d11e082b119b0c01c2ca32e7ada4ffbcb1d538722fbfdd8bf4a26c8de9324d76087d9801da248243279475e13df5805c9d35d9b3c41e9ecc4e8e52cdce73106d5b1a3116cf2dcc27f1ae9b13eedcf9d367eafdbade7d250e406ca51b49e7244ffd45660c8bcf5541a1a2ade62031c353ef4ca71a5ab5f899da427ecc2906c578fad0b0a74054e2e56849495af10739ee3c2f501dbbb45c39e6f0b3c687ba"]}, @typed={0x7, 0x1f, 0x0, 0x0, @str='\xa8+\x00'}, @typed={0x8, 0x8, 0x0, 0x0, @ipv4=@multicast1}, @generic="d62bfcc7a78af74754aadaff8f3cfe5dbc3d2c9bec23cd7307cc73a060a73c74d19a576f8a2b4932e7b3381d559dde872ecee531e3c6c15e7b6bbcfa1fe8d716bf6341ecded8ad8936b27ed437b785a5d41404798c02b6db1a36252aced65ab78564a25a0e23ce02249039b1c388eaebe5ac58204e35eacd20f653cd", @nested={0x18, 0x7c, 0x0, 0x1, [@typed={0x14, 0x2f, 0x0, 0x0, @ipv6=@private1}]}, @nested={0x157, 0x1, 0x0, 0x1, [@generic="d711e2c5f0095a9ab5a962f2cb80db85fd701e8a586e6e60e0a317a94ebed841ffe9912b8598cfbb32abefa99ab37ac76f55c1da60463c296d0d56a5a99a3d446826d443e6c0362cd8dd5baa9a997b2226ed86a49d9f6b0cfbcc45f790715da242dbe651ee6b5401c5db6a9b8c835d7fe36067ef66993f3a42b292ef23f20b7dc5c2b157d472beb0c0fb9999882f5985388e4d4c3c2850c88a026b522ae115ba85de889f3ca5584c4df683fef9fb02ba05feaed286ea7ad46cb77c4adc6d12010df55372ab1e6748300f36b702ba523276cfcefc120e3d83c892beba7e", @generic="6108d0b600837477fcf6088edd8f08942ec4c2fad0e972cc04bc05d32ede3816dd2590e503471d549c143f20f63a92a1d3576e80fac9bc1eb95376b0811d4eaaf80dde7aa48a843e8daccb0958ead2c71df8bcf8158353ae3857", @typed={0x8, 0x8e, 0x0, 0x0, @fd}, @typed={0x8, 0x31, 0x0, 0x0, @fd=r6}, @typed={0x4, 0x94}, @typed={0x8, 0x15, 0x0, 0x0, @u32}]}, @typed={0x8, 0x51, 0x0, 0x0, @fd=r7}, @nested={0x110e, 0x21, 0x0, 0x1, [@typed={0x5, 0x3f, 0x0, 0x0, @str='\x00'}, @generic="1ce5f6dd09c73c857c7083bfd595ed8610a7ae11c2970533a58e3f9f398fca67ae47e38a688791d008968e0b9561a02e8cee2b3ac2c996de82999efe0b6914ec1b0e83763ea3316bc9246cdf70b71825ad69312177e79361c479da4d3938d52abce2c29e4c17fecacf462637d2203946aee90bd569bd763f1eba5d901b41ae1e2ae91ed0c86fb080132194139575daf2314d2e119529adef292dbd05dc772985269247940f871ba8483d806d5407a8673b8edf89e02f924444310ffdd53df68a7f825a6e4cddbc6671c39069c6585a2087d44bf72ba66b2da89ed0a46da48f7e4ad2c70ae88b", @generic="966646df0b987af726ff2411819b5157ce9d730f4d804984e9d51833d8ad31ba1d8e8d8ca31c56f83f21172bdb348087e3ffac532564aec516265d683dd73d0ac7c5488fba9cfa71fd16d76ee93551e06452d37a6222091838f0a7caf591b982b0b6926fe0e992bc22372ce58df62d076b9cda776c49919037da53e62a0c744fd0f25c4e0978349d7816485bb5012811cfae1bdeaca9ee0fc7b782f8cb4c962aea73a74ccba7ff4f8f337083ee7950f940c12ddd2546e32d08199ccb2abe324b0dd648ed7010ecb4241640edea3c02988a8fa297f5b0b33630613d0859c433d024796c6e33b9881338e533a52e0ef77d7a2729dd6d25aed901b6538fce2f114e81012816dd69694178d87ac1b9f0e2f2f424d986e93cac81724a3813b060d2cca72ee8fc12a4b201c6a1d2c6602efb55683f147f5cb1f62c27415b500a6f4f8ba5832c1bfad27e21fbf4331bb5506ab85494088b49dcce72a521662bd824709ab01d6392d9edfd24d22dd9212a66522eff517f7ec4c60678b20041f42112739e8b2b726f64f25a393f499ceaeb5db1028e702bec1970267b81037fcfed860abf9fdb447d7eda35dd3b027a4c8eaacf30c9e87f1060b8c20dd2067213b55a4275652031e4f54af34c5f2991835f8c82ac265b0f81c29bcdce77c26257ecb50c49bec262c3d03b5f9c4105cafb7e98e3ee2db595ad1d52e4713208ada355ae2218128ebc9eb76056fb07134c7d3dbd583f0b87de9f406390fb890de801dc623920736179e12e51783b61fc2a68a5f4a404dca50325f39c23345c35edaf83c7a0bfe5d1056dd97c38ca771e6c01bb3817ed5b4af1d1ab791d51e906dcbe625268001f9a731324c3d4f471c933e7c6297b3e37242cb0122272e7faeb60b2ce5c206fbc8cde239b1bbf469ac92b1c28a299579d377e98d413b8705f9cb2dac2296879c7d7ffe68813e12492587269053f676e117355a6a088f26dcde2cd6fde482c80e65c5760faf374e545ffebff0ae362ad123f979e2e87db2b27b30fbb8fd3dc539e82a918f9f73846e5c01e185915c6dcf7daa00e6cbf4b2654c4fe964814c3cd62d40161551ca174a4a28c9c1ca6a763da406be1e49b8e5f15a3df773b7009661554744eb02c18b411cafbd23edffac4af15f86e91e187a89c9e04832dd9c5c97e481437de7bb05b1990da1bbe7a451ae70faf739288553a81cbae3a30cd8698ef8460ce3b14bb952a63c796af45455d25f9205d50d045463eaadde44899f6236d1f213f54c4243988ccb2c0e1cab289afd00b3ad59247e687f51a368b782d3fdaca53796a5235b36592b8672a2ce1bc0dd06248c257868746f8844a8d75d9178c74052e949eadc59ba703f8d630762bd266da1c27016c26e586f30d117e81edd984affc9188c01a74c49dfb1941d56bc3ca6ec2882072b94964900c9e63d466b73b581fe8a29c8629ce108c4017448db6e1e56219172a747b17b641f65f1b0d830c25612cd8e8ed88a6273e03be1c2fc125d537e97dfb8f777422e8874a28b98611d9c9aaf07ec8ae669a821c10c7f27e14f63189c3ede263c6332fc9e09357a9a3ad66d4e9835d4dcd49ebf7890d9220cd23a032cb1044a31265a4f8e865b8bf9eda4faec80ba642691282d8ec9ed2c8714414dc77f9806e757c35888189985bb53ee5b70d5cbf05f3f7d66ea2668989cc9bfef288a41eb942511aba932d005781e3860c974bf85179df4b7408b4113cb82418510685a8b0fb59d154f7a032b7b08a7638e64706f011a31cb0abd51f24571c831049f91fb6269e602482ba9d42c3b0f7d66a450511bbce954b05d2e6d90de2f8a7db106a68f63eeed56d982be90e42e0568dfc70736716c125580d2d4d1baa53e907030fa19862b611df12bbb16a3dcf2e22c3e14f968d7cfd4e26209427204688f517d38dacfce297e0de29c780754b4e2b379284ef6250d571436e9814859202624899012c44855c00ef22e6941cd4cd4a7f220f9ee5a384f3ad14ceb80c6b303571a74546ec3f5c9eb51c1bdca823908cd3121048903ab0cd9c71a70a29d06d0d47dd8ab42e27a3f53b550eea9ad612ad1dce8281d8005ffff152f978de345752dd8aa32e5d27e46b2c22305df779dd76400e7562bc3a9b07804f03c3eb5f087fcccefb0b472e95deeab0e978d187d645fc5eb26f8ec98c063ec86da50c734e5df28bfd96055b0b251d5e5adf3b779655a0ab116cee151e4b986a91c42b69e1c2b3e2f66775273fa745e6b2fc183bdca92177d33f937cf8e74ad685202dc6f0a1db0d46dfa22bdfd2b4de5cec4608e8247c40a19d393dfadb6d940bade28e63799fb3a93b3158aff07ec77abd76b16aea50d13f286b47437830b047bccb0652c9d9f79632866cedacad3325a781b65caffe1f0de0c9094f24903431110e31e67e6e37d844775a1b442545145571fdb9f06a95abd39f26b1b0875b23318bcca223f2c1e1e726d1e9c5b7b0f1d4c78dfc62f91ff3b5b03614833df5937572d3f1d6f7ae83f19844bc259fdb0541a8a26d653ed2c2f2e1b6d1fb68747c8576c4107a63b6a0038a485dba069549512c190a9a564305dde17a64c0365a177ff78d7d1bfd51a76b3d430cbf7e501b1b3a634f29c8a4f3998425d215c66a3ece802884d5c9d89e729fb8feb2848d993518033035a6edc81475ee31b2b88eeb3ee4eee4f88fe537e08b0eaa920657a34d8e381b60e9131abffd57b1bd1dcbe324105fb96ef9f169a2df7c275634e21b858bfa2816aa298d23ae83bb14cd415a46ed09ac74828bcb0ac261ea2d4d58b4a65c5c5c1e10f3263b944ccc5fb2bd5a99e8735f02896cc1ef58fc27a0d36ef03f0658172245025fc68aaac596d98668fd3ff8c26d093f66e0f40dd4ca9f59d23b98025fc4e908f6142c4811589647e62e1215afb443c986f11a84ab0d51765e175b89712d49e5377804ea484f0d000d2885836be724f9716305c6e590e266b80ff8d504be2a72b463a6d94b8c0f8213077b43e31cf7c4af3bc81904bdc6b0e20f56566d81337c482c3b2cbe3c7bf232a5a9666122c1a383ce7081134f10136d27b57a4385a3a15126f5aa5a43fd981bceb770facf42df7b90e73dfef7a3cfc8fb5fed08dbe5cd30fd1ed764722cb902484b7b9b0323f0092f4f8e5670f2292da14ed52e28b524290447bc3d58c259069734bfd6fbd1ba2e5894443d4b262c7ad04b535eb0d3c9952d379c7457511b2abc455822f019db34e533785772caff2deab39ca7c18d171f30ea433165fed16ae06c7f80cefbc14c6e6f488c369eab9d572ccb061a49ee9d2617cb35336974a8e9e4fdac64ef2acd5d4aedaffffffed4d4b582e5640717ae229a1949238675db2ae3e9acfb6cad644ca862feea6814c4bcaae8a822efbab691f19a146c31423559d366d1d137d47fd27499e7c5d2c4435ebeb301b865c6806448d44149a9289265b4339640d64a0c8e690169d99318b456320699c3743679ffb5ba52c561e29e4824e4c2d2b4833fcfb51d8ae8ffc6ef1b4c7cb141f1ec057e1e81400efedd67128f33cebe0eec04b412f24f43af66a794cf501fbf0fec7a2baf45015b160a508b3005c157a13d6c74aa5ef2a93a6da0b5b66e6fcc1aa6ffe269ee8c24b424451bf460102a4d5821e191d4717ebeb377c73dc99d91c122fde0bb3ba73ef4f84586ca8cce90870bddf6223f6c09a159b4ae42fb20f1664ef157080f84888568fc14cc78f0eea36ef7a32f6fe4e97c58b1742c43ae950363c29094b9bb95324e43d6d25a9decec75abd1159ca866e38f5a91e345941bb76e4d84bcbce8f4c6e0edc9e12a9b25b1d729862a2e6524b062378a3bb8f1c0b38baeb367b48e785ca7202f991623908724724218ba77187544f1f59f9265f64efcaf7bfb745a05da316c9981ae9f72e574ba75ff31d151216c041d8dd3b8715f5f13fa5f6d354cdcca345e04ca20629f8a7c6169ad3ca52bdf05af7839e1a624d13a8a4c0ed11f633db5ec31517192bd23d64f71bf5f7e4de2c694f02388c54f765c699ece2c34d8c44aac8613c56f4bef7a9125f886ce6a6ec991d9283ca15a1c3915929797bd24cb15fa0764ec39cd9a3424d05f824e88b353b0b174397d06c29ee1e660d4e3bae6381ef3ad11a9574fd131d920f05a40d0a56fa2d974e7da899cc39c4bd011db8b793f8f90a9834684cc97716cbce8f39ab5a24bc78fa23d60f9c49f7351eb9a8c8c1a74e7b35e6e17d75616669ff78d2064ca184238124b3eb563dc2d27a85bab9ec55c71639ccacecf2414e2392cca1e902b4d8366053866d9034a417b7b79b4d2b85024148fbc6bee7dfcc946c965902167659e8e94991889321cbb739e87ca282a933a0b952a64a1f0a8d6f7d0e553580268e293627fc3a1f4d1b1ce5d5cb4f456c7bfe196b2542b6f5bee12db9a7f591afca6d2d45cc51b29d627539dd8baf9f9969a80dddec691e3738540d12ac581cc68773106e0cd7d9d135d833773cdce4710c19f86d527a430b658df939631ad76e7913ed2cb54308d6d805ee452865670fb7169fcf3b87fbe020854716b8f3abb3aaf820fd237dcd4a7f5f44251efaf821a3cb6321135032833835ccd444b01b95d227cb7c131a86b10d1fcd245d0f73624b62f2588f60fcb0085940a38b53d810bf18c1b0a17528be1fdd7ff0db7e77255e8a818dc62ec0431b0652cddb03e0d7142e5c71a6b1e55328b41a27085c0bb7d892e15b90b5ba2ed93d4e9e279bfc8bcf9315a92dadf9d6402dcd10251ecdab1075478d73a38a126a203f0ca60d18129803140f6c54e8adc903aefa6cfde5ee41d09725ed82784d712cc7f7dde6a72327841a5af1951ddf145a5a30ee0b1b21dda0aee2ab61cee5d72dcd1193962bf6a9987eefd329043ffe28db758e0dd348aac008ac246e55585f44ec9531c1730993712c4182ccd125599c6793d8189422027e84faa065bac342a437df6a49f60f654b9bcf5af17ea88086716b47c69f4666ecbd4069362818c012c3da3eb409a0f999d09ae24b9ac16d0966f96b2f4cc11b475d39fd7aec4f79de6cb9ac25a3339e48be578d5268c78839cffb869cab3f525a053dff2c135bcd182cfc3d44fd9fdb69b79536e6e37cf143c2f94803f1c392095fb2861fef3809e2fa7f0937c395d180d8ddeb03d83e3a11d7ca49d1922a53d10edace4424a532359a07fc83644fc73b2a28ae70b43404bb05449a508fead3e0d6b09510af9b4e8158af767e31a95b03c89b1cbabeda02cd038850d8f2a7e4c303a4228a1eb3112be2737b1fbdadb5d815d50dd70bc7cd99227844d15aeca1a15f18aa90f4197966bf13fbe4df2b9512ec81d27a46e09b861b64ac4ecb02296da8fe39ae0cd43679bfd4862f35185a54097283620d002ebe57fc3f95c3c0b799591c22de2bbb56b4201ffd06d2f7b93c4470a7bab56b9ece037ba4944746fef179c1a7cfe5a10d550e04bb92228d572dc6284875dd106b8a4c8a0ba0b748f2cdb237063396fbc631f75e5d1024a0dc63ba0127beddff1589d3c5ed805d2220630e9f0cbb56f3348cdfa2de2aa8b648b052b58cb3a74d695c5ca254083b4cd2b886bade58af8d7143493ce096ec5f7de98a045e8ee6efb90ba18dce3419422ea2914c3ea6dd190a31c9a99578fb8aab08d260091b27e7b6c0165f7160fe0f7e4cfdf36776248cf49581005eebf48260bbfc50bdb8701863c3a79d1f0716accc33f587f391602e0e5897af0ac845749a984d7c174dedfb0d01ff4de26967dfe863002de0e8ca6c551b4399bda", @typed={0x8, 0x66, 0x0, 0x0, @ipv4=@private=0xa010101}, @typed={0x14, 0xd, 0x0, 0x0, @ipv6=@mcast1}]}]}, 0x2348}, {&(0x7f0000003d00)={0x1014, 0x31, 0x708, 0x70bd25, 0x25dfdbfd, "", [@typed={0x1004, 0x34, 0x0, 0x0, @binary="572df2d0488664f896a0b005dfe51d1a00f6465864889e751a816a69a5dcd91c1d590d1444c9140d25a7e68cd9c10144dc6f0c2a37aaab581d9eac2f7708c5016d5073ad1fc037b27a34f6bb9d3a0a43dc05a1d50c812d2e5a0c53aa8659c741bba293809ea1b50ded6c863477c91615d43be99cc731e1b50b061b094cf1232b27b62eb11e0f877fd603a379e4c700635f0ff16ef856a5d90071da7fe380e04fca097f57783886b188f410890fc757cdd1d7cfc06c243ecf7bccdf852d0097f2d53198e1b4b49bc80acbd1a3b88fa82cffa9eefe7434675005342fd8396f1916b80bd5b8b2b841101c6194a2bef9b72be5c5bb8255d28695091aa8c3caa4562318f9d15d0ede81432e7b2dce4a0625bd71670243b0934087206b128c68636c7bec07afeb200443a9e9a9ae468d1540138bdabd2c8a299a1658336e212dec3cee23cdc7aa679683b02a3fa5dd1968d47a70a19941a84ca3e23ddfbffce7f60544b8b29b679f32c1b0e22837db15343f513a92b7c7136cab23d3e44a1ed4bcb10584d0cca4b5a315224a2ef1451d10db91fcb8594a4bb767163881b3319fe459b2e1db7cf3d3ef6cb5b9f856a95f1af743979952d8677d2746f9af00d04e1ba3dece5813093a3e15af3a47901eddad3aadf4b617215ca4611f1f5375567b7903860caf7a0df2535afece03bb60db187da6bd7d5d8af24d936b07907fd1507b89f7633b40a102d85b9923607e8b33180b7e0399f73b34ea382b7ef7a4d8db96398b43d4deee490e48ee11b70d586f5e4b7665bf3aa433d4e599c4f7d6e4cfd53f5063cc2e91e1b203392a57b608fda4ae7cd3a1a5eae265508fefe1ed9186d87f2ba76371e2c70d443982eee59ee10411063bfe0afff03ea8db314d91dcb8ee505dab47a7fb90277ad0cbb97124dfd5018e7490fb044f60fc32c1f75d684ee31149e27065790b836ae14b2f3d516baa2735b883b08974011ec7c20ca2dc03265bb3e62b19f07a1d8b14b27fe377996430781ab8f4db3b1bf320b65651dd1001d8626323673530e3243823c3cd591e7bdd6296fe1e7264982c5b70a9839ee0bb6748af3cd5d5c278ff1c6017198f99a8495ace33fcadc540a8d66602e5ac8cca0be0af9c7aabf0d0b343f7509b5d6783c3383532d25323b05f4e22418f47c7897403823b77ed5d75e501fa589a94dd870024151f4e836368470d53d31b80ac53c7c776a5ffb4c963a97e0a1caf3798ab96f193aaa72276089465a5957b4d024e80fd0deaea2b0434e89285df931ef1f801dc38697432252b3ed2033adb9e111cc4245c3b3b629ad211277166d477d1225d82eb7bb10ec5ae66a8c10b2c244770eedfe853ea50bb36b100eff9e8b811437896469df22d5d25415ef9fd9eb7344b69b448e65ca97e503e3e4ea79c6eedec92d51abd6eb3ec97fa5dbad6f46c3d772ebe3e12f1f262d04ee653c652e2b9d8fffee102153c53eabef8cb60e868aa3d8618b2e23c36ebdaf0e21ef621c35ac677ff96c6bdd75052f0d2976ca716d76b09cfe7af3fc5a67dae2d52dda16a5f452f3281dfc56a3bf1e1ec927a2aeb10667e646055c0515bbe016b6ed25e4e99b8d2cb606de1339f028e2775aff58bced137d9c67198f130bef6a51cb3edeaab4ec5e6bc488f1dffeacdac895cc463f4304865a866fa55e428646929ba42d843c09997c501261dc8eb6101085ef75a4f514d05e65c5e791b0ae8e996a6aa0d2959772adef253da8e6412e34d80d5a1a762a124dded998355d7f50d176a227e8c35d9de4544eaab0a7a82ff35ac10ea52fe357445803679365679468cf7275f1665ade641ef9b66f3809710f3f6a35609148be529fbf38f5adefe7178aed782cddbb5a0d0a7bd7852dffba6396fd331c43228db23fefceebb758a139664c6c592b4cea0ce0522a35dd3d91ed6d57c8126c68ddf6e56b488e23a0d4104ac09c3935ac14c975c0385920395686e547eeb18a4988267db19d10352458578100c5d0f91096c0c98c5bca28f0d19e6acfab574205247213435ec93e5ebc80524f1a2eaf5555e84f7e95ebd2c36b83c453aef2b0b870f3dc5b6f08071696b1eb8968f06e543e0af8d7fd481b06f8e7e11f3ad5caa568514c81e580e76f697c3e09fc799a83ed98e5220beaf93aaf947f309339b505a361a81a6857e1ca1f4660a24e10caf8020f0f78efc289dfe3a51b91c6fd00544953a2b3f579ca5818709dcaeb49a82abd1821c2950b49c3df76e16650ccd3690fe872d513bc8911d4a4ed5dec11e5607439891b1e886b5d245ea8ad1043dc1720cb2c0f78474abb92ce529b8355a25c46fe184930772a133d9a2ec14b4001a72732ed493ee5f82e6b45e8f17d8b190a42f4825b26923f325dcf21f27e3c91961f11b4b5e6b3950bd5ff7881759faa352d327e79e71de74d17e422f0f02096859b5b44449451cbf97a58a9b93d3a7fed6e77d1ef855f20f99df1b134464603dbf0952487fb09378558c416cfc9ffc219012cda4e61e42db2380f3874394f8e20ee73f89a804e714fdd4b389cb4df334e82038419e6e70df1daa525d6574335ab4667d4f70aa06118695e0fcc646c8472f22888d06cebbae88ce07df7d55163ba789bf1ba07e28aaa954629094f241a714d64271d95bb64b9152f75ebf30bf53cb4dc3ce0ae83ffffb5f3d11eae869eaa7b4fc4e26eb050cbbac238880c14ae50aee6bd413ede67012ab877a6fe190b6bb431bec4de6ce5b29202432c1db0bda6bc72e45136ddeae07bb41b8e4ba9797b930f73defbb3e136f9435740a3e1f8882c12adb6f80abebb6d62b4cf3a35ccab5f112b7c9db49b22705f90986ab7840803ec296f0fca8379511ef277153f66aa9cca118042140a1923c393b2170bf4e68b24603917a032ea428a4e5292e894e4092df29e765301dcc3a19ee79f7587b4425e5ee311fe0da4b3b63e9ed6b5a763b63f4fd23f25a769f04a6d4a922f01fcd44eba6e51444b1464bafa7a616fe551435dbdfda5012d2a4f1486cc430439bde2e57e9f75778573ff75c1b40cbe04074bc4451cb33853d394d185981baedad80e1e03ba5c2908693c588d13c1a43f5b78d0b9425c889236881c2ed863c1821b442716c281577eba577f503f3df32131d0458df2d9923b1f3f14612bd227b0aa36bf0efc26367f84055bdedaa6463e4f86445bde3e222dec458c33f01f4bdcf3ee4c6a5a6295d3067869511e1383c1c6fc96374ff14f0ce148730170b3a6c575bc51800833e72fd0089c550951c1412229099e5746feed5ace658b4e73396e304f4d6286f0325c8c357d5acc221f52f62c144dd44232f79b9664fa74d4ea8197f8dab73adb76aaf03e170a373a54481319ae8d1c427f0673139d3f33b9ff90c3c54be83e4c16510a7587b13b9b7642bbb166ff658673696029255c28f742694a6f20bb4fbd1440bd21a49df9f4a021dd0086fe609607119559ba406275355eb7e77a9ab134d733378ca1257e0c7e42df7f7b44ac7de60083e9cd6b533b333fe60e1d363c76c981e10300330fa260c23bf9fb916dac86f23a463dd3daff54a6ed2633859abca5235894cd2322191aa791259d0138b748487508bb957eded13a7e39d0e76e2dec2f789564015d2a3d12688520307bbc251e29136fdcf8eb4a497d34c6b0966205aa5abd7334b5743fd4cd416aca004b8b64dcdbd605b583a61756d255734daec5bc48ba88dc1fb43b852e621a6b094ed58fcec3c1c921332f4ad33789e794bc8559490d61ffd22c5ed399f1c7da5e914df324ac047f40a1133a851a004a115384181d2657b422de9ea61f89bef2fa75547e31079eef2029069cf62bbae54fa4e12b76405424b1c26a86a20595783fc25201824c037d6872363c25c4fe0aba14036a0ff9bb8178114f3a7bba5329e964daad26c298a84ebe8d38c059fdb5fd96a4e03e82d351a58f3ea02fbdef85d2235edbbb64b3a596f3ab25ebb83c5f829035f2aff468eac371f0031ac3c7d3c10058fb6e9cf69fd374dad75927842c66b23ba91374f24a833f2999cfb190a4feb88fe1ffd6f17343f15123c309bbc52ca61e91dd363ce42949456d13ed09a5748cbba704cbcc099fc689b1418fe2129ee07eb5986b18db2ae2745163dcd5d13e83a9d027be88a0630b9a8f12e7645eda90edca2891f6d09150040956a957e49c445b2fae8220cc891d60369efa40f9ce711054ac4811c619846119b6a4a8c737cebb544f138f97eea1632e5bedfdd3b446136c7719fd3f08eeb4f1ed8cc453812d8d63832555d478ba7a89a9ac7592e6fda597decb5082acfed06a3957485e5c04a84a49e8d335d6eadde697aa58a0bab95686585c8a31a215368aa5670cd8dd68a0b9dc7d5fbc25f6a1e61127f9f45a8a924a0e7ec00632444716c154c8e1c8edb465ff4148dd39d7d606b003472b51a3ebd886bd0a139c6e98e259600ae47c64ee939a98cbabb2fa73c3a6f4c477c350bc244c68dd1923cce8e23671b05ddec3fe97d8f84801c6653be1863a9d6c33343df49d9af33e2492e057d08db1649a5605caa5fe97bc6447675aebac1c9583520093da376e3070c4a28e98b9554a48a3f0ef287e11330948cf3441309c4d83bd180451b10351b43d850d2023c84c65023938087b893de02c194a0bfdd6d5b71545aa89dad978a307508a13689f70084b7be69f7dba80aba38bd685f43c98033d302e9a9e1d850831618fec3d1288631cbae8d26bc9e2a3d8416c4f9361b6fce0c2a0b397fed7cd65312da06451d3592537c90c97171eb4cf8d1770bf1ab6887dcde2f8d2a2fe5c788805c4af89294ea07f974d4a529107478484aa85cf8d84b2679e87f3839f1db30d9e876ec885882c4c2ac142f8b09e0e944209ca9e17000a6d020ccb42cb40efff0ba326df9c24c3262ddb8f1e372f75c6a3518c42de0ab8e7e2f0e2d2c105b9a48b47e54181223f09056f9640fe06fa85e41e7acbf42ab759894a31493c258d9a33011711dad13d8d3fb2da51666d4ebc97f4847292ed42dc61d9ff4c1a9df4356fe353e2632a0234f42caaa76296134dff7464526de12890283eb143c4150cbd327b3ebb7456ce917f321a25fc366b5fcd6dda00d6ce867921f2cfaad2d158da3ef913f6e2e48a4455c6096c679247fedaca160738d10ebd16845d19b40d9529c66eb91d66cb30b807dbcc1879d93a5f1fa01d4033d2a536d7f3c77c04a64dc239eba76eacf6256c440bd7bfa995cfa92eb6816323101a664a9981493af4d5256596c2bc56f4c4705c5355988c9326f6bf0eea522130009bacead592aa95c86810135c70cf42f94c827bcc8e95cb897d5b701c6d14d1ee63557e3cbf74baefeccc55ced89ab8294f228182430fa1616f207dae83550f0f221adab61886094d968d25a5e90cf8e31d825071bbb052054f111c0ff975c52aa61f3b8aeb28373891d6a8d9ae9b01d207b8964fe44d1cd430fe73177c4f216ec2f320457bda39bb688fe1362665e907ce71ad7c0d9afeeaa2d63cdfe9ae083a24de30af821f7ef2d2123369861f745ce55c844eedb557896bbfbaab5120a3fb5f42a5e95110ab4aba4b5cc2a5b3408d9e0933bdba1fdcf7ba11cd5d6e6b8dc8d62fdc0abf8d1ec6ed49830864bc4857d362e1b0900e0a71ec9624a18934d4c2a7693ef653f4f51b2ccb5e980390d1afa7e8f74d76a9e22a5d0295d2e9f571aa87c485ff5bac58c91804ca4891e5312e09349876fd5d735f21f686e3e5e8a5152b5bfdd45d93ffa07d12474d3ab818353cfda9e8ed47fbcff0e819688"}]}, 0x1014}], 0x4, 0x0, 0x0, 0x880}, 0x801) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x782, 0x1, 0xffff, 0x8000, 0x80000001, 0xffffffffffffffff}) r8 = fork() tkill(r8, 0x3f) wait4(r8, 0x0, 0x8, 0x0) [ 1804.901114] program syz-executor.4 not setting count and/or reply_len properly [ 1804.929213] audit: type=1326 audit(1718135569.756:2206): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35230 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1804.935502] audit: type=1326 audit(1718135569.756:2207): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35230 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1804.948800] audit: type=1326 audit(1718135569.760:2208): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35230 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1804.956757] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1804.956757] program syz-executor.6 not setting count and/or reply_len properly [ 1804.977179] audit: type=1326 audit(1718135569.760:2209): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35230 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1805.011640] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1805.011640] program syz-executor.7 not setting count and/or reply_len properly 19:52:49 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0240000000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000007a0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:52:49 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03fffffff50000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:53:03 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x0) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:53:03 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000200000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) syz_open_procfs(r1, &(0x7f0000000080)='net/packet\x00') ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r4, &(0x7f0000000040), 0x12) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000001c0)) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, 0x0, 0x0) sendmsg$nl_netfilter(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r5, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0xc) ptrace(0x10, r3) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:53:03 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffefffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03fffffff50000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc02000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffffefff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1818.749122] FAT-fs (loop3): bogus number of FAT structure [ 1818.749959] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1818.755060] kauditd_printk_skb: 2 callbacks suppressed [ 1818.755073] audit: type=1326 audit(1718135583.582:2212): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.758119] audit: type=1326 audit(1718135583.585:2213): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.760192] audit: type=1326 audit(1718135583.585:2214): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.775975] audit: type=1326 audit(1718135583.589:2215): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.778090] audit: type=1326 audit(1718135583.589:2216): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.783491] sg_write: 1 callbacks suppressed [ 1818.783512] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1818.783512] program syz-executor.7 not setting count and/or reply_len properly [ 1818.796350] audit: type=1326 audit(1718135583.590:2217): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.796942] sg_write: data in/out 187568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1818.796942] program syz-executor.0 not setting count and/or reply_len properly 19:53:03 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03fffffff50000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffffefff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1818.841100] audit: type=1326 audit(1718135583.668:2218): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.846104] audit: type=1326 audit(1718135583.673:2219): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35365 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1818.861825] sg_write: data in/out 187568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1818.861825] program syz-executor.0 not setting count and/or reply_len properly 19:53:03 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffefffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc04000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffefffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:03 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1818.991614] sg_write: data in/out 318640/8 bytes for SCSI command 0x3f-- guessing data in; [ 1818.991614] program syz-executor.0 not setting count and/or reply_len properly 19:53:03 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03fffffff50000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1819.005871] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1819.005871] program syz-executor.7 not setting count and/or reply_len properly 19:53:03 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03f5ffffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1819.030158] sg_write: data in/out 318640/8 bytes for SCSI command 0x3f-- guessing data in; [ 1819.030158] program syz-executor.0 not setting count and/or reply_len properly 19:53:17 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:17 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:53:17 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc08000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:17 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03fffffff50000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:17 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000000000000b32428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x0) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:53:17 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03f5ffffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:17 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = fork() gettid() r5 = fork() r6 = gettid() kcmp(r5, r6, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) kcmp(r5, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x11, r4) r7 = fork() getpgrp(r3) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) tkill(r7, 0x3f) wait4(r7, 0x0, 0x8, 0x0) [ 1832.746326] audit: type=1326 audit(1718135597.573:2220): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.753684] audit: type=1326 audit(1718135597.573:2221): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.764150] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1832.764150] program syz-executor.6 not setting count and/or reply_len properly [ 1832.773208] sg_write: data in/out 580784/8 bytes for SCSI command 0x3f-- guessing data in; [ 1832.773208] program syz-executor.0 not setting count and/or reply_len properly [ 1832.773221] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1832.773221] program syz-executor.6 not setting count and/or reply_len properly [ 1832.778812] audit: type=1326 audit(1718135597.579:2222): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.795282] FAT-fs (loop3): bogus number of FAT structure [ 1832.795317] audit: type=1326 audit(1718135597.580:2223): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.795807] FAT-fs (loop3): Can't find a valid FAT filesystem 19:53:17 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000200000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1832.812079] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1832.812079] program syz-executor.7 not setting count and/or reply_len properly [ 1832.819112] audit: type=1326 audit(1718135597.604:2224): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.837712] sg_write: data in/out 580784/8 bytes for SCSI command 0x3f-- guessing data in; [ 1832.837712] program syz-executor.0 not setting count and/or reply_len properly [ 1832.845318] audit: type=1326 audit(1718135597.608:2225): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.858832] audit: type=1326 audit(1718135597.608:2226): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.876869] audit: type=1326 audit(1718135597.608:2227): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.894031] audit: type=1326 audit(1718135597.608:2228): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.915690] audit: type=1326 audit(1718135597.608:2229): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35522 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1832.934548] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1832.934548] program syz-executor.6 not setting count and/or reply_len properly 19:53:32 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000200000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:32 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000500000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) [ 1847.472871] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1847.472871] program syz-executor.7 not setting count and/or reply_len properly 19:53:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:53:32 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc3e000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:32 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:32 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ioprio_get$pid(0x0, r1) ptrace(0x10, r2) fork() r3 = syz_open_dev$vcsu(&(0x7f0000000380), 0x4, 0x24a000) recvmmsg$unix(r3, &(0x7f0000004840)=[{{&(0x7f0000000080), 0x6e, &(0x7f0000000200)=[{&(0x7f0000000100)=""/79, 0x4f}, {&(0x7f0000000280)=""/249, 0xf9}, {&(0x7f00000001c0)=""/45, 0x2d}, {&(0x7f0000000480)=""/247, 0xf7}], 0x4, &(0x7f0000000480)}}, {{&(0x7f0000000580)=@abs, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000600)=""/171, 0xab}, {&(0x7f00000006c0)=""/71, 0x47}, {&(0x7f0000000740)=""/69, 0x45}, {&(0x7f00000007c0)=""/117, 0x75}, {&(0x7f0000000840)=""/100, 0x64}, {&(0x7f00000008c0)=""/40, 0x28}, {&(0x7f0000000900)=""/42, 0x2a}, {&(0x7f0000000940)=""/169, 0xa9}, {&(0x7f0000000a00)=""/142, 0x8e}, {&(0x7f0000000ac0)=""/236, 0xec}], 0xa, &(0x7f0000000c80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xe0}}, {{&(0x7f0000000e40), 0x6e, &(0x7f0000002440), 0x0, &(0x7f0000002500)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @cred={{0x1c}}], 0x58}}, {{&(0x7f0000002580)=@abs, 0x6e, &(0x7f0000004780)=[{&(0x7f0000002600)=""/4096, 0x1000}, {&(0x7f0000003600)=""/99, 0x63}, {&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000004680)=""/3, 0x3}, {&(0x7f0000000e00)=""/5, 0x5}, {&(0x7f0000004700)=""/100, 0x64}], 0x6, &(0x7f0000004800)=ANY=[@ANYBLOB="10000000000000000100aa0c01000000"], 0x10}}], 0x4, 0x0, &(0x7f0000004940)={0x77359400}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000046c0)=0x0) ptrace(0x10, r4) r5 = fork() tkill(r5, 0x3f) wait4(r5, 0x0, 0x8, 0x0) 19:53:32 executing program 5: unshare(0x48020300) unshare(0x40000000) [ 1847.505547] kauditd_printk_skb: 35 callbacks suppressed [ 1847.505562] audit: type=1326 audit(1718135612.332:2265): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35664 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1847.514100] audit: type=1326 audit(1718135612.339:2266): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35664 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1847.524901] audit: type=1326 audit(1718135612.339:2267): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35664 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1847.534974] FAT-fs (loop3): bogus number of FAT structure [ 1847.535686] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1847.539163] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1847.539163] program syz-executor.6 not setting count and/or reply_len properly [ 1847.548632] audit: type=1326 audit(1718135612.339:2268): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35664 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1847.560495] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1847.560495] program syz-executor.4 not setting count and/or reply_len properly [ 1847.565417] sg_write: data in/out 4119728/8 bytes for SCSI command 0x3f-- guessing data in; [ 1847.565417] program syz-executor.0 not setting count and/or reply_len properly [ 1847.626051] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1847.626051] program syz-executor.6 not setting count and/or reply_len properly 19:53:32 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000600000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1847.724191] audit: type=1326 audit(1718135612.551:2269): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35664 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1847.746903] audit: type=1326 audit(1718135612.551:2270): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35664 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1847.760438] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1847.760438] program syz-executor.7 not setting count and/or reply_len properly 19:53:47 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x34}, 0x40920}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() setpriority(0x0, r1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x34, 0x10, 0x1, 0x6, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0x15, 0x0, 0x0, 