0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x8, 0x36b, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {0x0, 0x0, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:22 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x0, 0x8, 0x36b, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

[  446.930825] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  446.930825]    program syz-executor.0 not setting count and/or reply_len properly
13:43:22 executing program 5:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:43:22 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  446.974410] loop6: detected capacity change from 0 to 64
[  446.981281] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  446.984273] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  446.985007] FAT-fs (loop6): Filesystem has been set read-only
13:43:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500), 0x0, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  447.028008] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  447.028008]    program syz-executor.2 not setting count and/or reply_len properly
13:43:22 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

[  447.065037] loop6: detected capacity change from 0 to 64
[  447.070075] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  447.073171] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  447.073823] FAT-fs (loop6): Filesystem has been set read-only
13:43:31 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:43:31 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x36b, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:31 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x100000, 0x103)

13:43:31 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240))
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}, {{&(0x7f00000012c0)=@qipcrtr, 0x80, &(0x7f0000002800)=[{&(0x7f0000001340)=""/100, 0x64}, {&(0x7f0000005280)=""/170, 0xaa}, {&(0x7f0000001480)=""/4082, 0xff2}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/247, 0xf7}, {&(0x7f0000002640)=""/149, 0x95}, {&(0x7f0000002700)=""/178, 0xb2}, {&(0x7f00000027c0)}], 0x9, &(0x7f00000028c0)=""/97, 0x61}, 0x13c}, {{&(0x7f0000002940)=@caif=@dbg, 0x80, &(0x7f0000003d00)=[{&(0x7f00000029c0)=""/183, 0xb7}, {&(0x7f0000002a80)=""/64, 0x40}, {&(0x7f0000002ac0)=""/168, 0xa8}, {&(0x7f0000002b80)=""/108, 0x6c}, {&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/255, 0xff}], 0x6, &(0x7f0000003d80)=""/185, 0xb9}, 0x5}, {{&(0x7f0000003e40)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000005000)=[{&(0x7f0000003ec0)=""/68, 0x44}, {&(0x7f00000013c0)=""/49, 0x31}, {&(0x7f0000003f80)=""/76, 0x4c}, {&(0x7f0000004000)=""/4096, 0x1000}], 0x4, &(0x7f0000005040)=""/233, 0xe9}, 0x1ff}], 0x5, 0x0, 0x0)

13:43:31 executing program 1:
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
pidfd_open(0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000002c0))
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000016d7fb4ca540446e9e3afc5ae1325600010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000d5f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000000040)=ANY=[])

13:43:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:43:31 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x0, 0x8, 0x36b, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500), 0x0, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  456.415864] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  456.415864]    program syz-executor.2 not setting count and/or reply_len properly
[  456.428121] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  456.428121]    program syz-executor.0 not setting count and/or reply_len properly
[  456.449597] loop6: detected capacity change from 0 to 64
[  456.455749] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  456.458134] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  456.458798] FAT-fs (loop6): Filesystem has been set read-only
13:43:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500), 0x0, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:31 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:43:31 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:31 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x0, 0x36b, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

[  456.531653] loop6: detected capacity change from 0 to 64
[  456.536043] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:43:31 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x200000, 0x103)

[  456.539685] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  456.540549] FAT-fs (loop6): Filesystem has been set read-only
13:43:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0f", 0x8, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:43:31 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, 0x0)

13:43:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0f", 0x8, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  456.668240] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  456.668240]    program syz-executor.2 not setting count and/or reply_len properly
[  456.689635] loop6: detected capacity change from 0 to 64
[  456.696850] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  456.699287] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  456.699971] FAT-fs (loop6): Filesystem has been set read-only
13:43:42 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240))
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}, {{&(0x7f00000012c0)=@qipcrtr, 0x80, &(0x7f0000002800)=[{&(0x7f0000001340)=""/100, 0x64}, {&(0x7f0000005280)=""/170, 0xaa}, {&(0x7f0000001480)=""/4082, 0xff2}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/247, 0xf7}, {&(0x7f0000002640)=""/149, 0x95}, {&(0x7f0000002700)=""/178, 0xb2}, {&(0x7f00000027c0)}], 0x9, &(0x7f00000028c0)=""/97, 0x61}, 0x13c}, {{&(0x7f0000002940)=@caif=@dbg, 0x80, &(0x7f0000003d00)=[{&(0x7f00000029c0)=""/183, 0xb7}, {&(0x7f0000002a80)=""/64, 0x40}, {&(0x7f0000002ac0)=""/168, 0xa8}, {&(0x7f0000002b80)=""/108, 0x6c}, {&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/255, 0xff}], 0x6, &(0x7f0000003d80)=""/185, 0xb9}, 0x5}, {{&(0x7f0000003e40)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000005000)=[{&(0x7f0000003ec0)=""/68, 0x44}, {&(0x7f00000013c0)=""/49, 0x31}, {&(0x7f0000003f80)=""/76, 0x4c}, {&(0x7f0000004000)=""/4096, 0x1000}], 0x4, &(0x7f0000005040)=""/233, 0xe9}, 0x1ff}], 0x5, 0x0, 0x0)

13:43:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, 0x0)

13:43:42 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:43:42 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x400000, 0x103)

13:43:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:42 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0f", 0x8, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:43:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x0, 0x36b, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

[  467.258135] loop6: detected capacity change from 0 to 64
[  467.260876] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  467.260876]    program syz-executor.2 not setting count and/or reply_len properly
[  467.273967] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  467.278758] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  467.280025] FAT-fs (loop6): Filesystem has been set read-only
13:43:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, 0x0)

13:43:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:52 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}, {{&(0x7f00000012c0)=@qipcrtr, 0x80, &(0x7f0000002800)=[{&(0x7f0000001340)=""/100, 0x64}, {&(0x7f0000005280)=""/170, 0xaa}, {&(0x7f0000001480)=""/4082, 0xff2}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/247, 0xf7}, {&(0x7f0000002640)=""/149, 0x95}, {&(0x7f0000002700)=""/178, 0xb2}, {&(0x7f00000027c0)}], 0x9, &(0x7f00000028c0)=""/97, 0x61}, 0x13c}, {{&(0x7f0000002940)=@caif=@dbg, 0x80, &(0x7f0000003d00)=[{&(0x7f00000029c0)=""/183, 0xb7}, {&(0x7f0000002a80)=""/64, 0x40}, {&(0x7f0000002ac0)=""/168, 0xa8}, {&(0x7f0000002b80)=""/108, 0x6c}, {&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/255, 0xff}], 0x6, &(0x7f0000003d80)=""/185, 0xb9}, 0x5}, {{&(0x7f0000003e40)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000005000)=[{&(0x7f0000003ec0)=""/68, 0x44}, {&(0x7f00000013c0)=""/49, 0x31}, {&(0x7f0000003f80)=""/76, 0x4c}, {&(0x7f0000004000)=""/4096, 0x1000}], 0x4, &(0x7f0000005040)=""/233, 0xe9}, 0x1ff}], 0x5, 0x0, 0x0)

13:43:52 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:52 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x0, 0x36b, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:52 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, 0x0)

13:43:52 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x600000, 0x103)

13:43:52 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:52 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:43:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x0, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  477.307557] loop6: detected capacity change from 0 to 64
[  477.313283] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  477.314065] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  477.314065]    program syz-executor.2 not setting count and/or reply_len properly
13:43:52 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0f", 0x8, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:52 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x0, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

[  477.410939] loop6: detected capacity change from 0 to 64
13:43:52 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, 0x0)

13:43:52 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

[  477.426156] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:43:52 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

[  477.430142] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  477.430955] FAT-fs (loop6): Filesystem has been set read-only
13:43:52 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}, {{&(0x7f00000012c0)=@qipcrtr, 0x80, &(0x7f0000002800)=[{&(0x7f0000001340)=""/100, 0x64}, {&(0x7f0000005280)=""/170, 0xaa}, {&(0x7f0000001480)=""/4082, 0xff2}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/247, 0xf7}, {&(0x7f0000002640)=""/149, 0x95}, {&(0x7f0000002700)=""/178, 0xb2}, {&(0x7f00000027c0)}], 0x9, &(0x7f00000028c0)=""/97, 0x61}, 0x13c}, {{&(0x7f0000002940)=@caif=@dbg, 0x80, &(0x7f0000003d00)=[{&(0x7f00000029c0)=""/183, 0xb7}, {&(0x7f0000002a80)=""/64, 0x40}, {&(0x7f0000002ac0)=""/168, 0xa8}, {&(0x7f0000002b80)=""/108, 0x6c}, {&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/255, 0xff}], 0x6, &(0x7f0000003d80)=""/185, 0xb9}, 0x5}, {{&(0x7f0000003e40)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000005000)=[{&(0x7f0000003ec0)=""/68, 0x44}, {&(0x7f00000013c0)=""/49, 0x31}, {&(0x7f0000003f80)=""/76, 0x4c}, {&(0x7f0000004000)=""/4096, 0x1000}], 0x4, &(0x7f0000005040)=""/233, 0xe9}, 0x1ff}], 0x5, 0x0, 0x0)

13:43:52 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0f", 0x8, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:52 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:43:52 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x80ffff, 0x103)

13:43:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x0, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  477.536042] loop6: detected capacity change from 0 to 64
[  477.544590] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  477.547550] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  477.548203] FAT-fs (loop6): Filesystem has been set read-only
13:43:52 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}, {{&(0x7f00000012c0)=@qipcrtr, 0x80, &(0x7f0000002800)=[{&(0x7f0000001340)=""/100, 0x64}, {&(0x7f0000005280)=""/170, 0xaa}, {&(0x7f0000001480)=""/4082, 0xff2}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/247, 0xf7}, {&(0x7f0000002640)=""/149, 0x95}, {&(0x7f0000002700)=""/178, 0xb2}, {&(0x7f00000027c0)}], 0x9, &(0x7f00000028c0)=""/97, 0x61}, 0x13c}, {{&(0x7f0000002940)=@caif=@dbg, 0x80, &(0x7f0000003d00)=[{&(0x7f00000029c0)=""/183, 0xb7}, {&(0x7f0000002a80)=""/64, 0x40}, {&(0x7f0000002ac0)=""/168, 0xa8}, {&(0x7f0000002b80)=""/108, 0x6c}, {&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/255, 0xff}], 0x6, &(0x7f0000003d80)=""/185, 0xb9}, 0x5}, {{&(0x7f0000003e40)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000005000)=[{&(0x7f0000003ec0)=""/68, 0x44}, {&(0x7f00000013c0)=""/49, 0x31}, {&(0x7f0000003f80)=""/76, 0x4c}, {&(0x7f0000004000)=""/4096, 0x1000}], 0x4, &(0x7f0000005040)=""/233, 0xe9}, 0x1ff}], 0x5, 0x0, 0x0)

13:43:52 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0f", 0x8, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:43:52 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x0, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:43:52 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x0, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  477.649827] loop6: detected capacity change from 0 to 64
[  477.703103] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  477.718451] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1)
[  477.720328] FAT-fs (loop6): Filesystem has been set read-only
13:44:01 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xc0ffff, 0x103)

13:44:01 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x720)

13:44:01 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ff", 0xa, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:01 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x0, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:01 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

13:44:01 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x0, 0x2c4, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:01 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x0, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:01 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:44:01 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

[  486.629857] loop6: detected capacity change from 0 to 64
[  486.646451] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  486.656912] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000fff8)
[  486.658018] FAT-fs (loop6): Filesystem has been set read-only
13:44:10 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x620)

13:44:10 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ff", 0xa, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:10 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:44:10 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), 0x0, 0x0)

13:44:10 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

13:44:10 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:10 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x1000000, 0x103)

13:44:10 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0x0, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  495.696010] loop6: detected capacity change from 0 to 64
[  495.701762] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  495.708882] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000fff8)
[  495.709838] FAT-fs (loop6): Filesystem has been set read-only
13:44:10 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

[  495.744804] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  495.744804]    program syz-executor.2 not setting count and/or reply_len properly
13:44:10 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ff", 0xa, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:10 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0x0, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:10 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x520)

[  495.842069] loop6: detected capacity change from 0 to 64
[  495.854346] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  495.858548] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000fff8)
[  495.859139] FAT-fs (loop6): Filesystem has been set read-only
13:44:10 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x103)

13:44:10 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff", 0xb, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:10 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x0, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:10 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x0, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:11 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000003c0), 0x0, 0x0)

13:44:11 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}, {{&(0x7f00000012c0)=@qipcrtr, 0x80, &(0x7f0000002800)=[{&(0x7f0000001340)=""/100, 0x64}, {&(0x7f0000005280)=""/170, 0xaa}, {&(0x7f0000001480)=""/4082, 0xff2}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/247, 0xf7}, {&(0x7f0000002640)=""/149, 0x95}, {&(0x7f0000002700)=""/178, 0xb2}, {&(0x7f00000027c0)}], 0x9, &(0x7f00000028c0)=""/97, 0x61}, 0x13c}, {{&(0x7f0000002940)=@caif=@dbg, 0x80, &(0x7f0000003d00)=[{&(0x7f00000029c0)=""/183, 0xb7}, {&(0x7f0000002a80)=""/64, 0x40}, {&(0x7f0000002ac0)=""/168, 0xa8}, {&(0x7f0000002b80)=""/108, 0x6c}, {&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/255, 0xff}], 0x6, &(0x7f0000003d80)=""/185, 0xb9}, 0x5}], 0x4, 0x0, 0x0)

13:44:11 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0x0, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  495.975773] loop6: detected capacity change from 0 to 64
[  495.995596] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  495.995596]    program syz-executor.2 not setting count and/or reply_len properly
13:44:11 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}, {{&(0x7f00000012c0)=@qipcrtr, 0x80, &(0x7f0000002800)=[{&(0x7f0000001340)=""/100, 0x64}, {&(0x7f0000005280)=""/170, 0xaa}, {&(0x7f0000001480)=""/4082, 0xff2}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/94, 0x5e}, {&(0x7f0000002540)=""/247, 0xf7}, {&(0x7f0000002640)=""/149, 0x95}, {&(0x7f0000002700)=""/178, 0xb2}, {&(0x7f00000027c0)}], 0x9, &(0x7f00000028c0)=""/97, 0x61}, 0x13c}], 0x3, 0x0, 0x0)

13:44:11 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00', '\x00', '\x00', '\x00']}, 0x420)

[  496.036988] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:44:11 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r1 = dup2(r0, 0xffffffffffffffff)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  496.046336] FAT-fs (loop6): error, invalid access to FAT (entry 0x00fffff8)
[  496.047421] FAT-fs (loop6): Filesystem has been set read-only
13:44:11 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x0, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:11 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:11 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x8cffffff, 0x103)

13:44:11 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@caif=@util, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000140)=""/226, 0xe2}], 0x3, &(0x7f00000002c0)=""/4096, 0x1000}, 0x429}], 0x2, 0x0, 0x0)

13:44:11 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000003c0), 0x0, 0x0)

[  496.142114] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  496.142114]    program syz-executor.2 not setting count and/or reply_len properly
13:44:20 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000003c0), 0x0, 0x0)

13:44:20 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xf6ffffff, 0x103)

13:44:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff", 0xb, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:20 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:44:20 executing program 1:
prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0)
r0 = syz_mount_image$ext4(&(0x7f0000000300)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000000)="200000004000000003000000320000000f000000000000000300000002000000008000000080000020000000e1f4655fe1f4655f0100ffff53ef", 0x58, 0x400}], 0x0, &(0x7f0000013800))
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x20, 0x0)
setxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000340)=@random={'security.', ')\xff\x00'}, &(0x7f0000000380)='[-\x00', 0x3, 0x1)
rmdir(&(0x7f00000001c0)='./file0\x00')
faccessat2(r0, &(0x7f0000000240)='./file0\x00', 0x0, 0x1200)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x10000008)
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="62b009e2eb2a6594917aca71bbe0e04c15e67874320092ff08761673d502e8e3ae91fd251cfbd2364e5e8b2fe18ae6e399f2fd1a6766ed658595700d6c6a5c68bdfe84c1535ad90539dea20d6b61b0bf32e9c6c60472ad1eaf416eb8d5dc295967a5cb0f354b24380494d2f4a23bd70af7638b0d69"], &(0x7f00000000c0)='[-\x00', 0x3, 0x0)

13:44:20 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x0, 0x137, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:20 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00', '\x00', '\x00']}, 0x320)

13:44:20 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  505.028237] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  505.028237]    program syz-executor.2 not setting count and/or reply_len properly
13:44:20 executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000001740)={0x1, &(0x7f0000001700)=[{}]}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
getsockopt$packet_int(r1, 0x107, 0xe, &(0x7f0000000000), &(0x7f0000000040)=0x4)