0x1, [@generic="487fec864b245e0f3f9be149f83265549b"]}]}, 0x34}}, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x14000044) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x28, 0x0, 0x800, 0x70bd25, 0x25dfdbfe, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", ""]}, 0x28}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000000), 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0xc00) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) r3 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000340)=ANY=[@ANYBLOB="62aea634253f80b5b847b6ce80b95ce2a4af3d71e2e0d34c7e5aa919e71513c56a7bb650de2c0f3c539f83a8fe608fc0352c16dc93820ab4c4240476c9ad3ac2c7464257fe77e6729d39c1291cbf3dc62bbb7d9c11f064531bfe8adc410b0a9d416c92ac58e19c01508c157370e5965418c5b65f22b12fa4885961cd8af9f96053c4cc13bf7b291292", @ANYRES32]) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000c40)=ANY=[@ANYRESOCT, @ANYRES16=r1, @ANYBLOB="010029bd7000fcdbdf25040000004404004e24000014000300000000000000000000000000000000000c0007003000000004000000080005000400000008000b0e73697000060002005a00000038000280060002004e2100000800090000000000080006f54f00000014000100e000000200000000000000000000000008000900090000001c00038008000300000000000800010001000000080001000200000008000400200000004c000280080006000300000005000d00010000000800050005001c283171ff89dec201000800070086000000080009007c0000ad080004000900000006000f0002000078e00006000b000a005966dea9fb5c36a7ad653e7ec87d8fbf570691973505826306fcf1d2b091795c2decc4be1c10cf2e65ce68785becec7c19743198b12860148b04848313190287109f54640a8b6f88647a50cb76947ca7c89e2aa218d2d0c6a8d3e039946ad90b23b91ce6733f30"], 0x100}, 0x1, 0x0, 0x0, 0x8004815}, 0x44) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x5c, r3, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xcd}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000840)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) capget(&(0x7f00000000c0)={0x19980330, r1}, &(0x7f0000000100)={0x1, 0x7, 0x2, 0x7, 0x1, 0x4}) unshare(0x48020200) [ 1862.421434] audit: type=1326 audit(1718135627.248:2271): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35796 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1862.429855] audit: type=1326 audit(1718135627.256:2272): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35796 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1862.435721] audit: type=1326 audit(1718135627.262:2273): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35796 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:53:47 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:53:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:53:47 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dcb3000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000700000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) prlimit64(r5, 0x8, &(0x7f00000000c0)={0x5, 0x7}, &(0x7f0000000100)) wait4(r4, 0x0, 0x8, 0x0) 19:53:47 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1862.453344] audit: type=1326 audit(1718135627.269:2274): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=35796 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1862.467103] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.467103] program syz-executor.4 not setting count and/or reply_len properly [ 1862.480294] FAT-fs (loop3): bogus number of FAT structure [ 1862.481358] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1862.491619] sg_write: data in/out 11787440/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.491619] program syz-executor.0 not setting count and/or reply_len properly [ 1862.499203] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.499203] program syz-executor.6 not setting count and/or reply_len properly [ 1862.505709] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.505709] program syz-executor.7 not setting count and/or reply_len properly [ 1862.551335] sg_write: data in/out 11787440/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.551335] program syz-executor.0 not setting count and/or reply_len properly [ 1862.561973] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.561973] program syz-executor.6 not setting count and/or reply_len properly [ 1862.579923] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1862.585569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=35793 comm=syz-executor.5 [ 1862.594501] capability: warning: `syz-executor.5' uses 32-bit capabilities (legacy support in use) 19:53:47 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000500000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x5, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x8, 0x0) ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:53:47 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03020000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1862.772633] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.772633] program syz-executor.4 not setting count and/or reply_len properly [ 1862.781299] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.781299] program syz-executor.6 not setting count and/or reply_len properly [ 1862.837195] sg_write: data in/out 33807536/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.837195] program syz-executor.0 not setting count and/or reply_len properly [ 1862.849767] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1862.849767] program syz-executor.7 not setting count and/or reply_len properly 19:53:47 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03030000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000500000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000600000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000900000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:53:47 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000001900)=[{0x0, 0x0, 0x7fff}]) r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = dup(r0) pidfd_send_signal(r1, 0x0, &(0x7f0000000040)={0xb, 0x5, 0x2000000}, 0x0) r2 = syz_io_uring_setup(0x15c, &(0x7f0000000480)={0x0, 0xff63, 0x1, 0x0, 0x0, 0x0, r1}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000440)) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000140)) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0xfdef) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x2, 0x0, 0xc}, 0x20) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000001c0)=@nl=@unspec}, 0x1) syz_io_uring_setup(0x5b80, &(0x7f0000000380)={0x0, 0xd819, 0x0, 0x2, 0x4e, 0x0, r2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000400)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0}, 0x1) syz_io_uring_submit(r3, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x5, 0x0, @fd_index=0x5}, 0x3) newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300), 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f00000000c0)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x989680}, 0x1, 0x0, 0x1}, 0x0) 19:54:01 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000700000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:01 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000600000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:01 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r0, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, 0x0, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r1, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000280)) syz_emit_ethernet(0x2a, &(0x7f0000000140)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @multicast1}, @address_reply}}}}, 0x0) syz_emit_ethernet(0xe0, &(0x7f0000000180)={@local, @broadcast, @void, {@generic={0x200, "50cceba7032eed527eb08ad14dd981ab2e8c65c260e71004acde69fc41509ede1b257b7724be22e667ae5e7122e3b20547ec2eb462e51252f6f33f4243c7fca2318cb52a10f78ff96ff277f50dc0f4ca28fa1c0afaf7490ae313d1153f1a285e2d77110413e6847adb80feb22f92b0fb4880ddfb9ba554db431e35626a4f15379431c3c12ca9dd218a9d337f5a788af9d780ecbdc93add6d517c577aec6973f18a4b3e3be4b43697aaa228fba8fc9e7cf352b7bdef3b50a2f3bc20e57608796a31873acff21cf9bd944ecf5bab6703429184"}}}, &(0x7f0000000100)={0x1, 0x4, [0x204, 0xc84, 0x215, 0xd9b]}) syz_emit_ethernet(0xb2, &(0x7f0000000000)={@remote, @broadcast, @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x8}], @ipv6=@tipc_packet={0x7, 0x6, "1a9090", 0x74, 0x6, 0x0, @empty, @private1, {[@dstopts={0x0, 0x0, '\x00', [@pad1]}, @srh={0xff, 0x6, 0x4, 0x3, 0x4d, 0x58, 0x224, [@private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}]}], @payload_named={{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xa, 0x3, 0x2, 0x6, 0x0, 0x1, 0x6, 0x4, 0x2, 0x5, 0x8001, 0x2, 0x4e22, 0x4e23}, 0x0, 0x4}, 0x2, 0x3}}, [0x0, 0x0, 0x0, 0x0]}}}}}}}, &(0x7f00000000c0)={0x0, 0x1, [0x4ea, 0x46d, 0x2ea, 0x252]}) 19:54:01 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:54:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:54:01 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:01 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[{0xfffa, 0x5, 0x40, 0x7}, {0xffff, 0x7, 0x6, 0x4}, {0x8000, 0x1, 0x8, 0x8}, {0x97, 0x2, 0x3f, 0x9}, {0x5, 0x0, 0x1, 0x7}]}) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:54:01 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03040000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1877.121441] sg_write: 6 callbacks suppressed [ 1877.121462] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.121462] program syz-executor.7 not setting count and/or reply_len properly [ 1877.123968] sg_write: data in/out 67361968/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.123968] program syz-executor.0 not setting count and/or reply_len properly [ 1877.136434] sg_write: data in/out 67361968/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.136434] program syz-executor.0 not setting count and/or reply_len properly [ 1877.146490] audit: type=1326 audit(1718135641.973:2275): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1877.148552] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.148552] program syz-executor.6 not setting count and/or reply_len properly 19:54:01 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000d00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:01 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03050000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1877.168285] audit: type=1326 audit(1718135641.994:2276): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1877.172056] audit: type=1326 audit(1718135641.997:2277): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1877.174545] audit: type=1326 audit(1718135641.998:2278): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1877.184281] audit: type=1326 audit(1718135642.006:2279): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1877.187594] audit: type=1326 audit(1718135642.006:2280): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1877.203649] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.203649] program syz-executor.4 not setting count and/or reply_len properly [ 1877.238149] FAT-fs (loop3): bogus number of FAT structure [ 1877.239087] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1877.240684] sg_write: data in/out 84139184/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.240684] program syz-executor.0 not setting count and/or reply_len properly [ 1877.250529] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.250529] program syz-executor.7 not setting count and/or reply_len properly 19:54:02 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:02 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03060000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:02 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000700000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1877.341073] sg_write: data in/out 100916400/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.341073] program syz-executor.0 not setting count and/or reply_len properly [ 1877.351224] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.351224] program syz-executor.6 not setting count and/or reply_len properly [ 1877.358557] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1877.358557] program syz-executor.4 not setting count and/or reply_len properly 19:54:02 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:02 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1877.417789] audit: type=1326 audit(1718135642.244:2281): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1877.419666] audit: type=1326 audit(1718135642.244:2282): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36265 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:54:02 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03070000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1877.501104] FAT-fs (loop3): bogus number of FAT structure [ 1877.501601] FAT-fs (loop3): Can't find a valid FAT filesystem 19:54:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:54:15 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:15 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03080000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:15 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ptrace(0x4208, r1) r2 = fork() ptrace(0x10, r2) r3 = fork() tkill(r3, 0x3f) r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r6 = fork() r7 = gettid() kcmp(r6, r7, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x10, r7) fork() wait4(r3, 0x0, 0x8, 0x0) 19:54:15 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000900000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:15 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03060000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1890.834525] audit: type=1326 audit(1718135655.648:2283): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36512 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1890.843883] audit: type=1326 audit(1718135655.661:2284): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36512 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1890.855916] audit: type=1326 audit(1718135655.661:2285): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36512 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1890.857952] sg_write: 4 callbacks suppressed [ 1890.857998] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1890.857998] program syz-executor.4 not setting count and/or reply_len properly [ 1890.863438] sg_write: data in/out 134470832/8 bytes for SCSI command 0x3f-- guessing data in; [ 1890.863438] program syz-executor.0 not setting count and/or reply_len properly [ 1890.866564] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; 19:54:15 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1890.866564] program syz-executor.7 not setting count and/or reply_len properly [ 1890.868326] audit: type=1326 audit(1718135655.661:2286): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36512 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1890.872686] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1890.872686] program syz-executor.6 not setting count and/or reply_len properly [ 1890.878117] sg_write: data in/out 100916400/8 bytes for SCSI command 0x3f-- guessing data in; [ 1890.878117] program syz-executor.5 not setting count and/or reply_len properly [ 1890.889383] sg_write: data in/out 134470832/8 bytes for SCSI command 0x3f-- guessing data in; [ 1890.889383] program syz-executor.0 not setting count and/or reply_len properly [ 1890.891820] FAT-fs (loop3): bogus number of FAT structure [ 1890.892666] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1890.909536] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1890.909536] program syz-executor.6 not setting count and/or reply_len properly [ 1890.924080] audit: type=1326 audit(1718135655.751:2287): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36512 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1890.929091] audit: type=1326 audit(1718135655.756:2288): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36512 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:54:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:54:15 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000900000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:15 executing program 5: unlinkat(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x4) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x248803, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00') pread64(r1, &(0x7f0000000240)=""/83, 0x53, 0x200000048) getsockname(r1, &(0x7f0000000240)=@hci, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r2) clone3(&(0x7f0000000540)={0x91263100, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) r3 = openat(r1, &(0x7f0000000180)='./file1\x00', 0x80000, 0x82) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=r3, @ANYBLOB="20ec15629cc9b5f6de9d537975650d8186e872870995594d9aed62490fe3a381669f0a90c0bef2bcc4be6f74bb62288edc123ed8ba56cd5373575620779ba4f02c82b4a2919169933ea27038a8f7fdd6afba155c9f50e70b"]) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000040)={0x0, 0x4, 0x0, 'queue1\x00', 0xffffffff}) r4 = accept4$bt_l2cap(r2, &(0x7f0000000200), 0x0, 0x0) pidfd_getfd(r1, r4, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x15, 0x0, &(0x7f0000000280)=@abs={0x1}, 0x6e) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000480)=[r4], 0x1) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0) 19:54:15 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000d00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:15 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1891.056408] FAT-fs (loop3): bogus number of FAT structure [ 1891.057322] FAT-fs (loop3): Can't find a valid FAT filesystem 19:54:15 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03090000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1891.140759] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1891.140759] program syz-executor.7 not setting count and/or reply_len properly [ 1891.166162] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1891.166162] program syz-executor.6 not setting count and/or reply_len properly [ 1891.175128] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1891.175128] program syz-executor.4 not setting count and/or reply_len properly 19:54:16 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:16 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = fork() r5 = gettid() ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) ptrace(0x10, r6) kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x4207, r3) r7 = fork() r8 = fork() r9 = gettid() kcmp(r8, r9, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) tkill(r9, 0xb) wait4(r7, 0x0, 0x8, 0x0) [ 1891.304146] audit: type=1326 audit(1718135656.131:2289): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36658 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1891.310287] audit: type=1326 audit(1718135656.137:2290): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36658 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1891.336353] audit: type=1326 audit(1718135656.144:2291): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36658 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1891.365219] audit: type=1326 audit(1718135656.144:2292): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36658 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:54:31 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000d00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:31 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:54:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:54:31 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:31 executing program 5: syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100), 0x82, &(0x7f0000000140)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3dec8cccdf078a623060cfd6efbe0a3b17e8c10bbaec0c6d514c2dc77aaa14567fd1acd84849e654c4620e06", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',msize=0x0000000100000001,\x00']) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xc100, 0x1) 19:54:31 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) fadvise64(r2, 0x6, 0xffff800000000000, 0x3) r3 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3, @in_args={0x4}}, './file0\x00'}) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r5) r6 = fork() r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000002", @ANYRES16=r7, @ANYBLOB="010000000000000000001b000000060021"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000008c0)={&(0x7f00000007c0)={0xdc, r7, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x4, 0x5}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}]]}, 0xdc}, 0x1, 0x0, 0x0, 0x1}, 0xc8001) ptrace(0x10, r6) r8 = fork() tkill(r8, 0x800003f) wait4(r8, 0x0, 0x8, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="04050000180000022cbd7000fbdbdf2505000000afcc2d7df06c3343b1587f01c36cb157f195dda598dfcebefce1cf55966584ae8859e603fa334c86353375af0eb4c3b87341ce4dfd4328fdce6507df5ca7742068140d63412de93667c640171d4ccb8de57fe024fa1927be18ad5bc2740845e922b228efacc16156bccb85036c1f8d0f8a464ce2bf6295e3e9b6e578d19552e3f6c54594a9ef3ab8a38fb1a6b13e849cc6449bcd3533ea2709362846a612dec3143fd689ec026a5796b6630245829f0ca72b2dc01dfd53cf6cf52f32ee8ee66e058e89b94cc3c3b5ed3ce747d36eac6108004b00", @ANYRES32=r1, @ANYBLOB="e60008800c005a00060000000000000058f8c51922687cfc39b3c2d775a5f3e984025a2227c2404af0df562dd2ef5a826acb2a4b95ff5f9d87f5d9fbf53e9258a36283cfd4329f6e2f8eafc83c5464cb1a23c6ef340e1cc077a2c7020b392a478adcd638f44e6dc2799fcec1cc5b1024febe49861bcaa123f946459ec76b97ca0dfd7fe70dd5e15d16e015d3c32a220ab809706ebdd6416242d9ec99f84a87a3aa516c13c38887161cea07ef5d4f3cf110bbc52cf2a3fc9bce28ebe9bc723408f5328e3b683301c718c57d58149cea264584ef1e050a83994dec7ba8dbedbb44c7fef8b3cbb10000040083802703028008005800040000000c0083002d7b267b2c312400def87f1b1f0b48060ec7c79267f40444cc35b42b1a6171212e0e4a39df4f7c995cc350f528b2549736910885d8919d17e5a7dec8dbafe0e8f77408cc436b3700c6af9f9eb641ce1f7cd556b0de63c06380f2b842266d1d02fc4fbb86d8ce11d013a99c1549497238d6ce707db23d0bd4848a3fa851a0d8a72f18cbb9802026cab4ff5351ce2f746d88bd9ea1450d169d15c28d4098457ee63c4ddf54416358e0c2296e8248dd170909b4550f356be8c9e62e31d5318e53bf5196aaf5bef9605abf3b5a3ccd95ca711e1f175d1fb89d5909654869ba65e657232fc70049957c8289d501f9acb0d1816fa98eb8b3f72e35b7022420cc0f10bc45c7bc060acbbf185c38435781773da2c55c5d02ee71a001aa484e3dc1f5ec4a30e87f0d2a78ff40401da631094ffd87fb65aef26d2abf652b2af02e5721a7400d9a50996ab63d80a3c96df9ce2bf405ac81f1a505cd71a59b518948ffa245dec35dea75cbb338650075a55fd28b5a0a6e8000a15964529dad3e52f99460b2c05acb4b2608000d00040000001e2a3f986b470624bc0fae3a975c072b0804dc49f3621644b5f6a33e414573ff21c11324c4cd0cac4b0bc01bcace7b15f76aa203beb8478176772613ebb12af9b04b1601fa876d6db9ed3f490974108e125a7bf8f6cd1a58eb478d7ea1aa196caf1a86e9cbb6db0509f77a345cd31bf1fbc923197fdbc108160a6d5216e34835146812de57c7278638540c6920345f3735409fe441902f0fc7d97ed349ff8fbe9abeb0d75cfe891860493a2b74afd3fb6688fab08aad233a50ef2e1b9bcba3554ee948db7a21b5c68a7a70c025d8baacaa1850da66964a228f939ea1872e83f098b1dad7a4ca4450968117a635e3cf5a7f6df14fd740732aef2cf19473c2943ad7326fe5cf5398e3f38456ed49bc6ec2f7e5887c722e2c4f9f2e992507d899afc0a59573e7585f93b8878bb8abd6ef3191d701d8e030d54a686c6ba7234510355c83dedf113575ca78e21b2698816de9b747079d0b837b7a7fe24ef3f6ca603acf395925fa1b14b50fc67fc122766370951f369fa4eb38285065ea27da42927418d7793b1bc12dd2a2848f00"], 0x504}, 0x1, 0x0, 0x0, 0x4081}, 0x20044000) 19:54:31 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030d0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1906.831190] sg_write: 6 callbacks suppressed [ 1906.831221] sg_write: data in/out 218356912/8 bytes for SCSI command 0x3f-- guessing data in; [ 1906.831221] program syz-executor.0 not setting count and/or reply_len properly [ 1906.836985] kauditd_printk_skb: 3 callbacks suppressed [ 1906.837009] audit: type=1326 audit(1718135671.663:2296): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36884 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1906.847146] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1906.847146] program syz-executor.4 not setting count and/or reply_len properly [ 1906.849506] audit: type=1326 audit(1718135671.674:2297): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36884 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1906.853232] sg_write: data in/out 218356912/8 bytes for SCSI command 0x3f-- guessing data in; [ 1906.853232] program syz-executor.0 not setting count and/or reply_len properly [ 1906.857307] audit: type=1326 audit(1718135671.683:2298): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36884 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1906.872752] FAT-fs (loop3): bogus number of FAT structure [ 1906.873833] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1906.881529] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1906.881529] program syz-executor.7 not setting count and/or reply_len properly [ 1906.886687] audit: type=1326 audit(1718135671.683:2299): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36884 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1906.909100] audit: type=1326 audit(1718135671.688:2300): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36884 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1906.917356] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1906.917356] program syz-executor.6 not setting count and/or reply_len properly [ 1906.952095] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1906.952095] program syz-executor.6 not setting count and/or reply_len properly 19:54:31 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:31 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1907.042117] sg_write: data in/out 235134128/8 bytes for SCSI command 0x3f-- guessing data in; [ 1907.042117] program syz-executor.0 not setting count and/or reply_len properly 19:54:31 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) timer_delete(0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0) timer_create(0x3, &(0x7f0000000000)={0x0, 0x1c, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400e84dd34b97abbbe657ea4d00531600"], 0x14}}, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) read(r2, &(0x7f0000000080)=""/65, 0x41) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1907.057022] sg_write: data in/out 235134128/8 bytes for SCSI command 0x3f-- guessing data in; [ 1907.057022] program syz-executor.0 not setting count and/or reply_len properly [ 1907.067702] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1907.067702] program syz-executor.4 not setting count and/or reply_len properly 19:54:31 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:31 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc033e0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:31 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1907.188883] audit: type=1326 audit(1718135672.014:2301): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36884 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1907.191768] sg_write: data in/out 1040440496/8 bytes for SCSI command 0x3f-- guessing data in; [ 1907.191768] program syz-executor.0 not setting count and/or reply_len properly [ 1907.193305] audit: type=1326 audit(1718135672.014:2302): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=36884 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:54:32 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:32 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:32 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = gettid() kcmp(r3, r4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$getregs(0xffffffffffffffff, r3, 0x1, &(0x7f0000000080)=""/237) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r7, 0x6612) [ 1907.497287] audit: type=1326 audit(1718135672.316:2303): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37221 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1907.500904] audit: type=1326 audit(1718135672.324:2304): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37221 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1907.509205] audit: type=1326 audit(1718135672.328:2305): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37221 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:54:46 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:46 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03480000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1922.012641] kauditd_printk_skb: 3 callbacks suppressed [ 1922.012661] audit: type=1326 audit(1718135686.839:2309): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37333 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:54:46 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() r2 = gettid() kcmp(0x0, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000000080)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) kcmp(0x0, r2, 0x4, r3, r0) kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r5) r6 = fork() ptrace(0x10, r6) r7 = fork() tkill(r7, 0x3f) wait4(r7, 0x0, 0x8, 0x0) 19:54:46 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1922.018574] audit: type=1326 audit(1718135686.845:2310): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37333 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1922.023869] FAT-fs (loop3): bogus number of FAT structure [ 1922.024761] FAT-fs (loop3): Can't find a valid FAT filesystem 19:54:46 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:46 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:46 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:54:46 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1922.046306] audit: type=1326 audit(1718135686.855:2311): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37333 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1922.048595] audit: type=1326 audit(1718135686.856:2312): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37333 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1922.063291] sg_write: 4 callbacks suppressed [ 1922.063325] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.063325] program syz-executor.7 not setting count and/or reply_len properly [ 1922.064116] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.064116] program syz-executor.6 not setting count and/or reply_len properly [ 1922.075689] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.075689] program syz-executor.5 not setting count and/or reply_len properly [ 1922.083082] sg_write: data in/out 1208212656/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.083082] program syz-executor.0 not setting count and/or reply_len properly [ 1922.089386] audit: type=1326 audit(1718135686.916:2313): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37333 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1922.095041] audit: type=1326 audit(1718135686.920:2314): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37333 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1922.100021] sg_write: data in/out 1208212656/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.100021] program syz-executor.0 not setting count and/or reply_len properly [ 1922.107240] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.107240] program syz-executor.4 not setting count and/or reply_len properly [ 1922.130977] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.130977] program syz-executor.6 not setting count and/or reply_len properly [ 1922.137260] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.137260] program syz-executor.4 not setting count and/or reply_len properly 19:54:46 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:46 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc034c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:54:46 executing program 5: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x3d001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd21}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/unix\x00') readv(r0, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1) 19:54:47 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1922.254803] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.254803] program syz-executor.7 not setting count and/or reply_len properly [ 1922.259831] sg_write: data in/out 1275321520/8 bytes for SCSI command 0x3f-- guessing data in; [ 1922.259831] program syz-executor.0 not setting count and/or reply_len properly 19:54:47 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000003000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:55:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(0xffffffffffffffff, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:55:00 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 5: syz_genetlink_get_family_id$ethtool(&(0x7f0000001680), 0xffffffffffffffff) 19:55:00 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=0x0) ptrace$setsig(0x4203, r5, 0x5, &(0x7f00000000c0)={0x35, 0x10000, 0x3}) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r6, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r6, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r7 = syz_open_dev$vcsn(&(0x7f0000001500), 0x3, 0x4a200) r8 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000001540), 0x80, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001640)=[{{&(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000140)="681d7ea9f9b3f54430779ace07927a58e2689c8707583901", 0x18}, {&(0x7f0000000280)="043f4fcd52762100e2b5ab0d206f6070fd2ef80e09e0467463805cbec91748d2fc3405619120dec5824d80356d56e6984aa9cc20af795b4f8fd52a8d7b60fc252eaa99020ab791b916ac2241dae9e7d86ac72329c33b14b4bbd0376de8a01779c5fee390f008ebf32d7cf004ffc35a76a9f1cc19db59cbe61c7bb792ea2fe7ca0aa9199ac38e792df172815bc8751e1d8cfcd7fc8f388ffe89f5d3c3748e362aec5a3d3a90fe76d35d34f6069fd90977d0e83d50c2499bf049d9950e8f8bdfe0eaab7fd6723530d2c5a98a49b051d9b4de1ecbfbc881ba1f1d1bb5c3fdc84b15d78fbbe4564c43185774be659f1f45af4053d4c8b11e", 0xf6}, {&(0x7f0000000380)="81cac140cc7fa4ee6de9beec5b87e7eccb1b2a79e37b4605e0b963423ec93903246025ef5f727d92fa07f42a75fcc2f79eb43045a12f53b891bb8242a66eb851c52ab8546ec3f27e8b436847330a71fb87a7a4076c16953d859baeec2a745d88ae6e10b9473b6e782ee5c37e99bb53f8edc2a68b7fd36c8c37838eee6611d44e93d17b0b3725c9c52f4241a186fe902c4e0bd4f15383bd2cd40f277516022c9b2acf8c6593f79a23dad1fc57abbe1b33733d1cfde4b1e368db4cd2744e07ecf9", 0xc0}, {&(0x7f0000000440)="8c956d7bff18352234baf429b11abb50fa9ec565a33c9721f79111e71337182e02bec69996b9c82efe98d2388e360f34071ab975bd113132d6595f8f329435cb0d5fad6c5554ddf5cb8babdda93696be6f0c6d4ac056d0623f55f4775da5e5af9c1975a28b0c08af33f069e1bf43c67681a74fd460ee98f63279d7ecdfe90371579e8c9ea0a03fd4eb602518b205ba6ee9cc0991f911069c4bafd0917853c1a8cba8631bd48d52ee250e2a571333bb8e7f1ab7389c703ceea4c50e1fd454ac8bbdd451d0a1919914aecd2b9321cfc83ed1f2d06f739250f1bbfdd68d6557dc8735ee79b168c5d619df07d019d8bd6caa754d6c", 0xf3}, {&(0x7f0000000540)="0494376c6079ec6be126bd145e77e24c6b3cdb60423568eadcc0b7e70c166ccc31107c00a110a569aca67fe269d00ebcd65baf71bf03599493e1a421db52956eb657668d965c", 0x46}, {&(0x7f00000005c0)="84c23e44a5cffb4cc2304d2cbcc3289ad4a416d67e5493a49f3f677bf4b73f4526494eed58f53f2c42987028b920e8ef960176ce53c15707d130ee1087fd7506c43fccbd27641bd3ef4375912f619d4ea2919d4dcdf17468f1f268a2e5997cc6fa3a6970f7ffe3cff3f7d397bc5c937e3a8b46ef69fc8ef1942cef472e7b7458aaeef1974a32a4656664a08705bd8885f12ded2709615c14dcbb1d867d594b871dad94e44ffbb7fb9725c56ed1150dfbe3f44b84b7360374c344536558c746cd25f1b0bbe490470a832ef3c05866af126ca69181eaaf65db5aa2ec3491c83965e8f7dcb0d145ae0ed3977a90ce5fb03d9efa02a095a41de44c72", 0xfa}, {&(0x7f00000006c0)="2d2920f8749bbbfe2d676a0d0324a9cacf6b7ef7687322ad801ccec11138392695841c276a1291d6968ab5d95a33902d0f728f40c40fb491948d6124d4a9573bf03916f154c70f650d8a85056903269ebd0ca90edff8417a3996", 0x5a}, {&(0x7f0000000740)="a204c4c396685c023e09a322ce6a337c9d454c1b2f3a3607a8b3304dcf460f48eb4af56242421b5401e97a76053e248595d1077142eada513ec6f739cb9a97e03c8c66efc1fadd8f", 0x48}, {&(0x7f00000007c0)}], 0x9, &(0x7f0000000dc0)=[@cred={{0x1c, 0x1, 0x2, {r2}}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @cred={{0x1c, 0x1, 0x2, {r1, 0xee01, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r5, 0x0, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}], 0xd0, 0x4000}}, {{&(0x7f0000000ec0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000010c0)=[{&(0x7f0000000f40)="28e73b5e383ff5d77e132da90d1e5ec31752e3f1ad4dd074c6926eba8600f1f74552a2b94ebfa1ed39d42c009542aaedd597ae26a465ed19de38d1d06cde346a2e05ca20352dc0f876caf6f3c672c08af0efe0636644", 0x56}, {&(0x7f0000000fc0)="da181d04f802337dd72e94507e376be6ad8437ee0662868b2e8b756e2d081a9557dc849ff7938ae151ef7747ce7c33cd2953a488dec66f4c", 0x38}, {&(0x7f0000001000)="1145fe9496ee667f4cd5f0c9979d715e07a4d474", 0x14}, {&(0x7f0000001040)="d00a99a1270f7e306f361eac2916a687e2dad74cc0668fad0f9566c56e0137b4229534ace690ca603296d37333c44f987eb6fc1ab44814482484b65a1f33afd152229e20f938964d6de6877454b3", 0x4e}], 0x4, &(0x7f0000001580)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, r0, r7]}}, @rights={{0x1c, 0x1, 0x1, [r8, r0, r0]}}], 0xa8}}], 0x2, 0x8050) wait4(r4, 0x0, 0x8, 0x0) [ 1935.284049] sg_write: 3 callbacks suppressed [ 1935.284063] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.284063] program syz-executor.4 not setting count and/or reply_len properly 19:55:00 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03680000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1935.299025] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.299025] program syz-executor.7 not setting count and/or reply_len properly [ 1935.306070] audit: type=1326 audit(1718135700.132:2315): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37587 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1935.317200] audit: type=1326 audit(1718135700.140:2316): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37587 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1935.320937] audit: type=1326 audit(1718135700.147:2317): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37587 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1935.323127] audit: type=1326 audit(1718135700.148:2318): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37587 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1935.323278] FAT-fs (loop3): bogus number of FAT structure [ 1935.325968] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1935.329209] audit: type=1326 audit(1718135700.148:2319): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37587 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:55:00 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x46e2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) fallocate(r1, 0x0, 0x6, 0x0) r2 = socket$netlink(0x10, 0x3, 0x9) sendmsg$nl_generic(r2, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000005e00c5d500001c0000000000000002000800000000020000ba"], 0x1c}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1b1000, 0x0) ftruncate(r0, 0x1000003) syz_open_dev$sg(&(0x7f00000000c0), 0x4, 0x20000) open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x81001) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0) socket$netlink(0x10, 0x3, 0x9) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{0x0, 0x7ff}, {0x5}]}, 0x14, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0xfffffffffffffff7, 0xbc0d}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) r4 = mq_open(&(0x7f00000001c0)='\x00', 0x40, 0x1, &(0x7f0000000240)={0x100000000, 0x8001, 0x1, 0xfffffffffffffffd}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x9, 0x100, 0x70bd26, 0x25dfdbfd, {0x6}, [@typed={0xc, 0x77, 0x0, 0x0, @u64=0xd000}, @typed={0x8, 0x1a, 0x0, 0x0, @fd=r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x48810}, 0x40000) [ 1935.361085] sg_write: data in/out 1745083568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.361085] program syz-executor.0 not setting count and/or reply_len properly [ 1935.370434] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.370434] program syz-executor.6 not setting count and/or reply_len properly [ 1935.414288] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.414288] program syz-executor.6 not setting count and/or reply_len properly [ 1935.423291] sg_write: data in/out 1745083568/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.423291] program syz-executor.0 not setting count and/or reply_len properly 19:55:00 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000005000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(0xffffffffffffffff, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:55:00 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc036c0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1935.509250] audit: type=1326 audit(1718135700.336:2320): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37587 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1935.513983] audit: type=1326 audit(1718135700.341:2321): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37587 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1935.540593] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.540593] program syz-executor.4 not setting count and/or reply_len properly [ 1935.544688] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.544688] program syz-executor.7 not setting count and/or reply_len properly [ 1935.569056] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.569056] program syz-executor.6 not setting count and/or reply_len properly [ 1935.570397] sg_write: data in/out 1812192432/8 bytes for SCSI command 0x3f-- guessing data in; [ 1935.570397] program syz-executor.0 not setting count and/or reply_len properly 19:55:00 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000180)}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) r2 = fork() r3 = gettid() kcmp(r2, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) tkill(r3, 0x2) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() r7 = fork() r8 = gettid() kcmp(r7, r8, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs(r8, &(0x7f0000000080)='net/ip6_tables_targets\x00') tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:55:00 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000006000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(0xffffffffffffffff, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:55:00 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:55:21 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=0x0) ptrace$setsig(0x4203, r5, 0x5, &(0x7f00000000c0)={0x35, 0x10000, 0x3}) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r6, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r6, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) r7 = syz_open_dev$vcsn(&(0x7f0000001500), 0x3, 0x4a200) r8 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000001540), 0x80, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001640)=[{{&(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000140)="681d7ea9f9b3f54430779ace07927a58e2689c8707583901", 0x18}, {&(0x7f0000000280)="043f4fcd52762100e2b5ab0d206f6070fd2ef80e09e0467463805cbec91748d2fc3405619120dec5824d80356d56e6984aa9cc20af795b4f8fd52a8d7b60fc252eaa99020ab791b916ac2241dae9e7d86ac72329c33b14b4bbd0376de8a01779c5fee390f008ebf32d7cf004ffc35a76a9f1cc19db59cbe61c7bb792ea2fe7ca0aa9199ac38e792df172815bc8751e1d8cfcd7fc8f388ffe89f5d3c3748e362aec5a3d3a90fe76d35d34f6069fd90977d0e83d50c2499bf049d9950e8f8bdfe0eaab7fd6723530d2c5a98a49b051d9b4de1ecbfbc881ba1f1d1bb5c3fdc84b15d78fbbe4564c43185774be659f1f45af4053d4c8b11e", 0xf6}, {&(0x7f0000000380)="81cac140cc7fa4ee6de9beec5b87e7eccb1b2a79e37b4605e0b963423ec93903246025ef5f727d92fa07f42a75fcc2f79eb43045a12f53b891bb8242a66eb851c52ab8546ec3f27e8b436847330a71fb87a7a4076c16953d859baeec2a745d88ae6e10b9473b6e782ee5c37e99bb53f8edc2a68b7fd36c8c37838eee6611d44e93d17b0b3725c9c52f4241a186fe902c4e0bd4f15383bd2cd40f277516022c9b2acf8c6593f79a23dad1fc57abbe1b33733d1cfde4b1e368db4cd2744e07ecf9", 0xc0}, {&(0x7f0000000440)="8c956d7bff18352234baf429b11abb50fa9ec565a33c9721f79111e71337182e02bec69996b9c82efe98d2388e360f34071ab975bd113132d6595f8f329435cb0d5fad6c5554ddf5cb8babdda93696be6f0c6d4ac056d0623f55f4775da5e5af9c1975a28b0c08af33f069e1bf43c67681a74fd460ee98f63279d7ecdfe90371579e8c9ea0a03fd4eb602518b205ba6ee9cc0991f911069c4bafd0917853c1a8cba8631bd48d52ee250e2a571333bb8e7f1ab7389c703ceea4c50e1fd454ac8bbdd451d0a1919914aecd2b9321cfc83ed1f2d06f739250f1bbfdd68d6557dc8735ee79b168c5d619df07d019d8bd6caa754d6c", 0xf3}, {&(0x7f0000000540)="0494376c6079ec6be126bd145e77e24c6b3cdb60423568eadcc0b7e70c166ccc31107c00a110a569aca67fe269d00ebcd65baf71bf03599493e1a421db52956eb657668d965c", 0x46}, {&(0x7f00000005c0)="84c23e44a5cffb4cc2304d2cbcc3289ad4a416d67e5493a49f3f677bf4b73f4526494eed58f53f2c42987028b920e8ef960176ce53c15707d130ee1087fd7506c43fccbd27641bd3ef4375912f619d4ea2919d4dcdf17468f1f268a2e5997cc6fa3a6970f7ffe3cff3f7d397bc5c937e3a8b46ef69fc8ef1942cef472e7b7458aaeef1974a32a4656664a08705bd8885f12ded2709615c14dcbb1d867d594b871dad94e44ffbb7fb9725c56ed1150dfbe3f44b84b7360374c344536558c746cd25f1b0bbe490470a832ef3c05866af126ca69181eaaf65db5aa2ec3491c83965e8f7dcb0d145ae0ed3977a90ce5fb03d9efa02a095a41de44c72", 0xfa}, {&(0x7f00000006c0)="2d2920f8749bbbfe2d676a0d0324a9cacf6b7ef7687322ad801ccec11138392695841c276a1291d6968ab5d95a33902d0f728f40c40fb491948d6124d4a9573bf03916f154c70f650d8a85056903269ebd0ca90edff8417a3996", 0x5a}, {&(0x7f0000000740)="a204c4c396685c023e09a322ce6a337c9d454c1b2f3a3607a8b3304dcf460f48eb4af56242421b5401e97a76053e248595d1077142eada513ec6f739cb9a97e03c8c66efc1fadd8f", 0x48}, {&(0x7f00000007c0)}], 0x9, &(0x7f0000000dc0)=[@cred={{0x1c, 0x1, 0x2, {r2}}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @cred={{0x1c, 0x1, 0x2, {r1, 0xee01, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r5, 0x0, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}], 0xd0, 0x4000}}, {{&(0x7f0000000ec0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000010c0)=[{&(0x7f0000000f40)="28e73b5e383ff5d77e132da90d1e5ec31752e3f1ad4dd074c6926eba8600f1f74552a2b94ebfa1ed39d42c009542aaedd597ae26a465ed19de38d1d06cde346a2e05ca20352dc0f876caf6f3c672c08af0efe0636644", 0x56}, {&(0x7f0000000fc0)="da181d04f802337dd72e94507e376be6ad8437ee0662868b2e8b756e2d081a9557dc849ff7938ae151ef7747ce7c33cd2953a488dec66f4c", 0x38}, {&(0x7f0000001000)="1145fe9496ee667f4cd5f0c9979d715e07a4d474", 0x14}, {&(0x7f0000001040)="d00a99a1270f7e306f361eac2916a687e2dad74cc0668fad0f9566c56e0137b4229534ace690ca603296d37333c44f987eb6fc1ab44814482484b65a1f33afd152229e20f938964d6de6877454b3", 0x4e}], 0x4, &(0x7f0000001580)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, r0, r7]}}, @rights={{0x1c, 0x1, 0x1, [r8, r0, r0]}}], 0xa8}}], 0x2, 0x8050) wait4(r4, 0x0, 0x8, 0x0) 19:55:21 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03740000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r2, 0x0, 0x20000004) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:55:21 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000007000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x200, 0x15d) ptrace(0x10, r3) r5 = fork() r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r6, &(0x7f0000000040), 0x12) stat(&(0x7f0000000200)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, 0x0, 0x0) sendmsg$nl_netfilter(r6, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r7, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) fspick(r6, &(0x7f00000000c0)='./file0\x00', 0x1) tkill(r5, 0x3f) setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xc, &(0x7f00000001c0)=0x4, 0x2) wait4(r5, 0x0, 0x8, 0x0) [ 1956.858766] audit: type=1326 audit(1718135721.685:2322): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37954 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1956.860098] sg_write: 4 callbacks suppressed [ 1956.860118] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1956.860118] program syz-executor.4 not setting count and/or reply_len properly [ 1956.862152] audit: type=1326 audit(1718135721.689:2323): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37947 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb212c2db19 code=0x7ffc0000 [ 1956.867216] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1956.867216] program syz-executor.7 not setting count and/or reply_len properly [ 1956.869254] sg_write: data in/out 1946410160/8 bytes for SCSI command 0x3f-- guessing data in; [ 1956.869254] program syz-executor.0 not setting count and/or reply_len properly [ 1956.872128] FAT-fs (loop3): bogus number of FAT structure [ 1956.873047] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1956.873280] audit: type=1326 audit(1718135721.694:2324): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37947 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fb212c2db19 code=0x7ffc0000 [ 1956.878606] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1956.878606] program syz-executor.6 not setting count and/or reply_len properly [ 1956.887295] audit: type=1326 audit(1718135721.695:2325): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37954 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1956.895565] sg_write: data in/out 1946410160/8 bytes for SCSI command 0x3f-- guessing data in; [ 1956.895565] program syz-executor.0 not setting count and/or reply_len properly [ 1956.898129] audit: type=1326 audit(1718135721.703:2326): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37947 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb212c2db19 code=0x7ffc0000 [ 1956.906772] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1956.906772] program syz-executor.6 not setting count and/or reply_len properly [ 1956.909137] audit: type=1326 audit(1718135721.703:2327): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37947 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fb212c2db19 code=0x7ffc0000 [ 1956.909202] audit: type=1326 audit(1718135721.704:2328): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37954 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1956.931175] audit: type=1326 audit(1718135721.704:2329): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37954 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1956.939093] audit: type=1326 audit(1718135721.762:2330): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37947 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb212c2db19 code=0x7ffc0000 [ 1956.944991] audit: type=1326 audit(1718135721.763:2331): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=37947 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb212c2db19 code=0x7ffc0000 19:55:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r2, 0x0, 0x20000004) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:55:21 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc037a0000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000003000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000009000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:21 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000003000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1957.036479] sg_write: data in/out 2047073456/8 bytes for SCSI command 0x3f-- guessing data in; [ 1957.036479] program syz-executor.0 not setting count and/or reply_len properly [ 1957.045332] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1957.045332] program syz-executor.4 not setting count and/or reply_len properly [ 1957.063150] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1957.063150] program syz-executor.7 not setting count and/or reply_len properly [ 1957.081055] sg_write: data in/out 2047073456/8 bytes for SCSI command 0x3f-- guessing data in; [ 1957.081055] program syz-executor.0 not setting count and/or reply_len properly 19:55:21 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, 0xffffffffffffffff, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) ptrace(0x10, r1) r3 = fork() r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r6 = fork() r7 = gettid() kcmp(r6, r7, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r8 = fcntl$getown(0xffffffffffffffff, 0x9) clone3(&(0x7f00000001c0)={0x800000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x33}, &(0x7f0000000280)=""/151, 0x97, &(0x7f0000000340)=""/130, &(0x7f00000006c0)=[0x0, r1, r2, r4, r7, r8], 0x6}, 0x58) syz_open_procfs(0x0, &(0x7f0000000140)='net/dev\x00') tkill(r6, 0x3f) wait4(r3, 0x0, 0x8, 0x0) 19:55:21 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0xfca0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x90120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffc, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a40)=ANY=[@ANYBLOB="98000000200039040000000000000000020000000dc0c23671f1a964651e4d52c3dc9432e6af519d60c901a7ea83dce8f6a9c36adbbf7c07348ed7953cc124f0f2e2f1324bf1187b4e1f5a7bf5116e03f38056144e4fd6711849a6579e46004fbfb9ae80572129d57aa41a4c792b56978ebd2e72f57ca14145d7bcd879afed4e97abd691d56cf2d815f272170c0011000000000000000000bb3e3c7562af739c74b82fd57e7bd51e163e9c2394948632056b9357f234b64631cba457c59e6d0eae9098c89e3c7aa8b1cbc03bd674263161cff69945516e14595dfad881c353d7fb9bbdc2fb19f3306b4f29f5ac8dddb92ee4fe33f6e190dffd186aa055b9a9547a834f1d619073f3ccf4b3acda5d78a8cff254a2de72f20938d689ca4044e9b0a3ee3627818c70cc78d1fe11e55c898d61e09dd9cc4bdefd952f33d4697d06ffd93de78dd16ff6fabb99fb6b42eb449d317ff0f62c982878d984496c08a7a672102affbb245b18bb390e66298d7220110693dd4d00d4a7b9a75298857b75fa243b23c8cf9643bb0000000000"], 0x98}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = add_key$keyring(0x0, &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, r2) r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) r5 = add_key(&(0x7f0000000200)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000540)="18726d0eed55eaa57fc580dc3a0b12e0a5ee08da294ac8119c4c73f93694f2a935d17a81959d084839f846dca8739131e4a9c45c6509af44529537eae3b5a4793a9a0aacfd7a75f2b566b874939829b82a35d20d1985a92c5d7ba971251e89286f64438db33a7f05fb0d1707fd3fa27a56032a79c1d09558fbbfcb2e5f36d3e7e1c749ad35c2064fa087cf6359507a36eb69853e0cdd920cbb7586aedf5a2e5a9a1a6b8d11c08a14918b01d07c92179dfae1ef58835b5fa4be28fbd3b3eac1c9f3cf74fbe25748c55d23902439133eecfafb2e0f", 0xd4, 0xfffffffffffffffa) add_key(0x0, &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, r5) add_key$keyring(&(0x7f0000000100), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, r4) add_key$keyring(&(0x7f0000000140), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r3) add_key$keyring(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) sendmsg$NL80211_CMD_REQ_SET_REG(r1, 0x0, 0x20000010) r6 = syz_open_procfs(0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) ioctl$TIOCGSERIAL(r6, 0x541e, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=""/188}) unshare(0x48020200) 19:55:21 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000005000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1957.192623] netlink: 124 bytes leftover after parsing attributes in process `syz-executor.5'. 19:55:36 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000005000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r2, 0x0, 0x20000004) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:55:36 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000a000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:36 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:36 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000006000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1971.900001] sg_write: 3 callbacks suppressed [ 1971.900022] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1971.900022] program syz-executor.7 not setting count and/or reply_len properly [ 1971.925783] kauditd_printk_skb: 52 callbacks suppressed [ 1971.925801] audit: type=1326 audit(1718135736.752:2384): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38407 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1971.929832] audit: type=1326 audit(1718135736.752:2385): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38407 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1971.936399] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1971.936399] program syz-executor.0 not setting count and/or reply_len properly [ 1971.936542] audit: type=1326 audit(1718135736.753:2386): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38407 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1971.945803] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1971.945803] program syz-executor.0 not setting count and/or reply_len properly 19:55:36 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace$getregs(0xffffffffffffffff, r1, 0x4, &(0x7f0000000080)=""/105) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:55:36 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="34000000100001000600000000000000000000000500000000000000150000809be149f8326500000ad022cea3b5906ed71efbac71604114ae634a1d3f5b42332fdb1ddff6c996d594f336ad93897a4c7c7d052c951ff3b19a2ae8dfe7daae4433b91e5be24f079e43a9064d68a1d688cb564c5100107341e4376c1319a3cb91015718c602f3acaab637ceb7852dafdf71f385cfa97aa0b4888bc38b88bda6372e3668ad38b7f74f5579af15893a0dab9e300e7373804caf35b65ecb611c48d698f5ab174fbc688112a84bc0f1ed5b30c723ba82fe9c380000000000005a3ec6986122d762e9332637b2749b2688ab9bedbbcbcdad44d1d0c9499ea0d1d017c24950440343fd5a9bd707945e1e44785b"], 0x34}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_io_uring_setup(0x3167, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco}, 0x0) r6 = eventfd2(0x8, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r6, 0xc010f508, &(0x7f0000000040)={0x3, 0x2}) io_uring_enter(r1, 0x76d3, 0x80, 0x1, 0x0, 0x0) r7 = fsmount(r5, 0x1, 0x72) execveat(r7, &(0x7f0000000180)='./file0\x00', &(0x7f00000005c0)=[&(0x7f0000000400)='\x00', &(0x7f0000000bc0)='\x00\x80C\x107\xa64\xee\xbd*\xd4o\x8a?[\x98\xf29\xee\xc7\x90\x97\xaa\xc3\xc8Zq\xf3\x91\x04[S\\B2m=V\x89\x99\x96Q\xcaA\x18\xaf\xaf:\xf1\xab\x80\"\x7f\xb3\x18\xfe\xd7\xbd\xcd\xcdIf\xae\xb5\x87\xb8#\xe1\xbe\xec\xf0\t\xa1\xf7\xa7\xb1\x9d\xc7\xc2\xf0\x02\xaf\xc4\xd0@\xc2\x12\'\xb9\x9a\xea\x90e%\xe6\xd2E\x19E/\xc6\x17gB0Qim\x82u\x0fZ\xa9\x14\xf5\xc7X\xa9\x00\xb7\xaf\xcfouN\xbd\xb2\t^\xbe&~\xa7l\xfa\x036\x1c\"\x80\xfc/\x9b\x95\xf1!K\xc5{\xe7\xfdB[\xca\x87\x9bc\x98dg\x1a\xa1\xaa\xb4\x19\x7f\xa7\x90y\x9fq\xf5\x8a\xa9 \xa6\xdd\xf0+gb\xa6g\\\xec\tz\x06\xdf\x1a\x9c\xc9\xf7\xcc\x85\xb4G\xe9\xd3D\xf4\x8c\n\x17\xd5\x00\xf18\xb3T', &(0x7f0000000480)='\x00', &(0x7f00000004c0)='\x00', &(0x7f0000000500)='\x00', &(0x7f0000000540)='\x00', &(0x7f0000000a00)='\x009\x1c\xaf\x14\xe6\xeb\xe9\xf1\xccO@\xbd\xfc\xbdN\xfa\x93Z\x94\xfd\xc6]\xc3\x81g\x95\'\xb7\xf2\xe8\xbf\xd3\xf3\"\xf0Z\x93T\xa1\xc6\x10\x01\xba\xf0\x11\x01 \x94X\x7fQ\xa6\v\xfa\xc2\\$\xad\x96A\xd6\xdf|\x0e,c\xc4\x13\xfb\x91\xc5|{\xde\'xb\xcd\xb2\x177\x83\'\xdb\xf6y_\x10\x87\x01\xd4\xb1\x9b\xe4\xac\xf0D4\xe6v\x86\x02^bt\xbf!b\xd4k\x11\xf5Nj\x97P\b\xf2\xdd\r\xaa,g\xfc\x8f*\bq\x10wl\xe0\x02HG)\xa0\xb9%\x12\x9fx]\xf8Gz`\xfd\x00l\xe9<\xa5\xbd\x9f\x80\xa5\x0f\xd3\xf7\xc8\x98'], &(0x7f0000000840)=[&(0x7f0000000600)='[*\x00', &(0x7f0000000000)='\xff\xb1\xc2k\xc9\xbf1Q\x9e^\x9a\x9dOW\xa5\x0el\xd2~\xa7%\xa5 \rZ\x81l\xa6\x97\xc6\xb90S\x04\x9b\xcb', &(0x7f0000000680)='\x00', &(0x7f0000000940)=']\xadt\xe0\r\xa3\xd7\xe8\x91\x90\n\x03_\x85\xa9\'E\xae\"\xeb]DE\xa3w\x8b\x94\xf7Yf\x03\x00\xd2:-\xab7\xd0\xf6\x0e\x903U\xe1\xe2\x8cS*HC\x17\xa0}@\xf4.\x87]\xed\x1f\x1e\xe8;\xfd\xee$\x8f\xba\xa5@\"\x93\xf7yR\x95z\x95\xc4\x03{\x11\xbe\xb3e\xb8B\x13\xa3uh\xcf\x11\xc7{Y\x0fp\x031\xb1/b_mq\x96\xccc\xa7\xbb\xb4T\x00J\xd7\xb8\n\xd4\xd9B\xa9\xec\xc5\xb5\x0e\xf1Q\x03\xbcX\x8d\xb2\xf6^\xb9\xc8\xa5\xdc\xa5\xcb\xde\xd3\xd03\xcc\xbe\xed\x9b\xbd\xcbb\x91\x98\x80\xe1X(t\xda\xd3F\x02\xa9\xa0\x81\xce;{\xfa\xba\xa3,{\xe87\xf6\x0f\xf9M\xb5mz', &(0x7f0000000700)='\x00', &(0x7f0000000740)='\x00', &(0x7f0000000100)='!