[  505.061741] loop6: detected capacity change from 0 to 64
[  505.079181] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  505.090687] FAT-fs (loop6): error, invalid access to FAT (entry 0x00fffff8)
[  505.092307] FAT-fs (loop6): Filesystem has been set read-only
13:44:20 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:20 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2, 0x0, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:20 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xffff8000, 0x103)

13:44:20 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00', '\x00']}, 0x220)

13:44:20 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140), 0x0, 0x0, 0x0)

13:44:20 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)

[  505.183343] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  505.183343]    program syz-executor.2 not setting count and/or reply_len properly
13:44:20 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "c02c32", 0x53})

13:44:29 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:44:29 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff", 0xb, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:29 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140), 0x0, 0x0, 0x0)

13:44:29 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:29 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2, 0x0, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:29 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0)={0x0, <r2=>0x0})
pidfd_getfd(r1, r1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
clone3(&(0x7f0000000240)={0x80910300, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1f}, &(0x7f00000000c0)=""/161, 0xa1, &(0x7f0000000180)=""/6, &(0x7f0000000200)=[r2], 0x1, {r3}}, 0x58)

13:44:29 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xffffc000, 0x103)

13:44:29 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)

[  514.123777] loop6: detected capacity change from 0 to 64
[  514.142303] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  514.142303]    program syz-executor.2 not setting count and/or reply_len properly
[  514.143647] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  514.151885] FAT-fs (loop6): error, invalid access to FAT (entry 0x00fffff8)
[  514.153081] FAT-fs (loop6): Filesystem has been set read-only
13:44:29 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xffffff8c, 0x103)

13:44:39 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140), 0x0, 0x0, 0x0)

13:44:39 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xfffffff6, 0x103)

13:44:39 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:39 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 1)

13:44:39 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:39 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2, 0x0, 0x800}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:39 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0)={0x0, <r2=>0x0})
pidfd_getfd(r1, r1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
clone3(&(0x7f0000000240)={0x80910300, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1f}, &(0x7f00000000c0)=""/161, 0xa1, &(0x7f0000000180)=""/6, &(0x7f0000000200)=[r2], 0x1, {r3}}, 0x58)

13:44:39 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300), 0x20)

13:44:39 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0)={0x0, <r2=>0x0})
pidfd_getfd(r1, r1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
clone3(&(0x7f0000000240)={0x80910300, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1f}, &(0x7f00000000c0)=""/161, 0xa1, &(0x7f0000000180)=""/6, &(0x7f0000000200)=[r2], 0x1, {r3}}, 0x58)

13:44:39 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300), 0x20)

[  523.990182] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  523.990182]    program syz-executor.2 not setting count and/or reply_len properly
13:44:39 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0)={0x0, <r2=>0x0})
pidfd_getfd(r1, r1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
clone3(&(0x7f0000000240)={0x80910300, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1f}, &(0x7f00000000c0)=""/161, 0xa1, &(0x7f0000000180)=""/6, &(0x7f0000000200)=[r2], 0x1, {r3}}, 0x58)

[  524.001648] syz-executor.6: attempt to access beyond end of device
[  524.001648] loop6: rw=0, sector=0, nr_sectors = 1 limit=0
[  524.008227] FAT-fs (loop6): unable to read boot sector
13:44:39 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  524.039707] FAULT_INJECTION: forcing a failure.
[  524.039707] name failslab, interval 1, probability 0, space 0, times 0
[  524.040760] CPU: 1 UID: 0 PID: 5722 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  524.040777] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  524.040791] Call Trace:
[  524.040800]  <TASK>
[  524.040810]  dump_stack_lvl+0xfa/0x120
[  524.040856]  should_fail_ex+0x4d7/0x5e0
[  524.040877]  ? getname_flags.part.0+0x48/0x540
[  524.040893]  should_failslab+0xc2/0x120
[  524.040915]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  524.040938]  getname_flags.part.0+0x48/0x540
[  524.040954]  getname_uflags+0x9a/0xe0
[  524.040972]  __x64_sys_execveat+0xcd/0x130
[  524.040993]  do_syscall_64+0xbf/0x360
[  524.041006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.041019] RIP: 0033:0x7f40acb77b19
[  524.041029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  524.041040] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  524.041053] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  524.041061] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  524.041068] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  524.041075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  524.041082] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  524.041099]  </TASK>
13:44:39 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (fail_nth: 1)

13:44:39 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:39 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 2)

13:44:39 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240), 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:39 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:39 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x8000000000000, 0x103)

[  524.166229] FAULT_INJECTION: forcing a failure.
[  524.166229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  524.167276] CPU: 1 UID: 0 PID: 5735 Comm: syz-executor.7 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  524.167292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  524.167300] Call Trace:
[  524.167304]  <TASK>
[  524.167309]  dump_stack_lvl+0xfa/0x120
[  524.167337]  should_fail_ex+0x4d7/0x5e0
[  524.167364]  _copy_from_user+0x30/0xd0
[  524.167385]  copy_msghdr_from_user+0x88/0x150
[  524.167408]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  524.167428]  ? perf_trace_lock_acquire+0xc9/0x700
[  524.167446]  ? __lock_acquire+0x694/0x1b70
[  524.167463]  ___sys_recvmsg+0xbb/0x190
[  524.167484]  ? __pfx____sys_recvmsg+0x10/0x10
[  524.167503]  ? lock_acquire+0x15e/0x2f0
[  524.167514]  ? __fget_files+0x34/0x3b0
[  524.167534]  ? find_held_lock+0x2b/0x80
[  524.167550]  ? __fget_files+0x203/0x3b0
[  524.167567]  ? lock_release+0xc8/0x290
[  524.167581]  ? __fget_files+0x20d/0x3b0
[  524.167605]  do_recvmmsg+0x2c5/0x6f0
[  524.167628]  ? __pfx_do_recvmmsg+0x10/0x10
[  524.167647]  ? ksys_write+0x187/0x240
[  524.167666]  ? lock_release+0xc8/0x290
[  524.167680]  ? __mutex_unlock_slowpath+0x155/0x7b0
[  524.167700]  ? kernel_write+0x613/0x660
[  524.167720]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  524.167742]  ? __fget_files+0x20d/0x3b0
[  524.167764]  __x64_sys_recvmmsg+0x211/0x260
[  524.167776]  ? ksys_write+0x1a3/0x240
[  524.167794]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  524.167808]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  524.167832]  do_syscall_64+0xbf/0x360
[  524.167845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.167858] RIP: 0033:0x7fbc37622b19
[  524.167867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  524.167878] RSP: 002b:00007fbc34b98188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  524.167890] RAX: ffffffffffffffda RBX: 00007fbc37735f60 RCX: 00007fbc37622b19
[  524.167898] RDX: 0000000000000001 RSI: 0000000020005140 RDI: 0000000000000003
[  524.167905] RBP: 00007fbc34b981d0 R08: 0000000000000000 R09: 0000000000000000
[  524.167912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  524.167919] R13: 00007ffc63d9fb0f R14: 00007fbc34b98300 R15: 0000000000022000
[  524.167937]  </TASK>
[  524.230691] syz-executor.6: attempt to access beyond end of device
[  524.230691] loop6: rw=0, sector=0, nr_sectors = 1 limit=0
[  524.237180] FAT-fs (loop6): unable to read boot sector
[  524.245285] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  524.245285]    program syz-executor.2 not setting count and/or reply_len properly
13:44:48 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 3)

13:44:48 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x720)

13:44:48 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300), 0x20)

13:44:48 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (fail_nth: 2)

13:44:48 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0))
pidfd_getfd(r1, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:44:48 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240), 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:48 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:48 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x10000000000000, 0x103)

13:44:48 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0))
pidfd_getfd(r1, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[  533.871769] FAULT_INJECTION: forcing a failure.
[  533.871769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.872790] CPU: 1 UID: 0 PID: 5759 Comm: syz-executor.7 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  533.872811] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  533.872820] Call Trace:
[  533.872826]  <TASK>
[  533.872831]  dump_stack_lvl+0xfa/0x120
[  533.872860]  should_fail_ex+0x4d7/0x5e0
[  533.872885]  _copy_to_user+0x32/0xd0
[  533.872909]  simple_read_from_buffer+0xe0/0x180
[  533.872930]  proc_fail_nth_read+0x18a/0x240
[  533.872952]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  533.872973]  ? security_file_permission+0x22/0x90
[  533.872991]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  533.873011]  vfs_read+0x1eb/0xc70
[  533.873035]  ? __pfx_vfs_read+0x10/0x10
[  533.873054]  ? lock_release+0xc8/0x290
[  533.873072]  ? __fget_files+0x20d/0x3b0
[  533.873099]  ksys_read+0x121/0x240
[  533.873117]  ? __pfx_ksys_read+0x10/0x10
[  533.873137]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  533.873166]  do_syscall_64+0xbf/0x360
[  533.873181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.873194] RIP: 0033:0x7fbc375d569c
[  533.873203] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  533.873215] RSP: 002b:00007fbc34b98170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  533.873227] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fbc375d569c
[  533.873235] RDX: 000000000000000f RSI: 00007fbc34b981e0 RDI: 0000000000000004
[  533.873243] RBP: 00007fbc34b981d0 R08: 0000000000000000 R09: 0000000000000000
[  533.873250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.873257] R13: 00007ffc63d9fb0f R14: 00007fbc34b98300 R15: 0000000000022000
[  533.873277]  </TASK>
[  533.910794] FAULT_INJECTION: forcing a failure.
[  533.910794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.911952] CPU: 1 UID: 0 PID: 5767 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  533.911968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  533.911976] Call Trace:
[  533.911980]  <TASK>
[  533.911985]  dump_stack_lvl+0xfa/0x120
[  533.912010]  should_fail_ex+0x4d7/0x5e0
[  533.912032]  strncpy_from_user+0x3b/0x2f0
[  533.912051]  getname_flags.part.0+0x8d/0x540
[  533.912070]  getname_uflags+0x9a/0xe0
[  533.912089]  __x64_sys_execveat+0xcd/0x130
[  533.912111]  do_syscall_64+0xbf/0x360
[  533.912125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.912137] RIP: 0033:0x7f40acb77b19
[  533.912146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  533.912158] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  533.912170] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  533.912178] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  533.912185] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  533.912193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.912200] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  533.912219]  </TASK>
[  533.913219] sg_write: data in/out 839/1782 bytes for SCSI command 0x0-- guessing data in;
[  533.913219]    program syz-executor.2 not setting count and/or reply_len properly
[  533.936878] syz-executor.6: attempt to access beyond end of device
[  533.936878] loop6: rw=0, sector=0, nr_sectors = 1 limit=0
13:44:49 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[  533.942928] FAT-fs (loop6): unable to read boot sector
13:44:49 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:49 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 4)

13:44:49 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "3fa7bed98e7195fa47375f48d710bf492ae4daa8b7f1b976bc6bb8563cb8373aa71bc7947dc27a80e4ced6cca79b0d3d945a52268650d9f76356f74e2f7fe721f1bac3ff651933b7211f3bf20104f80569b456118627b1a443cd7462ac208ad4b258abea908d4262764805f6b1a4e6d92a3be7c74ba3aafae200f35ecf8467a782c430daa41c5d26c7d1312d80567a1154380c2643cac0d67c3dfea75a77386cbb35", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7c2)

13:44:49 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:44:49 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240), 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  534.110644] sg_write: data in/out 839/1934 bytes for SCSI command 0x8e-- guessing data in;
[  534.110644]    program syz-executor.0 not setting count and/or reply_len properly
[  534.130048] loop6: detected capacity change from 0 to 64
[  534.142267] FAULT_INJECTION: forcing a failure.
[  534.142267] name failslab, interval 1, probability 0, space 0, times 0
[  534.144033] CPU: 0 UID: 0 PID: 5783 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  534.144064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  534.144077] Call Trace:
[  534.144086]  <TASK>
[  534.144095]  dump_stack_lvl+0xfa/0x120
[  534.144142]  should_fail_ex+0x4d7/0x5e0
[  534.144184]  ? alloc_empty_file+0x58/0x1e0
[  534.144211]  should_failslab+0xc2/0x120
[  534.144252]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  534.144285]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  534.144324]  alloc_empty_file+0x58/0x1e0
[  534.144353]  path_openat+0xe0/0x2880
[  534.144411]  ? __pfx_path_openat+0x10/0x10
[  534.144447]  ? __is_insn_slot_addr+0x2e/0x290
[  534.144483]  ? find_held_lock+0x2b/0x80
[  534.144517]  ? __is_insn_slot_addr+0x136/0x290
[  534.144556]  do_filp_open+0x1e8/0x450
[  534.144593]  ? __pfx_do_filp_open+0x10/0x10
[  534.144627]  ? __is_insn_slot_addr+0x140/0x290
[  534.144664]  ? kernel_text_address+0x5b/0xc0
[  534.144692]  ? __kernel_text_address+0xd/0x40
[  534.144717]  ? unwind_get_return_address+0x59/0xa0
[  534.144765]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  534.144802]  ? perf_trace_lock_acquire+0xc9/0x700
[  534.144835]  ? __lock_acquire+0x694/0x1b70
[  534.144865]  ? __lock_acquire+0xc65/0x1b70
[  534.144893]  do_open_execat+0x10c/0x3e0
[  534.144926]  ? __pfx_do_open_execat+0x10/0x10
[  534.144957]  ? __virt_addr_valid+0x1c6/0x5d0
[  534.144997]  ? __virt_addr_valid+0x2e8/0x5d0
[  534.145034]  ? lock_release+0xc8/0x290
[  534.145063]  alloc_bprm+0x2b/0x6e0
[  534.145100]  do_execveat_common+0x235/0x770
[  534.145137]  ? __pfx_do_execveat_common+0x10/0x10
[  534.145177]  ? getname_flags.part.0+0x1c6/0x540
[  534.145213]  __x64_sys_execveat+0xe4/0x130
[  534.145254]  do_syscall_64+0xbf/0x360
[  534.145281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.145306] RIP: 0033:0x7f40acb77b19
[  534.145323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  534.145346] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  534.145368] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  534.145384] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  534.145399] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  534.145413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  534.145427] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  534.145462]  </TASK>
[  534.182858] hpet: Lost 2 RTC interrupts
[  534.188390] FAT-fs (loop6): bogus number of reserved sectors
[  534.189332] FAT-fs (loop6): Can't find a valid FAT filesystem
13:44:57 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x20000000000000, 0x103)

13:44:57 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 5)

13:44:57 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x3, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:44:57 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x4, 0x0}}], 0x1, 0x0, 0x0)

13:44:57 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x620)

13:44:57 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0))
pidfd_getfd(r1, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')

13:44:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:44:57 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x720)

[  542.699015] loop6: detected capacity change from 0 to 64
[  542.706117] FAT-fs (loop6): bogus number of reserved sectors
[  542.706611] FAT-fs (loop6): Can't find a valid FAT filesystem
13:44:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  542.752386] sg_write: data in/out 839/1782 bytes for SCSI command 0x0-- guessing data in;
[  542.752386]    program syz-executor.0 not setting count and/or reply_len properly
[  542.761191] sg_write: data in/out 839/1526 bytes for SCSI command 0x0-- guessing data in;
[  542.761191]    program syz-executor.2 not setting count and/or reply_len properly
[  542.849981] loop6: detected capacity change from 0 to 64
13:44:57 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 6)

[  542.876493] FAT-fs (loop6): bogus number of reserved sectors
[  542.877811] FAT-fs (loop6): Can't find a valid FAT filesystem
13:44:57 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0))
pidfd_getfd(r1, r1, 0x0)

13:44:57 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120) (fail_nth: 1)

13:44:58 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x8, 0x0}}], 0x1, 0x0, 0x0)

13:44:58 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x520)

13:44:58 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x40000000000000, 0x103)