\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00'], 0x1000) openat(r5, &(0x7f0000000240)='./file0\x00', 0x200, 0x2) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r9 = dup2(0xffffffffffffffff, r5) openat(r9, &(0x7f00000000c0)='./file0\x00', 0x200040, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r8, 0x0) 19:55:36 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000d000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1971.953254] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1971.953254] program syz-executor.4 not setting count and/or reply_len properly [ 1971.955890] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1971.955890] program syz-executor.6 not setting count and/or reply_len properly [ 1971.959486] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1971.968793] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1971.968793] program syz-executor.7 not setting count and/or reply_len properly [ 1971.969439] audit: type=1326 audit(1718135736.757:2387): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38407 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1971.988360] FAT-fs (loop3): bogus number of FAT structure [ 1971.989233] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1971.995634] audit: type=1326 audit(1718135736.757:2388): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38407 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1972.016534] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1972.016534] program syz-executor.0 not setting count and/or reply_len properly [ 1972.023651] audit: type=1326 audit(1718135736.849:2389): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38407 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1972.031033] audit: type=1326 audit(1718135736.850:2390): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38407 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1972.032147] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1972.032147] program syz-executor.6 not setting count and/or reply_len properly [ 1972.036106] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1972.036106] program syz-executor.0 not setting count and/or reply_len properly 19:55:36 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000500000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:36 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000007000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x0) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:55:36 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000e000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:36 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x18, r1, 0xb0b, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}}, 0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000080)={0x10, 0x17, 0x0, {0x7, './file1'}}, 0x3ffffe00) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000002dc0), 0xffffffffffffffff) sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)={0x28, r4, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}]}, 0x28}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x1a, 0x101, 0x0, 0x0, {}, [@generic="7b828f25ec5b"]}, 0x1c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_MPATH(r5, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, 0x0, 0x4, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x0, 0x69}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) r7 = getpgrp(0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000300}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x0, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x29}, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r7}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x20}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4800) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 1972.181651] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1972.181651] program syz-executor.4 not setting count and/or reply_len properly 19:55:37 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000006000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:37 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000600000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1977.200506] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1977.201489] print_req_error: 23 callbacks suppressed [ 1977.201509] blk_update_request: I/O error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 1977.204062] buffer_io_error: 4110 callbacks suppressed [ 1977.204075] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 1977.206092] Buffer I/O error on dev sr0, logical block 1, lost async page write [ 1977.207283] Buffer I/O error on dev sr0, logical block 2, lost async page write [ 1977.208481] Buffer I/O error on dev sr0, logical block 3, lost async page write [ 1977.209713] Buffer I/O error on dev sr0, logical block 4, lost async page write [ 1977.210902] Buffer I/O error on dev sr0, logical block 5, lost async page write [ 1977.212101] Buffer I/O error on dev sr0, logical block 6, lost async page write [ 1977.213289] Buffer I/O error on dev sr0, logical block 7, lost async page write [ 1977.214484] Buffer I/O error on dev sr0, logical block 8, lost async page write [ 1977.215678] Buffer I/O error on dev sr0, logical block 9, lost async page write [ 1977.220852] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1977.221875] blk_update_request: I/O error, dev sr0, sector 127 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 1977.238647] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1977.239576] blk_update_request: I/O error, dev sr0, sector 254 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 1977.243596] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1977.244501] blk_update_request: I/O error, dev sr0, sector 381 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 1977.256641] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1977.257564] blk_update_request: I/O error, dev sr0, sector 508 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 1977.261550] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1977.262446] blk_update_request: I/O error, dev sr0, sector 635 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 1977.266843] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1977.268059] blk_update_request: I/O error, dev sr0, sector 762 op 0x1:(WRITE) flags 0x100000 phys_seg 14 prio class 0 19:55:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x0) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:55:50 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300003e000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:50 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000007000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:50 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000700000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:50 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() r4 = fcntl$dupfd(r0, 0x0, r0) fallocate(r4, 0x10, 0x4, 0x5) ptrace(0x10, r3) r5 = fork() tkill(r5, 0x3f) wait4(r5, 0x0, 0x8, 0x0) 19:55:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x0) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1986.004392] audit: type=1326 audit(1718135750.831:2391): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1986.004892] sg_write: 4 callbacks suppressed [ 1986.004918] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.004918] program syz-executor.6 not setting count and/or reply_len properly [ 1986.008649] audit: type=1326 audit(1718135750.831:2392): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1986.018113] FAT-fs (loop3): bogus number of FAT structure [ 1986.018714] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1986.034262] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.034262] program syz-executor.6 not setting count and/or reply_len properly 19:55:50 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000009000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:50 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x18, r1, 0xb0b, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}}, 0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000080)={0x10, 0x17, 0x0, {0x7, './file1'}}, 0x3ffffe00) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000002dc0), 0xffffffffffffffff) sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)={0x28, r4, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}]}, 0x28}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x1a, 0x101, 0x0, 0x0, {}, [@generic="7b828f25ec5b"]}, 0x1c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_MPATH(r5, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, 0x0, 0x4, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x0, 0x69}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) r7 = getpgrp(0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000300}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x0, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x29}, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r7}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x20}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4800) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 1986.038626] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.038626] program syz-executor.7 not setting count and/or reply_len properly [ 1986.046084] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.046084] program syz-executor.4 not setting count and/or reply_len properly [ 1986.050030] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.050030] program syz-executor.0 not setting count and/or reply_len properly [ 1986.053861] audit: type=1326 audit(1718135750.836:2393): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1986.075641] audit: type=1326 audit(1718135750.836:2394): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1986.108725] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.108725] program syz-executor.0 not setting count and/or reply_len properly [ 1986.119799] audit: type=1326 audit(1718135750.884:2395): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1986.121928] audit: type=1326 audit(1718135750.890:2396): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:55:50 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000009000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1986.137839] audit: type=1326 audit(1718135750.891:2397): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:55:50 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000d000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x0) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1986.150579] audit: type=1326 audit(1718135750.893:2398): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1986.192795] audit: type=1326 audit(1718135750.894:2399): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 1986.194861] audit: type=1326 audit(1718135750.894:2400): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=38756 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:55:51 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000040000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:51 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000900000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 1986.198122] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.198122] program syz-executor.6 not setting count and/or reply_len properly [ 1986.220352] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.220352] program syz-executor.4 not setting count and/or reply_len properly [ 1986.224293] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.224293] program syz-executor.6 not setting count and/or reply_len properly 19:55:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(0xffffffffffffffff, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 1986.284160] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 1986.284160] program syz-executor.0 not setting count and/or reply_len properly 19:55:51 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000d000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:55:51 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000e000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:08 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000048000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:08 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000d00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:08 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) kcmp(0x0, 0x0, 0x3, r0, r0) ptrace(0x10, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r1) r2 = fork() ptrace(0x10, r2) r3 = fork() tkill(r3, 0x3f) wait4(r3, 0x0, 0x8, 0x0) 19:56:08 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./mnt\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./mnt\x00', 0x0, 0x0, 0x0, 0x3a4c4a1, &(0x7f0000000340)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0, @ANYBLOB="80df688f87176ddf158ae13ae1e5983cd08007269dcc547a465c5c22f2c6445edee166a578ba0041927b39901ffdb53bf09820bdf7cccd52103c83e7a15dba02db0afe13fc81b9a0eac5b1275ec0f51a8899db342713f89214877f8d76124ae9df8ea6f84b3aa5e4d1a55fcec282883ff737a982702b0c106c8d3d37216aaec44e5f8176c91cc4380132c39bf15a9514f32b1d3b84bbd2426bea8b565b9e2a566a235ab438a36ea9975fe64e41c369ca50d56e4014ed7c914a186f6d0110cee96c26627a4eeb2d0d3ee3f873d872c050139fc0952ccee31f33a129f8bf83d2e2adb8d18954318b0cdb22f6f186075626cc02e8040a64a6129fcaee735c972fe163600990a0df4fd72c58b3209b6a63d4397c496a0695cb8880518a51327b1da988ae6338ced14e4b028f22836b1762af637418913998f2e54060cc23b2d0e178fe35b735166bcf32929ebd993cd61a73a631c8ed1db65f29fb4d1c880675d8a5faa87a4b5d77ab448f1e7790f43d242357c54f928ecb5613c0b535cecc4cfe35e41011ffa8b415e2bc47353be33c2070d2cd0434114ff6432dc3c8662906897a7721fd83fed84b1c373e9304cf9c06fb74ae3b8bf166588621826c4c724d13489793265a4b2ae6a09e"]) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000030c0)='mountinfo\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$bind(&(0x7f0000000540)='./mnt\x00', &(0x7f0000000580)='./mnt\x00', &(0x7f00000005c0), 0x20, 0x0) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) mknodat$null(r1, &(0x7f0000000240)='./mnt\x00', 0x40, 0x103) preadv(r0, &(0x7f0000002400)=[{&(0x7f0000000140)=""/203, 0xcb}], 0x1, 0x7ff, 0x0) 19:56:08 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300003e000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:08 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000e000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(0xffffffffffffffff, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:56:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x0) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 2003.567271] sg_write: 5 callbacks suppressed [ 2003.567290] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.567290] program syz-executor.4 not setting count and/or reply_len properly [ 2003.578450] kauditd_printk_skb: 6 callbacks suppressed [ 2003.578468] audit: type=1326 audit(1718135768.405:2407): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.583399] audit: type=1326 audit(1718135768.408:2408): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.587234] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.587234] program syz-executor.0 not setting count and/or reply_len properly [ 2003.588901] audit: type=1326 audit(1718135768.410:2409): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.596104] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.596104] program syz-executor.6 not setting count and/or reply_len properly [ 2003.600500] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.600500] program syz-executor.7 not setting count and/or reply_len properly [ 2003.604035] FAT-fs (loop3): bogus number of FAT structure [ 2003.605089] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2003.607843] devpts: called with bogus options [ 2003.625472] audit: type=1326 audit(1718135768.412:2410): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.632348] audit: type=1326 audit(1718135768.413:2411): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.635949] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.635949] program syz-executor.0 not setting count and/or reply_len properly [ 2003.668465] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.668465] program syz-executor.6 not setting count and/or reply_len properly [ 2003.707958] audit: type=1326 audit(1718135768.413:2412): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.735086] audit: type=1326 audit(1718135768.417:2413): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.760870] audit: type=1326 audit(1718135768.418:2414): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:56:08 executing program 5: openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x2000, 0xc0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r0, &(0x7f0000000080)='./file1\x00', 0x420000, 0xc0) fallocate(r0, 0x0, 0x0, 0x1000002) write$binfmt_aout(r0, &(0x7f0000000a40)=ANY=[@ANYBLOB="0000d6002e03000000000000050000000200000000000000000000000000000007c305b81728c9e1cc6c79d8f8c7088e9715f8d98d4ef34c999f3ad5c9986f523a465fe1f487b4c0c31f767ccbfe7baec801957a00d2e16bd17d30c09880ac84312d5da65c514cee2b4f55aa64a1e4ef1f7de5293852d6fd69b22d950afee25357e2c9473414dfaf07c0f33900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc00"/1933], 0x78c) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r1, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) mknodat$loop(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0xc000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$packet(0x11, 0x2, 0x300) getgid() ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) 19:56:08 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000040000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2003.784147] audit: type=1326 audit(1718135768.418:2415): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2003.801361] audit: type=1326 audit(1718135768.418:2416): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39009 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:56:08 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2003.878027] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.878027] program syz-executor.7 not setting count and/or reply_len properly [ 2003.883043] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.883043] program syz-executor.4 not setting count and/or reply_len properly 19:56:08 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300003e000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:08 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300004c000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2003.925152] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.925152] program syz-executor.0 not setting count and/or reply_len properly [ 2003.930671] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2003.930671] program syz-executor.6 not setting count and/or reply_len properly [ 2006.899466] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.900597] blk_update_request: I/O error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.902507] buffer_io_error: 766 callbacks suppressed [ 2006.902522] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 2006.904885] Buffer I/O error on dev sr0, logical block 1, lost async page write [ 2006.906254] Buffer I/O error on dev sr0, logical block 2, lost async page write [ 2006.907628] Buffer I/O error on dev sr0, logical block 3, lost async page write [ 2006.909044] Buffer I/O error on dev sr0, logical block 4, lost async page write [ 2006.910416] Buffer I/O error on dev sr0, logical block 5, lost async page write [ 2006.911810] Buffer I/O error on dev sr0, logical block 6, lost async page write [ 2006.913200] Buffer I/O error on dev sr0, logical block 7, lost async page write [ 2006.914553] Buffer I/O error on dev sr0, logical block 8, lost async page write [ 2006.915937] Buffer I/O error on dev sr0, logical block 9, lost async page write [ 2006.919534] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.920905] blk_update_request: I/O error, dev sr0, sector 127 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.935349] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.936212] blk_update_request: I/O error, dev sr0, sector 254 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.939934] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.940772] blk_update_request: I/O error, dev sr0, sector 381 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.953761] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.954581] blk_update_request: I/O error, dev sr0, sector 508 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.958334] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.959176] blk_update_request: I/O error, dev sr0, sector 635 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.970098] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.970945] blk_update_request: I/O error, dev sr0, sector 762 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.974748] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.975563] blk_update_request: I/O error, dev sr0, sector 889 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.984788] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.985632] blk_update_request: I/O error, dev sr0, sector 1016 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 [ 2006.989859] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2006.990669] blk_update_request: I/O error, dev sr0, sector 1143 op 0x1:(WRITE) flags 0x100000 phys_seg 25 prio class 0 [ 2017.638837] kauditd_printk_skb: 8 callbacks suppressed [ 2017.638861] audit: type=1326 audit(1718135782.463:2425): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:56:22 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03003e00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000068000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x17, 0x24000881, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x10000, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000001) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0), 0x4) setsockopt$sock_linger(r0, 0x1, 0x35, &(0x7f00000011c0)={0x0, 0x5}, 0x8) signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x4]}, 0x8, 0x800) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x0) r2 = openat(r1, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r2, 0x4040942c, &(0x7f0000000140)={0x0, 0x3c, [0x3f, 0xe861, 0x4, 0xa6, 0x7ff, 0x9]}) copy_file_range(r3, 0x0, r2, 0x0, 0x10001, 0x0) dup2(r2, r3) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x80800) writev(r5, &(0x7f0000001280)=[{&(0x7f0000001180)}], 0x1) fcntl$setpipe(r5, 0x407, 0x0) sendfile(r2, r4, 0x0, 0x20d315) 19:56:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x0) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:56:22 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000048000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x1, 0x0, &(0x7f0000000240)=0x45c1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f00000001c0)={&(0x7f00000003c0)="f8739f9c007eed4f71dcb7eed3fefee46e8a8cfe40394295ff940b5b341d76fd16191609b2bb268a38fba3513b11fe64115020f40667c7d0b1b900bd62c7033b1dff943c12b9de95cf692994d7c1d75ffde0cf2bc26948c0c2ade3c0a30ff2d0acddf39b765d5e711fd60dcef5f654799837b10203e6bc9ac32d1e47b6ef6eeea45d21545b7e4254515e319787a4b0ab709c814bf2e253dc972e1600bd83501ef166842a05e4db7bfcba60bd0a7f424e006af748fb8852333664141864ee4771478fea177ac66feb4c1364b6a1e58394e96c263a007e21ca3d717ed877e06c34", 0xe0}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r4, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, 0x0, 0x0) sendmsg$nl_netfilter(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c0001303d13316780002163d0e", @ANYRES32=r5, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYRES32=r4, @ANYRES16=0x0, @ANYBLOB="000226bd7000ff030d0000ca359e0c00060003000000000000c5150c24060000887e581bde934261a150b04b4911a8aeaf121a", @ANYRES32, @ANYRES64], 0x3c}, 0x1, 0x0, 0x0, 0x801}, 0x20000011) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:56:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(0xffffffffffffffff, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:56:22 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000040000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2017.663084] audit: type=1326 audit(1718135782.465:2426): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.684375] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.684375] program syz-executor.6 not setting count and/or reply_len properly [ 2017.685018] audit: type=1326 audit(1718135782.465:2427): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.690408] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.690408] program syz-executor.4 not setting count and/or reply_len properly [ 2017.693297] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.693297] program syz-executor.7 not setting count and/or reply_len properly [ 2017.694181] audit: type=1326 audit(1718135782.465:2428): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.706655] audit: type=1326 audit(1718135782.489:2429): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.711923] FAT-fs (loop3): bogus number of FAT structure [ 2017.712498] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2017.714842] audit: type=1326 audit(1718135782.491:2430): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.715370] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.715370] program syz-executor.0 not setting count and/or reply_len properly [ 2017.718406] audit: type=1326 audit(1718135782.492:2431): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.726239] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.726239] program syz-executor.7 not setting count and/or reply_len properly [ 2017.726901] audit: type=1326 audit(1718135782.492:2432): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.731773] audit: type=1326 audit(1718135782.493:2433): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.734769] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.734769] program syz-executor.6 not setting count and/or reply_len properly [ 2017.736332] audit: type=1326 audit(1718135782.493:2434): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39359 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2017.772823] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.772823] program syz-executor.0 not setting count and/or reply_len properly 19:56:22 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300006c000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/rt6_stats\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x7fff, 0x80, 0x1, 'queue1\x00', 0x4}) ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000080)=0x90, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000180)) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000002ec0), 0x4) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000100)) sendmsg$inet6(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="cf", 0xfffffdef}], 0x1}, 0x10044001) recvfrom$inet6(r1, &(0x7f0000001700)=""/4099, 0xffffffc9, 0xcd08, 0x0, 0xfffffffffffffe77) shutdown(r1, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x100082, 0x11) 19:56:22 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000048000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300004c000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2017.904875] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.904875] program syz-executor.7 not setting count and/or reply_len properly [ 2017.923637] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.923637] program syz-executor.6 not setting count and/or reply_len properly [ 2017.941509] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2017.941509] program syz-executor.4 not setting count and/or reply_len properly 19:56:22 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) r2 = fork() r3 = gettid() kcmp(r2, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x8, r3) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = signalfd(r0, &(0x7f0000000080)={[0x3]}, 0x8) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f00000000c0)) r7 = fork() tkill(r7, 0x3f) wait4(r7, 0x0, 0x8, 0x0) 19:56:22 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000068000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000074000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:22 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300004c000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:23 executing program 5: delete_module(0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r0 = clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000000240)={0xffffffffffffffff}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = getpid() r4 = fork() r5 = gettid() kcmp(r4, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r6 = getpgrp(r0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r7, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r8, 0x0, 0x0) sendmsg$nl_netfilter(r7, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r8, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) clone3(&(0x7f0000000380)={0x200a28000, &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000180), {0x23}, &(0x7f00000001c0)=""/95, 0x5f, &(0x7f0000000280)=""/167, &(0x7f0000000340)=[r3, r0, r0, r5, r0, r6], 0x6, {r7}}, 0x58) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 19:56:37 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300007a000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:37 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x4200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x40000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, &(0x7f0000000280)=[{0x0}], 0x1) syz_mount_image$ext4(&(0x7f0000000400)='ext2\x00', &(0x7f0000000440)='./file0\x00', 0x8, 0x4, &(0x7f0000000540)=[{&(0x7f0000002e40)="dd6286ac7d0169d5d278d1816db7f4885c01280b5d1052cdf2e0b0fc95a43b59c68f438edcb64adc240f781cecff8f8b585e2085e65bcab6e78d9f64bb4538420120e28b88147fa56b083b134d37c11b60a3944ec5c20b6233c8d1f395e2f21540db547b9939f14559c2be57f315fb884dd9f37798d0baee5f7995ed7fd931e9ec42e78c012d3d9cb8ea25db9ddd54cdffc78fbe498999db7effbf3b0b8cf302cff9146eb24ada9100a48891874d36f7655993a7c426f701a5187509aca58a4cd799aebc7ef44e7895e1d9bf70f945169bd87acf292e47ce621f1e4e1f15cb13eeee7d90e94a996b2de0dfea0ae79a8a8090560c4dc66ab5a2d2fda37a4a1afcc365504dea7d13f277c5614e8e6c2d8f02e481105d21c37fb716ffe9018d3792c5d5ec879084657f6bad37ef15447793a38e635f0ac3b432c7c65e65940762592e9d29becbc9c1ac1d28db392e3ac7b299e659acc36da9f1f2fdb9b0d937cb88071bb9cd5beef29332cf0a194be51e3cd36fede2f4032b15f45e2b6a230ccead1fdba309da4f0aa5d2b582c8e1909b95bc57f756741a2340cd4eae764d45b4708309a7e7036c222de2710122d9371ec00c167451388256fc7841fe5edd30581f0d910dcaa0cfa6bec267f207352b9854533624e4d4c855cdecc89c6fd68078cda22e810c749853bd7cffcb9a22a9176f944ee2287ee4a1e986e58fbad53f49f1405199c21f244d4db02c4eb5e8a4d184ced998429de06a4abd693c8da31b4ab2958ff2a7f73d8bc522e37110a026afda0fa4afd60756270a5a402bfe396a750236f9e7407aa86773706fd59a7b5eec7fa7fa09ebbd6284cb00cc6b6b20e9dfa5151f93d6ad2c427c6ac37f2767cec0278a2f2617ddadbbe574e2cca0bd873ee5cb17fec9993ee04f246d7b1869b397270c40618a65a505f233721a3e0d1ad29db69fe3806af3c08e490962fbae0f61141417586daa0fce56f5b3649705cc4c5e9c61920d8b29c8b0be3699f274d8b8a5f90108a59a5abe0537575572e0671485963bc3261111640eb811a33a4c2b4e789531eccb960e73d2bd3c3bd62716ace669a9bc95735976a18e0f7717070b36af4ad4f95ee81625f2652635fb5b72f1a81e7d951637ec58002c9628ac87e931e68b105e1bd63f0beee4413290256b3a9dc88c359820a1c254eb3a2b35e6d3f5f6938d053406e55e09456d1350e4955bb0e4f847f468d154fc90611bfad84d78e2899630f1f770acfa9269ad81b49f6085fd77b7b69c422d2692abd2e1e4351ae2732e76088d4d70a71683d2101fcc0cc5c435fe2d532751231a0fac4978d5cc6c840f4ba6ed13e4b28c03b93b3379986830cde5b35b9ca2002600ccb07d23081fce89448610b63fbd0feaa0bdfe4386d8819c0be2f5a40091bbba2036027cfcd0dc8d9137413452325d6688f180019bd1813c19f037b93b5643be5e140d46d6b9fdddfaf518c955eee38c6d54475f2b4440589e9a2d8fd5e85a582d6b26f4c745df426269df8cba45c8c905ff2d00b6d3140c1dd2b32afc87eeb0dc543a3cdbcfebabb4b47cc18a483a7af4007530c435482d50245954320f369423fcf5b51a2a897d3ae5d4d31b1265cdefbf1523ff0e717c3e282e8335cfdd03794da86479702aac4dbe0dc34d8867bea90b4b5a3851db5b6ff1b0f5c1e117eb1d4e6e0c4bb4c0cd21bc8fd8f252f0867bcc32587be18c18e6f8d32f8f4e750b2a210af3a1229756e5c261178116e3f2a18a37bc08d437cc53ddc5f006632a8b020a70966a9218e2267087fa963403d5f82d51d519b36fbf0dfb2a01c39c3cbf623601e116afe9d9a9c3ff0610310aa85663e15aa4721a8fea851fe17a14247d7ee22dff04244648fd38f4ec950d3fafcb0ed23a795d80a269737b449a72576c03522a7b784b0501d8b4e127fdb9c32986046ae6234478a841280df2631957b191fc0bacdf0f09418b383b7f4698356c907e6fe65e38a71f9471d12dd448a98d7976a846098b1fd098156739721a110f949eb9e20242fc5f446e60cf1738c392f490df4050cbdee18f76d60fff074e2b3c02e4cabc30ac07c28a8de4d482b30b805319ab3a0578bd09de697f2922b8238cdfc16a789e994e0d81058f3d14c1b5d386bf529e7c03add4e02b35981ce7fd9b22d67d5b2ec8170f7a98d91eb143b01f71031d429ec3ba66fa0f0fb34f9ff6fb95af994a467dce8d0560a1073632d758d387e97a73fc5e16fb3b5e9e8afec53a7d26b4d885c0522bf3ddf57d50c760e6cd8bcf0b56ea12daaaa8ce76f8d9df5e8454c54df9881ef1106e1c7d4078213e944a419f2121729d59f163e146a5c506d95b36f02068a7dcb9c81067a1f163d7b673362c3d7a098873fe8c729c11ae8da6765f1a1e983da24b3f64c160caee64cedb95b2edeeb114c130eb1851b3b89269c1a47698f82e06e9ca091e359c722731b7fef445ade6ed965da9f6394fa3ca967619b9ac81b6e538629f4f0726327134433bdba34ae70d1a445318a4d36bc11fe0f7a37ad7729f85d5ed16af08044b0a2e21321bfce9d39f528a2b0e38be7c51c97effceb6a9b3392a9f5e295ac917058850bce29d6291ef1ce2b8ea29d3618f8f90bdb13f4f3cdbec41c2c91501cfab139046f168e7c3b3ed74298126c08d37a3a5827b15f80d04ab6b6ab3b73b1560666a7536d332e1f0167e4e88e9cf851feeefb4bab00cf8bd3a6c7705c424a833d9605b376865e0d0a55d1ea750bc72aaf1ec93ade0e47d04b799ffc9091501b722eeab1f2070f183733c1e848a51f2cfb5ffd92a962fd921b49304700345b49d15a0b47fda8367416811a254a22cf1961816369c644158bec431f29fc7c91973dc80a4d97c19cc4c72d4b96017bad02a17457dd7028f556ee95c8bdb37c7fca06030c3825b67e97694d4f465db44062fd5eb52de23be736183260ddf19b91196fc0483778bc0871cb954c1164ce7a9d87001ee5631aae4977e5af67aa0fd5921e12e0cc15f14306710845ea9c6b023a6296fbf0f0878615b8c0b256d3145319155e54346367cf21d145fbb09a9b2d0c4f9b0b1f305603841921eb5805f41a30c096862b019c607341bd9f675cbfea2cee7b1e61b899459bdc623aee507378afd79fd427ebfba8e26d22d91d8a96899557d6fe8333d118060a0f17d97a6c8e53d115520fa9d3488cb8595daa935091e10d406c01c27b63d3052cfb293b779e364cc4453b1a6edb4574b36ce034e54708fd2f79e3d161e650bb13334844e7b88acc0c9336b891650855902ae3f93c931bd44d6c9bcb16150b37fb30a91d70375be2ec93000c51055d00a79605d82e44f88b0b6b0052e70f8eabb085be849bd1cec134ba4383d3fc528eb96ffcae6611c391985a8e434fe990654273466ad11bb52c85b8bbbf8db17b3e5b81a5e2bae97fb0f54b4f9f0e9b61dbc728816d3c1b75915b6934e55974f55234b08de53c1d0339cc71aa20055a1f475dda20b769aaab65f2ea34e034c484632f0a4d5a5956f2da2fc785877cdbf3a923ce04814bec8ffc0f3a6bb661f0297dfee7966662be8d42cc50fd10795f1c338fc9b9ecede3cf7702f3d29820887e28e707703502a23d45060f1339523f16cf04a00d8194f0c927e7d16bead08a2d848cfb7bed6414b3eac99f4ca9b633804195d72b1844867465ef856a34019a3b9c42207acbdc9998dd4646695411dcf1902fc1928269b572b0955902c1efabd6abe756972a21ae833329123a7c793adaf8477723691e2027d6add07044b1d742eda498d10abb441903d1a39af7a6b3c9adaf39734173d44940093cb3fba78066f717e89d4fd7c99275b030cc4f9392fceaf1ac5a9dcade3b261a98879b630bdb279d38769bc9a40d4261e3dabc764a7d452575dd61bd726c413e642afd46aead3994d468afbe583c2b071e6ac1c9e6195b5956fd8a70937f13d8f7628980eca0d9d2e72669d70ad24a9564bc7bedbc64e053c567f3bda279dd292dfb1ee244ac4998123aa40b2a5890266b154d02e6943cac6665d87bb7e5c93cd9492fe242ebe9af407a8baa3583b4d1e147e5a7d49f68877b6bf26a02d66d228160c82f6741a50d000677d972b2922a792a74b83066e9df3fab8ee2bc6a8fd65fdacbe181906b133b60600c29f46543399b8659cd0f4e1e5da651320726f5a6e1affbfcf3c47143b50191866c6f54ab098f9b0b262c278cc66d3911968ad73003c4a04be621a65afe4ab0bf8e6fc37098dbc77503611daad3a357a77ed092fb1da3586de188d8c6db58984b2d33618c7e032988a87a6462263194bb23e987843c03b436cf484e0be74c29a783cd4b95731767e39023feb403ae90148270c534ca54e130621f83eaa12fc14aa08ca994aeb567ead5fdc017aca376809b2667da8221773d3c54832432ccd897090ab22a29e9b28f0e767ba3592d586f79bc96b8b489686e160d767007a06e94a757dc7c45cab307462656551a819b78929a9a739663fafee5c4e3e54b2d0fa39697342f22f980ff71d326423e43b4e6709fe3fabd6d9d109559516e991982eadae47d4c0035c1c8fe93e442d6377b57092cf4adbddb6f46e1c2037e13f09ed7a4d9b3f96a704ddb16ee791d8e6768e0d7650d93e0ed8d9eb7f115b67bee5e9bc082a23696154a1c379f38024a1ccc6c946d3c9e4079aaa9ffaf825d0f66196e5da9a9b8508b975733ba49fa56850707d2a9e7d41d0e8a73bec7b1372a9f683421c4d2b90f76cb3bbdb74509b802dd43b6e1bb0dcf9c0c06880f9294705c61cebcb63d863553fb6d4687bdda11cd4d7c061ce3a98cb37aaf2fd85952d9c3046331c441fb65206714d2f6614bd7fb5e011e74810a6754ad07a39fce789fbe9cc5d132b10588d376e19322614a4b2398c7896fd40d6842ebc3eb5b7266bcc9fdea7a3561c532930561a00de0ccca8b8395b13816feacd865391aa390f4494e00ee099b577dd82283afadcb913319a2d35b3224b003c42651cf6b8201a47dee6382d54cb8372f77474aae060f635ccd1065c2b62983e682124de0a8d2ed13db9338cbe918362deb74c0d6172c58ba3887bff934d9ad8cf0c78d88da15384517349567961a80afd4839de4dc6294ea7246e704b4cff05c67e4bcc4968e1052405e0a77187e2900f924a480fc71b8d6150795b8444a6989f99acab59483a5164b64c14951a256c0f4a70ad31e8c5d0169d796d3f6f91c504660d93456e1027ba945fe9db8193fbfdf4f730573a77b2c064f27ec390d43370010a3461646a41723ca91c24b8a0df72ac1ea4a570edb94052977a700ee265eab012b6f267de87d39102afd9db46cb96fefbb6f60f8ab85e4c6a388940eedd1d321797481a0ec50294679e27643d30d4525d3a291c44fe832d4e412b93765a4cc87dc93ff74988cdfa7eb5a300239c9b85b00d1d4ebb9148f229c55b096d6119d225692d995404959002c89ad2e341dcadbee6bf1e793afadf81bfa753a0b6e2d734b8f0a82ee83390e0779b6fb5605a6842c4bfca8c82d2ebce277a3b6be92aba324540349812eef73553f51fc9af51140ce74ff9eea2a1d43377b2125cf655b7855d29455b6fc799e095ba6a008932b822e808950a91548ecfce048b5e8dbcbe5c782981827c78dc50bee19bf32a7326d672af3f06861549fd0bea5f516c161c9e1c293b9d89ea8786b3be90c4346c5cfe421c07255e3db4a2eaf7e982bb15667834b2de9886a22aa97e649a987c158b4b49be5dbfc1ff8e0dfe9c683bc25e919112f15087109e61d4f29848e7a08ba2", 0x1000, 0x100}, {&(0x7f0000000480)="923712eaf123ee165a472c93507257d2c37ad2e6ef8954cd022241cbee32ca4425149a0e26a7f9a47607d9665821330dd68a2bc6972a57811419e7ddfab93aed0cda34ad1e817f464d52ed9bc93c05778db9fe9d49a1", 0x56, 0x9}, {&(0x7f0000000500)="9b69f7c8a18ff899bbcaec9a89a37d3f16eb2badd95a1c5a3e8f95d32453930293350a2be1b970c7077d846b50ea9b2f9635354155e71c6e1f0606", 0x3b, 0x2}, {&(0x7f0000000780)="37d402883493c31fd130bbe9916b3d625d922610cc61b687cad005ef0bb32763f4c5234f56c99b79ef43b02d2edff29d9d7d6c8ae57fb00d97d06f2a9059ea94a96d0f38cd087e1fbfadad289e31fda9ab31b63c48ad6e7d353782de0ac86235db45007aaed1519d59d6e586d3978344b52f6d7ddd80ef1ea40d6ad1e5f19cdd8f5c0368b00422a1eb151d3107cd839a696c8952cbe3790434ce924bd8e9856f75396a01851260a821c00b626fabf538ef900cfdd048a3328c649b0e7fe4bc65cbd397265fb71cc7e0f52c0b0b55cc9e32919a85d1d54679b1acb802dd771f98aad3017911ff317347867b523bc79374ad", 0xf1, 0x40}], 0x8002, &(0x7f0000000880)={[{@init_itable_val={'init_itable', 0x3d, 0x46}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x3}}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}], [{@fsname={'fsname', 0x3d, '@'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\xff\xff'}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@subj_role}]}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000003c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r0}}, './file0\x00'}) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000000, 0x40010, r2, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0xd, 0x0, r1, &(0x7f0000000040)={0x8000, 0x24, 0x8}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x31713}, 0xfffffffa) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000016c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="400000001f0020002cbd0000008000000001000004d20a00050000005ec72ab9e00000000000000000030000000000000000000062"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x240400c5) sendmsg$nl_xfrm(r0, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=@updsa={0x178, 0x10, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x32}, @in6=@private0, {}, {}, {}, 0x0, 0x0, 0xa, 0x4}, [@algo_crypt={0x58, 0x2, {{'cbc(aes)\x00'}, 0x80, "0f24aa6b13c2e62f3556b1cbcfeac2a0"}}, @extra_flags={0x8, 0x18, 0xfd}, @address_filter={0x28, 0x1a, {@in=@multicast1, @in=@remote, 0xa, 0x8, 0x80}}]}, 0x178}}, 0x0) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)) symlinkat(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') r5 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$setown(r5, 0x8, 0x0) ioctl$SG_GET_RESERVED_SIZE(r5, 0x2272, &(0x7f0000000300)) copy_file_range(r4, &(0x7f00000002c0)=0x400, r5, &(0x7f0000000380)=0xecab, 0x7, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001ac0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x21, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180), &(0x7f0000002a40)) 19:56:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:56:37 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300006c000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:37 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:37 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000068000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:37 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003cc0)=[{{&(0x7f0000000080), 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000280)=""/248, 0xf8}, {&(0x7f0000000380)=""/184, 0xb8}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f0000000500)=""/184, 0xb8}, {&(0x7f0000000100)=""/60, 0x3c}, {&(0x7f00000005c0)=""/250, 0xfa}], 0x6, &(0x7f00000006c0)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x98}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000001900)=[{&(0x7f0000000800)=""/127, 0x7f}, {&(0x7f0000000140)=""/64, 0x40}, {&(0x7f0000000880)}, {&(0x7f00000008c0)=""/50, 0x32}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x5, &(0x7f0000001980)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x78}}, {{&(0x7f0000001a00), 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000001a80)=""/113, 0x71}, {&(0x7f0000001b00)=""/144, 0x90}], 0x2, &(0x7f0000001c00)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x128}}, {{&(0x7f0000001d40)=@abs, 0x6e, &(0x7f00000030c0)=[{&(0x7f0000001dc0)=""/150, 0x96}, {&(0x7f0000001e80)=""/218, 0xda}, {&(0x7f0000001f80)=""/86, 0x56}, {&(0x7f0000002000)=""/131, 0x83}, {&(0x7f00000020c0)=""/4096, 0x1000}], 0x5, &(0x7f0000003140)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}}, {{&(0x7f00000031c0)=@abs, 0x6e, &(0x7f0000003540)=[{&(0x7f0000003240)=""/97, 0x61}, {&(0x7f00000032c0)}, {&(0x7f0000003300)=""/253, 0xfd}, {&(0x7f0000003400)=""/221, 0xdd}, {&(0x7f0000003500)=""/16, 0x10}], 0x5, &(0x7f00000035c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000003600)=@abs, 0x6e, &(0x7f0000003ac0)=[{&(0x7f0000003680)=""/232, 0xe8}, {&(0x7f0000003780)=""/108, 0x6c}, {&(0x7f0000003800)=""/193, 0xc1}, {&(0x7f0000003900)=""/42, 0x2a}, {&(0x7f0000003940)=""/93, 0x5d}, {&(0x7f00000039c0)=""/199, 0xc7}], 0x6, &(0x7f0000003b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x158}}], 0x6, 0x2000, &(0x7f0000003e40)={0x0, 0x989680}) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000003e80)=r2, 0x12) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000880)={0x0}, &(0x7f00000032c0)=0xc) ptrace$setsig(0x4203, r5, 0xb9aa, &(0x7f0000003ec0)={0xb, 0x3, 0x6}) r6 = fork() ptrace(0x10, r6) tkill(0x0, 0x3f) wait4(0x0, 0x0, 0x8, 0x0) 19:56:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, 0x0, &(0x7f0000000500)) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 2032.934920] kauditd_printk_skb: 13 callbacks suppressed [ 2032.934939] audit: type=1326 audit(1718135797.761:2448): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39923 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2032.938717] sg_write: 9 callbacks suppressed [ 2032.938746] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2032.938746] program syz-executor.0 not setting count and/or reply_len properly [ 2032.941335] audit: type=1326 audit(1718135797.768:2449): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39923 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2032.941988] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2032.941988] program syz-executor.4 not setting count and/or reply_len properly [ 2032.947836] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2032.947836] program syz-executor.7 not setting count and/or reply_len properly [ 2032.951834] audit: type=1326 audit(1718135797.771:2450): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39923 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2032.957446] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2032.957446] program syz-executor.6 not setting count and/or reply_len properly [ 2032.971398] audit: type=1326 audit(1718135797.771:2451): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39923 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2032.977301] FAT-fs (loop3): bogus number of FAT structure [ 2032.978319] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2032.981553] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2032.981553] program syz-executor.0 not setting count and/or reply_len properly [ 2032.988927] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2032.988927] program syz-executor.6 not setting count and/or reply_len properly [ 2033.023783] audit: type=1326 audit(1718135797.850:2452): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39923 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2033.044207] audit: type=1326 audit(1718135797.850:2453): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=39923 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:56:37 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000100008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2033.074346] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2033.074346] program syz-executor.7 not setting count and/or reply_len properly 19:56:37 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006800000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:37 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300006c000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:37 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000074000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2033.153274] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2033.153274] program syz-executor.0 not setting count and/or reply_len properly [ 2033.161670] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2033.161670] program syz-executor.0 not setting count and/or reply_len properly [ 2033.193171] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2033.193171] program syz-executor.4 not setting count and/or reply_len properly 19:56:38 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() ioctl$FIONCLEX(r0, 0x5450) kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x0) r5 = clone3(&(0x7f0000001280)={0x20000000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x2e}, &(0x7f0000000280)=""/4096, 0x1000, &(0x7f0000000140)=""/24, &(0x7f00000001c0)=[r3, r2, r2], 0x3}, 0x58) wait4(r5, 0x0, 0x2, 0x0) wait4(r4, 0x0, 0x8, 0x0) 19:56:38 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000200008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03006c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2033.287580] audit: type=1326 audit(1718135798.114:2454): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40116 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2033.298859] audit: type=1326 audit(1718135798.125:2455): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40116 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2033.315035] audit: type=1326 audit(1718135798.138:2456): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40116 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2033.336499] audit: type=1326 audit(1718135798.139:2457): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40116 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:56:38 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300007a000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03004c00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000074000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300007a000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000300008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000100008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, 0x0, &(0x7f0000000500)) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:56:38 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) pwrite64(r2, &(0x7f00000000c0)="a3", 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x4022812, r0, 0x0) dup2(r2, r1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x105142, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x20040, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000003, 0x1010, r4, 0x8000000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) copy_file_range(r5, 0x0, r3, 0x0, 0x200f5ef, 0x0) 19:56:52 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000400008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:52 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) r5 = fork() r6 = gettid() kcmp(r5, r6, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) wait4(r5, 0x0, 0x8, 0x0) 19:56:52 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, 0x0, &(0x7f0000000500)) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:56:52 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000040)=0x8) mkdirat(r0, &(0x7f0000000200)='./file0\x00', 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000012a09007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) mkdirat(r1, &(0x7f0000000080)='./file0\x00', 0x63) syz_open_procfs(0xffffffffffffffff, 0x0) fchdir(r0) 19:56:52 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:56:52 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03007a00000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:52 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000200008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:52 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000100008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2047.341895] kauditd_printk_skb: 2 callbacks suppressed [ 2047.341909] audit: type=1326 audit(1718135812.168:2460): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40402 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2047.348785] audit: type=1326 audit(1718135812.172:2461): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40402 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2047.351957] audit: type=1326 audit(1718135812.172:2462): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40402 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2047.359834] audit: type=1326 audit(1718135812.172:2463): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40402 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2047.373128] sg_write: 16 callbacks suppressed [ 2047.373157] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.373157] program syz-executor.6 not setting count and/or reply_len properly [ 2047.383191] FAT-fs (loop3): bogus number of FAT structure [ 2047.383738] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2047.403798] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.403798] program syz-executor.6 not setting count and/or reply_len properly [ 2047.406957] audit: type=1326 audit(1718135812.233:2464): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40402 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2047.414821] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.414821] program syz-executor.7 not setting count and/or reply_len properly [ 2047.418866] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.418866] program syz-executor.0 not setting count and/or reply_len properly [ 2047.423398] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.423398] program syz-executor.4 not setting count and/or reply_len properly [ 2047.426149] audit: type=1326 audit(1718135812.253:2465): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=40402 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:56:52 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000300008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:52 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000010000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:52 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000500008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:52 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000200008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2047.570941] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.570941] program syz-executor.4 not setting count and/or reply_len properly [ 2047.572055] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.572055] program syz-executor.0 not setting count and/or reply_len properly 19:56:52 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000000380)="004f0001008e39db8d52aa3716d4000fd08ed97f0a87da900c72ee2e80d78f4dce080ec4bdb4b89f45647beacafedc3c9059b80ab06b67706b683785f7ca203661d5a0311a28295bd6944f3a09e113c8b6d8ce262b9209ab4aa0c70b68fb96dfc6242b3ab6425c8aa550dbd17f29f120e9a70faf678e45fdd4b2f140f9869a24e367c4aefd9c75a59e0bc9a6ac6b0d5d31d0aba05a02c7411c2e50d2024fd65eff0da496a1157de78bc13ea20bedfc6e183a12e1831c5b16ab0c502267e3995dbce364a3d6dbea6f700914ba82a516ee9d8caf74063f9e74bb", 0xd9, 0x800}, {&(0x7f0000000940)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000", 0x403, 0xc01}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x100) 19:56:52 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x6, &(0x7f0000000080)=[{0x6, 0x40, 0x0, 0x7ffc0000}, {0x9, 0x0, 0x1, 0x9}, {0x4, 0x14, 0x3, 0xff}, {0x0, 0x9, 0x8, 0x1}, {0x9, 0x20, 0x7, 0x80000001}, {0x8, 0x40, 0x9a}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 2047.617971] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.617971] program syz-executor.7 not setting count and/or reply_len properly [ 2047.620543] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.620543] program syz-executor.6 not setting count and/or reply_len properly 19:56:52 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000020000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2047.651558] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2047.651558] program syz-executor.6 not setting count and/or reply_len properly 19:56:52 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000400008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2047.700794] EXT4-fs (loop5): Unrecognized mount option "aÕ 1()[Ö”O: áȶØÎ&+’ «J Ç hû–ßÆ$+:¶B\Š¥PÛÑ)ñ 駯gŽEýÔ²ñ@ù†š$ãgÄ®ýœu¥ž ɦ¬k]1Ы ZÇA.PÒOÖ^ÿ¤–¡}ç‹Á>¢ íün:áƒ[« P"gã™]¼ãd£ÖÛêop º‚¥t?žt»" or missing value 19:56:52 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000600008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:56:52 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000030000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2047.745076] EXT4-fs (loop5): Unrecognized mount option "aÕ 1()[Ö”O: áȶØÎ&+’ «J Ç hû–ßÆ$+:¶B\Š¥PÛÑ)ñ 駯gŽEýÔ²ñ@ù†š$ãgÄ®ýœu¥ž ɦ¬k]1Ы ZÇA.PÒOÖ^ÿ¤–¡}ç‹Á>¢ íün:áƒ[« P"gã™]¼ãd£ÖÛêop º‚¥t?žt»" or missing value 19:57:10 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000500008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:10 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:57:10 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000040000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000700008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:10 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000300008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:10 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x0, &(0x7f0000000180)}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) 19:57:10 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000600008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 2065.535416] sg_write: 6 callbacks suppressed [ 2065.535472] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.535472] program syz-executor.6 not setting count and/or reply_len properly [ 2065.552152] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.552152] program syz-executor.5 not setting count and/or reply_len properly [ 2065.570147] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.570147] program syz-executor.6 not setting count and/or reply_len properly [ 2065.582586] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.582586] program syz-executor.4 not setting count and/or reply_len properly [ 2065.590962] FAT-fs (loop3): bogus number of FAT structure [ 2065.591929] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2065.608589] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.608589] program syz-executor.7 not setting count and/or reply_len properly [ 2065.622571] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.622571] program syz-executor.0 not setting count and/or reply_len properly [ 2065.690259] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.690259] program syz-executor.0 not setting count and/or reply_len properly 19:57:10 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000400008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:10 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000600008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:10 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4000, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) copy_file_range(r3, 0x0, r2, 0x0, 0x10001, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) clone3(&(0x7f00000013c0)={0x200822000, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000200)=0x0, {0x8}, &(0x7f0000000280)=""/224, 0xe0, &(0x7f0000000380)=""/4096, &(0x7f0000001380)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x8}, 0x58) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x8, 0x87, 0x9, 0x7, 0x0, 0xffff, 0x20000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffff800, 0x6, @perf_config_ext={0x5, 0x1ff}, 0x381, 0xe0c, 0x4, 0x3, 0x3, 0x3f, 0x6, 0x0, 0x81, 0x0, 0xd582}, r6, 0xffffffffffffffff, r3, 0x0) sendfile(r1, r0, 0x0, 0x500000001) 19:57:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2065.874133] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.874133] program syz-executor.6 not setting count and/or reply_len properly [ 2065.878165] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.878165] program syz-executor.7 not setting count and/or reply_len properly [ 2065.882391] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2065.882391] program syz-executor.4 not setting count and/or reply_len properly 19:57:25 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:57:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:57:25 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000700008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:25 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) write$binfmt_elf64(r0, &(0x7f0000000d80)=ANY=[@ANYBLOB="7f454c46698107090100000000000000020006008da000009302000000000000400000000000000067030000000000008495000000003800020009000700070003000000060000005b0e0000000000000100000000000000010000000100000003000000000000000400000000000000020000000000000006000000000200000000000000120000000000800000000009000000000000000000008000000000ab7700000000000001000000000000002f5935c803b4719559fe98c65a0811cd130ce232c9e009e06c1d5a18b1c9da9d5b94c214f22669ff116b68b100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009e465f283ac44600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000"/2787], 0xadc) 19:57:25 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000500008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:25 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000900008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:25 executing program 5: setregid(0xffffffffffffffff, 0xee01) r0 = getegid() r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xff}}, './file0\x00'}) readv(0xffffffffffffffff, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) r2 = getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, r2}}, './file0\x00'}) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000006280)=[{{&(0x7f0000000200)=@abs, 0x6e, &(0x7f0000001780)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/222, 0xde}, {&(0x7f0000001d00)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/109, 0x6d}, {0xfffffffffffffffc}, {&(0x7f0000000440)=""/24, 0x18}, {&(0x7f0000001640)}, {&(0x7f0000001680)=""/50, 0x32}, {&(0x7f00000016c0)=""/171, 0xab}], 0x9, &(0x7f0000001840)=[@rights={{0x10}}], 0x10}}, {{&(0x7f0000001880)=@abs, 0x6e, &(0x7f0000001b80)=[{&(0x7f0000001900)}, {&(0x7f0000001940)=""/120, 0x78}, {&(0x7f00000019c0)=""/85, 0x55}, {&(0x7f0000001a40)=""/43, 0x2b}, {&(0x7f0000001a80)=""/43, 0x2b}, {&(0x7f0000001ac0)=""/80, 0x50}, {&(0x7f0000001b40)=""/38, 0x26}], 0x7}}, {{&(0x7f0000002d00)=@abs, 0x6e, &(0x7f0000004000)=[{&(0x7f0000002d80)=""/66, 0x42}, {&(0x7f0000002e00)=""/91, 0x5b}, {&(0x7f0000002e80)=""/164, 0xa4}, {&(0x7f0000002f40)=""/136, 0x88}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000001c80)=""/59, 0x3b}], 0x6, &(0x7f0000004080)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x50}}, {{&(0x7f0000004100), 0x6e, &(0x7f0000004300)=[{&(0x7f0000004180)=""/26, 0x1a}, {&(0x7f00000041c0)=""/176, 0xb0}, {&(0x7f0000004280)=""/80, 0x50}], 0x3, &(0x7f0000004340)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x110}}, {{&(0x7f0000004480)=@abs, 0x6e, &(0x7f00000047c0)=[{&(0x7f0000004500)=""/147, 0x93}, {&(0x7f00000045c0)=""/148, 0x94}, {&(0x7f0000004680)=""/185, 0xb9}, {&(0x7f0000004740)=""/126, 0x7e}], 0x4, &(0x7f0000004800)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd0}}, {{&(0x7f0000004900)=@abs, 0x6e, &(0x7f0000004a80)=[{&(0x7f0000004980)=""/129, 0x81}, {&(0x7f0000004a40)=""/51, 0x33}], 0x2}}, {{&(0x7f0000004ac0), 0x6e, &(0x7f0000005d40)=[{&(0x7f0000004b40)=""/239, 0xef}, {&(0x7f0000004c40)=""/211, 0xd3}, {&(0x7f0000004d40)=""/4096, 0x1000}], 0x3}}, {{&(0x7f0000005d80)=@abs, 0x6e, &(0x7f0000006200)=[{&(0x7f0000005e00)=""/111, 0x6f}, {&(0x7f0000005e80)=""/144, 0x90}, {&(0x7f0000005f40)=""/57, 0x39}, {&(0x7f0000005f80)=""/92, 0x5c}, {&(0x7f0000006000)=""/250, 0xfa}, {&(0x7f0000006100)=""/196, 0xc4}], 0x6}}], 0x8, 0x2000, 0x0) setgroups(0x5, &(0x7f0000006480)=[r0, r2, r3, r0, r0]) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r4, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, 0x0, 0x0) sendmsg$nl_netfilter(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r5, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4000, 0x80, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000180)={{}, {0x1, 0x2}, [{0x2, 0xc, 0xffffffffffffffff}, {0x2, 0x0, r5}], {0x4, 0x6}, [{0x8, 0x0, r0}, {0x8, 0x0, r0}, {0x8, 0x5, 0xee00}, {0x8, 0x4, r6}], {0x10, 0x6}, {0x20, 0x2}}, 0x54, 0x3) setresgid(r0, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000340)={0x0}, &(0x7f0000000380)=0xc) sendmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@cred={{0x1c, 0x1, 0x2, {r8}}}], 0x20}, 0x0) [ 2080.502213] audit: type=1326 audit(1718135845.329:2466): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41112 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2080.507299] sg_write: 1 callbacks suppressed [ 2080.507344] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2080.507344] program syz-executor.7 not setting count and/or reply_len properly [ 2080.507757] audit: type=1326 audit(1718135845.329:2467): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41112 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2080.513552] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; 19:57:25 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000050000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2080.513552] program syz-executor.6 not setting count and/or reply_len properly [ 2080.527089] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2080.527089] program syz-executor.4 not setting count and/or reply_len properly [ 2080.529081] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2080.529081] program syz-executor.0 not setting count and/or reply_len properly [ 2080.536639] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2080.536639] program syz-executor.6 not setting count and/or reply_len properly [ 2080.537961] audit: type=1326 audit(1718135845.337:2468): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41112 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2080.544339] FAT-fs (loop3): bogus number of FAT structure [ 2080.545294] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2080.566053] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2080.566053] program syz-executor.0 not setting count and/or reply_len properly [ 2080.588902] audit: type=1326 audit(1718135845.337:2469): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41112 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:57:25 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000a00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:25 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2080.794619] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2080.794619] program syz-executor.4 not setting count and/or reply_len properly [ 2080.799187] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2080.799187] program syz-executor.7 not setting count and/or reply_len properly 19:57:40 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000060000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:40 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) write$binfmt_elf32(r1, &(0x7f00000098c0)=ANY=[@ANYBLOB="95ac6923bedb15bc32ff099b5078ffc4469522ec5dc540f31fe6ab413e2d0870e64c6a09aa8deea1984429899656145a1e89b0c2b8e1b763536c139064f7316b089e64b4c2d73d3dc0a14dd9a02b961bcb58117dcfa22a8cfc3d31009299393b2261a9da0a910ee74afdba54f612704e7031cd625e202c8634edd7e7848d2ad2f3b53a2e50ca53ffe207009a26ee41622979d50932fea46927234426466b89455ef35bc0a69d1ba8e4068ef9985b01ba7f2d3330e3aca97e6be3a3f6fdb07d5eb4017a6470796e139886d67885c4c9ae8ec1c714645b313b9ddfbcb38702b7a8511e5706523ff1c6ffe722b0a75466754e8e104a73e7c523660c4f83f85b7a356b187aed3194807076a5dd9c17fbd645b1c90971a0bf6da358232fc81e4f67fb4f8f83a6c142f9"], 0x31b) ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000000080)={0x5, &(0x7f0000000700)=[{0x1, 0x52, &(0x7f0000000180)="d9ff1ff1621da167d3ae641bad1c20bf36fc645a1a35b206a16914d9b338afd83c042bbe4dee2ab6c8f8b5d2c4e01621cd9465567c50c2a643627252b272c6158f73c5ad349fb43245385222122fec245893", 0x1}, {0x1, 0xf9, &(0x7f00000002c0)="5d1ace8d366c14d583bb6f5875502a79f27ad0be2d3814f2599ba557795ba6487c6f790df6441788a76a7fc4c8a7dfc4a232469b8ae8b82bbffec63ba3eb81e26c261ebaa9e09354b6877e44eeda060d11d82c74b6eea4ba55f033cae47d99384e600c30d253756c220691f2c4104d88886942d8820c8931f440401d54452e1fa6962e24dacac73299a384db8d9699941bb8f462a50d8f7c2c9c5b7fc3eaa47404e1cf23e0b6a187922fb2080c7f08b3aed343876ac22407a2ebb0be5c2fe2e8aed1a7687184fb11d3e5bc4644d1790e2fc5bc246075eebf1f09768a1e2c6f24352d0164530ea0756b346a60f9e90bbb19681620d0ff3dad6a", 0x1}, {0x1000007f, 0xd9, &(0x7f0000000500)="2918e4197d20711c6a16f4b9fda0b66cb6050de51d9daaa0da860ad894337fa64a62e95198520e67bc27c8feb7f38d129353308231874f4a9ac9dcc5b6c0349ba3597e305d8976a43a3f6447bc27fd0717065ad1d892899224230c56e161b1fb3c4c7f97bffb6c2f22e29bf17cb8f0fb6bb5c67f127797d5a532b831ae69c33d3ca18f88c7fa67144ec3d023aeaef11b84ff45daa993df50000bde515c8cec85a9ea99a2b0ce39033ad0a8af4928191c44ea163facdce0517b870df30012541a4efb73226c28c28c91c2afff17c0534323ac51df060a01d862"}, {0x7, 0xdb, &(0x7f0000000600)="521b082df4598ccb41b2c14bc30adb0aca33c138d2eb118647afa4ca78aee38e426f66a8ca51fadf8c62c7bd55814c2f695840aa81f5558830971c2fb3b102001c2a49b11cf7a5d258bd28fee10c17bb9c5bdbfa443946b024c33f54dac437c3f683b54c2741600e13410ccb29bba4453171ab781c3fe36c608c57854aca0d5a51525c20493bfd5753b6a725e03c6be53d1927b37a23236fc0335da644b4a9de70301b705c6e688978e08d106b342086cef8a464786436705f72da4be7bb6b0cc4b7fa830cb27c204f8e6833dafe2e46340c231e1b6c2faa0f08fb", 0x1, 0x1}, {0xafc, 0x42, &(0x7f00000003c0)="12bef1b16c8d7731b064d71eb142eb7422c3f53b082297d02f10b6e99a3210a32ae44cff32d1aab487893ed34e31caff72de1f9235f6e54075d7c244a4df86b3277f", 0x1, 0x1}]}) clone3(&(0x7f00000008c0)={0x3040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x500000001) msgsnd(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="09e9af064571d8569be44f8f3b03461c633528808a17dc17eea0390153efab6d4652ce9f4387057db34bf3571bf8fa08c11b465b6de544feea36356d9d54924207d5a05f4e4b78bbfecae64496cbe6dbf40fb9ba3ae3acc21d48aeed1157bc65f739d3fd2a873f0f79000000000000000000000000000000e926872b1032e2a733bafa742edc6d5a18a7afd4d8332f05f2d40eeb71769900"/169], 0x8, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', r1, &(0x7f0000000140)='./file1\x00', 0x2) syz_io_uring_setup(0x702, &(0x7f0000000440)={0x0, 0x48b5, 0x0, 0x1, 0x5d, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000200), &(0x7f00000004c0)) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f0000000880)={0x1, 0x6, 0x1000, &(0x7f0000000940)=""/4096}) io_setup(0x5, &(0x7f0000000700)) io_submit(0x0, 