13:44:58 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x3, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  543.046890] sg_write: data in/out 839/1270 bytes for SCSI command 0x0-- guessing data in;
[  543.046890]    program syz-executor.2 not setting count and/or reply_len properly
[  543.071532] FAULT_INJECTION: forcing a failure.
[  543.071532] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.073838] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor.0 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  543.073871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  543.073885] Call Trace:
[  543.073892]  <TASK>
[  543.073901]  dump_stack_lvl+0xfa/0x120
[  543.073950]  should_fail_ex+0x4d7/0x5e0
[  543.073993]  _copy_from_user+0x30/0xd0
[  543.074037]  sg_write.part.0+0x1c2/0xb50
[  543.074066]  ? __might_fault+0xe0/0x190
[  543.074093]  ? __pfx_sg_write.part.0+0x10/0x10
[  543.074124]  ? __lock_acquire+0x694/0x1b70
[  543.074165]  ? lock_acquire+0x15e/0x2f0
[  543.074188]  ? get_pid_task+0x29/0x250
[  543.074228]  ? find_held_lock+0x2b/0x80
[  543.074263]  ? get_pid_task+0xfd/0x250
[  543.074301]  ? lock_release+0xc8/0x290
[  543.074329]  ? perf_trace_lock_acquire+0xc9/0x700
[  543.074363]  ? get_pid_task+0x107/0x250
[  543.074399]  ? avc_policy_seqno+0x9/0x20
[  543.074431]  ? selinux_file_permission+0x99/0x600
[  543.074466]  sg_write+0x86/0xe0
[  543.074492]  vfs_write+0x2b7/0x1150
[  543.074528]  ? __pfx_sg_write+0x10/0x10
[  543.074555]  ? lock_acquire+0x15e/0x2f0
[  543.074578]  ? __fget_files+0x34/0x3b0
[  543.074613]  ? __pfx_vfs_write+0x10/0x10
[  543.074649]  ? __fget_files+0x203/0x3b0
[  543.074683]  ? lock_release+0xc8/0x290
[  543.074713]  ? __fget_files+0x20d/0x3b0
[  543.074760]  ksys_write+0x121/0x240
[  543.074796]  ? __pfx_ksys_write+0x10/0x10
[  543.074845]  do_syscall_64+0xbf/0x360
[  543.074872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.074897] RIP: 0033:0x7f958f59db19
[  543.074915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  543.074938] RSP: 002b:00007f958cb13188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  543.074961] RAX: ffffffffffffffda RBX: 00007f958f6b0f60 RCX: 00007f958f59db19
[  543.074978] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  543.074992] RBP: 00007f958cb131d0 R08: 0000000000000000 R09: 0000000000000000
[  543.075007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.075021] R13: 00007ffc8f6a810f R14: 00007f958cb13300 R15: 0000000000022000
[  543.075057]  </TASK>
[  543.108215] hpet: Lost 1 RTC interrupts
[  543.142859] FAULT_INJECTION: forcing a failure.
[  543.142859] name failslab, interval 1, probability 0, space 0, times 0
[  543.144618] CPU: 1 UID: 0 PID: 5826 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  543.144660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  543.144678] Call Trace:
[  543.144688]  <TASK>
[  543.144700]  dump_stack_lvl+0xfa/0x120
[  543.144748]  should_fail_ex+0x4d7/0x5e0
[  543.144786]  ? security_file_alloc+0x35/0x130
[  543.144814]  should_failslab+0xc2/0x120
[  543.144866]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  543.144899]  ? __create_object+0x59/0x80
[  543.144931]  security_file_alloc+0x35/0x130
[  543.144960]  init_file+0x95/0x4c0
[  543.144985]  alloc_empty_file+0x76/0x1e0
[  543.145012]  path_openat+0xe0/0x2880
[  543.145060]  ? __pfx_path_openat+0x10/0x10
[  543.145093]  ? __is_insn_slot_addr+0x2e/0x290
[  543.145127]  ? find_held_lock+0x2b/0x80
[  543.145159]  ? __is_insn_slot_addr+0x136/0x290
[  543.145195]  do_filp_open+0x1e8/0x450
[  543.145229]  ? __pfx_do_filp_open+0x10/0x10
[  543.145261]  ? __is_insn_slot_addr+0x140/0x290
[  543.145296]  ? kernel_text_address+0x5b/0xc0
[  543.145321]  ? __kernel_text_address+0xd/0x40
[  543.145345]  ? unwind_get_return_address+0x59/0xa0
[  543.145386]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  543.145421]  ? perf_trace_lock_acquire+0xc9/0x700
[  543.145452]  ? __lock_acquire+0x694/0x1b70
[  543.145479]  ? __lock_acquire+0xc65/0x1b70
[  543.145505]  do_open_execat+0x10c/0x3e0
[  543.145536]  ? __pfx_do_open_execat+0x10/0x10
[  543.145564]  ? __virt_addr_valid+0x1c6/0x5d0
[  543.145601]  ? __virt_addr_valid+0x2e8/0x5d0
[  543.145636]  ? lock_release+0xc8/0x290
[  543.145663]  alloc_bprm+0x2b/0x6e0
[  543.145697]  do_execveat_common+0x235/0x770
[  543.145731]  ? __pfx_do_execveat_common+0x10/0x10
[  543.145768]  ? getname_flags.part.0+0x1c6/0x540
[  543.145801]  __x64_sys_execveat+0xe4/0x130
[  543.145839]  do_syscall_64+0xbf/0x360
[  543.145864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.145887] RIP: 0033:0x7f40acb77b19
[  543.145904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  543.145925] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  543.145946] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  543.145961] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  543.145975] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  543.145988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.146001] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  543.146033]  </TASK>
13:45:06 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 7)

13:45:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:06 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x60000000000000, 0x103)

13:45:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x520)

13:45:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0))
pidfd_getfd(r1, r1, 0x0)

13:45:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x14, 0x0}}], 0x1, 0x0, 0x0)

13:45:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x3, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:45:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120) (fail_nth: 2)

13:45:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x1400, 0x0}}], 0x1, 0x0, 0x0)

[  551.692861] loop6: detected capacity change from 0 to 64
[  551.700187] FAULT_INJECTION: forcing a failure.
[  551.700187] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.702199] CPU: 0 UID: 0 PID: 5852 Comm: syz-executor.0 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  551.702231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  551.702244] Call Trace:
[  551.702251]  <TASK>
[  551.702260]  dump_stack_lvl+0xfa/0x120
[  551.702306]  should_fail_ex+0x4d7/0x5e0
[  551.702347]  _copy_from_user+0x30/0xd0
[  551.702397]  sg_write.part.0+0x5fe/0xb50
[  551.702428]  ? __pfx_sg_write.part.0+0x10/0x10
[  551.702459]  ? __lock_acquire+0x694/0x1b70
[  551.702499]  ? lock_acquire+0x15e/0x2f0
[  551.702522]  ? get_pid_task+0x29/0x250
[  551.702561]  ? find_held_lock+0x2b/0x80
[  551.702594]  ? get_pid_task+0xfd/0x250
[  551.702632]  ? lock_release+0xc8/0x290
[  551.702660]  ? perf_trace_lock_acquire+0xc9/0x700
[  551.702685]  ? get_pid_task+0x107/0x250
[  551.702720]  ? avc_policy_seqno+0x9/0x20
[  551.702756]  ? selinux_file_permission+0x99/0x600
[  551.702789]  sg_write+0x86/0xe0
[  551.702815]  vfs_write+0x2b7/0x1150
[  551.702850]  ? __pfx_sg_write+0x10/0x10
[  551.702876]  ? lock_acquire+0x15e/0x2f0
[  551.702899]  ? __fget_files+0x34/0x3b0
[  551.702933]  ? __pfx_vfs_write+0x10/0x10
[  551.702969]  ? __fget_files+0x203/0x3b0
[  551.703002]  ? lock_release+0xc8/0x290
[  551.703031]  ? __fget_files+0x20d/0x3b0
[  551.703077]  ksys_write+0x121/0x240
[  551.703113]  ? __pfx_ksys_write+0x10/0x10
[  551.703161]  do_syscall_64+0xbf/0x360
[  551.703187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.703211] RIP: 0033:0x7f958f59db19
[  551.703229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  551.703251] RSP: 002b:00007f958cb13188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  551.703274] RAX: ffffffffffffffda RBX: 00007f958f6b0f60 RCX: 00007f958f59db19
[  551.703289] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  551.703304] RBP: 00007f958cb131d0 R08: 0000000000000000 R09: 0000000000000000
[  551.703318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  551.703331] R13: 00007ffc8f6a810f R14: 00007f958cb13300 R15: 0000000000022000
[  551.703366]  </TASK>
[  551.734237] hpet: Lost 1 RTC interrupts
[  551.736980] sg_write: data in/out 839/1270 bytes for SCSI command 0x0-- guessing data in;
[  551.736980]    program syz-executor.2 not setting count and/or reply_len properly
13:45:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0))

[  551.753693] FAT-fs (loop6): bogus number of reserved sectors
[  551.754884] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0)=<r1=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0))

13:45:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x5, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:45:16 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00']}, 0x420)

13:45:16 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x40000, 0x0}}], 0x1, 0x0, 0x0)

13:45:16 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x5, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:45:16 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:45:16 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:16 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 8)

13:45:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120) (fail_nth: 3)

13:45:16 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x80ffff00000000, 0x103)

13:45:16 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[  561.135790] FAULT_INJECTION: forcing a failure.
[  561.135790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  561.136810] CPU: 1 UID: 0 PID: 5875 Comm: syz-executor.0 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  561.136826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  561.136834] Call Trace:
[  561.136838]  <TASK>
[  561.136843]  dump_stack_lvl+0xfa/0x120
[  561.136871]  should_fail_ex+0x4d7/0x5e0
[  561.136894]  _copy_to_user+0x32/0xd0
[  561.136917]  simple_read_from_buffer+0xe0/0x180
[  561.136937]  proc_fail_nth_read+0x18a/0x240
[  561.136958]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  561.136978]  ? security_file_permission+0x22/0x90
[  561.136996]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  561.137025]  vfs_read+0x1eb/0xc70
[  561.137049]  ? __pfx_vfs_read+0x10/0x10
[  561.137067]  ? lock_release+0xc8/0x290
[  561.137084]  ? __fget_files+0x20d/0x3b0
[  561.137109]  ksys_read+0x121/0x240
[  561.137127]  ? __pfx_ksys_read+0x10/0x10
[  561.137151]  do_syscall_64+0xbf/0x360
[  561.137165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.137179] RIP: 0033:0x7f958f55069c
[  561.137188] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  561.137200] RSP: 002b:00007f958cb13170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  561.137212] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f958f55069c
[  561.137220] RDX: 000000000000000f RSI: 00007f958cb131e0 RDI: 0000000000000005
[  561.137228] RBP: 00007f958cb131d0 R08: 0000000000000000 R09: 0000000000000000
[  561.137235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  561.137242] R13: 00007ffc8f6a810f R14: 00007f958cb13300 R15: 0000000000022000
[  561.137260]  </TASK>
13:45:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[  561.177347] loop6: detected capacity change from 0 to 64
[  561.178570] sg_write: data in/out 839/1014 bytes for SCSI command 0x0-- guessing data in;
[  561.178570]    program syz-executor.2 not setting count and/or reply_len properly
[  561.201322] FAT-fs (loop6): bogus number of reserved sectors
[  561.202469] FAT-fs (loop6): Can't find a valid FAT filesystem
[  561.212613] FAULT_INJECTION: forcing a failure.
[  561.212613] name failslab, interval 1, probability 0, space 0, times 0
[  561.214533] CPU: 0 UID: 0 PID: 5885 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  561.214563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  561.214576] Call Trace:
[  561.214585]  <TASK>
[  561.214594]  dump_stack_lvl+0xfa/0x120
[  561.214641]  should_fail_ex+0x4d7/0x5e0
[  561.214683]  should_failslab+0xc2/0x120
[  561.214722]  __kmalloc_cache_noprof+0x6a/0x3e0
[  561.214753]  ? __virt_addr_valid+0x2e8/0x5d0
[  561.214790]  ? alloc_bprm+0x84/0x6e0
[  561.214828]  alloc_bprm+0x84/0x6e0
[  561.214863]  do_execveat_common+0x235/0x770
[  561.214898]  ? __pfx_do_execveat_common+0x10/0x10
[  561.214938]  ? getname_flags.part.0+0x1c6/0x540
[  561.214973]  __x64_sys_execveat+0xe4/0x130
[  561.215013]  do_syscall_64+0xbf/0x360
[  561.215039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.215061] RIP: 0033:0x7f40acb77b19
[  561.215078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  561.215099] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  561.215121] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  561.215136] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  561.215150] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  561.215163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  561.215176] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  561.215212]  </TASK>
13:45:16 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x80000, 0x0}}], 0x1, 0x0, 0x0)

13:45:16 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:45:16 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x5, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:45:16 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00']}, 0x320)

13:45:16 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x1000000, 0x0}}], 0x1, 0x0, 0x0)

[  561.420014] sg_write: data in/out 839/758 bytes for SCSI command 0x0-- guessing data in;
[  561.420014]    program syz-executor.2 not setting count and/or reply_len properly
[  561.434967] loop6: detected capacity change from 0 to 64
[  561.442932] FAT-fs (loop6): bogus number of reserved sectors
[  561.444200] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:24 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 9)

13:45:24 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x2}, "", ['\x00']}, 0x120)

13:45:24 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, &(0x7f0000002280)})

13:45:24 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00']}, 0x320)

13:45:24 executing program 1:
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[0x0, 0x0], 0x2}, 0x58)

13:45:24 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x14000000, 0x0}}], 0x1, 0x0, 0x0)

13:45:24 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:24 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xc0ffff00000000, 0x103)

13:45:24 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x24}, "", ['\x00']}, 0x120)

[  569.473245] sg_write: data in/out 839/758 bytes for SCSI command 0x0-- guessing data in;
[  569.473245]    program syz-executor.2 not setting count and/or reply_len properly
[  569.481268] loop6: detected capacity change from 0 to 64
[  569.489540] FAT-fs (loop6): bogus number of reserved sectors
[  569.490039] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:24 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0xffffff7f, 0x0}}], 0x1, 0x0, 0x0)

13:45:24 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x100000000000000, 0x103)

13:45:24 executing program 1:
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[0x0, 0x0], 0x2}, 0x58)

13:45:24 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, &(0x7f0000002280)})

13:45:24 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:24 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00']}, 0x220)

13:45:24 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x4}}], 0x1, 0x0, 0x0)

13:45:24 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 10)

[  569.633033] loop6: detected capacity change from 0 to 64
[  569.652193] FAT-fs (loop6): bogus number of reserved sectors
[  569.652714] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:24 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x200000000000000, 0x103)

[  569.674757] sg_write: data in/out 839/502 bytes for SCSI command 0x0-- guessing data in;
[  569.674757]    program syz-executor.2 not setting count and/or reply_len properly
13:45:24 executing program 1:
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[0x0, 0x0], 0x2}, 0x58)

13:45:24 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:24 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x8}}], 0x1, 0x0, 0x0)

13:45:24 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00']}, 0x220)

13:45:24 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x2400}, "", ['\x00']}, 0x120)

[  569.788660] loop6: detected capacity change from 0 to 64
[  569.808220] FAT-fs (loop6): bogus number of reserved sectors
[  569.808974] FAT-fs (loop6): Can't find a valid FAT filesystem
[  569.809534] FAULT_INJECTION: forcing a failure.
[  569.809534] name failslab, interval 1, probability 0, space 0, times 0
[  569.810474] CPU: 0 UID: 0 PID: 5964 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  569.810490] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  569.810498] Call Trace:
[  569.810503]  <TASK>
[  569.810508]  dump_stack_lvl+0xfa/0x120
[  569.810536]  should_fail_ex+0x4d7/0x5e0
[  569.810560]  ? mm_alloc+0x1d/0xd0
[  569.810579]  should_failslab+0xc2/0x120
[  569.810601]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  569.810620]  ? __virt_addr_valid+0x2e8/0x5d0
[  569.810643]  mm_alloc+0x1d/0xd0
[  569.810662]  alloc_bprm+0x2e3/0x6e0
[  569.810682]  do_execveat_common+0x235/0x770
[  569.810700]  ? __pfx_do_execveat_common+0x10/0x10
[  569.810721]  ? getname_flags.part.0+0x1c6/0x540
[  569.810739]  __x64_sys_execveat+0xe4/0x130
[  569.810760]  do_syscall_64+0xbf/0x360
[  569.810774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.810787] RIP: 0033:0x7f40acb77b19
[  569.810797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  569.810808] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  569.810820] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  569.810828] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  569.810836] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  569.810843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  569.810851] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  569.810868]  </TASK>
[  569.859166] sg_write: data in/out 839/502 bytes for SCSI command 0x0-- guessing data in;
[  569.859166]    program syz-executor.2 not setting count and/or reply_len properly
13:45:33 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x8cffffff00000000, 0x103)

13:45:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x14}}], 0x1, 0x0, 0x0)

13:45:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 11)

13:45:33 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800", 0x17}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:33 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:45:33 executing program 1:
r0 = clone3(0x0, 0x0)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:45:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:45:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  578.547811] loop6: detected capacity change from 0 to 64
[  578.560437] FAT-fs (loop6): bogus number of FAT sectors
[  578.560905] FAT-fs (loop6): Can't find a valid FAT filesystem
[  578.588258] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  578.588258]    program syz-executor.2 not setting count and/or reply_len properly
13:45:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x1400}}], 0x1, 0x0, 0x0)

13:45:33 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800", 0x17}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  578.699964] loop6: detected capacity change from 0 to 64
[  578.724464] FAT-fs (loop6): bogus number of FAT sectors
[  578.725316] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:42 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800", 0x17}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}}, 0x20)