0x1, &(0x7f00000001c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}]) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) 19:57:40 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:57:40 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:57:40 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x2, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) r3 = fork() r4 = gettid() kcmp(r3, r4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) capset(&(0x7f0000000080)={0x20080522, r3}, &(0x7f00000000c0)={0x426, 0x9d6, 0x800, 0x19000000, 0xffffffe1, 0x2}) ptrace(0x10, r2) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:57:40 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000d00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:40 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000900008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:40 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000600008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2096.060191] audit: type=1326 audit(1718135860.886:2470): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41351 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2096.064290] audit: type=1326 audit(1718135860.891:2471): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41351 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2096.072004] audit: type=1326 audit(1718135860.898:2472): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41351 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2096.083134] audit: type=1326 audit(1718135860.899:2473): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41351 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2096.086920] audit: type=1326 audit(1718135860.903:2474): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41351 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2096.091505] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.091505] program syz-executor.6 not setting count and/or reply_len properly [ 2096.098206] FAT-fs (loop3): bogus number of FAT structure [ 2096.099314] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2096.124612] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.124612] program syz-executor.6 not setting count and/or reply_len properly [ 2096.140280] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.140280] program syz-executor.7 not setting count and/or reply_len properly [ 2096.145070] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.145070] program syz-executor.0 not setting count and/or reply_len properly [ 2096.153445] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.153445] program syz-executor.4 not setting count and/or reply_len properly [ 2096.185435] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.185435] program syz-executor.0 not setting count and/or reply_len properly 19:57:41 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000e00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:41 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000700008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2096.256416] audit: type=1326 audit(1718135861.083:2475): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41351 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2096.273272] audit: type=1326 audit(1718135861.100:2476): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41351 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:57:41 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000070000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2096.357139] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.357139] program syz-executor.7 not setting count and/or reply_len properly 19:57:41 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000d00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2096.390632] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.390632] program syz-executor.0 not setting count and/or reply_len properly [ 2096.429625] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.429625] program syz-executor.6 not setting count and/or reply_len properly 19:57:41 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000003e00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2096.445366] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2096.445366] program syz-executor.0 not setting count and/or reply_len properly 19:57:41 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) r5 = fork() r6 = gettid() kcmp(r5, r6, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace(0x8, r5) 19:57:41 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3873, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1b1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140)=0x0, &(0x7f0000000280)=0x0) r3 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000240)='cpu.pressure\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_POLL_ADD={0x6, 0x7, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0xc0}, 0x1, {0x0, r4}}, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_MADVISE={0x19, 0x2, 0x0, 0x0, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x10, 0x1}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/clocksource', 0x16400, 0x80) ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f0000000500)=ANY=[@ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000ff070000000000000010000000000000ca0f0000000000000400000000000000000000000000000000000000000000000000000000000000220b000008000000010000000000000001000000000000003f000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/445]) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/kexec_loaded', 0x0, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) sendfile(r9, r8, 0x0, 0x1) io_uring_enter(r9, 0x313a, 0x9f34, 0x0, &(0x7f0000000040)={[0x9]}, 0x8) [ 2096.583899] audit: type=1326 audit(1718135861.410:2477): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41595 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:57:41 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000080000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2096.604862] audit: type=1326 audit(1718135861.431:2478): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41595 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2096.609599] audit: type=1326 audit(1718135861.436:2479): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41595 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:57:41 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000e00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:41 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000090000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001d020000000000000000000002000200"], 0x14}}, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xc, 0x0, 0x5}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x48c0}, 0x4) 19:57:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, 0x0, 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:57:55 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000900008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace$cont(0x18, r1, 0x8, 0xfff) ptrace(0x10, r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250040000808007300", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, r0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x1}) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000000c0)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) fork() 19:57:55 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:57:55 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000003e00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2110.716611] sg_write: 8 callbacks suppressed [ 2110.717155] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.717155] program syz-executor.7 not setting count and/or reply_len properly [ 2110.722976] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.722976] program syz-executor.0 not setting count and/or reply_len properly [ 2110.734794] kauditd_printk_skb: 4 callbacks suppressed [ 2110.734807] audit: type=1326 audit(1718135875.561:2484): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41827 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2110.741220] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.741220] program syz-executor.6 not setting count and/or reply_len properly [ 2110.742418] audit: type=1326 audit(1718135875.569:2485): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41827 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2110.748960] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.748960] program syz-executor.4 not setting count and/or reply_len properly [ 2110.753920] audit: type=1326 audit(1718135875.574:2486): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41827 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2110.764621] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.764621] program syz-executor.0 not setting count and/or reply_len properly [ 2110.768532] audit: type=1326 audit(1718135875.574:2487): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41827 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2110.773064] FAT-fs (loop3): bogus number of FAT structure [ 2110.774077] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2110.780364] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.780364] program syz-executor.6 not setting count and/or reply_len properly 19:57:55 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000d00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2110.904053] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.904053] program syz-executor.7 not setting count and/or reply_len properly 19:57:55 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000d0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2110.946391] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.946391] program syz-executor.6 not setting count and/or reply_len properly [ 2110.949052] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.949052] program syz-executor.4 not setting count and/or reply_len properly 19:57:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000880)={0x1c, 0x52, 0x69844ea0a6ddcd11, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x1c}}, 0x0) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfd, 0x40000}, 0xc) [ 2110.983446] audit: type=1326 audit(1718135875.810:2488): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41827 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2110.987976] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2110.987976] program syz-executor.6 not setting count and/or reply_len properly [ 2111.000025] audit: type=1326 audit(1718135875.826:2489): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=41827 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:57:55 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004c00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:57:55 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000000e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:11 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004c00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:11 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(0xffffffffffffffff, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:58:12 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, 0x0, 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:58:12 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000e00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:12 executing program 5: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x40000, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000500)='romfs\x00', 0x40000, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0xff, 0x0, 0x0, 0x0, 0x5e, 0xa048, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x40008, 0x8000, 0x2, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) symlinkat(&(0x7f0000000180)='./file0\x00', r0, &(0x7f0000000240)='./file0\x00') ioctl$sock_SIOCGIFINDEX(r2, 0x8914, &(0x7f0000000140)={'lo\x00'}) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_udplite(0xa, 0x2, 0x88) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/rtc', 0x4800, 0x40) ioctl$F2FS_IOC_GET_FEATURES(r1, 0x8004f50c, &(0x7f0000000080)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$unix(0xffffffffffffffff, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @private2, 0xfffffc01}, 0x1c) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f00000000c0)={'veth0_to_bridge\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x0, 0x65, 0x45, 0x81, 0x0, 0x0, 0x5e, 0xe00b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={0x0}, 0x901, 0x3, 0x1004, 0x0, 0x2000, 0xfffffffd, 0x0, 0x0, 0xffffffff, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8914, &(0x7f0000000140)={'lo\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) 19:58:12 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000006800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:12 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000003e0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:12 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r5, &(0x7f0000000040), 0x12) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r6, 0x0, 0x0) sendmsg$nl_netfilter(r5, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r6, @ANYRES64, @ANYRESOCT=0x0, @ANYBLOB="399438b8967af2710bcfa7376d37dd10d6bbe9bd240b1cabe7ed4273fab6c88ac29ddc8ac9c4cb01c681cfbb31cc4c73647ec2d248adb4805a782ed7038b36ef4456824f911c7a80ee1dd77d66d8570c794fe589ceec61b6781bf24cfb9b0d844b8039b9bf3702b6b08ba282198d96b9c602a9234192", @ANYBLOB="c2b97e00a4138e75a8de072abace200c4b9c4e4ba21b551ad6600e82bbbcb263239893f6cea862dc807a5aba44a6f7caa2fa3e6b67943b9a88cf2bea27ed03bfb8fd7d4d9efd52d8868023afcdafa2c3ec7ee4afffd6f4303ebfbcad96bc7c0532ead6b5572fe3731983f5ffdb4b1b96cdc847443961f6caf42c63764b3786fd3f7e024f683812f6e362c8011130f35202e128ff36cf2be0a7167d3a62f2aeeec7c235bb79d34ed895882eefd5390571dd49ccd957e27305dca1a350b81f5bf4d6326965da20fc13eeb7c08205bc7cba05cbf9a2575e6e7d87aa4a06aa243d8d509685964b1da5113205afc3f71e55dae3afb5e495b72c69bc7f2c"], 0x13c}}, 0x40000) openat(r5, &(0x7f0000000080)='./file0\x00', 0x2, 0xe0) [ 2127.192376] FAT-fs (loop3): bogus number of FAT structure [ 2127.193331] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2127.249518] audit: type=1326 audit(1718135892.076:2490): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42177 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2127.260214] sg_write: 7 callbacks suppressed [ 2127.260257] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.260257] program syz-executor.0 not setting count and/or reply_len properly [ 2127.262804] audit: type=1326 audit(1718135892.088:2491): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42177 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2127.268473] audit: type=1326 audit(1718135892.095:2492): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42177 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2127.274453] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.274453] program syz-executor.4 not setting count and/or reply_len properly [ 2127.278570] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.278570] program syz-executor.7 not setting count and/or reply_len properly [ 2127.292211] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.292211] program syz-executor.0 not setting count and/or reply_len properly [ 2127.296927] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.296927] program syz-executor.4 not setting count and/or reply_len properly [ 2127.307579] audit: type=1326 audit(1718135892.095:2493): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42177 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2127.332488] audit: type=1326 audit(1718135892.123:2494): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42177 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2127.337495] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.337495] program syz-executor.6 not setting count and/or reply_len properly 19:58:12 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(0xffffffffffffffff, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:58:12 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000006800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:12 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000400000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:12 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000006c00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2127.533924] audit: type=1326 audit(1718135892.360:2495): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42177 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2127.548795] audit: type=1326 audit(1718135892.375:2496): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42177 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2127.555190] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.555190] program syz-executor.0 not setting count and/or reply_len properly 19:58:12 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000003e00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:12 executing program 5: ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000080)='./file1\x00', 0x11) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file1', [{0x20, ']'}]}, 0xd) flock(r0, 0x4) [ 2127.573047] FAT-fs (loop3): bogus number of FAT structure [ 2127.574117] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2127.578868] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.578868] program syz-executor.4 not setting count and/or reply_len properly [ 2127.611516] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.611516] program syz-executor.7 not setting count and/or reply_len properly [ 2127.660578] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2127.660578] program syz-executor.6 not setting count and/or reply_len properly 19:58:12 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000006c00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:12 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) r3 = fork() r4 = gettid() kcmp(r3, r4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) sched_setattr(r3, &(0x7f0000000080)={0x38, 0x6, 0xc, 0x6, 0x10000000, 0xfff, 0xfffffffffffff801, 0x1000, 0x3, 0x9}, 0x0) ptrace(0x10, r2) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:58:12 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:28 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000480000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:28 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000007400008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, 0x0, 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:58:28 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) fork() wait4(r4, 0x0, 0x9, 0x0) 19:58:28 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:28 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x8000}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = getpgrp(0x0) r4 = pidfd_open(r3, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x3) splice(r5, &(0x7f0000000040)=0x9ae6, r2, &(0x7f00000000c0)=0x2, 0x1000, 0x1) r6 = dup(r4) setns(r6, 0x20000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r7], 0x38}}], 0x1, 0x0) 19:58:28 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(0xffffffffffffffff, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:58:28 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000007400008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2143.668152] sg_write: 4 callbacks suppressed [ 2143.668200] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2143.668200] program syz-executor.7 not setting count and/or reply_len properly [ 2143.672282] audit: type=1326 audit(1718135908.499:2497): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42634 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2143.673878] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2143.673878] program syz-executor.4 not setting count and/or reply_len properly [ 2143.681071] audit: type=1326 audit(1718135908.508:2498): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42634 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2143.698884] audit: type=1326 audit(1718135908.524:2499): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42634 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2143.715020] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2143.715020] program syz-executor.0 not setting count and/or reply_len properly [ 2143.722080] FAT-fs (loop3): bogus number of FAT structure [ 2143.722951] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2143.724155] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2143.724155] program syz-executor.6 not setting count and/or reply_len properly [ 2143.743071] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2143.743071] program syz-executor.0 not setting count and/or reply_len properly [ 2143.759496] audit: type=1326 audit(1718135908.524:2500): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42634 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:58:28 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000007a00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:28 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000004c00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:28 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000004c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2143.903709] audit: type=1326 audit(1718135908.730:2501): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42634 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:58:28 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000007a00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2143.924171] audit: type=1326 audit(1718135908.750:2502): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42634 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2143.937407] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2143.937407] program syz-executor.4 not setting count and/or reply_len properly 19:58:28 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r2, 0x0, 0x20000004) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) [ 2144.008797] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2144.008797] program syz-executor.0 not setting count and/or reply_len properly [ 2144.031051] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2144.031051] program syz-executor.7 not setting count and/or reply_len properly 19:58:28 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300fffffff500008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2144.059989] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2144.059989] program syz-executor.6 not setting count and/or reply_len properly 19:58:28 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e21, 0x200, @private2, 0x7fffffff}, 0x1c) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x10, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 2144.096672] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2144.096672] program syz-executor.6 not setting count and/or reply_len properly 19:58:28 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x41c442, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x2a0d02, 0x0) sendfile(r1, r2, 0x0, 0x100000001) 19:58:28 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r2, 0x0, 0x20000004) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) [ 2144.127464] audit: type=1326 audit(1718135908.954:2503): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42874 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2144.138067] audit: type=1326 audit(1718135908.965:2504): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42874 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2144.152428] audit: type=1326 audit(1718135908.978:2505): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42874 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2144.171405] audit: type=1326 audit(1718135908.979:2506): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=42874 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:58:29 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000680000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:44 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x0, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:58:44 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000006c0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:44 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300ffffefff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:58:44 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x4, &(0x7f0000000080)=[{0x5, 0x0, 0x0, 0x7ffc0000}, {0x7, 0xf6, 0x7, 0x83}, {0x4, 0x1, 0x7f, 0x4}, {0x7, 0x20, 0x7, 0x7fff}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() r2 = fcntl$getown(r0, 0x9) kcmp(r1, r2, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r3) r4 = fork() ptrace(0x10, r4) r5 = fork() tkill(r5, 0x1037) wait4(r5, 0x0, 0x8, 0x0) 19:58:44 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) r1 = syz_open_procfs(0x0, &(0x7f0000001580)='net/snmp\x00') readv(r1, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00') ioctl$FIONREAD(r2, 0x6801, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r2, 0x40086607, &(0x7f0000000000)=0x800) fsetxattr$trusted_overlay_nlink(r1, &(0x7f00000002c0), &(0x7f0000000480)={'U-', 0xbef9}, 0x16, 0x1) getdents(0xffffffffffffffff, &(0x7f0000000240)=""/72, 0x48) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000001880)=ANY=[@ANYRES32=0xffffffffffffffff, @ANYBLOB="0400001667b600ab5a6e1ca451f4ff2d23f9ec5fe424df49631bffbb02be70dd447db92844ef8c5f6ca472674d1c8e0edc60b101683ab28289f358d8df374908f386e92b4620190535515b4ddf76554abd753c66cbe240d21e7b6584a71b69c4278206c9d706a0d13cc1a4ea36a39eefed332b0e824c7f90774f5a199654ed2d3757d7673c13e2afff8ed0dc1f9484cc658d1cd5845643215e67753735e7ec58ca14a8942b98d019524f7cbcf9549edfe888dd956ec947df15263c8ede43491d41a285c98c3f524c9f68b1f96938f6eba7f921d4f712f54ed5d40c1b7675a48218b277c6715916ded2ec77690bb45ef6027d1d879a0617420be517a60e8ad77cfa4a483385fd10a8043847d417fa033ff85b375edb880ef3ce2c9e8f4aae21dd27c1d432eaff66d36bf31607698b32f24ae48b400a1e3445cdeceb1bac889dcd5807aa8211281be3bd88cb2fca4af6bac3713d61e3c01c782e02201e48ff0eda1e23a4a56ea27b73107d351480bf837c4d445aa179b092d12b4a0d44b0e0088053b3de630c0ee3276c92bf3226bb4e3e92e0289ce4f47047f4defb1475f024ec2ccc5162d0033cf120733cf3304cefada69a386b6f84179a8a7e3ae44138b565c55efd0b1915f57989fab31fced757723703bab4b2fe250084bf0965b7b6d2b1a697cba528a7029c605bc76420acec1c2dff7fa92c469894c16eed7c59d77a3357edb8e2e1b62fc76b977aed"]) getdents(r3, &(0x7f0000000380)=""/215, 0xd7) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000180)={'U-', 0x7fffffff}, 0x16, 0x2) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x173000, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f00000014c0), 0x900, 0x0) getdents64(r4, &(0x7f0000001500)=""/125, 0x7d) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x0) mount$bind(&(0x7f0000000200)='./file0/../file0\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x837013, 0x0) unshare(0x48020200) 19:58:44 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r2, 0x0, 0x20000004) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r3, 0x0, 0x80000001) 19:58:44 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300fffffff500008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2160.142111] sg_write: 3 callbacks suppressed [ 2160.142129] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2160.142129] program syz-executor.7 not setting count and/or reply_len properly 19:58:44 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000006800008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2160.153991] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2160.153991] program syz-executor.6 not setting count and/or reply_len properly [ 2160.175341] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2160.175341] program syz-executor.6 not setting count and/or reply_len properly [ 2160.175664] FAT-fs (loop3): bogus number of FAT structure [ 2160.177783] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2160.184112] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2160.184112] program syz-executor.4 not setting count and/or reply_len properly [ 2160.194201] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2160.194201] program syz-executor.0 not setting count and/or reply_len properly [ 2160.237748] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2160.237748] program syz-executor.0 not setting count and/or reply_len properly 19:59:00 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300ffefffff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:00 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300ffffefff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x0, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:00 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300ffffefff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:00 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000740000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:00 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x0) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:00 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x5, &(0x7f0000000080)=[{0x3ff, 0x7f, 0x7}, {0xb0a9, 0x8c, 0x6}, {0xfff9, 0x1f, 0x9, 0x22}, {0x0, 0x5, 0x8, 0x20}, {0x9, 0x81, 0xbc, 0x4}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r3, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, 0x0, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf25ff0100000200000000000000fcaf25510000000808007300", @ANYRES32=r4, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x11, 0x2, 0x70bd25, 0x25dfdbfc, {0x1c}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x80) ptrace(0x10, r2) r5 = fork() ptrace(0x10, r5) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_flowlabel\x00') r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:59:00 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000006c00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2175.303562] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.303562] program syz-executor.5 not setting count and/or reply_len properly [ 2175.332360] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.332360] program syz-executor.4 not setting count and/or reply_len properly 19:59:00 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000002f00)='./file0/../file0\x00', 0x0, 0x21000, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x2044034, &(0x7f0000000040)=ANY=[@ANYBLOB="6d61785f62615334ab6d823765f39b651f003b740a26cad723e8290e3af15bf20c65e9b141685f74696d653d3078cc9c30303030303030303030303030302c00"]) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) openat(r1, &(0x7f0000000080)='./file0/../file0\x00', 0x580, 0x14) ftruncate(r0, 0x3) [ 2175.362153] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.362153] program syz-executor.7 not setting count and/or reply_len properly 19:59:00 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300f5ffffff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2175.400740] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.400740] program syz-executor.6 not setting count and/or reply_len properly [ 2175.406384] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.406384] program syz-executor.0 not setting count and/or reply_len properly [ 2175.412951] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.412951] program syz-executor.4 not setting count and/or reply_len properly [ 2175.427240] FAT-fs (loop3): bogus number of FAT structure [ 2175.428338] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2175.451729] EXT4-fs (sda): Unrecognized mount option "max_baS4«m‚7eó›e" or missing value [ 2175.465533] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.465533] program syz-executor.6 not setting count and/or reply_len properly [ 2175.471660] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.471660] program syz-executor.0 not setting count and/or reply_len properly 19:59:00 executing program 5: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0/file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) chmod(&(0x7f0000000040)='./file0/../file0\x00', 0x100) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000002f00)='./file0/../file0\x00', 0x0, 0x21000, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f00000002c0)='./file0\x00', 0xffffffffffff0000, 0x0, 0x0, 0x40, &(0x7f0000000080)=ANY=[@ANYBLOB='<']) mkdir(&(0x7f0000000000)='./file0/../file0\x00', 0x10) 19:59:00 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000002000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:00 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300ffefffff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2175.584053] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.584053] program syz-executor.4 not setting count and/or reply_len properly 19:59:00 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000007400008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:00 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x0) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 2175.624550] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2175.624550] program syz-executor.7 not setting count and/or reply_len properly 19:59:00 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc030000007a0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:00 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300f5ffffff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2175.716174] FAT-fs (loop3): bogus number of FAT structure [ 2175.716684] FAT-fs (loop3): Can't find a valid FAT filesystem 19:59:13 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000003000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:13 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03fffffff50000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:13 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000006c00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:13 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x0) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:13 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r1 = fork() migrate_pages(r1, 0x8, 0x0, &(0x7f0000000080)=0x97b1) r2 = fork() kcmp(r2, r2, 0x3, r0, r0) ptrace(0x10, r2) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r3) fork() fork() r4 = fork() tkill(r4, 0x3f) r5 = getpid() wait4(r5, 0x0, 0x1, 0x0) 19:59:13 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000002000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:13 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x0, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:13 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000007a00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2188.807157] kauditd_printk_skb: 2 callbacks suppressed [ 2188.807180] audit: type=1326 audit(1718135953.633:2509): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.814753] audit: type=1326 audit(1718135953.634:2510): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.828446] sg_write: 5 callbacks suppressed [ 2188.828478] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2188.828478] program syz-executor.4 not setting count and/or reply_len properly [ 2188.832268] audit: type=1326 audit(1718135953.654:2511): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.855000] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2188.855000] program syz-executor.6 not setting count and/or reply_len properly [ 2188.860435] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2188.860435] program syz-executor.7 not setting count and/or reply_len properly [ 2188.861233] audit: type=1326 audit(1718135953.687:2512): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.865576] FAT-fs (loop3): bogus number of FAT structure [ 2188.866460] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2188.867505] audit: type=1326 audit(1718135953.687:2513): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.872137] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2188.872137] program syz-executor.5 not setting count and/or reply_len properly [ 2188.880803] audit: type=1326 audit(1718135953.694:2514): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.904464] audit: type=1326 audit(1718135953.694:2515): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.906730] audit: type=1326 audit(1718135953.694:2516): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.909104] audit: type=1326 audit(1718135953.698:2517): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:59:13 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffffefff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2188.912160] audit: type=1326 audit(1718135953.721:2518): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43684 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2188.926801] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2188.926801] program syz-executor.6 not setting count and/or reply_len properly [ 2188.953876] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2188.953876] program syz-executor.7 not setting count and/or reply_len properly 19:59:13 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$nfs4(0x0, &(0x7f00000010c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x16000800) mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='mnt/encrypted_dir\x00', 0x0) rename(&(0x7f0000000180)='mnt/encrypted_dir\x00', &(0x7f00000001c0)='./file0\x00') 19:59:13 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000004000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:13 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300fffffff500008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:13 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000003000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2189.047191] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2189.047191] program syz-executor.6 not setting count and/or reply_len properly 19:59:13 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(0xffffffffffffffff, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) [ 2189.071512] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2189.071512] program syz-executor.4 not setting count and/or reply_len properly [ 2189.077192] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2189.077192] program syz-executor.7 not setting count and/or reply_len properly [ 2189.088457] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2189.088457] program syz-executor.6 not setting count and/or reply_len properly [ 2189.103242] FAT-fs (loop3): bogus number of FAT structure [ 2189.104146] FAT-fs (loop3): Can't find a valid FAT filesystem 19:59:13 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03ffefffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:14 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000005000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:14 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300ffffefff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r1, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c84c000130301012abd7000ffdbdf250000000808007300", @ANYRES32=r2, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e06f31dcec87e7014d0babbed7a883d81b74c118b41984910c0133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58fa8827bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e9210ce1d46dcb4e3d7982e3af8a0c429fb"], 0x13c}}, 0x0) dup2(r1, r0) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r3 = fork() kcmp(r3, r3, 0x3, r0, r0) ptrace(0x10, r3) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:59:31 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03f5ffffff0000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(0xffffffffffffffff, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:31 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000003000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000006000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300ffefffff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000004000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2206.352285] sg_write: 3 callbacks suppressed [ 2206.352332] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.352332] program syz-executor.7 not setting count and/or reply_len properly [ 2206.368690] kauditd_printk_skb: 16 callbacks suppressed [ 2206.368709] audit: type=1326 audit(1718135971.195:2535): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.374777] audit: type=1326 audit(1718135971.196:2536): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc5eb55fa04 code=0x7ffc0000 [ 2206.376652] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.376652] program syz-executor.6 not setting count and/or reply_len properly [ 2206.387993] audit: type=1326 audit(1718135971.196:2537): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.395986] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.395986] program syz-executor.5 not setting count and/or reply_len properly [ 2206.402329] FAT-fs (loop3): bogus number of FAT structure [ 2206.403172] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2206.404381] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.404381] program syz-executor.4 not setting count and/or reply_len properly [ 2206.406993] audit: type=1326 audit(1718135971.199:2538): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.415577] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.415577] program syz-executor.7 not setting count and/or reply_len properly [ 2206.417499] audit: type=1326 audit(1718135971.199:2539): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.417650] audit: type=1326 audit(1718135971.200:2540): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.423278] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.423278] program syz-executor.6 not setting count and/or reply_len properly [ 2206.425446] audit: type=1326 audit(1718135971.201:2541): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.428657] audit: type=1326 audit(1718135971.201:2542): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.443721] audit: type=1326 audit(1718135971.201:2543): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2206.449657] audit: type=1326 audit(1718135971.201:2544): auid=0 uid=16877 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=43946 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:59:31 executing program 5: close(0xffffffffffffffff) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_setup(0x13af, &(0x7f0000000080)={0x0, 0x8893, 0x2b, 0x0, 0x64}, &(0x7f0000fef000/0xf000)=nil, &(0x7f0000fee000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f0000fed000/0x3000)=nil, 0x3000, 0x64, 0x1}, 0x1000) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005640)=[{{&(0x7f0000000040)={0x2, 0x4e23, @remote}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000002400)=[{0x0}, {0x0, 0x39}, {&(0x7f0000002080)="bc", 0x1}], 0x3}}], 0x2, 0x8804) getpeername(r0, &(0x7f00000001c0)=@can, &(0x7f0000000240)=0x80) 19:59:31 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000000000000b32428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300f5ffffff00008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000005000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000007000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2206.581959] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.581959] program syz-executor.0 not setting count and/or reply_len properly [ 2206.594352] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.594352] program syz-executor.7 not setting count and/or reply_len properly [ 2206.632045] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.632045] program syz-executor.0 not setting count and/or reply_len properly [ 2206.633011] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2206.633011] program syz-executor.6 not setting count and/or reply_len properly 19:59:31 executing program 5: syz_mount_image$ext4(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000002f00)='./file0/../file0\x00', 0x0, 0x21000, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x820, &(0x7f0000000540)={[{@dax}]}) 19:59:31 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000200000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:31 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000008000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2206.769237] EXT4-fs (sda): dax option not supported 19:59:31 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) wait4(r1, &(0x7f00000000c0), 0x1, 0x0) ptrace(0x10, r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="2d84c000130301012abd7000ffdbdf250000000808007300cdf8a27b3866a400174e89", @ANYRES32=r3, @ANYBLOB="04001c00fe0a96ad064918d8622cc93b6c45f0b92775255aeb09c911ad89bb3808c51b3916ef05044bffe933cda59e84583beb14e8deef45ecba8468aebf82ca6eee798b30f53185923a715d68c90a045938018e164b3e0609e0cec87e7014d0babbed7a133b44438a6b6727260400260028d05d936053fa8d8098c46e76a5827592edf2ef1e989d7defe43665bae92353150c831743b1a341a6a52cdd173db70d5c77073cad94a54e7b5932c7fd5a58000227bd96cfea36da58006761af620549baed08d26bc5eb7f66c7c3cf44111d1a9dada9f804128d068eb0cbb389e47216ffd57e79be0fcfc0abe7c28afa23b6294e3731f928f69c64b65e392415552a282e15c31b03b21ffab476664dd623b0e630a50e7ea875ad30c02359a5b6fc8668b2ded566b4f50d14db06e1e99197a002ac6f9a07d3b9a7ac6aebdfe82a14fc9c1d26d931dbbf8b50a552132d0d5feed5a2790113c5bbbc5ef995f32421d2883ac95a77582f9391f76846062452d1ce28727dd81ceff22ad31e8aeb6a58a79be587e58db3880c37141cd77cab836a57c0bb032509df25461804860f5fd6d7b6a02f7ba695316dc68b79fd12f59f98a759ad2fd98d76906abe7765d169636b80e1692809b3a714d4c6df77cbdaf3654dd1b21f4e371df265320b13dd743844ead6d800000000"], 0x13c}}, 0x2000c841) fallocate(r2, 0x41, 0x4, 0x1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r4) r5 = fork() ptrace$peeksig(0x4209, r4, &(0x7f0000000080)={0x9, 0x0, 0x3}, &(0x7f0000000280)=[{}, {}, {}]) ptrace(0x10, r5) r6 = fork() tkill(r6, 0x3f) wait4(r6, 0x0, 0x8, 0x0) 19:59:31 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000006000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2220.169262] kauditd_printk_skb: 15 callbacks suppressed [ 2220.169276] audit: type=1326 audit(1718135984.996:2560): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=44406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2220.172219] audit: type=1326 audit(1718135984.999:2561): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=44406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2220.178822] audit: type=1326 audit(1718135985.004:2562): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=44406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2220.185932] sg_write: 6 callbacks suppressed [ 2220.185952] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.185952] program syz-executor.6 not setting count and/or reply_len properly [ 2220.188458] audit: type=1326 audit(1718135985.005:2563): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=44406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=57 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2220.196873] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.196873] program syz-executor.0 not setting count and/or reply_len properly 19:59:44 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000002000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:44 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020820000200008000f80000200040000000000000000000010000000000000002", 0x2d}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aa52526141", 0x24, 0x1e0}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x3e0}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0fffffff0fffffff0fff", 0x15, 0x4000}, {&(0x7f0000010700)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100010e770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200010e770325132510000e770325105", 0x9b, 0x4400}], 0x0, &(0x7f0000011100)=ANY=[]) unlinkat(r0, &(0x7f0000000400)='./file1\x00', 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000005a00)=[{{&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000000780)=[{&(0x7f0000000280)=""/244, 0xf4}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000500)=""/248, 0xf8}, {&(0x7f0000000380)=""/123, 0x7b}, {&(0x7f0000000600)=""/168, 0xa8}, {&(0x7f00000006c0)=""/186, 0xba}], 0x7, &(0x7f0000000800)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000000880)=@abs, 0x6e, &(0x7f0000000980)=[{&(0x7f00000000c0)=""/2, 0x2}, {&(0x7f00000001c0)=""/25, 0x19}, {&(0x7f0000000900)=""/16, 0x10}, {&(0x7f0000000940)=""/30, 0x1e}], 0x4, &(0x7f00000009c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x118}}, {{&(0x7f0000000b00), 0x6e, &(0x7f0000000c80)=[{&(0x7f0000000b80)=""/194, 0xc2}], 0x1, &(0x7f0000000cc0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x78}}, {{&(0x7f0000000d40), 0x6e, &(0x7f0000002140)=[{&(0x7f0000000dc0)=""/97, 0x61}, {&(0x7f0000000e40)=""/33, 0x21}, {&(0x7f0000000e80)=""/210, 0xd2}, {&(0x7f0000000f80)=""/4096, 0x1000}, {&(0x7f0000001f80)=""/164, 0xa4}, {&(0x7f0000002040)=""/252, 0xfc}], 0x6}}, {{&(0x7f00000021c0)=@abs, 0x6e, &(0x7f0000002540)=[{&(0x7f0000002240)=""/75, 0x4b}, {&(0x7f00000022c0)=""/185, 0xb9}, {&(0x7f0000002380)=""/137, 0x89}, {&(0x7f0000002440)=""/237, 0xed}], 0x4, &(0x7f0000002580)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f00000025c0)=@abs, 0x6e, &(0x7f0000002b40)=[{&(0x7f0000002640)=""/52, 0x34}, {&(0x7f0000002680)=""/116, 0x74}, {&(0x7f0000002700)=""/19, 0x13}, {&(0x7f0000002740)=""/255, 0xff}, {&(0x7f0000002840)=""/219, 0xdb}, {&(0x7f0000002940)=""/159, 0x9f}, {&(0x7f0000002a00)=""/10, 0xa}, {&(0x7f0000002a40)=""/197, 0xc5}], 0x8, &(0x7f0000002bc0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}}, {{&(0x7f0000002c80)=@abs, 0x6e, &(0x7f00000032c0)=[{&(0x7f0000002d00)=""/32, 0x20}, {&(0x7f0000002d40)=""/134, 0x86}, {&(0x7f0000002e00)=""/209, 0xd1}, {&(0x7f0000002f00)=""/181, 0xb5}, {&(0x7f0000002fc0)=""/152, 0x98}, {&(0x7f0000003080)=""/55, 0x37}, {&(0x7f00000030c0)=""/175, 0xaf}, {&(0x7f0000003180)}, {&(0x7f00000031c0)=""/30, 0x1e}, {&(0x7f0000003200)=""/154, 0x9a}], 0xa, &(0x7f0000003380)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f00000033c0)=@abs, 0x6e, &(0x7f0000004480)=[{&(0x7f0000003440)=""/17, 0x11}, {&(0x7f0000003480)=""/4096, 0x1000}], 0x2, &(0x7f00000044c0)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}}, {{&(0x7f0000004540)=@abs, 0x6e, &(0x7f00000058c0)=[{&(0x7f00000045c0)=""/49, 0x31}, {&(0x7f0000004600)=""/177, 0xb1}, {&(0x7f00000046c0)=""/36, 0x24}, {&(0x7f0000004700)=""/59, 0x3b}, {&(0x7f0000004740)=""/13, 0xd}, {&(0x7f0000004780)=""/4096, 0x1000}, {&(0x7f0000005780)=""/67, 0x43}, {&(0x7f0000005800)=""/117, 0x75}, {&(0x7f0000005880)=""/30, 0x1e}], 0x9, &(0x7f0000005980)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x50}}], 0x9, 0x23, &(0x7f0000005c40)={0x0, 0x3938700}) openat(r1, &(0x7f0000005c80)='./file0\x00', 0xa000, 0x2) 19:59:44 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000300000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:44 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000009000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:44 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000007000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:44 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(0xffffffffffffffff, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:44 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x1}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffe3) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = accept4(r1, 0x0, &(0x7f00000000c0), 0x800) sendmsg$nl_generic(r3, 0x0, 0x20000004) sendfile(r0, r2, 0x0, 0x100000001) getsockname(r1, &(0x7f0000000480)=@can, &(0x7f0000000500)=0x80) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x40e000, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) dup2(r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x20}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r4, 0x0, 0x80000001) 19:59:44 executing program 2: setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000240)=0x1) r1 = fork() kcmp(r1, r1, 0x3, r0, r0) ptrace(0x10, r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace(0x10, r2) r3 = fork() ptrace(0x8, r3) r4 = fork() tkill(r4, 0x3f) wait4(r4, 0x0, 0x8, 0x0) [ 2220.214482] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.214482] program syz-executor.6 not setting count and/or reply_len properly [ 2220.218901] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.218901] program syz-executor.0 not setting count and/or reply_len properly [ 2220.234787] FAT-fs (loop5): error, invalid access to FAT (entry 0x000000ff) [ 2220.235827] FAT-fs (loop5): Filesystem has been set read-only [ 2220.236695] FAT-fs (loop3): bogus number of FAT structure [ 2220.237226] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2220.238941] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.238941] program syz-executor.7 not setting count and/or reply_len properly [ 2220.241021] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.241021] program syz-executor.4 not setting count and/or reply_len properly [ 2220.285163] audit: type=1326 audit(1718135985.112:2564): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=44406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 [ 2220.296045] audit: type=1326 audit(1718135985.122:2565): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=44406 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5eb5acb19 code=0x7ffc0000 19:59:45 executing program 0: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000400000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:45 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000003000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:45 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000d000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:45 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000008000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2220.362359] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.362359] program syz-executor.4 not setting count and/or reply_len properly 19:59:45 executing program 2: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x81c00, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x200000000000002, 0x1ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3ac4, &(0x7f00000002c0)={0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd=r3}, 0x0) close(r3) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x125ce2, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x6c25, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="40016944", @ANYRES16=0x0, @ANYBLOB="000429bd7000fbdbdf25010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e3000000000"], 0x140}, 0x1, 0x0, 0x0, 0x20000}, 0xc0c1) [ 2220.397421] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.397421] program syz-executor.6 not setting count and/or reply_len properly [ 2220.400341] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.400341] program syz-executor.7 not setting count and/or reply_len properly [ 2220.418826] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2220.418826] program syz-executor.6 not setting count and/or reply_len properly 19:59:45 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc0300000e000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 19:59:45 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x40, 0x0, 0x0, 0x0, 0x4307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_enter(r0, 0x7b21, 0x5df7, 0x2, &(0x7f0000000040)={[0x9]}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x628c, 0x1, &(0x7f0000000180)="eed4ba7674b334293dc1f64e88f1afaf48376f8377d20bd81a62bd88da99d5828bea82e2838b4a7ab417444a9eb98325f61731f06eef79d8e0a7", 0x4, 0x0, 0x1, {0x0, r3}}, 0x24000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1216, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, 0x4, &(0x7f0000001600)=[{&(0x7f0000000300), 0x0, 0xf9}, {0x0}, {&(0x7f0000001480)="c1cfdc3cd0acacae6547c9b0393104cc433c3331b8113613fc06fe6d05dd1628d1cc329596fbe972434319d296b79104f47913ed65e4a860d46a9a9263cd72dc4cbc40e61ec56fff66db75e235183f31775dfe15476da74ce0094bc61bdb351155e6f54ab874e54b7cce5bbd69d6cfc21413043f8a342ebf9939a49ddeebc00268d8f9c8e922aa7106f67ae3317264adbfb0291bbc132090cea44db0016717fc20808a659e53f9497098", 0xaa, 0x5}, {&(0x7f0000001580)}], 0x1004000, &(0x7f0000000300)=ANY=[@ANYBLOB="757466383d312c726f6469722c696f636861727365743d63703836392c75746691fc731efb570fc59b05383d31090000130000000000652c646f6e745f61707056616973652c686173682c7365636c6162656c2861707072616973652cb49b1b554ef6bc9f1c23261d07118ac6cc56fb781125dce3a326226c880a264a40c4e50e43735f21453a95dd87f548dc4e20f94b2ba4a1d0cb7433dfc7642c0dc8feb162617bf5ec0884d6b0390b47f672524c20bb495d05599ae3e14c21a078b4cef02abaadf772a1228e55210ee8488fea6907f9a39607c146f960cfb18454b1c8881390cb1b0b316795ebe10a69fbe8ce258e30a66c664cfe3e812ebe89ec8c91a9a7567a5f6409854667631e30b8b30998ad16583204f4b3227e"]) 19:59:45 executing program 6: syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000004000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2237.095124] syz-executor.5: page allocation failure: order:0, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz5,mems_allowed=0 [ 2237.096360] CPU: 1 PID: 44737 Comm: syz-executor.5 Not tainted 5.10.218 #1 [ 2237.096910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2237.097576] Call Trace: [ 2237.097795] dump_stack+0x107/0x167 [ 2237.098092] warn_alloc.cold+0x95/0x18a [ 2237.098421] ? zone_watermark_ok_safe+0x260/0x260 [ 2237.098810] ? queue_oom_reaper+0x86/0x1e0 [ 2237.099165] ? wait_for_completion_io+0x270/0x270 [ 2237.099562] __alloc_pages_slowpath.constprop.0+0x1c33/0x2170 [ 2237.100042] ? lock_acquire+0xf7/0x470 [ 2237.100362] ? warn_alloc+0x190/0x190 [ 2237.100691] __alloc_pages_nodemask+0x51d/0x600 [ 2237.101074] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2237.101567] alloc_pages_current+0x187/0x280 [ 2237.101924] allocate_slab+0x29b/0x380 [ 2237.102241] ___slab_alloc+0x470/0x700 [ 2237.102563] ? io_issue_sqe+0x2492/0x7700 [ 2237.102903] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2237.103323] ? obj_cgroup_charge+0xc6/0x490 [ 2237.103668] ? trace_hardirqs_on+0x5b/0x180 [ 2237.104016] ? io_issue_sqe+0x2492/0x7700 [ 2237.104352] ? kmem_cache_alloc_trace+0x305/0x320 [ 2237.104735] ? io_issue_sqe+0x2492/0x7700 [ 2237.105069] kmem_cache_alloc_trace+0x305/0x320 [ 2237.105448] io_issue_sqe+0x2492/0x7700 [ 2237.105778] ? io_connect+0x610/0x610 [ 2237.106089] ? lock_acquire+0x197/0x470 [ 2237.106410] ? find_held_lock+0x2c/0x110 [ 2237.106749] ? xa_load+0x12d/0x2c0 [ 2237.107052] ? lock_downgrade+0x6d0/0x6d0 [ 2237.107393] __io_queue_sqe+0x90/0x9d0 [ 2237.107709] ? xa_load+0x156/0x2c0 [ 2237.108011] ? io_issue_sqe+0x7700/0x7700 [ 2237.108355] ? kmem_cache_alloc_bulk+0x182/0x320 [ 2237.108742] io_submit_sqes+0x4461/0x85c0 [ 2237.109091] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2237.109485] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2237.109878] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2237.110302] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2237.110656] ? trace_hardirqs_on+0x5b/0x180 [ 2237.111010] ? io_submit_sqes+0x85c0/0x85c0 [ 2237.111348] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2237.111709] ? finish_task_switch+0x126/0x5d0 [ 2237.112069] ? finish_task_switch+0xef/0x5d0 [ 2237.112419] ? __switch_to+0x572/0xf70 [ 2237.112734] ? __switch_to_asm+0x3a/0x60 [ 2237.113059] ? __switch_to_asm+0x34/0x60 [ 2237.113390] ? __schedule+0x82c/0x1ea0 [ 2237.113709] ? io_schedule_timeout+0x140/0x140 [ 2237.114088] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 2237.114459] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 2237.114898] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2237.115330] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2237.115743] do_syscall_64+0x33/0x40 [ 2237.116046] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2237.116456] RIP: 0033:0x7fb212c2db19 [ 2237.116763] Code: Unable to access opcode bytes at RIP 0x7fb212c2daef. [ 2237.117282] RSP: 002b:00007fb2101a3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2237.117901] RAX: ffffffffffffffda RBX: 00007fb212d40f60 RCX: 00007fb212c2db19 [ 2237.118469] RDX: 0000000000001216 RSI: 00000000000058ab RDI: 0000000000000003 [ 2237.119048] RBP: 00007fb212c87f6d R08: 0000000000000000 R09: 0000000000000000 [ 2237.119623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2237.120193] R13: 00007ffd223f657f R14: 00007fb2101a3300 R15: 0000000000022000 [ 2237.121743] Mem-Info: [ 2237.121963] active_anon:787 inactive_anon:68713 isolated_anon:0 [ 2237.121963] active_file:11 inactive_file:14 isolated_file:0 [ 2237.121963] unevictable:0 dirty:0 writeback:0 [ 2237.121963] slab_reclaimable:9594 slab_unreclaimable:252559 [ 2237.121963] mapped:69634 shmem:116 pagetables:3123 bounce:0 [ 2237.121963] free:2891 free_pcp:132 free_cma:0 [ 2237.124557] Node 0 active_anon:3148kB inactive_anon:274852kB active_file:44kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:464kB writeback_tmp:0kB kernel_stack:5920kB all_unreclaimable? yes [ 2237.126390] Node 0 DMA free:6480kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2237.128431] lowmem_reserve[]: 0 1616 1616 1616 [ 2237.128843] Node 0 DMA32 free:5084kB min:13308kB low:14960kB high:16612kB reserved_highatomic:0KB active_anon:3148kB inactive_anon:274852kB active_file:44kB inactive_file:56kB unevictable:0kB writepending:0kB present:2080640kB managed:1660476kB mlocked:0kB pagetables:12492kB bounce:0kB free_pcp:516kB local_pcp:320kB free_cma:0kB [ 2237.131140] lowmem_reserve[]: 0 0 0 0 [ 2237.131474] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6480kB [ 2237.132551] Node 0 DMA32: 1115*4kB (UME) 54*8kB (UME) 12*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5084kB [ 2237.133669] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2237.134334] 141 total pagecache pages [ 2237.134652] 0 pages in swap cache [ 2237.134925] Swap cache stats: add 0, delete 0, find 0/0 [ 2237.135351] Free swap = 0kB [ 2237.135611] Total swap = 0kB [ 2237.135851] 524158 pages RAM [ 2237.136089] 0 pages HighMem/MovableOnly [ 2237.136399] 105062 pages reserved [ 2237.136731] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.137361] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.138056] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.146628] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2237.148867] CPU: 0 PID: 178 Comm: in:imklog Not tainted 5.10.218 #1 [ 2237.149964] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2237.150642] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.151407] Call Trace: [ 2237.152053] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.152068] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.152530] dump_stack+0x107/0x167 [ 2237.154786] dump_header+0x106/0x655 [ 2237.155451] oom_kill_process.cold+0x10/0x15 [ 2237.156228] out_of_memory+0x1149/0x1440 [ 2237.156954] ? oom_killer_disable+0x280/0x280 [ 2237.157742] ? mutex_trylock+0x237/0x2b0 [ 2237.158451] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2237.159492] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2237.160529] ? lock_acquire+0xf7/0x470 [ 2237.161215] ? warn_alloc+0x190/0x190 [ 2237.161913] __alloc_pages_nodemask+0x51d/0x600 [ 2237.162732] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2237.163791] ? find_get_entry+0x2c8/0x740 [ 2237.164532] alloc_pages_current+0x187/0x280 [ 2237.164664] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.165306] __page_cache_alloc+0x2d2/0x360 [ 2237.165929] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.165944] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.166680] pagecache_get_page+0x2c7/0xc80 [ 2237.168779] filemap_fault+0x177d/0x2210 [ 2237.169364] ? read_cache_page_gfp+0x30/0x30 [ 2237.170016] ? replace_page_cache_page+0x1200/0x1200 [ 2237.170735] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2237.171522] ext4_filemap_fault+0x87/0xc0 [ 2237.172105] __do_fault+0x113/0x410 [ 2237.172656] handle_mm_fault+0x1e53/0x3500 [ 2237.173258] ? fsnotify+0xf50/0xf50 [ 2237.173795] ? __pmd_alloc+0x5e0/0x5e0 [ 2237.174355] ? vmacache_find+0x55/0x2a0 [ 2237.174941] ? vmacache_update+0xce/0x140 [ 