13:45:42 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x40000}}], 0x1, 0x0, 0x0)

13:45:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 12)

13:45:42 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xf6ffffff00000000, 0x103)

13:45:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x2}, "", ['\x00']}, 0x120)

13:45:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x5, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

13:45:42 executing program 1:
r0 = clone3(0x0, 0x0)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:45:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x24}, "", ['\x00']}, 0x120)

[  587.339201] loop6: detected capacity change from 0 to 64
[  587.346634] FAT-fs (loop6): bogus number of FAT sectors
[  587.347563] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 13)

13:45:42 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0xffffffff00000000, 0x103)

13:45:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x5, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f", 0x0, 0x0, 0x10010, 0x0, &(0x7f0000002280)})

[  587.445152] FAULT_INJECTION: forcing a failure.
[  587.445152] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  587.446163] CPU: 1 UID: 0 PID: 6030 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  587.446180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  587.446187] Call Trace:
[  587.446192]  <TASK>
[  587.446197]  dump_stack_lvl+0xfa/0x120
[  587.446225]  should_fail_ex+0x4d7/0x5e0
[  587.446247]  should_fail_alloc_page+0xe0/0x110
[  587.446270]  prepare_alloc_pages+0x1af/0x500
[  587.446283]  ? __is_insn_slot_addr+0x140/0x290
[  587.446304]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  587.446322]  ? unwind_get_return_address+0x59/0xa0
[  587.446341]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  587.446365]  ? perf_trace_lock_acquire+0xc9/0x700
[  587.446382]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  587.446405]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  587.446427]  ? do_raw_spin_lock+0x123/0x260
[  587.446443]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  587.446457]  ? policy_nodemask+0xeb/0x4e0
[  587.446475]  alloc_pages_mpol+0xed/0x340
[  587.446490]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  587.446505]  ? pcpu_obj_full_size+0x3c/0x90
[  587.446520]  ? pcpu_alloc_noprof+0x12d/0x1140
[  587.446538]  alloc_pages_noprof+0xa1/0x380
[  587.446555]  pgd_alloc+0x4d/0x610
[  587.446574]  mm_init+0x6ff/0x1190
[  587.446596]  mm_alloc+0xa0/0xd0
[  587.446615]  alloc_bprm+0x2e3/0x6e0
[  587.446634]  do_execveat_common+0x235/0x770
[  587.446652]  ? __pfx_do_execveat_common+0x10/0x10
[  587.446672]  ? getname_flags.part.0+0x1c6/0x540
[  587.446690]  __x64_sys_execveat+0xe4/0x130
[  587.446711]  do_syscall_64+0xbf/0x360
[  587.446724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.446737] RIP: 0033:0x7f40acb77b19
[  587.446746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  587.446757] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  587.446769] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  587.446777] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  587.446785] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  587.446792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  587.446799] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  587.446816]  </TASK>
13:45:42 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000", 0x22}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}}, 0x20)

13:45:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:45:42 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x80000}}], 0x1, 0x0, 0x0)

[  587.567551] loop6: detected capacity change from 0 to 64
13:45:42 executing program 1:
r0 = clone3(0x0, 0x0)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:45:42 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x1000000}}], 0x1, 0x0, 0x0)

13:45:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 14)

[  587.608054] FAT-fs (loop6): bogus number of FAT sectors
[  587.609062] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:52 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x14000000}}], 0x1, 0x0, 0x0)

13:45:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x620)

13:45:52 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x102)

13:45:52 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:45:52 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000", 0x22}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:52 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}}, 0x20)

13:45:52 executing program 1:
r0 = clone3(&(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:45:52 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 15)

[  597.935217] loop6: detected capacity change from 0 to 64
[  597.946285] FAT-fs (loop6): bogus number of FAT sectors
[  597.946887] FAT-fs (loop6): Can't find a valid FAT filesystem
[  597.973618] sg_write: data in/out 839/1526 bytes for SCSI command 0x0-- guessing data in;
[  597.973618]    program syz-executor.4 not setting count and/or reply_len properly
13:45:53 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0xffffff7f}}], 0x1, 0x0, 0x0)

13:45:53 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

13:45:53 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000", 0x22}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:53 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
syz_open_dev$tty20(0xc, 0x4, 0x1)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[  598.075087] loop6: detected capacity change from 0 to 64
[  598.079729] FAT-fs (loop6): bogus number of FAT sectors
[  598.080196] FAT-fs (loop6): Can't find a valid FAT filesystem
13:45:53 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 1)

13:45:53 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001000000", 0x28}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:45:53 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 16)

13:45:53 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:45:53 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x620)

[  598.201846] FAULT_INJECTION: forcing a failure.
[  598.201846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  598.201890] CPU: 0 UID: 0 PID: 6090 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  598.201918] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  598.201931] Call Trace:
[  598.201939]  <TASK>
[  598.201948]  dump_stack_lvl+0xfa/0x120
[  598.201994]  should_fail_ex+0x4d7/0x5e0
[  598.202035]  _copy_from_user+0x30/0xd0
[  598.202075]  sg_write.part.0+0x1c2/0xb50
[  598.202103]  ? __might_fault+0xe0/0x190
[  598.202125]  ? tracing_gen_ctx_irq_test+0x167/0x1f0
[  598.202165]  ? __pfx_sg_write.part.0+0x10/0x10
[  598.202193]  ? perf_tp_event+0x807/0xe70
[  598.202241]  ? __pfx_perf_tp_event+0x10/0x10
[  598.202272]  ? lock_acquire+0x15e/0x2f0
[  598.202302]  ? get_pid_task+0xfd/0x250
[  598.202342]  ? perf_trace_lock+0xb5/0x5d0
[  598.202369]  ? perf_trace_lock_acquire+0xc9/0x700
[  598.202398]  ? avc_policy_seqno+0x9/0x20
[  598.202428]  ? selinux_file_permission+0x99/0x600
[  598.202462]  sg_write+0x86/0xe0
[  598.202465] loop6: detected capacity change from 0 to 64
[  598.202489]  vfs_write+0x2b7/0x1150
[  598.202523]  ? __pfx_sg_write+0x10/0x10
[  598.202548]  ? lock_acquire+0x15e/0x2f0
[  598.202570]  ? __fget_files+0x34/0x3b0
[  598.202603]  ? __pfx_vfs_write+0x10/0x10
[  598.202637]  ? __fget_files+0x203/0x3b0
[  598.202669]  ? lock_release+0xc8/0x290
[  598.202697]  ? __fget_files+0x20d/0x3b0
[  598.202743]  ksys_write+0x121/0x240
[  598.202777]  ? __pfx_ksys_write+0x10/0x10
[  598.202824]  do_syscall_64+0xbf/0x360
[  598.202850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.202873] RIP: 0033:0x7fbb63381b19
[  598.202890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  598.202911] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  598.202933] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  598.202947] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  598.202961] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  598.202974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.202987] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  598.203022]  </TASK>
[  598.211616] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  598.227281] FAULT_INJECTION: forcing a failure.
[  598.227281] name failslab, interval 1, probability 0, space 0, times 0
[  598.227304] CPU: 1 UID: 0 PID: 6094 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  598.227320] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  598.227328] Call Trace:
[  598.227333]  <TASK>
[  598.227338]  dump_stack_lvl+0xfa/0x120
[  598.227373]  should_fail_ex+0x4d7/0x5e0
[  598.227396]  ? vm_area_alloc+0x20/0x170
[  598.227409]  should_failslab+0xc2/0x120
[  598.227430]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  598.227455]  vm_area_alloc+0x20/0x170
[  598.227467]  create_init_stack_vma+0x28/0x600
[  598.227490]  alloc_bprm+0x451/0x6e0
[  598.227511]  do_execveat_common+0x235/0x770
[  598.227530]  ? __pfx_do_execveat_common+0x10/0x10
[  598.227551]  ? getname_flags.part.0+0x1c6/0x540
[  598.227570]  __x64_sys_execveat+0xe4/0x130
[  598.227592]  do_syscall_64+0xbf/0x360
[  598.227607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.227621] RIP: 0033:0x7f40acb77b19
[  598.227630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  598.227641] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  598.227653] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  598.227661] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  598.227668] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  598.227675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  598.227682] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  598.227702]  </TASK>
[  598.249773] sg_write: data in/out 839/1526 bytes for SCSI command 0x0-- guessing data in;
[  598.249773]    program syz-executor.4 not setting count and/or reply_len properly
13:46:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000", 0x23}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:02 executing program 3:
ioctl$F2FS_IOC_WRITE_CHECKPOINT(0xffffffffffffffff, 0xf507, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:46:02 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x4000000000000}}], 0x1, 0x0, 0x0)

13:46:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:46:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 2)

13:46:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 17)

13:46:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 1)

13:46:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

[  607.451901] FAULT_INJECTION: forcing a failure.
[  607.451901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  607.453047] CPU: 1 UID: 0 PID: 6119 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  607.453064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  607.453071] Call Trace:
[  607.453075]  <TASK>
[  607.453080]  dump_stack_lvl+0xfa/0x120
[  607.453108]  should_fail_ex+0x4d7/0x5e0
[  607.453131]  _copy_from_user+0x30/0xd0
[  607.453153]  sg_write.part.0+0x5fe/0xb50
[  607.453171]  ? __pfx_sg_write.part.0+0x10/0x10
[  607.453192]  ? perf_trace_lock+0xb5/0x5d0
[  607.453210]  ? __pfx_perf_trace_lock+0x10/0x10
[  607.453227]  ? lock_acquire+0x15e/0x2f0
[  607.453240]  ? perf_trace_lock+0xb5/0x5d0
[  607.453252]  ? find_held_lock+0x2b/0x80
[  607.453269]  ? get_pid_task+0xfd/0x250
[  607.453291]  ? perf_trace_lock+0xb5/0x5d0
[  607.453304]  ? perf_trace_lock_acquire+0xc9/0x700
[  607.453317]  ? avc_policy_seqno+0x9/0x20
[  607.453334]  ? selinux_file_permission+0x99/0x600
[  607.453356]  sg_write+0x86/0xe0
[  607.453370]  vfs_write+0x2b7/0x1150
[  607.453389]  ? __pfx_sg_write+0x10/0x10
[  607.453402]  ? lock_acquire+0x15e/0x2f0
[  607.453414]  ? __fget_files+0x34/0x3b0
[  607.453432]  ? __pfx_vfs_write+0x10/0x10
[  607.453450]  ? __fget_files+0x203/0x3b0
[  607.453467]  ? lock_release+0xc8/0x290
[  607.453494]  ? __fget_files+0x20d/0x3b0
[  607.453518]  ksys_write+0x121/0x240
[  607.453536]  ? __pfx_ksys_write+0x10/0x10
[  607.453562]  do_syscall_64+0xbf/0x360
[  607.453576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.453589] RIP: 0033:0x7fbb63381b19
[  607.453599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  607.453610] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  607.453622] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  607.453630] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  607.453637] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  607.453644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  607.453651] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  607.453671]  </TASK>
[  607.455717] loop6: detected capacity change from 0 to 64
[  607.504814] FAULT_INJECTION: forcing a failure.
[  607.504814] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  607.506770] CPU: 0 UID: 0 PID: 6112 Comm: syz-executor.4 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  607.506816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  607.506831] Call Trace:
[  607.506839]  <TASK>
[  607.506847]  dump_stack_lvl+0xfa/0x120
[  607.506891]  should_fail_ex+0x4d7/0x5e0
[  607.506935]  _copy_from_user+0x30/0xd0
[  607.506995]  get_sg_io_hdr+0x5c9/0x830
[  607.507033]  ? do_raw_write_lock+0x11c/0x3a0
[  607.507065]  ? find_held_lock+0x2b/0x80
[  607.507097]  ? __pfx_get_sg_io_hdr+0x10/0x10
[  607.507130]  ? lock_release+0xc8/0x290
[  607.507154]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  607.507193]  ? _raw_write_unlock_irqrestore+0x2c/0x50
[  607.507229]  ? sg_add_request+0x25e/0x320
[  607.507271]  sg_new_write.isra.0+0x140/0x9d0
[  607.507297]  ? __pfx_perf_tp_event+0x10/0x10
[  607.507326]  ? __pfx_sg_new_write.isra.0+0x10/0x10
[  607.507351]  ? lock_acquire+0x15e/0x2f0
[  607.507380]  ? get_pid_task+0x29/0x250
[  607.507429]  ? scsi_block_when_processing_errors+0x263/0x430
[  607.507455]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[  607.507478]  ? find_held_lock+0x2b/0x80
[  607.507509]  ? perf_trace_lock_acquire+0xc9/0x700
[  607.507534]  ? lock_is_held_type+0x9e/0x120
[  607.507571]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  607.507602]  sg_ioctl+0x9ea/0x2720
[  607.507629]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  607.507657]  ? __pfx_sg_ioctl+0x10/0x10
[  607.507677]  ? __fget_files+0x34/0x3b0
[  607.507709]  ? find_held_lock+0x2b/0x80
[  607.507740]  ? __fget_files+0x203/0x3b0
[  607.507772]  ? lock_release+0xc8/0x290
[  607.507803]  ? selinux_file_ioctl+0xb9/0x280
[  607.507827]  ? __pfx_sg_ioctl+0x10/0x10
[  607.507852]  __x64_sys_ioctl+0x18f/0x210
[  607.507883]  do_syscall_64+0xbf/0x360
[  607.507907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.507931] RIP: 0033:0x7f4758bacb19
[  607.507948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  607.507969] RSP: 002b:00007f4756122188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  607.507990] RAX: ffffffffffffffda RBX: 00007f4758cbff60 RCX: 00007f4758bacb19
[  607.508005] RDX: 00000000200022c0 RSI: 0000000000002285 RDI: 0000000000000004
[  607.508018] RBP: 00007f47561221d0 R08: 0000000000000000 R09: 0000000000000000
[  607.508031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  607.508044] R13: 00007fffe231463f R14: 00007f4756122300 R15: 0000000000022000
[  607.508076]  </TASK>
[  607.544108] hpet: Lost 2 RTC interrupts
13:46:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 3)

[  607.560912] FAT-fs (loop6): bogus number of FAT sectors
[  607.561825] FAT-fs (loop6): Can't find a valid FAT filesystem
13:46:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x2400}, "", ['\x00']}, 0x120)

13:46:02 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x8000000000000}}], 0x1, 0x0, 0x0)

[  607.605262] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  607.605262]    program syz-executor.2 not setting count and/or reply_len properly
[  607.619455] FAULT_INJECTION: forcing a failure.
[  607.619455] name failslab, interval 1, probability 0, space 0, times 0
[  607.621011] CPU: 1 UID: 0 PID: 6132 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  607.621034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  607.621044] Call Trace:
[  607.621050]  <TASK>
[  607.621056]  dump_stack_lvl+0xfa/0x120
[  607.621092]  should_fail_ex+0x4d7/0x5e0
[  607.621123]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  607.621144]  should_failslab+0xc2/0x120
[  607.621175]  __kmalloc_noprof+0xb4/0x4b0
[  607.621204]  ? perf_trace_lock_acquire+0xc9/0x700
[  607.621223]  ? trace_sched_exit_tp+0xbf/0x100
[  607.621251]  blk_rq_map_user_iov+0x1fd/0x1180
[  607.621271]  ? __lock_acquire+0xc65/0x1b70
[  607.621296]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  607.621321]  ? __pfx___mutex_trylock_common+0x10/0x10
[  607.621344]  ? find_held_lock+0x2b/0x80
[  607.621373]  ? sg_common_write.constprop.0+0xc36/0x1710
[  607.621394]  ? lock_release+0xc8/0x290
[  607.621409]  ? import_ubuf+0x1be/0x220
[  607.621439]  blk_rq_map_user_io+0x1cf/0x200
[  607.621463]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  607.621499]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  607.621531]  ? irq_work_queue+0x9c/0x100
[  607.621552]  ? __asan_memset+0x24/0x50
[  607.621580]  sg_common_write.constprop.0+0xd75/0x1710
[  607.621609]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  607.621629]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  607.621654]  ? ___ratelimit+0x465/0xa10
[  607.621687]  sg_write.part.0+0x6a2/0xb50
[  607.621707]  ? __pfx_sg_write.part.0+0x10/0x10
[  607.621729]  ? __lock_acquire+0x694/0x1b70
[  607.621756]  ? lock_acquire+0x15e/0x2f0
[  607.621772]  ? get_pid_task+0x29/0x250
[  607.621799]  ? find_held_lock+0x2b/0x80
[  607.621822]  ? get_pid_task+0xfd/0x250
[  607.621849]  ? lock_release+0xc8/0x290
[  607.621868]  ? perf_trace_lock_acquire+0xc9/0x700
[  607.621886]  ? get_pid_task+0x107/0x250
[  607.621911]  ? avc_policy_seqno+0x9/0x20
[  607.621934]  ? selinux_file_permission+0x99/0x600
[  607.621958]  sg_write+0x86/0xe0
[  607.621976]  vfs_write+0x2b7/0x1150
[  607.622001]  ? __pfx_sg_write+0x10/0x10
[  607.622020]  ? lock_acquire+0x15e/0x2f0
[  607.622036]  ? __fget_files+0x34/0x3b0
[  607.622060]  ? __pfx_vfs_write+0x10/0x10
[  607.622085]  ? __fget_files+0x203/0x3b0
[  607.622109]  ? lock_release+0xc8/0x290
[  607.622129]  ? __fget_files+0x20d/0x3b0
[  607.622162]  ksys_write+0x121/0x240
[  607.622187]  ? __pfx_ksys_write+0x10/0x10
[  607.622220]  do_syscall_64+0xbf/0x360
[  607.622239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.622256] RIP: 0033:0x7fbb63381b19
[  607.622269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  607.622285] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  607.622302] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  607.622313] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  607.622323] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  607.622333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  607.622343] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  607.622367]  </TASK>
13:46:02 executing program 3:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x200, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0xc0c0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
pidfd_open(r1, 0x0)
r2 = dup2(0xffffffffffffffff, r0)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x4, 0x0, 0x6, 0xda, 0x0, 0x6, 0x80000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f00000001c0), 0x6}, 0x6000, 0xe00, 0x3ff, 0x7, 0xfffffffffffff881, 0x4dd303d, 0x8, 0x0, 0x7ff, 0x0, 0x9}, r1, 0xffffffffffffffff, r2, 0x0)
mknodat$null(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0xa41, 0x103)
open$dir(&(0x7f0000000000)='./file0\x00', 0x80, 0x2)

13:46:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 18)

13:46:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000", 0x23}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  607.737342] sg_write: data in/out 9180/246 bytes for SCSI command 0x0-- guessing data in;
[  607.737342]    program syz-executor.0 not setting count and/or reply_len properly
[  607.760970] FAULT_INJECTION: forcing a failure.
[  607.760970] name failslab, interval 1, probability 0, space 0, times 0
[  607.762702] CPU: 1 UID: 0 PID: 6140 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  607.762726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  607.762736] Call Trace:
[  607.762742]  <TASK>
[  607.762748]  dump_stack_lvl+0xfa/0x120
[  607.762784]  should_fail_ex+0x4d7/0x5e0
[  607.762814]  ? mas_alloc_nodes+0x432/0x8f0
[  607.762840]  should_failslab+0xc2/0x120
[  607.762870]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  607.762894]  ? perf_trace_lock_acquire+0xc9/0x700
[  607.762919]  mas_alloc_nodes+0x432/0x8f0
[  607.762952]  mas_node_count_gfp+0x106/0x140
[  607.762982]  mas_preallocate+0x2af/0x690
[  607.763005]  ? __pfx_mas_preallocate+0x10/0x10
[  607.763033]  ? find_held_lock+0x2b/0x80
[  607.763057]  ? avc_has_perm_noaudit+0x11b/0x3d0
[  607.763086]  vma_link+0x103/0x930
[  607.763110]  ? avc_has_perm_noaudit+0x150/0x3d0
[  607.763136]  ? __pfx_vma_link+0x10/0x10
[  607.763158]  ? selinux_vm_enough_memory+0x108/0x160
[  607.763194]  insert_vm_struct+0xf4/0x2d0
[  607.763222]  create_init_stack_vma+0x1f4/0x600
[  607.763252]  alloc_bprm+0x451/0x6e0
[  607.763279]  do_execveat_common+0x235/0x770
[  607.763305]  ? __pfx_do_execveat_common+0x10/0x10
[  607.763333]  ? getname_flags.part.0+0x1c6/0x540
[  607.763365]  __x64_sys_execveat+0xe4/0x130
[  607.763393]  do_syscall_64+0xbf/0x360
[  607.763412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.763429] RIP: 0033:0x7f40acb77b19
[  607.763442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  607.763457] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  607.763474] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  607.763485] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  607.763495] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  607.763505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  607.763515] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  607.763539]  </TASK>
[  607.792581] loop6: detected capacity change from 0 to 64
[  607.800334] FAT-fs (loop6): bogus number of FAT sectors
[  607.801675] FAT-fs (loop6): Can't find a valid FAT filesystem
13:46:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000", 0x23}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 19)

13:46:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 2)

13:46:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x100000000000000}}], 0x1, 0x0, 0x0)

13:46:12 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x1f48)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x47, 0x80, 0x3, 0x47, 0x0, 0x401, 0x8000, 0x7, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x7, 0xc69}, 0x23, 0xffffffffffff0e60, 0x38, 0x5, 0x35, 0x7, 0xc8e, 0x0, 0x80f3, 0x0, 0x8}, 0x0, 0xd, r0, 0x3)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:46:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 4)

13:46:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x2000000}, "", ['\x00']}, 0x120)

[  617.664045] loop6: detected capacity change from 0 to 64
[  617.672988] FAULT_INJECTION: forcing a failure.
[  617.672988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  617.674741] CPU: 1 UID: 0 PID: 6158 Comm: syz-executor.4 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  617.674770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  617.674783] Call Trace:
[  617.674791]  <TASK>
[  617.674800]  dump_stack_lvl+0xfa/0x120
[  617.674846]  should_fail_ex+0x4d7/0x5e0
[  617.674889]  _copy_from_user+0x30/0xd0
[  617.674930]  sg_new_write.isra.0+0x3db/0x9d0
[  617.674962]  ? __pfx_sg_new_write.isra.0+0x10/0x10
[  617.674988]  ? lock_acquire+0x15e/0x2f0
[  617.675023]  ? perf_trace_lock+0xb5/0x5d0
[  617.675050]  ? scsi_block_when_processing_errors+0x263/0x430
[  617.675078]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[  617.675101]  ? find_held_lock+0x2b/0x80
[  617.675135]  ? perf_trace_lock_acquire+0xc9/0x700
[  617.675162]  ? lock_is_held_type+0x9e/0x120
[  617.675200]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  617.675233]  sg_ioctl+0x9ea/0x2720
[  617.675261]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  617.675290]  ? __pfx_sg_ioctl+0x10/0x10
[  617.675310]  ? __fget_files+0x34/0x3b0
[  617.675343]  ? find_held_lock+0x2b/0x80
[  617.675381]  ? __fget_files+0x203/0x3b0
[  617.675413]  ? lock_release+0xc8/0x290
[  617.675446]  ? selinux_file_ioctl+0xb9/0x280
[  617.675472]  ? __pfx_sg_ioctl+0x10/0x10
[  617.675497]  __x64_sys_ioctl+0x18f/0x210
[  617.675530]  do_syscall_64+0xbf/0x360
[  617.675555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.675578] RIP: 0033:0x7f4758bacb19
[  617.675595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  617.675615] RSP: 002b:00007f4756122188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  617.675637] RAX: ffffffffffffffda RBX: 00007f4758cbff60 RCX: 00007f4758bacb19
[  617.675651] RDX: 00000000200022c0 RSI: 0000000000002285 RDI: 0000000000000004
[  617.675665] RBP: 00007f47561221d0 R08: 0000000000000000 R09: 0000000000000000
[  617.675678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  617.675691] R13: 00007fffe231463f R14: 00007f4756122300 R15: 0000000000022000
[  617.675726]  </TASK>
[  617.711244] FAT-fs (loop6): bogus number of FAT sectors
[  617.712132] FAT-fs (loop6): Can't find a valid FAT filesystem
[  617.720723] sg_write: data in/out 33554396/246 bytes for SCSI command 0x0-- guessing data in;
[  617.720723]    program syz-executor.0 not setting count and/or reply_len properly
[  617.745977] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  617.745977]    program syz-executor.2 not setting count and/or reply_len properly
13:46:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x1400000000000000}}], 0x1, 0x0, 0x0)

13:46:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000000100", 0x26}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 20)

13:46:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x24000000}, "", ['\x00']}, 0x120)

13:46:12 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000040)='./file0\x00', 0x100, 0x103)

13:46:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 5)

[  617.958850] loop6: detected capacity change from 0 to 64
[  617.971756] sg_write: data in/out 603979740/246 bytes for SCSI command 0x0-- guessing data in;
[  617.971756]    program syz-executor.0 not setting count and/or reply_len properly
[  617.977855] FAULT_INJECTION: forcing a failure.
[  617.977855] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  617.979884] CPU: 1 UID: 0 PID: 6183 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  617.979913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  617.979926] Call Trace:
[  617.979934]  <TASK>
[  617.979943]  dump_stack_lvl+0xfa/0x120
[  617.979989]  should_fail_ex+0x4d7/0x5e0
[  617.980029]  should_fail_alloc_page+0xe0/0x110
[  617.980070]  prepare_alloc_pages+0x1af/0x500
[  617.980095]  ? kernel_text_address+0x5b/0xc0
[  617.980124]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  617.980160]  ? perf_trace_lock_acquire+0xc9/0x700
[  617.980192]  ? __lock_acquire+0x694/0x1b70
[  617.980217]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  617.980258]  ? lock_acquire+0x15e/0x2f0
[  617.980279]  ? __is_insn_slot_addr+0x2e/0x290
[  617.980313]  ? find_held_lock+0x2b/0x80
[  617.980344]  ? __is_insn_slot_addr+0x136/0x290
[  617.980384]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  617.980411]  ? policy_nodemask+0xeb/0x4e0
[  617.980443]  alloc_pages_mpol+0xed/0x340
[  617.980471]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  617.980503]  ? mtree_range_walk+0x74a/0xb90
[  617.980542]  alloc_pages_noprof+0xa1/0x380
[  617.980572]  __pud_alloc+0x3f/0x7c0
[  617.980606]  __handle_mm_fault+0xbb3/0x30f0
[  617.980633]  ? mt_find+0x64c/0x870
[  617.980656]  ? __pfx_mt_find+0x10/0x10
[  617.980676]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  617.980717]  ? __pfx___handle_mm_fault+0x10/0x10
[  617.980764]  ? find_vma+0xbf/0x140
[  617.980787]  ? __pfx_find_vma+0x10/0x10
[  617.980808]  ? __asan_memset+0x24/0x50
[  617.980846]  handle_mm_fault+0x2c3/0x900
[  617.980883]  __get_user_pages+0x58a/0x2f10
[  617.980931]  ? __pfx_mas_store_prealloc+0x10/0x10
[  617.980964]  ? __pfx___get_user_pages+0x10/0x10
[  617.981000]  ? lock_is_held_type+0x9e/0x120
[  617.981040]  get_user_pages_remote+0x285/0xaf0
[  617.981075]  ? down_read+0x1b1/0x470
[  617.981100]  ? __pfx_get_user_pages_remote+0x10/0x10
[  617.981131]  ? __pfx_vma_link+0x10/0x10
[  617.981163]  ? selinux_vm_enough_memory+0x108/0x160
[  617.981202]  get_arg_page+0xeb/0x310
[  617.981235]  ? __pfx_get_arg_page+0x10/0x10
[  617.981264]  ? up_write+0x195/0x520
[  617.981288]  ? lock_is_held_type+0x9e/0x120
[  617.981322]  ? count.constprop.0+0x1b9/0x290
[  617.981357]  copy_string_kernel+0x196/0x510
[  617.981398]  do_execveat_common+0x35a/0x770
[  617.981431]  ? __pfx_do_execveat_common+0x10/0x10
[  617.981469]  ? getname_flags.part.0+0x1c6/0x540
[  617.981502]  __x64_sys_execveat+0xe4/0x130
[  617.981541]  do_syscall_64+0xbf/0x360
[  617.981565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.981587] RIP: 0033:0x7f40acb77b19
[  617.981621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  617.981641] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  617.981662] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  617.981677] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  617.981690] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  617.981703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  617.981716] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  617.981749]  </TASK>
[  617.989203] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  618.003589] sg_write: data in/out 603979740/246 bytes for SCSI command 0x0-- guessing data in;
[  618.003589]    program syz-executor.0 not setting count and/or reply_len properly
[  618.040891] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  618.040891]    program syz-executor.2 not setting count and/or reply_len properly
[  618.053705] FAULT_INJECTION: forcing a failure.
[  618.053705] name failslab, interval 1, probability 0, space 0, times 0
[  618.055584] CPU: 0 UID: 0 PID: 6188 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  618.055617] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  618.055631] Call Trace:
[  618.055639]  <TASK>
[  618.055648]  dump_stack_lvl+0xfa/0x120
[  618.055696]  should_fail_ex+0x4d7/0x5e0
[  618.055732]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  618.055778]  ? bio_kmalloc+0x3e/0x70
[  618.055816]  should_failslab+0xc2/0x120
[  618.055857]  __kmalloc_noprof+0xb4/0x4b0
[  618.055891]  ? trace_kmalloc+0x1f/0xb0
[  618.055914]  ? __kmalloc_noprof+0x215/0x4b0
[  618.055951]  bio_kmalloc+0x3e/0x70
[  618.055991]  blk_rq_map_user_iov+0x390/0x1180
[  618.056035]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  618.056069]  ? __pfx___mutex_trylock_common+0x10/0x10
[  618.056104]  ? find_held_lock+0x2b/0x80
[  618.056138]  ? sg_common_write.constprop.0+0xc36/0x1710
[  618.056167]  ? lock_release+0xc8/0x290
[  618.056188]  ? import_ubuf+0x1be/0x220
[  618.056230]  blk_rq_map_user_io+0x1cf/0x200
[  618.056264]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  618.056295]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  618.056339]  ? irq_work_queue+0x9c/0x100
[  618.056377]  ? __asan_memset+0x24/0x50
[  618.056418]  sg_common_write.constprop.0+0xd75/0x1710
[  618.056458]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  618.056487]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  618.056522]  ? ___ratelimit+0x465/0xa10
[  618.056568]  sg_write.part.0+0x6a2/0xb50
[  618.056598]  ? __pfx_sg_write.part.0+0x10/0x10
[  618.056629]  ? __lock_acquire+0x694/0x1b70
[  618.056661]  ? __pfx_perf_tp_event+0x10/0x10
[  618.056694]  ? lock_acquire+0x15e/0x2f0
[  618.056717]  ? get_pid_task+0x29/0x250
[  618.056758]  ? get_pid_task+0xfd/0x250
[  618.056796]  ? lock_release+0xc8/0x290
[  618.056824]  ? perf_trace_lock_acquire+0xc9/0x700
[  618.056848]  ? get_pid_task+0x107/0x250
[  618.056884]  ? avc_policy_seqno+0x9/0x20
[  618.056915]  ? selinux_file_permission+0x99/0x600
[  618.056948]  sg_write+0x86/0xe0
[  618.056975]  vfs_write+0x2b7/0x1150
[  618.057010]  ? __pfx_sg_write+0x10/0x10
[  618.057036]  ? lock_acquire+0x15e/0x2f0
[  618.057059]  ? __fget_files+0x34/0x3b0
[  618.057094]  ? __pfx_vfs_write+0x10/0x10
[  618.057129]  ? __fget_files+0x203/0x3b0
[  618.057162]  ? lock_release+0xc8/0x290
[  618.057191]  ? __fget_files+0x20d/0x3b0
[  618.057237]  ksys_write+0x121/0x240
[  618.057273]  ? __pfx_ksys_write+0x10/0x10
[  618.057321]  do_syscall_64+0xbf/0x360
[  618.057347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.057372] RIP: 0033:0x7fbb63381b19
[  618.057390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  618.057412] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  618.057435] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  618.057451] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  618.057465] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  618.057479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  618.057493] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  618.057527]  </TASK>
[  618.102796] hpet: Lost 2 RTC interrupts
13:46:23 executing program 1:
clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(0x0, 0x0)

13:46:23 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0xffffff7f00000000}}], 0x1, 0x0, 0x0)

13:46:23 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/llc/core\x00')
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x37c}}, './file0\x00'})
perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x20, 0x7f, 0x3f, 0x7, 0x0, 0x7, 0x30600, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000000), 0xd}, 0x9, 0x7, 0xfffffff7, 0x3, 0x4, 0x7, 0x6, 0x0, 0x8, 0x0, 0x7}, 0xffffffffffffffff, 0x1, r1, 0x1)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)

13:46:23 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 6)

13:46:23 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0xbfffffff}, "", ['\x00']}, 0x120)

13:46:23 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000", 0x24}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:23 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 21)

13:46:23 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 3)

[  628.123952] loop6: detected capacity change from 0 to 64
13:46:23 executing program 1:
clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(0x0, 0x0)