2237.175545] do_user_addr_fault+0x56e/0xc60 [ 2237.176194] exc_page_fault+0xa2/0x1a0 [ 2237.176749] ? asm_exc_page_fault+0x8/0x30 [ 2237.177369] asm_exc_page_fault+0x1e/0x30 [ 2237.177950] RIP: 0033:0x7ffb600e808c [ 2237.178497] Code: Unable to access opcode bytes at RIP 0x7ffb600e8062. [ 2237.178608] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.179421] RSP: 002b:00007ffb5f6844d0 EFLAGS: 00010246 [ 2237.180062] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.180075] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.180807] [ 2237.182505] RAX: 0000000000000251 RBX: 0000000000000000 RCX: 00007ffb600e808c [ 2237.183512] RDX: 0000000000001fa0 RSI: 00007ffb5f684d00 RDI: 0000000000000005 [ 2237.184552] RBP: 000055911f07d4c0 R08: 0000000000000000 R09: 000055911f079e88 [ 2237.185550] R10: a3d70a3d70a3d70b R11: 0000000000000246 R12: 00007ffb5f684d00 [ 2237.186550] R13: 0000000000001fa0 R14: 00007ffb5f684d00 R15: 00007ffb5f684db9 [ 2237.187670] Mem-Info: [ 2237.188045] active_anon:787 inactive_anon:68713 isolated_anon:0 [ 2237.188045] active_file:12 inactive_file:13 isolated_file:0 [ 2237.188045] unevictable:0 dirty:0 writeback:0 [ 2237.188045] slab_reclaimable:9594 slab_unreclaimable:252565 [ 2237.188045] mapped:69634 shmem:116 pagetables:3123 bounce:0 [ 2237.188045] free:2891 free_pcp:129 free_cma:0 [ 2237.192397] Node 0 active_anon:3148kB inactive_anon:274852kB active_file:48kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:464kB writeback_tmp:0kB kernel_stack:5920kB all_unreclaimable? yes [ 2237.192615] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.195641] Node 0 [ 2237.196208] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.196222] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.196562] DMA free:6480kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2237.201528] lowmem_reserve[]: 0 1616 1616 1616 [ 2237.202240] Node 0 DMA32 free:5084kB min:13308kB low:14960kB high:16612kB reserved_highatomic:0KB active_anon:3148kB inactive_anon:274852kB active_file:48kB inactive_file:52kB unevictable:0kB writepending:0kB present:2080640kB managed:1660476kB mlocked:0kB pagetables:12492kB bounce:0kB free_pcp:516kB local_pcp:196kB free_cma:0kB [ 2237.206255] lowmem_reserve[]: 0 0 0 0 [ 2237.206864] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6480kB [ 2237.208828] Node 0 DMA32: 1115*4kB (UME) 54*8kB (UME) 12*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5084kB [ 2237.209921] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.210761] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2237.211373] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.211387] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.212579] 141 total pagecache pages [ 2237.214564] 0 pages in swap cache [ 2237.215085] Swap cache stats: add 0, delete 0, find 0/0 [ 2237.215856] Free swap = 0kB [ 2237.216280] Total swap = 0kB [ 2237.216731] 524158 pages RAM [ 2237.217152] 0 pages HighMem/MovableOnly [ 2237.217737] 105062 pages reserved [ 2237.218309] Unreclaimable slab info: [ 2237.219160] Name Used Total [ 2237.220382] pid_3 3KB 3KB [ 2237.221393] pid_2 100KB 168KB [ 2237.222212] IEEE-802.15.4-MAC 31KB 31KB [ 2237.223046] fib6_nodes 28KB 28KB [ 2237.223828] ip6_dst_cache 45KB 45KB [ 2237.224566] PINGv6 31KB 31KB [ 2237.225346] RAWv6 220KB 220KB [ 2237.226131] UDPLITEv6 62KB 62KB [ 2237.226909] UDPv6 248KB 248KB [ 2237.227694] TCPv6 62KB 62KB [ 2237.228448] scsi_sense_cache 8KB 8KB [ 2237.229222] sd_ext_cdb 3KB 3KB [ 2237.229995] virtio_scsi_cmd 16KB 16KB [ 2237.230788] sgpool-128 127KB 178KB [ 2237.231538] sgpool-64 63KB 63KB [ 2237.232318] sgpool-32 63KB 63KB [ 2237.233088] sgpool-16 120KB 150KB [ 2237.233868] sgpool-8 63KB 63KB [ 2237.234659] io_kiocb 50KB 67KB [ 2237.235413] mqueue_inode_cache 62KB 62KB [ 2237.235618] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.236198] nfs_commit_data 15KB 15KB [ 2237.236807] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.236815] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.239614] nfs_write_data 47KB 47KB [ 2237.240363] jbd2_inode 7KB 7KB [ 2237.241138] ext4_system_zone 7KB 7KB [ 2237.241913] ext4_io_end_vec 7KB 7KB [ 2237.242686] ext4_bio_post_read_ctx 15KB 15KB [ 2237.243500] kioctx 15KB 15KB [ 2237.244270] aio_kiocb 3KB 3KB [ 2237.245046] dio 46KB 46KB [ 2237.245829] bio-2 4KB 4KB [ 2237.246579] fasync_cache 7KB 7KB [ 2237.247394] pid_namespace 7KB 7KB [ 2237.248172] posix_timers_cache 15KB 15KB [ 2237.248964] rpc_buffers 31KB 31KB [ 2237.249734] rpc_tasks 3KB 3KB [ 2237.250480] UNIX 324KB 352KB [ 2237.251268] ip4-frags 15KB 15KB [ 2237.252052] UDP-Lite 63KB 63KB [ 2237.252835] tcp_bind_bucket 8KB 8KB [ 2237.253615] inet_peer_cache 4KB 4KB [ 2237.254002] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.254360] xfrm_state 32KB 32KB [ 2237.254997] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.255005] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.257826] ip_fib_trie 8KB 8KB [ 2237.258565] ip_fib_alias 15KB 15KB [ 2237.259351] ip_dst_cache 20KB 20KB [ 2237.260129] RAW 93KB 93KB [ 2237.260905] UDP 315KB 315KB [ 2237.261678] tw_sock_TCP 7KB 7KB [ 2237.262420] request_sock_TCP 7KB 7KB [ 2237.263199] TCP 60KB 60KB [ 2237.263979] hugetlbfs_inode_cache 30KB 30KB [ 2237.264800] bio-1 11KB 11KB [ 2237.265546] eventpoll_pwq 23KB 23KB [ 2237.266314] eventpoll_epi 35KB 35KB [ 2237.267096] inotify_inode_mark 39KB 39KB [ 2237.267884] request_queue 60KB 60KB [ 2237.268667] blkdev_ioc 26KB 26KB [ 2237.269408] bio-0 140KB 140KB [ 2237.270178] biovec-max 1338KB 1338KB [ 2237.270948] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.270976] biovec-64 141KB 189KB [ 2237.271607] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.271615] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.274385] biovec-16 75KB 90KB [ 2237.275166] user_namespace 31KB 31KB [ 2237.275939] uid_cache 8KB 8KB [ 2237.276709] dmaengine-unmap-2 4KB 4KB [ 2237.277457] audit_buffer 11KB 11KB [ 2237.278228] skbuff_fclone_cache 112KB 112KB [ 2237.279034] skbuff_head_cache 1327KB 1327KB [ 2237.279810] file_lock_cache 70KB 70KB [ 2237.280549] file_lock_ctx 7KB 7KB [ 2237.281321] fsnotify_mark_connector 20KB 20KB [ 2237.282159] net_namespace 115KB 115KB [ 2237.282935] task_delay_info 155KB 212KB [ 2237.283712] taskstats 61KB 61KB [ 2237.284452] proc_dir_entry 364KB 367KB [ 2237.285228] pde_opener 27KB 27KB [ 2237.285999] seq_file 56KB 56KB [ 2237.286769] sigqueue 86KB 86KB [ 2237.287515] shmem_inode_cache 1216KB 1320KB [ 2237.288282] kernfs_iattrs_cache 250KB 250KB [ 2237.288617] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2237.289079] kernfs_node_cache 5448KB 5469KB [ 2237.289680] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2237.289687] node 0: slabs: 23157, objs: 1482048, free: 0 [ 2237.292458] mnt_cache 228KB 228KB [ 2237.293267] filp 636KB 1387KB [ 2237.294039] names_cache 1368KB 1666KB [ 2237.294816] hashtab_node 274KB 274KB [ 2237.295572] ebitmap_node 1149KB 1149KB [ 2237.296349] avtab_node 4976KB 4976KB [ 2237.297123] avc_node 31KB 31KB [ 2237.297903] lsm_inode_cache 3201KB 3265KB [ 2237.298671] lsm_file_cache 131KB 164KB [ 2237.299422] key_jar 31KB 31KB [ 2237.300197] uts_namespace 15KB 15KB [ 2237.300973] nsproxy 11KB 11KB [ 2237.301777] vm_area_struct 1394KB 1616KB [ 2237.302520] fs_cache 53KB 60KB [ 2237.303302] files_cache 227KB 270KB [ 2237.304079] signal_cache 380KB 463KB [ 2237.304854] sighand_cache 450KB 481KB [ 2237.305631] task_struct 1384KB 2362KB [ 2237.306377] cred_jar 98KB 168KB [ 2237.307169] anon_vma_chain 412KB 472KB [ 2237.307940] anon_vma 448KB 482KB [ 2237.308710] pid 73KB 97KB [ 2237.309456] Acpi-Operand 148KB 182KB [ 2237.310225] Acpi-ParseExt 31KB 31KB [ 2237.311011] Acpi-Parse 35KB 51KB [ 2237.311807] Acpi-State 106KB 122KB [ 2237.312572] Acpi-Namespace 24KB 24KB [ 2237.313359] numa_policy 7KB 7KB [ 2237.314150] trace_event_file 176KB 176KB [ 2237.314939] ftrace_event_field 280KB 280KB [ 2237.315750] pool_workqueue 32KB 32KB [ 2237.316509] task_group 16KB 16KB [ 2237.317300] mm_struct 355KB 441KB [ 2237.318089] vmap_area 114KB 114KB [ 2237.318882] page->ptl 364KB 409KB [ 2237.319673] kmemleak_scan_area 59KB 59KB [ 2237.320442] kmemleak_object 779301KB 779301KB [ 2237.321252] kmalloc-8k 4672KB 4832KB [ 2237.322058] kmalloc-4k 5856KB 7296KB [ 2237.322860] kmalloc-2k 4380KB 5280KB [ 2237.323668] kmalloc-1k 2158KB 3424KB [ 2237.324422] kmalloc-512 28896KB 28896KB [ 2237.325218] kmalloc-256 1250KB 1360KB [ 2237.326008] kmalloc-192 728KB 744KB [ 2237.326804] kmalloc-128 539KB 640KB [ 2237.327582] kmalloc-96 546KB 728KB [ 2237.328387] kmalloc-64 1286KB 1560KB [ 2237.329176] kmalloc-32 92628KB 92628KB [ 2237.329965] kmalloc-16 364KB 364KB [ 2237.330755] kmalloc-8 342KB 342KB [ 2237.331523] kmem_cache_node 43KB 43KB [ 2237.332304] kmem_cache 71KB 71KB [ 2237.333090] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/rsyslog.service,task=in:imklog,pid=178,uid=0 [ 2237.336398] Out of memory (oom_kill_allocating_task): Killed process 176 (rsyslogd) total-vm:220876kB, anon-rss:984kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 2237.554163] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2237.555005] CPU: 1 PID: 256 Comm: syz-fuzzer Not tainted 5.10.218 #1 [ 2237.555520] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2237.556179] Call Trace: [ 2237.556398] dump_stack+0x107/0x167 [ 2237.556695] dump_header+0x106/0x655 [ 2237.556993] oom_kill_process.cold+0x10/0x15 [ 2237.557352] out_of_memory+0x1149/0x1440 [ 2237.557681] ? oom_killer_disable+0x280/0x280 [ 2237.558046] ? mutex_trylock+0x237/0x2b0 [ 2237.558371] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2237.558849] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2237.559340] ? lock_acquire+0xf7/0x470 [ 2237.559656] ? warn_alloc+0x190/0x190 [ 2237.559973] __alloc_pages_nodemask+0x51d/0x600 [ 2237.560347] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2237.560826] ? find_get_entry+0x2c8/0x740 [ 2237.561181] alloc_pages_current+0x187/0x280 [ 2237.561535] __page_cache_alloc+0x2d2/0x360 [ 2237.561886] pagecache_get_page+0x2c7/0xc80 [ 2237.562238] filemap_fault+0x177d/0x2210 [ 2237.562574] ? read_cache_page_gfp+0x30/0x30 [ 2237.562929] ? handle_mm_fault+0x28b1/0x3500 [ 2237.563290] ? lock_downgrade+0x6d0/0x6d0 [ 2237.563630] ext4_filemap_fault+0x87/0xc0 [ 2237.563962] __do_fault+0x113/0x410 [ 2237.564255] handle_mm_fault+0x1e53/0x3500 [ 2237.564597] ? find_held_lock+0x2c/0x110 [ 2237.564923] ? __pmd_alloc+0x5e0/0x5e0 [ 2237.565240] ? vmacache_find+0x55/0x2a0 [ 2237.565565] do_user_addr_fault+0x56e/0xc60 [ 2237.565919] exc_page_fault+0xa2/0x1a0 [ 2237.566232] ? asm_exc_page_fault+0x8/0x30 [ 2237.566570] asm_exc_page_fault+0x1e/0x30 [ 2237.566901] RIP: 0033:0x4bba37 [ 2237.567170] Code: Unable to access opcode bytes at RIP 0x4bba0d. [ 2237.567652] RSP: 002b:000000c000041d30 EFLAGS: 00010206 [ 2237.568081] RAX: 0000000001f20820 RBX: 0000000000000000 RCX: 00000000161d002b [ 2237.568655] RDX: 000002029291537e RSI: c1924910961d002b RDI: 0000000000000001 [ 2237.569221] RBP: 000000c000041d60 R08: 00000000000008bd R09: 00007ffd91bf1080 [ 2237.569792] R10: 00007ffd91bf1090 R11: 0000000000409a64 R12: 0000000000000003 [ 2237.570359] R13: 000000c000000900 R14: 000000c000a346c0 R15: ffffffffffffffff [ 2237.570974] Mem-Info: [ 2237.571189] active_anon:787 inactive_anon:68377 isolated_anon:0 [ 2237.571189] active_file:12 inactive_file:27 isolated_file:0 [ 2237.571189] unevictable:0 dirty:0 writeback:0 [ 2237.571189] slab_reclaimable:9594 slab_unreclaimable:252747 [ 2237.571189] mapped:69676 shmem:116 pagetables:3123 bounce:0 [ 2237.571189] free:3053 free_pcp:6 free_cma:0 [ 2237.573655] Node 0 active_anon:3148kB inactive_anon:273508kB active_file:48kB inactive_file:108kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278704kB dirty:0kB writeback:0kB shmem:464kB writeback_tmp:0kB kernel_stack:5792kB all_unreclaimable? no [ 2237.575478] Node 0 DMA free:6480kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2237.577531] lowmem_reserve[]: 0 1616 1616 1616 [ 2237.577941] Node 0 DMA32 free:5732kB min:5116kB low:6768kB high:8420kB reserved_highatomic:2048KB active_anon:3148kB inactive_anon:273844kB active_file:4kB inactive_file:28kB unevictable:0kB writepending:0kB present:2080640kB managed:1660476kB mlocked:0kB pagetables:12492kB bounce:0kB free_pcp:92kB local_pcp:0kB free_cma:0kB [ 2237.580197] lowmem_reserve[]: 0 0 0 0 [ 2237.580521] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6480kB [ 2237.581624] Node 0 DMA32: 1263*4kB (UME) 80*8kB (MEH) 19*16kB (M) 6*32kB (MH) 1*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6252kB [ 2237.582778] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2237.583453] 162 total pagecache pages [ 2237.583783] 0 pages in swap cache [ 2237.584059] Swap cache stats: add 0, delete 0, find 0/0 [ 2237.584476] Free swap = 0kB [ 2237.584732] Total swap = 0kB [ 2237.584973] 524158 pages RAM [ 2237.585216] 0 pages HighMem/MovableOnly [ 2237.585530] 105062 pages reserved [ 2237.585831] Unreclaimable slab info: [ 2237.586128] Name Used Total [ 2237.586565] pid_3 3KB 3KB [ 2237.587012] pid_2 100KB 168KB [ 2237.587438] IEEE-802.15.4-MAC 31KB 31KB [ 2237.587881] fib6_nodes 28KB 28KB [ 2237.588304] ip6_dst_cache 45KB 45KB [ 2237.588740] PINGv6 31KB 31KB [ 2237.589162] RAWv6 220KB 220KB [ 2237.589597] UDPLITEv6 62KB 62KB [ 2237.590019] UDPv6 248KB 248KB [ 2237.590438] TCPv6 62KB 62KB [ 2237.590886] scsi_sense_cache 8KB 8KB [ 2237.591320] sd_ext_cdb 3KB 3KB [ 2237.591757] virtio_scsi_cmd 16KB 16KB [ 2237.592186] sgpool-128 127KB 178KB [ 2237.592623] sgpool-64 63KB 63KB [ 2237.593044] sgpool-32 78KB 78KB [ 2237.593466] sgpool-16 120KB 150KB [ 2237.593903] sgpool-8 63KB 63KB [ 2237.594327] io_kiocb 50KB 67KB [ 2237.594766] mqueue_inode_cache 62KB 62KB [ 2237.595204] nfs_commit_data 15KB 15KB [ 2237.595637] nfs_write_data 47KB 47KB [ 2237.596062] jbd2_inode 7KB 7KB [ 2237.596484] ext4_system_zone 7KB 7KB [ 2237.596926] ext4_io_end_vec 7KB 7KB [ 2237.597353] ext4_bio_post_read_ctx 15KB 15KB [ 2237.597818] kioctx 15KB 15KB [ 2237.598236] aio_kiocb 3KB 3KB [ 2237.598669] dio 46KB 46KB [ 2237.599094] bio-2 4KB 4KB [ 2237.599511] fasync_cache 7KB 7KB [ 2237.599944] pid_namespace 7KB 7KB [ 2237.600363] posix_timers_cache 15KB 15KB [ 2237.600800] rpc_buffers 31KB 31KB [ 2237.601223] rpc_tasks 3KB 3KB [ 2237.601660] UNIX 324KB 352KB [ 2237.602080] ip4-frags 15KB 15KB [ 2237.602496] UDP-Lite 63KB 63KB [ 2237.602925] tcp_bind_bucket 8KB 8KB [ 2237.603345] inet_peer_cache 4KB 4KB [ 2237.603773] xfrm_state 32KB 32KB [ 2237.604192] ip_fib_trie 8KB 8KB [ 2237.604629] ip_fib_alias 15KB 15KB [ 2237.605050] ip_dst_cache 20KB 20KB [ 2237.605467] RAW 93KB 93KB [ 2237.605900] UDP 315KB 315KB [ 2237.606323] tw_sock_TCP 7KB 7KB [ 2237.606755] request_sock_TCP 7KB 7KB [ 2237.607183] TCP 60KB 60KB [ 2237.607619] hugetlbfs_inode_cache 30KB 30KB [ 2237.608067] bio-1 11KB 11KB [ 2237.608482] eventpoll_pwq 23KB 23KB [ 2237.608919] eventpoll_epi 35KB 35KB [ 2237.609341] inotify_inode_mark 39KB 39KB [ 2237.609783] request_queue 60KB 60KB [ 2237.610200] blkdev_ioc 26KB 26KB [ 2237.610631] bio-0 164KB 164KB [ 2237.611056] biovec-max 1338KB 1338KB [ 2237.611479] biovec-64 141KB 189KB [ 2237.611915] biovec-16 75KB 90KB [ 2237.612335] user_namespace 31KB 31KB [ 2237.612769] uid_cache 8KB 8KB [ 2237.613191] dmaengine-unmap-2 4KB 4KB [ 2237.613625] audit_buffer 11KB 11KB [ 2237.614043] skbuff_fclone_cache 112KB 112KB [ 2237.614475] skbuff_head_cache 1353KB 1353KB [ 2237.614907] file_lock_cache 70KB 70KB [ 2237.615330] file_lock_ctx 7KB 7KB [ 2237.615768] fsnotify_mark_connector 20KB 20KB [ 2237.616228] net_namespace 115KB 115KB [ 2237.616666] task_delay_info 155KB 212KB [ 2237.617084] taskstats 61KB 61KB [ 2237.617499] proc_dir_entry 364KB 367KB [ 2237.617933] pde_opener 27KB 27KB [ 2237.618351] seq_file 56KB 56KB [ 2237.618784] sigqueue 86KB 86KB [ 2237.619207] shmem_inode_cache 1215KB 1320KB [ 2237.619645] kernfs_iattrs_cache 250KB 250KB [ 2237.620080] kernfs_node_cache 5448KB 5469KB [ 2237.620494] mnt_cache 228KB 228KB [ 2237.620962] filp 623KB 1372KB [ 2237.621385] names_cache 807KB 1071KB [ 2237.621820] hashtab_node 274KB 274KB [ 2237.622244] ebitmap_node 1149KB 1149KB [ 2237.622675] avtab_node 4976KB 4976KB [ 2237.623100] avc_node 31KB 31KB [ 2237.623527] lsm_inode_cache 3200KB 3265KB [ 2237.623962] lsm_file_cache 131KB 164KB [ 2237.624378] key_jar 31KB 31KB [ 2237.624815] uts_namespace 15KB 15KB [ 2237.625235] nsproxy 11KB 11KB [ 2237.625702] vm_area_struct 1394KB 1616KB [ 2237.626133] fs_cache 53KB 60KB [ 2237.626551] files_cache 227KB 270KB [ 2237.626997] signal_cache 380KB 463KB [ 2237.627422] sighand_cache 450KB 481KB [ 2237.627865] task_struct 1384KB 2362KB [ 2237.628292] cred_jar 98KB 168KB [ 2237.628730] anon_vma_chain 412KB 472KB [ 2237.629155] anon_vma 448KB 482KB [ 2237.630522] pid 73KB 97KB [ 2237.631060] Acpi-Operand 148KB 182KB [ 2237.631486] Acpi-ParseExt 31KB 31KB [ 2237.631921] Acpi-Parse 35KB 51KB [ 2237.632343] Acpi-State 106KB 122KB [ 2237.632782] Acpi-Namespace 24KB 24KB [ 2237.633203] numa_policy 7KB 7KB [ 2237.633633] trace_event_file 176KB 176KB [ 2237.634054] ftrace_event_field 280KB 280KB [ 2237.634481] pool_workqueue 32KB 32KB [ 2237.634916] task_group 16KB 16KB [ 2237.635342] mm_struct 355KB 441KB [ 2237.635780] vmap_area 114KB 114KB [ 2237.636204] page->ptl 364KB 409KB [ 2237.636640] kmemleak_scan_area 59KB 59KB [ 2237.637063] kmemleak_object 780402KB 780402KB [ 2237.637494] kmalloc-8k 4672KB 4832KB [ 2237.637948] kmalloc-4k 5744KB 7232KB [ 2237.638379] kmalloc-2k 4380KB 5280KB [ 2237.638831] kmalloc-1k 2158KB 3424KB [ 2237.639256] kmalloc-512 29016KB 29016KB [ 2237.639702] kmalloc-256 1250KB 1360KB [ 2237.640126] kmalloc-192 728KB 744KB [ 2237.640565] kmalloc-128 539KB 640KB [ 2237.641014] kmalloc-96 546KB 728KB [ 2237.641460] kmalloc-64 1286KB 1560KB [ 2237.641897] kmalloc-32 92768KB 92768KB [ 2237.642314] kmalloc-16 364KB 364KB [ 2237.642749] kmalloc-8 342KB 342KB [ 2237.643171] kmem_cache_node 43KB 43KB [ 2237.643603] kmem_cache 71KB 71KB [ 2237.644028] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=syz-fuzzer,pid=256,uid=0 [ 2237.645744] Out of memory (oom_kill_allocating_task): Killed process 254 (syz-fuzzer) total-vm:1241236kB, anon-rss:238204kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:980kB oom_score_adj:0 [ 2237.722236] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-250 [ 2237.723911] CPU: 0 PID: 102 Comm: systemd-journal Not tainted 5.10.218 #1 [ 2237.724916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2237.726122] Call Trace: [ 2237.726519] dump_stack+0x107/0x167 [ 2237.727072] dump_header+0x106/0x655 [ 2237.727630] oom_kill_process.cold+0x10/0x15 [ 2237.728277] out_of_memory+0x1149/0x1440 [ 2237.728885] ? oom_killer_disable+0x280/0x280 [ 2237.729552] ? mutex_trylock+0x237/0x2b0 [ 2237.730156] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2237.731012] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2237.731887] ? lock_acquire+0xf7/0x470 [ 2237.732475] ? warn_alloc+0x190/0x190 [ 2237.733068] __alloc_pages_nodemask+0x51d/0x600 [ 2237.733760] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2237.734643] ? find_get_entry+0x2c8/0x740 [ 2237.735283] alloc_pages_current+0x187/0x280 [ 2237.735934] __page_cache_alloc+0x2d2/0x360 [ 2237.736579] pagecache_get_page+0x2c7/0xc80 [ 2237.737222] filemap_fault+0x177d/0x2210 [ 2237.737816] ? read_cache_page_gfp+0x30/0x30 [ 2237.738469] ? replace_page_cache_page+0x1200/0x1200 [ 2237.739217] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2237.739999] ext4_filemap_fault+0x87/0xc0 [ 2237.740590] __do_fault+0x113/0x410 [ 2237.741134] handle_mm_fault+0x1e53/0x3500 [ 2237.741769] ? find_held_lock+0x2c/0x110 [ 2237.742354] ? __pmd_alloc+0x5e0/0x5e0 [ 2237.742941] ? vmacache_find+0x55/0x2a0 [ 2237.743548] do_user_addr_fault+0x56e/0xc60 [ 2237.744197] exc_page_fault+0xa2/0x1a0 [ 2237.744776] ? asm_exc_page_fault+0x8/0x30 [ 2237.745401] asm_exc_page_fault+0x1e/0x30 [ 2237.746003] RIP: 0033:0x7fb5643f9d80 [ 2237.746555] Code: Unable to access opcode bytes at RIP 0x7fb5643f9d56. [ 2237.747528] RSP: 002b:00007ffe3ebb2db8 EFLAGS: 00010206 [ 2237.748312] RAX: 0000000000000001 RBX: 00007ffe3ebb56e0 RCX: 00007ffe3ebb57a0 [ 2237.749326] RDX: 0000000000002000 RSI: 00007ffe3ebb3670 RDI: 0000000000000009 [ 2237.750365] RBP: 00007ffe3ebb57a0 R08: 0000000000000000 R09: 00007ffe3ebc5080 [ 2237.751415] R10: 00007ffe3ebc50f0 R11: 00000000004099c2 R12: 0000000000000000 [ 2237.752458] R13: 00007ffe3ebb3670 R14: 0000000000000100 R15: 0000000000000000 [ 2237.754050] Mem-Info: [ 2237.754446] active_anon:787 inactive_anon:68377 isolated_anon:0 [ 2237.754446] active_file:9 inactive_file:6 isolated_file:0 [ 2237.754446] unevictable:0 dirty:0 writeback:0 [ 2237.754446] slab_reclaimable:9594 slab_unreclaimable:252792 [ 2237.754446] mapped:69655 shmem:116 pagetables:3123 bounce:0 [ 2237.754446] free:3183 free_pcp:127 free_cma:0 [ 2237.759068] Node 0 active_anon:3148kB inactive_anon:273508kB active_file:36kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278620kB dirty:0kB writeback:0kB shmem:464kB writeback_tmp:0kB kernel_stack:5568kB all_unreclaimable? yes [ 2237.762441] Node 0 DMA free:6480kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2237.766354] lowmem_reserve[]: 0 1616 1616 1616 [ 2237.767152] Node 0 DMA32 free:6252kB min:5116kB low:6768kB high:8420kB reserved_highatomic:2048KB active_anon:3148kB inactive_anon:273844kB active_file:4kB inactive_file:28kB unevictable:0kB writepending:0kB present:2080640kB managed:1660476kB mlocked:0kB pagetables:12492kB bounce:0kB free_pcp:576kB local_pcp:248kB free_cma:0kB [ 2237.771229] lowmem_reserve[]: 0 0 0 0 [ 2237.771908] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6480kB [ 2237.773887] Node 0 DMA32: 1163*4kB (UME) 83*8kB (UMEH) 17*16kB (M) 16*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6100kB [ 2237.776011] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2237.777239] 141 total pagecache pages [ 2237.777829] 0 pages in swap cache [ 2237.778317] Swap cache stats: add 0, delete 0, find 0/0 [ 2237.779131] Free swap = 0kB [ 2237.779563] Total swap = 0kB [ 2237.780044] 524158 pages RAM [ 2237.780468] 0 pages HighMem/MovableOnly [ 2237.781101] 105062 pages reserved [ 2237.781618] Unreclaimable slab info: [ 2237.782164] Name Used Total [ 2237.782963] pid_3 3KB 3KB [ 2237.783791] pid_2 100KB 168KB [ 2237.784541] IEEE-802.15.4-MAC 31KB 31KB [ 2237.785352] fib6_nodes 28KB 28KB [ 2237.786132] ip6_dst_cache 45KB 45KB [ 2237.786943] PINGv6 31KB 31KB [ 2237.787733] RAWv6 220KB 220KB [ 2237.788515] UDPLITEv6 62KB 62KB [ 2237.789288] UDPv6 248KB 248KB [ 2237.790101] TCPv6 62KB 62KB [ 2237.790886] scsi_sense_cache 8KB 8KB [ 2237.791699] sd_ext_cdb 3KB 3KB [ 2237.792437] virtio_scsi_cmd 16KB 16KB [ 2237.793264] sgpool-128 127KB 178KB [ 2237.794039] sgpool-64 63KB 63KB [ 2237.794855] sgpool-32 78KB 78KB [ 2237.795644] sgpool-16 120KB 150KB [ 2237.796425] sgpool-8 63KB 63KB [ 2237.797198] io_kiocb 50KB 67KB [ 2237.798018] mqueue_inode_cache 62KB 62KB [ 2237.798812] nfs_commit_data 15KB 15KB [ 2237.799631] nfs_write_data 47KB 47KB [ 2237.800382] jbd2_inode 7KB 7KB [ 2237.801194] ext4_system_zone 7KB 7KB [ 2237.801979] ext4_io_end_vec 7KB 7KB [ 2237.802789] ext4_bio_post_read_ctx 15KB 15KB [ 2237.803635] kioctx 15KB 15KB [ 2237.804417] aio_kiocb 3KB 3KB [ 2237.805194] dio 46KB 46KB [ 2237.806006] bio-2 4KB 4KB [ 2237.806785] fasync_cache 7KB 7KB [ 2237.807612] pid_namespace 7KB 7KB [ 2237.808380] posix_timers_cache 15KB 15KB [ 2237.809207] rpc_buffers 31KB 31KB [ 2237.809988] rpc_tasks 3KB 3KB [ 2237.810804] UNIX 324KB 352KB [ 2237.811551] ip4-frags 15KB 15KB [ 2237.812356] UDP-Lite 63KB 63KB [ 2237.813154] tcp_bind_bucket 8KB 8KB [ 2237.813921] inet_peer_cache 4KB 4KB [ 2237.814724] xfrm_state 32KB 32KB [ 2237.815471] ip_fib_trie 8KB 8KB [ 2237.816271] ip_fib_alias 15KB 15KB [ 2237.817039] ip_dst_cache 20KB 20KB [ 2237.817843] RAW 93KB 93KB [ 2237.818614] UDP 315KB 315KB [ 2237.819393] tw_sock_TCP 7KB 7KB [ 2237.820199] request_sock_TCP 7KB 7KB [ 2237.821001] TCP 60KB 60KB [ 2237.821802] hugetlbfs_inode_cache 30KB 30KB [ 2237.822648] bio-1 11KB 11KB [ 2237.823425] eventpoll_pwq 23KB 23KB [ 2237.824224] eventpoll_epi 35KB 35KB [ 2237.825027] inotify_inode_mark 39KB 39KB [ 2237.825836] request_queue 60KB 60KB [ 2237.826569] blkdev_ioc 26KB 26KB [ 2237.827378] bio-0 164KB 164KB [ 2237.828146] biovec-max 1338KB 1338KB [ 2237.828951] biovec-64 141KB 189KB [ 2237.829717] biovec-16 75KB 90KB [ 2237.830493] user_namespace 31KB 31KB [ 2237.831262] uid_cache 8KB 8KB [ 2237.832068] dmaengine-unmap-2 4KB 4KB [ 2237.832833] audit_buffer 11KB 11KB [ 2237.833635] skbuff_fclone_cache 112KB 112KB [ 2237.834406] skbuff_head_cache 1372KB 1372KB [ 2237.835224] file_lock_cache 70KB 70KB [ 2237.836024] file_lock_ctx 7KB 7KB [ 2237.836784] fsnotify_mark_connector 20KB 20KB [ 2237.837659] net_namespace 115KB 115KB [ 2237.838392] task_delay_info 155KB 212KB [ 2237.839205] taskstats 61KB 61KB [ 2237.839979] proc_dir_entry 364KB 367KB [ 2237.840783] pde_opener 27KB 27KB [ 2237.841520] seq_file 56KB 56KB [ 2237.842327] sigqueue 86KB 86KB [ 2237.843095] shmem_inode_cache 1215KB 1320KB [ 2237.843897] kernfs_iattrs_cache 250KB 250KB [ 2237.844681] kernfs_node_cache 5448KB 5469KB [ 2237.845450] mnt_cache 228KB 228KB [ 2237.846227] filp 623KB 1372KB [ 2237.847040] names_cache 807KB 1071KB [ 2237.847804] hashtab_node 274KB 274KB [ 2237.848579] ebitmap_node 1149KB 1149KB [ 2237.849343] avtab_node 4976KB 4976KB [ 2237.850148] avc_node 31KB 31KB [ 2237.850915] lsm_inode_cache 3200KB 3265KB [ 2237.851754] lsm_file_cache 131KB 164KB [ 2237.852484] key_jar 31KB 31KB [ 2237.853294] uts_namespace 15KB 15KB [ 2237.854056] nsproxy 11KB 11KB [ 2237.854866] vm_area_struct 1394KB 1616KB [ 2237.855642] fs_cache 53KB 60KB [ 2237.856416] files_cache 227KB 270KB [ 2237.857175] signal_cache 380KB 463KB [ 2237.857972] sighand_cache 450KB 481KB [ 2237.858729] task_struct 1384KB 2362KB [ 2237.859504] cred_jar 98KB 168KB [ 2237.860322] anon_vma_chain 412KB 472KB [ 2237.861143] anon_vma 448KB 482KB [ 2237.861919] pid 73KB 97KB [ 2237.862735] Acpi-Operand 148KB 182KB [ 2237.863484] Acpi-ParseExt 31KB 31KB [ 2237.864303] Acpi-Parse 35KB 51KB [ 2237.865088] Acpi-State 106KB 122KB [ 2237.865902] Acpi-Namespace 24KB 24KB [ 2237.866659] numa_policy 7KB 7KB [ 2237.867431] trace_event_file 176KB 176KB [ 2237.868184] ftrace_event_field 280KB 280KB [ 2237.869015] pool_workqueue 32KB 32KB [ 2237.869795] task_group 16KB 16KB [ 2237.870580] mm_struct 355KB 441KB [ 2237.871365] vmap_area 114KB 114KB [ 2237.872185] page->ptl 364KB 409KB [ 2237.873003] kmemleak_scan_area 59KB 59KB [ 2237.873838] kmemleak_object 780493KB 780493KB [ 2237.874681] kmalloc-8k 4672KB 4832KB [ 2237.875463] kmalloc-4k 5744KB 7232KB [ 2237.876230] kmalloc-2k 4380KB 5280KB [ 2237.877036] kmalloc-1k 2158KB 3424KB [ 2237.877793] kmalloc-512 29064KB 29064KB [ 2237.878560] kmalloc-256 1250KB 1360KB [ 2237.879324] kmalloc-192 728KB 744KB [ 2237.880121] kmalloc-128 539KB 640KB [ 2237.880879] kmalloc-96 546KB 728KB [ 2237.881677] kmalloc-64 1286KB 1560KB [ 2237.882407] kmalloc-32 92768KB 92768KB [ 2237.883211] kmalloc-16 364KB 364KB [ 2237.884007] kmalloc-8 342KB 342KB [ 2237.884799] kmem_cache_node 43KB 43KB [ 2237.885556] kmem_cache 71KB 71KB [ 2237.886347] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=102,uid=0 [ 2237.888980] Out of memory (oom_kill_allocating_task): Killed process 102 (systemd-journal) total-vm:48324kB, anon-rss:880kB, file-rss:0kB, shmem-rss:4kB, UID:0 pgtables:120kB oom_score_adj:-250 [ 2238.000073] systemd[1]: ssh.service: A process of this unit has been killed by the OOM killer. [ 2238.001653] systemd[1]: rsyslog.service: A process of this unit has been killed by the OOM killer. [ 2238.009705] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL [ 2238.017702] systemd[1]: systemd-journald.service: Failed with result 'oom-kill'. [ 2238.057934] systemd[1]: systemd-journald.service: Consumed 10.341s CPU time. [ 2238.077442] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL [ 2238.095812] systemd[1]: rsyslog.service: Failed with result 'oom-kill'. [ 2238.166931] systemd[1]: rsyslog.service: Consumed 2.419s CPU time. [ 2238.169473] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. [ 2238.256082] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 2238.343838] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 2238.355396] systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 1. [ 2238.368703] systemd[1]: Stopped System Logging Service. [ 2238.369441] systemd[1]: rsyslog.service: Consumed 2.419s CPU time. [ 2238.404204] systemd[1]: Starting System Logging Service... [ 2238.430426] systemd[1]: ssh.service: Failed with result 'oom-kill'. [ 2238.431508] systemd[1]: ssh.service: Unit process 248 (sshd) remains running after unit stopped. [ 2238.440327] systemd[1]: ssh.service: Consumed 31min 41.679s CPU time. [ 2238.575723] systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1. [ 2238.578948] systemd[1]: Stopped OpenBSD Secure Shell server. [ 2238.579895] systemd[1]: ssh.service: Consumed 31min 41.693s CPU time. [ 2238.581804] systemd[1]: ssh.service: Found left-over process 248 (sshd) in control group while starting unit. Ignoring. [ 2238.594224] systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [ 2238.613652] systemd[1]: Starting OpenBSD Secure Shell server... [ 2238.761311] oom_reaper: reaped process 44737 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2239.006056] systemd[1]: Started System Logging Service. [ 2239.021463] systemd[1]: systemd-journal-flush.service: Succeeded. [ 2239.028266] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 2239.047814] systemd[1]: Started Load/Save RF Kill Switch Status. [ 2239.049787] systemd[1]: ssh.service: Found left-over process 248 (sshd) in control group while starting unit. Ignoring. [ 2239.050680] systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [ 2239.081157] systemd[1]: Stopped Journal Service. [ 2239.081885] systemd[1]: systemd-journald.service: Consumed 10.341s CPU time. [ 2239.151320] systemd[1]: Starting Journal Service... [ 2239.332276] systemd[1]: Started OpenBSD Secure Shell server. [ 2239.392339] systemd-journald[44874]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 2239.625972] systemd[1]: Started Journal Service. [ 2239.703059] systemd-journald[44874]: Received client request to flush runtime journal. VM DIAGNOSIS: 20:00:04 Registers: info registers vcpu 0 RAX=ffffffff816c7219 RBX=ffffffff81300840 RCX=ffffffff85a10d01 RDX=1ffff1100a56beab RSI=ffffffff816c7219 RDI=ffff888052b5f5c8 RBP=ffff888052b5f598 RSP=ffff888052b5f508 R8 =0000000000000005 R9 =ffff888052b5f848 R10=0000000000032042 R11=1ffff1100a56be8f R12=ffff888052b5f5c8 R13=0000000000000000 R14=ffff88800efb8000 R15=0000000000000170 RIP=ffffffff81300840 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb2101a3700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbf70025728 CR3=000000004dfe2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=2033303a30303a3032203131206e754a XMM01=5d3736383834312e37333232205b203a XMM02=6f4e20676f6c6b6d693a6e69203a6d6d XMM03=5043205d3736383834312e3733323220 XMM04=202c303d726564726f202c29454c4241 XMM05=2861636330303178303d6b73616d5f70 XMM06=656b6f766e6920676f6c6b6d693a6e69 XMM07=3a6c656e72656b2072656c6c616b7a79 XMM08=3032333a7063705f6c61636f6c20426b XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000007 RCX=ffff888009257620 RDX=0000000000000002 RSI=ffffffff8509cce0 RDI=ffff888009231a40 RBP=1ffff1100124aebc RSP=ffff8880092575c8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffffff8509cce0 R13=0000000000000002 R14=ffff888009232380 R15=ffff888009231a40 RIP=ffffffff81260360 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fdf1cfcae70 CR3=000000001e290000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000000000000000000055fc42bf8060 XMM02=ff000000000000ff0000000000ff0000 XMM03=66207463656e6e6f6373696420646576 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0d0c0f0e09080b0a0504070601000302 XMM07=00000000000000000000000000000000 XMM08=000a0d732a2e25006c61746166003367 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000