[  628.132258] FAULT_INJECTION: forcing a failure.
[  628.132258] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  628.133013] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  628.133013]    program syz-executor.2 not setting count and/or reply_len properly
[  628.133310] CPU: 1 UID: 0 PID: 6208 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  628.133327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  628.133335] Call Trace:
[  628.133340]  <TASK>
[  628.133345]  dump_stack_lvl+0xfa/0x120
[  628.133379]  should_fail_ex+0x4d7/0x5e0
[  628.133405]  should_fail_alloc_page+0xe0/0x110
[  628.133429]  prepare_alloc_pages+0x1af/0x500
[  628.133448]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  628.133469]  ? perf_trace_lock_acquire+0xc9/0x700
[  628.133490]  ? perf_trace_lock+0xb5/0x5d0
[  628.133504]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  628.133524]  ? look_up_lock_class+0x56/0x150
[  628.133547]  ? perf_trace_lock_acquire+0xc9/0x700
[  628.133566]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  628.133583]  ? policy_nodemask+0xeb/0x4e0
[  628.133601]  alloc_pages_mpol+0xed/0x340
[  628.133617]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  628.133634]  ? find_held_lock+0x2b/0x80
[  628.133651]  ? __pud_alloc+0x571/0x7c0
[  628.133671]  alloc_pages_noprof+0xa1/0x380
[  628.133688]  __pmd_alloc+0x3b/0x980
[  628.133718]  __handle_mm_fault+0xcae/0x30f0
[  628.133737]  ? __pfx_mt_find+0x10/0x10
[  628.133748]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  628.133773]  ? __pfx___handle_mm_fault+0x10/0x10
[  628.133801]  ? find_vma+0xbf/0x140
[  628.133814]  ? __pfx_find_vma+0x10/0x10
[  628.133826]  ? __asan_memset+0x24/0x50
[  628.133848]  handle_mm_fault+0x2c3/0x900
[  628.133869]  __get_user_pages+0x58a/0x2f10
[  628.133897]  ? __pfx_mas_store_prealloc+0x10/0x10
[  628.133912]  ? __pfx_perf_trace_lock+0x10/0x10
[  628.133928]  ? __pfx___get_user_pages+0x10/0x10
[  628.133949]  ? lock_is_held_type+0x9e/0x120
[  628.133970]  get_user_pages_remote+0x285/0xaf0
[  628.133990]  ? down_read+0x1b1/0x470
[  628.134005]  ? __pfx_get_user_pages_remote+0x10/0x10
[  628.134022]  ? __pfx_vma_link+0x10/0x10
[  628.134039]  ? selinux_vm_enough_memory+0x108/0x160
[  628.134063]  get_arg_page+0xeb/0x310
[  628.134083]  ? __pfx_get_arg_page+0x10/0x10
[  628.134099]  ? up_write+0x195/0x520
[  628.134112]  ? lock_is_held_type+0x9e/0x120
[  628.134131]  ? count.constprop.0+0x1b9/0x290
[  628.134151]  copy_string_kernel+0x196/0x510
[  628.134175]  do_execveat_common+0x35a/0x770
[  628.134194]  ? __pfx_do_execveat_common+0x10/0x10
[  628.134215]  ? getname_flags.part.0+0x1c6/0x540
[  628.134235]  __x64_sys_execveat+0xe4/0x130
[  628.134257]  do_syscall_64+0xbf/0x360
[  628.134270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.134283] RIP: 0033:0x7f40acb77b19
[  628.134293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  628.134304] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  628.134316] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  628.134324] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  628.134332] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  628.134339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  628.134347] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  628.134367]  </TASK>
[  628.172788] FAT-fs (loop6): bogus number of FAT sectors
[  628.174596] FAT-fs (loop6): Can't find a valid FAT filesystem
[  628.178396] FAULT_INJECTION: forcing a failure.
[  628.178396] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  628.179291] CPU: 0 UID: 0 PID: 6204 Comm: syz-executor.4 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  628.179307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  628.179314] Call Trace:
[  628.179319]  <TASK>
[  628.179326]  dump_stack_lvl+0xfa/0x120
[  628.179358]  should_fail_ex+0x4d7/0x5e0
[  628.179381]  _copy_to_user+0x32/0xd0
[  628.179404]  put_sg_io_hdr+0x50a/0x660
[  628.179425]  ? __pfx_put_sg_io_hdr+0x10/0x10
[  628.179445]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  628.179470]  ? find_held_lock+0x2b/0x80
[  628.179489]  sg_new_read+0x2f8/0x5f0
[  628.179502]  ? _raw_write_unlock_irq+0x23/0x40
[  628.179524]  sg_ioctl+0x2075/0x2720
[  628.179541]  ? __pfx_sg_ioctl+0x10/0x10
[  628.179552]  ? __fget_files+0x34/0x3b0
[  628.179572]  ? __fget_files+0x203/0x3b0
[  628.179589]  ? __pfx_autoremove_wake_function+0x10/0x10
[  628.179609]  ? selinux_file_ioctl+0xb9/0x280
[  628.179623]  ? __pfx_sg_ioctl+0x10/0x10
[  628.179637]  __x64_sys_ioctl+0x18f/0x210
[  628.179655]  do_syscall_64+0xbf/0x360
[  628.179669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.179682] RIP: 0033:0x7f4758bacb19
[  628.179692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  628.179703] RSP: 002b:00007f4756122188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  628.179715] RAX: ffffffffffffffda RBX: 00007f4758cbff60 RCX: 00007f4758bacb19
[  628.179723] RDX: 00000000200022c0 RSI: 0000000000002285 RDI: 0000000000000004
[  628.179730] RBP: 00007f47561221d0 R08: 0000000000000000 R09: 0000000000000000
[  628.179738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.179745] R13: 00007fffe231463f R14: 00007f4756122300 R15: 0000000000022000
[  628.179762]  </TASK>
13:46:23 executing program 1:
clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(0x0, 0x0)

13:46:23 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0xffffffbf}, "", ['\x00']}, 0x120)

13:46:23 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000", 0x24}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:23 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 4)

13:46:23 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 22)

[  628.288003] loop6: detected capacity change from 0 to 64
[  628.293612] FAT-fs (loop6): bogus number of FAT sectors
[  628.294084] FAT-fs (loop6): Can't find a valid FAT filesystem
[  628.316173] FAULT_INJECTION: forcing a failure.
[  628.316173] name failslab, interval 1, probability 0, space 0, times 0
[  628.317221] CPU: 1 UID: 0 PID: 6230 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  628.317238] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  628.317246] Call Trace:
[  628.317250]  <TASK>
[  628.317255]  dump_stack_lvl+0xfa/0x120
[  628.317282]  should_fail_ex+0x4d7/0x5e0
[  628.317304]  ? __pmd_alloc+0x98/0x980
[  628.317320]  should_failslab+0xc2/0x120
[  628.317341]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  628.317369]  __pmd_alloc+0x98/0x980
[  628.317386]  __handle_mm_fault+0xcae/0x30f0
[  628.317404]  ? __pfx_mt_find+0x10/0x10
[  628.317416]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  628.317441]  ? __pfx___handle_mm_fault+0x10/0x10
[  628.317467]  ? find_vma+0xbf/0x140
[  628.317479]  ? __pfx_find_vma+0x10/0x10
[  628.317491]  ? __asan_memset+0x24/0x50
[  628.317512]  handle_mm_fault+0x2c3/0x900
[  628.317533]  __get_user_pages+0x58a/0x2f10
[  628.317559]  ? __pfx_mas_store_prealloc+0x10/0x10
[  628.317577]  ? __pfx___get_user_pages+0x10/0x10
[  628.317597]  ? lock_is_held_type+0x9e/0x120
[  628.317620]  get_user_pages_remote+0x285/0xaf0
[  628.317638]  ? down_read+0x1b1/0x470
[  628.317653]  ? __pfx_get_user_pages_remote+0x10/0x10
[  628.317670]  ? __pfx_vma_link+0x10/0x10
[  628.317688]  ? selinux_vm_enough_memory+0x108/0x160
[  628.317722]  get_arg_page+0xeb/0x310
[  628.317741]  ? __pfx_get_arg_page+0x10/0x10
[  628.317757]  ? up_write+0x195/0x520
[  628.317771]  ? lock_is_held_type+0x9e/0x120
[  628.317790]  ? count.constprop.0+0x1b9/0x290
[  628.317810]  copy_string_kernel+0x196/0x510
[  628.317832]  do_execveat_common+0x35a/0x770
[  628.317850]  ? __pfx_do_execveat_common+0x10/0x10
[  628.317870]  ? getname_flags.part.0+0x1c6/0x540
[  628.317889]  __x64_sys_execveat+0xe4/0x130
[  628.317910]  do_syscall_64+0xbf/0x360
[  628.317924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.317937] RIP: 0033:0x7f40acb77b19
[  628.317946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  628.317957] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  628.317969] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  628.317978] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  628.317985] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  628.317992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  628.318000] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  628.318018]  </TASK>
[  628.320806] FAULT_INJECTION: forcing a failure.
[  628.320806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  628.341025] CPU: 0 UID: 0 PID: 6231 Comm: syz-executor.4 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  628.341043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  628.341051] Call Trace:
[  628.341056]  <TASK>
[  628.341061]  dump_stack_lvl+0xfa/0x120
[  628.341089]  should_fail_ex+0x4d7/0x5e0
[  628.341113]  _copy_to_user+0x32/0xd0
[  628.341136]  simple_read_from_buffer+0xe0/0x180
[  628.341156]  proc_fail_nth_read+0x18a/0x240
[  628.341177]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  628.341197]  ? security_file_permission+0x22/0x90
[  628.341216]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  628.341235]  vfs_read+0x1eb/0xc70
[  628.341258]  ? __pfx_vfs_read+0x10/0x10
[  628.341278]  ? lock_release+0xc8/0x290
[  628.341295]  ? __fget_files+0x20d/0x3b0
[  628.341321]  ksys_read+0x121/0x240
[  628.341339]  ? __pfx_ksys_read+0x10/0x10
[  628.341369]  do_syscall_64+0xbf/0x360
[  628.341384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.341397] RIP: 0033:0x7f4758b5f69c
[  628.341407] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  628.341418] RSP: 002b:00007f4756122170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  628.341431] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4758b5f69c
[  628.341439] RDX: 000000000000000f RSI: 00007f47561221e0 RDI: 0000000000000006
[  628.341447] RBP: 00007f47561221d0 R08: 0000000000000000 R09: 0000000000000000
[  628.341454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.341461] R13: 00007fffe231463f R14: 00007f4756122300 R15: 0000000000022000
[  628.341479]  </TASK>
13:46:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:46:33 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x0, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 23)

13:46:33 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:46:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}], 0x1, 0x0, 0x0)

13:46:33 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
ioctl$FICLONE(r1, 0x40049409, 0xffffffffffffffff)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
openat$cgroup_freezer_state(r0, &(0x7f0000000040), 0x2, 0x0)

13:46:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 7)

13:46:33 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000", 0x24}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  638.409927] loop6: detected capacity change from 0 to 64
[  638.410781] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  638.410781]    program syz-executor.2 not setting count and/or reply_len properly
[  638.422872] FAULT_INJECTION: forcing a failure.
[  638.422872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  638.424938] CPU: 0 UID: 0 PID: 6245 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  638.424970] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  638.424983] Call Trace:
[  638.424991]  <TASK>
[  638.424999]  dump_stack_lvl+0xfa/0x120
[  638.425046]  should_fail_ex+0x4d7/0x5e0
[  638.425086]  _copy_from_iter+0x1dc/0x15b0
[  638.425130]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  638.425169]  ? __pfx__copy_from_iter+0x10/0x10
[  638.425208]  ? find_held_lock+0x2b/0x80
[  638.425240]  ? __create_object+0x59/0x80
[  638.425269]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  638.425302]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  638.425343]  copy_page_from_iter+0xe3/0x180
[  638.425395]  bio_copy_from_iter+0x108/0x270
[  638.425434]  blk_rq_map_user_iov+0xc07/0x1180
[  638.425475]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  638.425508]  ? __pfx___mutex_trylock_common+0x10/0x10
[  638.425540]  ? find_held_lock+0x2b/0x80
[  638.425571]  ? sg_common_write.constprop.0+0xc36/0x1710
[  638.425598]  ? lock_release+0xc8/0x290
[  638.425618]  ? import_ubuf+0x1be/0x220
[  638.425657]  blk_rq_map_user_io+0x1cf/0x200
[  638.425688]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  638.425717]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  638.425758]  ? irq_work_queue+0x9c/0x100
[  638.425786]  ? __asan_memset+0x24/0x50
[  638.425843]  sg_common_write.constprop.0+0xd75/0x1710
[  638.425881]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  638.425908]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  638.425941]  ? ___ratelimit+0x465/0xa10
[  638.425984]  sg_write.part.0+0x6a2/0xb50
[  638.426011]  ? __pfx_sg_write.part.0+0x10/0x10
[  638.426041]  ? __lock_acquire+0x694/0x1b70
[  638.426076]  ? lock_acquire+0x15e/0x2f0
[  638.426098]  ? get_pid_task+0x29/0x250
[  638.426134]  ? find_held_lock+0x2b/0x80
[  638.426165]  ? get_pid_task+0xfd/0x250
[  638.426201]  ? lock_release+0xc8/0x290
[  638.426228]  ? perf_trace_lock_acquire+0xc9/0x700
[  638.426251]  ? get_pid_task+0x107/0x250
[  638.426284]  ? avc_policy_seqno+0x9/0x20
[  638.426314]  ? selinux_file_permission+0x99/0x600
[  638.426346]  sg_write+0x86/0xe0
[  638.426371]  vfs_write+0x2b7/0x1150
[  638.426403]  ? __pfx_sg_write+0x10/0x10
[  638.426427]  ? lock_acquire+0x15e/0x2f0
[  638.426449]  ? __fget_files+0x34/0x3b0
[  638.426481]  ? __pfx_vfs_write+0x10/0x10
[  638.426514]  ? __fget_files+0x203/0x3b0
[  638.426546]  ? lock_release+0xc8/0x290
[  638.426572]  ? __fget_files+0x20d/0x3b0
[  638.426616]  ksys_write+0x121/0x240
[  638.426650]  ? __pfx_ksys_write+0x10/0x10
[  638.426695]  do_syscall_64+0xbf/0x360
[  638.426720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.426743] RIP: 0033:0x7fbb63381b19
[  638.426761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  638.426782] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  638.426805] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  638.426819] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  638.426833] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  638.426846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.426859] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  638.426892]  </TASK>
[  638.474716] hpet: Lost 2 RTC interrupts
[  638.509504] FAT-fs (loop6): bogus number of FAT sectors
[  638.510470] FAT-fs (loop6): Can't find a valid FAT filesystem
13:46:33 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x0, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}], 0x1, 0x0, 0x0)

13:46:33 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:46:33 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 24)

13:46:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:46:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 8)

[  638.758014] FAULT_INJECTION: forcing a failure.
[  638.758014] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  638.759838] CPU: 1 UID: 0 PID: 6270 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  638.759868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  638.759881] Call Trace:
[  638.759889]  <TASK>
[  638.759898]  dump_stack_lvl+0xfa/0x120
[  638.759944]  should_fail_ex+0x4d7/0x5e0
[  638.759985]  should_fail_alloc_page+0xe0/0x110
[  638.760026]  prepare_alloc_pages+0x1af/0x500
[  638.760051]  ? find_held_lock+0x2b/0x80
[  638.760087]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  638.760124]  ? __is_insn_slot_addr+0x140/0x290
[  638.760161]  ? kernel_text_address+0x5b/0xc0
[  638.760187]  ? __kernel_text_address+0xd/0x40
[  638.760210]  ? unwind_get_return_address+0x59/0xa0
[  638.760245]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  638.760273]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  638.760318]  ? __lock_acquire+0xc65/0x1b70
[  638.760343]  ? perf_trace_lock_acquire+0xc9/0x700
[  638.760375]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  638.760403]  ? policy_nodemask+0xeb/0x4e0
[  638.760435]  alloc_pages_mpol+0xed/0x340
[  638.760463]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  638.760503]  alloc_pages_noprof+0xa1/0x380
[  638.760533]  pte_alloc_one+0x1e/0x360
[  638.760566]  __pte_alloc+0x6c/0x360
[  638.760592]  ? __pfx___pte_alloc+0x10/0x10
[  638.760618]  ? _raw_spin_unlock+0x1e/0x40
[  638.760649]  ? __pmd_alloc+0x3f9/0x980
[  638.760681]  __handle_mm_fault+0x24bf/0x30f0
[  638.760714]  ? __pfx_mt_find+0x10/0x10
[  638.760734]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  638.760776]  ? __pfx___handle_mm_fault+0x10/0x10
[  638.760823]  ? find_vma+0xbf/0x140
[  638.760847]  ? __pfx_find_vma+0x10/0x10
[  638.760868]  ? __asan_memset+0x24/0x50
[  638.760907]  handle_mm_fault+0x2c3/0x900
[  638.760945]  __get_user_pages+0x58a/0x2f10
[  638.760992]  ? __pfx_mas_store_prealloc+0x10/0x10
[  638.761026]  ? __pfx___get_user_pages+0x10/0x10
[  638.761063]  ? lock_is_held_type+0x9e/0x120
[  638.761104]  get_user_pages_remote+0x285/0xaf0
[  638.761138]  ? down_read+0x1b1/0x470
[  638.761163]  ? __pfx_get_user_pages_remote+0x10/0x10
[  638.761195]  ? __pfx_vma_link+0x10/0x10
[  638.761226]  ? selinux_vm_enough_memory+0x108/0x160
[  638.761266]  get_arg_page+0xeb/0x310
[  638.761299]  ? __pfx_get_arg_page+0x10/0x10
[  638.761330]  ? up_write+0x195/0x520
[  638.761353]  ? lock_is_held_type+0x9e/0x120
[  638.761388]  ? count.constprop.0+0x1b9/0x290
[  638.761424]  copy_string_kernel+0x196/0x510
[  638.761464]  do_execveat_common+0x35a/0x770
[  638.761498]  ? __pfx_do_execveat_common+0x10/0x10
[  638.761536]  ? getname_flags.part.0+0x1c6/0x540
[  638.761570]  __x64_sys_execveat+0xe4/0x130
[  638.761609]  do_syscall_64+0xbf/0x360
[  638.761633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.761656] RIP: 0033:0x7f40acb77b19
[  638.761673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  638.761694] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  638.761716] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  638.761731] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  638.761744] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  638.761758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  638.761771] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  638.761818]  </TASK>
13:46:33 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x0, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:33 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:33 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r2 = getpid()
pidfd_open(r2, 0x0)
ptrace(0x4207, r2)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x3, 0x2, 0xe6, 0xbc, 0x0, 0x80000001, 0x220, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000040), 0x9}, 0x428c, 0x1, 0x80000001, 0x0, 0xfffffffffffffc90, 0x2, 0x3, 0x0, 0x7, 0x0, 0xde2}, 0xffffffffffffffff, 0xe, r0, 0xa)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:46:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x14}}], 0x1, 0x0, 0x0)

[  638.862123] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  638.862123]    program syz-executor.2 not setting count and/or reply_len properly
[  638.875340] FAULT_INJECTION: forcing a failure.
[  638.875340] name failslab, interval 1, probability 0, space 0, times 0
[  638.877741] CPU: 1 UID: 0 PID: 6280 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  638.877771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  638.877783] Call Trace:
[  638.877791]  <TASK>
[  638.877800]  dump_stack_lvl+0xfa/0x120
[  638.877855]  should_fail_ex+0x4d7/0x5e0
[  638.877893]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  638.877921]  should_failslab+0xc2/0x120
[  638.877958]  __kmalloc_noprof+0xb4/0x4b0
[  638.877998]  blk_rq_map_user_iov+0x1fd/0x1180
[  638.878037]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  638.878070]  ? __pfx___mutex_trylock_common+0x10/0x10
[  638.878101]  ? find_held_lock+0x2b/0x80
[  638.878131]  ? sg_common_write.constprop.0+0xc36/0x1710
[  638.878158]  ? lock_release+0xc8/0x290
[  638.878178]  ? import_ubuf+0x1be/0x220
[  638.878218]  blk_rq_map_user_io+0x1cf/0x200
[  638.878249]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  638.878278]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  638.878319]  ? irq_work_queue+0x9c/0x100
[  638.878347]  ? __asan_memset+0x24/0x50
[  638.878391]  sg_common_write.constprop.0+0xd75/0x1710
[  638.878429]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  638.878456]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  638.878488]  ? ___ratelimit+0x465/0xa10
[  638.878531]  sg_write.part.0+0x6a2/0xb50
[  638.878558]  ? __pfx_sg_write.part.0+0x10/0x10
[  638.878587]  ? __lock_acquire+0x694/0x1b70
[  638.878623]  ? lock_acquire+0x15e/0x2f0
[  638.878644]  ? get_pid_task+0x29/0x250
[  638.878681]  ? find_held_lock+0x2b/0x80
[  638.878711]  ? get_pid_task+0xfd/0x250
[  638.878746]  ? lock_release+0xc8/0x290
[  638.878772]  ? perf_trace_lock_acquire+0xc9/0x700
[  638.878795]  ? get_pid_task+0x107/0x250
[  638.878828]  ? avc_policy_seqno+0x9/0x20
[  638.878857]  ? selinux_file_permission+0x99/0x600
[  638.878889]  sg_write+0x86/0xe0
[  638.878914]  vfs_write+0x2b7/0x1150
[  638.878946]  ? __pfx_sg_write+0x10/0x10
[  638.878971]  ? lock_acquire+0x15e/0x2f0
[  638.878992]  ? __fget_files+0x34/0x3b0
[  638.879025]  ? __pfx_vfs_write+0x10/0x10
[  638.879058]  ? __fget_files+0x203/0x3b0
[  638.879089]  ? lock_release+0xc8/0x290
[  638.879116]  ? __fget_files+0x20d/0x3b0
[  638.879159]  ksys_write+0x121/0x240
[  638.879192]  ? __pfx_ksys_write+0x10/0x10
[  638.879237]  do_syscall_64+0xbf/0x360
[  638.879261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.879284] RIP: 0033:0x7fbb63381b19
[  638.879300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  638.879321] RSP: 002b:00007fbb608d6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  638.879343] RAX: ffffffffffffffda RBX: 00007fbb63495020 RCX: 00007fbb63381b19
[  638.879358] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  638.879371] RBP: 00007fbb608d61d0 R08: 0000000000000000 R09: 0000000000000000
[  638.879385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.879398] R13: 00007ffdd8f6230f R14: 00007fbb608d6300 R15: 0000000000022000
[  638.879430]  </TASK>
13:46:34 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

[  638.946901] loop6: detected capacity change from 0 to 64
[  638.967488] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:46:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:34 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x2400}, "", ['\x00']}, 0x120)

13:46:34 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000", 0x24}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:34 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1400}}], 0x1, 0x0, 0x0)

[  639.191614] loop6: detected capacity change from 0 to 64
[  639.205195] FAT-fs (loop6): bogus number of FAT sectors
[  639.206257] FAT-fs (loop6): Can't find a valid FAT filesystem
13:46:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 25)

13:46:44 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:44 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x1, 0x0, 0x0)

13:46:44 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x1267, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:46:44 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mknodat$null(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:46:44 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x2000000}, "", ['\x00']}, 0x120)

13:46:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000", 0x24}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:46:44 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 9)

[  648.976727] FAULT_INJECTION: forcing a failure.
[  648.976727] name failslab, interval 1, probability 0, space 0, times 0
[  648.978455] CPU: 1 UID: 0 PID: 6314 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  648.978484] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  648.978496] Call Trace:
[  648.978504]  <TASK>
[  648.978513]  dump_stack_lvl+0xfa/0x120
[  648.978557]  should_fail_ex+0x4d7/0x5e0
[  648.978595]  ? ptlock_alloc+0x21/0x70
[  648.978627]  should_failslab+0xc2/0x120
[  648.978664]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  648.978705]  ptlock_alloc+0x21/0x70
[  648.978738]  pte_alloc_one+0x86/0x360
[  648.978772]  __pte_alloc+0x6c/0x360
[  648.978796]  ? __pfx___pte_alloc+0x10/0x10
[  648.978823]  ? _raw_spin_unlock+0x1e/0x40
[  648.978853]  ? __pmd_alloc+0x3f9/0x980
[  648.978885]  __handle_mm_fault+0x24bf/0x30f0
[  648.978918]  ? __pfx_mt_find+0x10/0x10
[  648.978937]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  648.978976]  ? __pfx___handle_mm_fault+0x10/0x10
[  648.979024]  ? find_vma+0xbf/0x140
[  648.979046]  ? __pfx_find_vma+0x10/0x10
[  648.979067]  ? __asan_memset+0x24/0x50
[  648.979106]  handle_mm_fault+0x2c3/0x900
[  648.979143]  __get_user_pages+0x58a/0x2f10
[  648.979191]  ? __pfx_mas_store_prealloc+0x10/0x10
[  648.979224]  ? __pfx___get_user_pages+0x10/0x10
[  648.979261]  ? lock_is_held_type+0x9e/0x120
[  648.979301]  get_user_pages_remote+0x285/0xaf0
[  648.979335]  ? down_read+0x1b1/0x470
[  648.979367]  ? __pfx_get_user_pages_remote+0x10/0x10
[  648.979399]  ? __pfx_vma_link+0x10/0x10
[  648.979445]  get_arg_page+0xeb/0x310
[  648.979477]  ? __pfx_get_arg_page+0x10/0x10
[  648.979507]  ? up_write+0x195/0x520
[  648.979532]  ? lock_is_held_type+0x9e/0x120
[  648.979566]  ? count.constprop.0+0x1b9/0x290
[  648.979602]  copy_string_kernel+0x196/0x510
[  648.979643]  do_execveat_common+0x35a/0x770
[  648.979676]  ? __pfx_do_execveat_common+0x10/0x10
[  648.979714]  ? getname_flags.part.0+0x1c6/0x540
[  648.979748]  __x64_sys_execveat+0xe4/0x130
[  648.979786]  do_syscall_64+0xbf/0x360
[  648.979810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.979833] RIP: 0033:0x7f40acb77b19
[  648.979850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  648.979870] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  648.979892] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  648.979906] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  648.979920] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  648.979933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  648.979946] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  648.979979]  </TASK>
[  649.023686] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  649.023686]    program syz-executor.2 not setting count and/or reply_len properly
[  649.044847] loop6: detected capacity change from 0 to 64
[  649.076630] FAT-fs (loop6): bogus number of FAT sectors
[  649.077702] FAT-fs (loop6): Can't find a valid FAT filesystem
13:46:44 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}}], 0x1, 0x0, 0x0)

13:46:44 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x24000000}, "", ['\x00']}, 0x120)

13:46:44 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:44 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 10)

[  649.308599] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  649.308599]    program syz-executor.2 not setting count and/or reply_len properly
[  649.317177] FAULT_INJECTION: forcing a failure.
[  649.317177] name failslab, interval 1, probability 0, space 0, times 0
[  649.319100] CPU: 1 UID: 0 PID: 6343 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  649.319134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  649.319148] Call Trace:
[  649.319157]  <TASK>
[  649.319166]  dump_stack_lvl+0xfa/0x120
[  649.319215]  should_fail_ex+0x4d7/0x5e0
[  649.319251]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  649.319296]  ? bio_kmalloc+0x3e/0x70
[  649.319334]  should_failslab+0xc2/0x120
[  649.319385]  __kmalloc_noprof+0xb4/0x4b0
[  649.319419]  ? trace_kmalloc+0x1f/0xb0
[  649.319442]  ? __kmalloc_noprof+0x215/0x4b0
[  649.319480]  bio_kmalloc+0x3e/0x70
[  649.319520]  blk_rq_map_user_iov+0x390/0x1180
[  649.319565]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  649.319600]  ? __pfx___mutex_trylock_common+0x10/0x10
[  649.319635]  ? find_held_lock+0x2b/0x80
[  649.319669]  ? sg_common_write.constprop.0+0xc36/0x1710
[  649.319698]  ? lock_release+0xc8/0x290
[  649.319725]  ? import_ubuf+0x1be/0x220
[  649.319785]  blk_rq_map_user_io+0x1cf/0x200
[  649.319819]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  649.319851]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  649.319897]  ? irq_work_queue+0x9c/0x100
[  649.319927]  ? __asan_memset+0x24/0x50
[  649.319968]  sg_common_write.constprop.0+0xd75/0x1710
[  649.320009]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  649.320039]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  649.320075]  ? ___ratelimit+0x465/0xa10
[  649.320121]  sg_write.part.0+0x6a2/0xb50
[  649.320152]  ? __pfx_sg_write.part.0+0x10/0x10
[  649.320184]  ? __lock_acquire+0x694/0x1b70
[  649.320223]  ? lock_acquire+0x15e/0x2f0
[  649.320246]  ? get_pid_task+0x29/0x250
[  649.320286]  ? find_held_lock+0x2b/0x80
[  649.320320]  ? get_pid_task+0xfd/0x250
[  649.320358]  ? lock_release+0xc8/0x290
[  649.320387]  ? perf_trace_lock_acquire+0xc9/0x700
[  649.320412]  ? get_pid_task+0x107/0x250
[  649.320449]  ? avc_policy_seqno+0x9/0x20
[  649.320480]  ? selinux_file_permission+0x99/0x600
[  649.320514]  sg_write+0x86/0xe0
[  649.320541]  vfs_write+0x2b7/0x1150
[  649.320577]  ? __pfx_sg_write+0x10/0x10
[  649.320604]  ? lock_acquire+0x15e/0x2f0
[  649.320627]  ? __fget_files+0x34/0x3b0
[  649.320663]  ? __pfx_vfs_write+0x10/0x10
[  649.320699]  ? __fget_files+0x203/0x3b0
[  649.320744]  ? lock_release+0xc8/0x290
[  649.320782]  ? __fget_files+0x20d/0x3b0
[  649.320829]  ksys_write+0x121/0x240
[  649.320866]  ? __pfx_ksys_write+0x10/0x10
[  649.320915]  do_syscall_64+0xbf/0x360
[  649.320942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.320966] RIP: 0033:0x7fbb63381b19
[  649.320985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  649.321009] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  649.321032] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  649.321048] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  649.321063] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  649.321077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  649.321091] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  649.321126]  </TASK>
13:46:53 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0xbfffffff}, "", ['\x00']}, 0x120)

13:46:53 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 11)

13:46:53 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 26)

13:46:53 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x1274, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:46:53 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}}], 0x1, 0x0, 0x0)

13:46:53 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, 0x0, &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:46:53 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:46:53 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f80000200040000300000000000000", 0x24}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  658.077495] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  658.077495]    program syz-executor.2 not setting count and/or reply_len properly
13:46:53 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000}}], 0x1, 0x0, 0x0)

[  658.131287] loop6: detected capacity change from 0 to 64
13:46:53 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, 0x0, &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[  658.153082] FAT-fs (loop6): bogus number of FAT sectors
[  658.153745] FAT-fs (loop6): Can't find a valid FAT filesystem
13:46:53 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 12)

13:46:53 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0xffffffbf}, "", ['\x00']}, 0x120)

[  658.195272] cgroup: fork rejected by pids controller in /syz1
13:46:53 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 27)

[  658.318025] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  658.318025]    program syz-executor.2 not setting count and/or reply_len properly
[  658.333547] FAULT_INJECTION: forcing a failure.
[  658.333547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  658.335472] CPU: 0 UID: 0 PID: 6382 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  658.335507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  658.335521] Call Trace:
[  658.335530]  <TASK>
[  658.335540]  dump_stack_lvl+0xfa/0x120
[  658.335592]  should_fail_ex+0x4d7/0x5e0
[  658.335638]  _copy_from_iter+0x1dc/0x15b0
[  658.335693]  ? __pfx__copy_from_iter+0x10/0x10
[  658.335739]  ? find_held_lock+0x2b/0x80
[  658.335778]  ? __create_object+0x59/0x80
[  658.335809]  ? lock_release+0xc8/0x290
[  658.335837]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  658.335886]  copy_page_from_iter+0xe3/0x180
[  658.335936]  bio_copy_from_iter+0x108/0x270
[  658.335981]  blk_rq_map_user_iov+0xc07/0x1180
[  658.336027]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  658.336065]  ? __pfx___mutex_trylock_common+0x10/0x10
[  658.336102]  ? find_held_lock+0x2b/0x80
[  658.336138]  ? sg_common_write.constprop.0+0xc36/0x1710
[  658.336169]  ? lock_release+0xc8/0x290
[  658.336193]  ? import_ubuf+0x1be/0x220
[  658.336239]  blk_rq_map_user_io+0x1cf/0x200
[  658.336276]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  658.336310]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  658.336367]  ? irq_work_queue+0x9c/0x100
[  658.336400]  ? __asan_memset+0x24/0x50
[  658.336446]  sg_common_write.constprop.0+0xd75/0x1710
[  658.336490]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  658.336522]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  658.336561]  ? ___ratelimit+0x465/0xa10
[  658.336612]  sg_write.part.0+0x6a2/0xb50
[  658.336645]  ? __pfx_sg_write.part.0+0x10/0x10
[  658.336679]  ? __lock_acquire+0x694/0x1b70
[  658.336713]  ? __pfx_perf_tp_event+0x10/0x10
[  658.336750]  ? lock_acquire+0x15e/0x2f0
[  658.336778]  ? get_pid_task+0x29/0x250
[  658.336824]  ? get_pid_task+0xfd/0x250
[  658.336864]  ? lock_release+0xc8/0x290
[  658.336891]  ? perf_trace_lock_acquire+0xc9/0x700
[  658.336916]  ? get_pid_task+0x107/0x250
[  658.336952]  ? avc_policy_seqno+0x9/0x20
[  658.336983]  ? selinux_file_permission+0x99/0x600
[  658.337016]  sg_write+0x86/0xe0
[  658.337042]  vfs_write+0x2b7/0x1150
[  658.337077]  ? __pfx_sg_write+0x10/0x10
[  658.337102]  ? lock_acquire+0x15e/0x2f0
[  658.337125]  ? __fget_files+0x34/0x3b0
[  658.337160]  ? __pfx_vfs_write+0x10/0x10
[  658.337196]  ? __fget_files+0x203/0x3b0
[  658.337230]  ? lock_release+0xc8/0x290
[  658.337258]  ? __fget_files+0x20d/0x3b0
[  658.337304]  ksys_write+0x121/0x240
[  658.337339]  ? __pfx_ksys_write+0x10/0x10
[  658.337387]  do_syscall_64+0xbf/0x360
[  658.337413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.337437] RIP: 0033:0x7fbb63381b19
[  658.337456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  658.337478] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  658.337501] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  658.337516] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  658.337531] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  658.337545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  658.337559] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  658.337592]  </TASK>
[  658.385209] hpet: Lost 2 RTC interrupts
[  658.457837] FAULT_INJECTION: forcing a failure.
[  658.457837] name failslab, interval 1, probability 0, space 0, times 0
[  658.459971] CPU: 0 UID: 0 PID: 6384 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  658.460018] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  658.460038] Call Trace:
[  658.460049]  <TASK>
[  658.460063]  dump_stack_lvl+0xfa/0x120
[  658.460124]  should_fail_ex+0x4d7/0x5e0
[  658.460182]  ? __anon_vma_prepare+0xae/0x590
[  658.460229]  should_failslab+0xc2/0x120
[  658.460288]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  658.460360]  __anon_vma_prepare+0xae/0x590
[  658.460417]  __vmf_anon_prepare+0x11f/0x250
[  658.460467]  __handle_mm_fault+0x13ad/0x30f0
[  658.460519]  ? __pfx_mt_find+0x10/0x10
[  658.460552]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  658.460614]  ? __pfx___handle_mm_fault+0x10/0x10
[  658.460687]  ? find_vma+0xbf/0x140
[  658.460724]  ? __pfx_find_vma+0x10/0x10
[  658.460761]  ? __asan_memset+0x24/0x50
[  658.460822]  handle_mm_fault+0x2c3/0x900
[  658.460881]  __get_user_pages+0x58a/0x2f10
[  658.460954]  ? __pfx_mas_store_prealloc+0x10/0x10
[  658.461007]  ? __pfx___get_user_pages+0x10/0x10
[  658.461070]  ? lock_is_held_type+0x9e/0x120
[  658.461132]  get_user_pages_remote+0x285/0xaf0
[  658.461187]  ? down_read+0x1b1/0x470
[  658.461229]  ? __pfx_get_user_pages_remote+0x10/0x10
[  658.461281]  ? __pfx_vma_link+0x10/0x10
[  658.461330]  ? selinux_vm_enough_memory+0x108/0x160
[  658.461391]  get_arg_page+0xeb/0x310
[  658.461442]  ? __pfx_get_arg_page+0x10/0x10
[  658.461492]  ? up_write+0x195/0x520
[  658.461531]  ? lock_is_held_type+0x9e/0x120
[  658.461587]  ? count.constprop.0+0x1b9/0x290
[  658.461644]  copy_string_kernel+0x196/0x510
[  658.461708]  do_execveat_common+0x35a/0x770
[  658.461762]  ? __pfx_do_execveat_common+0x10/0x10
[  658.461823]  ? getname_flags.part.0+0x1c6/0x540
[  658.461877]  __x64_sys_execveat+0xe4/0x130
[  658.461938]  do_syscall_64+0xbf/0x360
[  658.461977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.462028] RIP: 0033:0x7f40acb77b19
[  658.462054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  658.462101] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  658.462136] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  658.462160] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  658.462184] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  658.462207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  658.462231] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  658.462282]  </TASK>
[  658.498223] hpet: Lost 2 RTC interrupts
13:47:01 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 28)

13:47:01 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}}], 0x1, 0x0, 0x0)

13:47:01 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 13)

13:47:01 executing program 3:
r0 = fsmount(0xffffffffffffffff, 0x0, 0x3)
r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x12}, 0x0, 0x0, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
pread64(r1, &(0x7f00000003c0)=""/4096, 0x1000, 0x1)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r3=>r2}, './file0\x00'})
execveat(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f00000014c0)=[&(0x7f0000000100)='-#-^]\x00', &(0x7f0000000280)='.\x00', &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', &(0x7f0000001640)='./cgroup.cpu/syz0\x00', &(0x7f00000013c0)='@--r(\x00', &(0x7f0000001400)='\x00', &(0x7f0000001440)='./cgroup.cpu/syz0\x00', &(0x7f0000001480)='\x00'], &(0x7f0000001580)=[&(0x7f0000001500)='*\x00', &(0x7f0000001540)=',@\x00'], 0x400)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
pread64(r4, &(0x7f0000000180)=""/247, 0xf7, 0x77)
r5 = syz_open_dev$vcsa(&(0x7f00000015c0), 0x7ff, 0x121000)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000300)={@rand_addr=' \x01\x00', 0x36})
sendfile(r3, r5, &(0x7f0000001600)=0xfffffffffffffffc, 0x4199)
truncate(&(0x7f0000001680)='./file0\x00', 0x100000000)

13:47:01 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x1275, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:01 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:47:01 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, 0x0, &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:01 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[  666.918294] loop6: detected capacity change from 0 to 64
[  666.935186] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  666.935186]    program syz-executor.2 not setting count and/or reply_len properly
13:47:02 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}}], 0x1, 0x0, 0x0)

[  666.951487] FAULT_INJECTION: forcing a failure.
[  666.951487] name failslab, interval 1, probability 0, space 0, times 0
[  666.952429] CPU: 0 UID: 0 PID: 6405 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  666.952447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  666.952455] Call Trace:
[  666.952460]  <TASK>
[  666.952465]  dump_stack_lvl+0xfa/0x120
[  666.952495]  should_fail_ex+0x4d7/0x5e0
[  666.952520]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  666.952537]  should_failslab+0xc2/0x120
[  666.952561]  __kmalloc_noprof+0xb4/0x4b0
[  666.952585]  blk_rq_map_user_iov+0x1fd/0x1180
[  666.952609]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  666.952629]  ? __pfx___mutex_trylock_common+0x10/0x10
[  666.952649]  ? find_held_lock+0x2b/0x80
[  666.952668]  ? sg_common_write.constprop.0+0xc36/0x1710
[  666.952685]  ? lock_release+0xc8/0x290
[  666.952697]  ? import_ubuf+0x1be/0x220
[  666.952720]  blk_rq_map_user_io+0x1cf/0x200
[  666.952739]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  666.952756]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  666.952781]  ? irq_work_queue+0x9c/0x100
[  666.952798]  ? __asan_memset+0x24/0x50
[  666.952821]  sg_common_write.constprop.0+0xd75/0x1710
[  666.952843]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  666.952860]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  666.952879]  ? ___ratelimit+0x465/0xa10
[  666.952905]  sg_write.part.0+0x6a2/0xb50
[  666.952921]  ? __pfx_sg_write.part.0+0x10/0x10
[  666.952945]  ? __pfx_perf_tp_event+0x10/0x10
[  666.952964]  ? lock_acquire+0x15e/0x2f0
[  666.952979]  ? get_pid_task+0xfd/0x250
[  666.953003]  ? perf_trace_lock+0xb5/0x5d0
[  666.953018]  ? perf_trace_lock_acquire+0xc9/0x700
[  666.953032]  ? avc_policy_seqno+0x9/0x20
[  666.953050]  ? selinux_file_permission+0x99/0x600
[  666.953069]  sg_write+0x86/0xe0
[  666.953084]  vfs_write+0x2b7/0x1150
[  666.953104]  ? __pfx_sg_write+0x10/0x10
[  666.953118]  ? lock_acquire+0x15e/0x2f0
[  666.953131]  ? __fget_files+0x34/0x3b0
[  666.953151]  ? __pfx_vfs_write+0x10/0x10
[  666.953170]  ? __fget_files+0x203/0x3b0
[  666.953189]  ? lock_release+0xc8/0x290
[  666.953205]  ? __fget_files+0x20d/0x3b0
[  666.953231]  ksys_write+0x121/0x240
[  666.953251]  ? __pfx_ksys_write+0x10/0x10
[  666.953278]  do_syscall_64+0xbf/0x360
[  666.953293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.953306] RIP: 0033:0x7fbb63381b19
[  666.953316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  666.953329] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  666.953342] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  666.953355] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  666.953363] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  666.953371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  666.953378] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  666.953398]  </TASK>
13:47:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:47:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:47:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 29)

13:47:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), 0x0, {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x1276, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 14)

[  667.113935] FAULT_INJECTION: forcing a failure.
[  667.113935] name failslab, interval 1, probability 0, space 0, times 0
[  667.114917] CPU: 0 UID: 0 PID: 6424 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  667.114935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  667.114942] Call Trace:
[  667.114947]  <TASK>
[  667.114952]  dump_stack_lvl+0xfa/0x120
[  667.114981]  should_fail_ex+0x4d7/0x5e0
[  667.115005]  ? __anon_vma_prepare+0x2ee/0x590
[  667.115023]  should_failslab+0xc2/0x120
[  667.115046]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  667.115070]  __anon_vma_prepare+0x2ee/0x590
[  667.115090]  __vmf_anon_prepare+0x11f/0x250
[  667.115109]  __handle_mm_fault+0x13ad/0x30f0
[  667.115128]  ? __pfx_mt_find+0x10/0x10
[  667.115140]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  667.115164]  ? __pfx___handle_mm_fault+0x10/0x10
[  667.115191]  ? find_vma+0xbf/0x140
[  667.115204]  ? __pfx_find_vma+0x10/0x10
[  667.115217]  ? __asan_memset+0x24/0x50
[  667.115239]  handle_mm_fault+0x2c3/0x900
[  667.115261]  __get_user_pages+0x58a/0x2f10
[  667.115288]  ? __pfx_mas_store_prealloc+0x10/0x10
[  667.115308]  ? __pfx___get_user_pages+0x10/0x10
[  667.115329]  ? lock_is_held_type+0x9e/0x120
[  667.115357]  get_user_pages_remote+0x285/0xaf0
[  667.115377]  ? down_read+0x1b1/0x470
[  667.115392]  ? __pfx_get_user_pages_remote+0x10/0x10
[  667.115411]  ? __pfx_vma_link+0x10/0x10
[  667.115429]  ? selinux_vm_enough_memory+0x108/0x160
[  667.115453]  get_arg_page+0xeb/0x310
[  667.115473]  ? __pfx_get_arg_page+0x10/0x10
[  667.115490]  ? up_write+0x195/0x520
[  667.115506]  ? lock_is_held_type+0x9e/0x120
[  667.115526]  ? count.constprop.0+0x1b9/0x290
[  667.115547]  copy_string_kernel+0x196/0x510
[  667.115570]  do_execveat_common+0x35a/0x770
[  667.115590]  ? __pfx_do_execveat_common+0x10/0x10
[  667.115611]  ? getname_flags.part.0+0x1c6/0x540
[  667.115630]  __x64_sys_execveat+0xe4/0x130
[  667.115652]  do_syscall_64+0xbf/0x360
[  667.115667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.115680] RIP: 0033:0x7f40acb77b19
[  667.115690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  667.115703] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  667.115716] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  667.115725] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  667.115733] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  667.115740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  667.115748] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  667.115767]  </TASK>
[  667.138842] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  667.138842]    program syz-executor.2 not setting count and/or reply_len properly
[  667.160741] loop6: detected capacity change from 0 to 64
13:47:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), 0x0, {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:02 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}}], 0x1, 0x0, 0x0)

13:47:02 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x8010, 0xffffffffffffffff, 0x0)
syz_io_uring_complete(r1)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:47:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

13:47:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 15)

13:47:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  667.288501] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  667.288501]    program syz-executor.2 not setting count and/or reply_len properly
[  667.293761] FAULT_INJECTION: forcing a failure.
[  667.293761] name failslab, interval 1, probability 0, space 0, times 0
[  667.294834] CPU: 0 UID: 0 PID: 6440 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  667.294851] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  667.294858] Call Trace:
[  667.294862]  <TASK>
[  667.294867]  dump_stack_lvl+0xfa/0x120
[  667.294894]  should_fail_ex+0x4d7/0x5e0
[  667.294913]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  667.294936]  ? bio_kmalloc+0x3e/0x70
[  667.294956]  should_failslab+0xc2/0x120
[  667.294977]  __kmalloc_noprof+0xb4/0x4b0
[  667.294995]  ? trace_kmalloc+0x1f/0xb0
[  667.295006]  ? __kmalloc_noprof+0x215/0x4b0
[  667.295025]  bio_kmalloc+0x3e/0x70
[  667.295044]  blk_rq_map_user_iov+0x390/0x1180
[  667.295067]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  667.295084]  ? __pfx___mutex_trylock_common+0x10/0x10
[  667.295102]  ? find_held_lock+0x2b/0x80
[  667.295119]  ? sg_common_write.constprop.0+0xc36/0x1710
[  667.295135]  ? lock_release+0xc8/0x290
[  667.295146]  ? import_ubuf+0x1be/0x220
[  667.295167]  blk_rq_map_user_io+0x1cf/0x200
[  667.295184]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  667.295199]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  667.295222]  ? irq_work_queue+0x9c/0x100
[  667.295237]  ? __asan_memset+0x24/0x50
[  667.295258]  sg_common_write.constprop.0+0xd75/0x1710
[  667.295278]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  667.295293]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  667.295310]  ? ___ratelimit+0x465/0xa10
[  667.295334]  sg_write.part.0+0x6a2/0xb50
[  667.295353]  ? __pfx_sg_write.part.0+0x10/0x10
[  667.295374]  ? __pfx_perf_tp_event+0x10/0x10
[  667.295391]  ? lock_acquire+0x15e/0x2f0
[  667.295405]  ? get_pid_task+0xfd/0x250
[  667.295427]  ? perf_trace_lock+0xb5/0x5d0
[  667.295441]  ? perf_trace_lock_acquire+0xc9/0x700
[  667.295453]  ? avc_policy_seqno+0x9/0x20
[  667.295469]  ? selinux_file_permission+0x99/0x600
[  667.295487]  sg_write+0x86/0xe0
[  667.295500]  vfs_write+0x2b7/0x1150
[  667.295519]  ? __pfx_sg_write+0x10/0x10
[  667.295532]  ? lock_acquire+0x15e/0x2f0
[  667.295543]  ? __fget_files+0x34/0x3b0
[  667.295562]  ? __pfx_vfs_write+0x10/0x10
[  667.295579]  ? __fget_files+0x203/0x3b0
[  667.295596]  ? lock_release+0xc8/0x290
[  667.295610]  ? __fget_files+0x20d/0x3b0
[  667.295634]  ksys_write+0x121/0x240
[  667.295651]  ? __pfx_ksys_write+0x10/0x10
[  667.295675]  do_syscall_64+0xbf/0x360
[  667.295689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.295702] RIP: 0033:0x7fbb63381b19
[  667.295711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  667.295722] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  667.295734] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  667.295742] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  667.295749] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  667.295756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  667.295763] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  667.295781]  </TASK>
[  667.359030] loop6: detected capacity change from 0 to 64
13:47:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}}], 0x1, 0x0, 0x0)

13:47:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 30)

13:47:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), 0x0, {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x1000)
setresuid(0x0, 0x0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

13:47:12 executing program 3:
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="1cf40020", @ANYRES16=0x0, @ANYBLOB="02002bbd7000fddbdf25300000000500350001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8040)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
writev(r1, &(0x7f0000000240)=[{&(0x7f0000000040)="bee03ae9e7d28f062db9201b1648bc3df5400e07cbe5eb02ca02aad39ebb7ab3c855a3d37ff041e5c552bb59f3ed440f76f1eafc7addb6649ca97f5ae8338f443e60a745a5dde644c0c50635c6e3fadbc68535c33909134e76684bbb2dccee5c4cf32679900f0c83cf540a5cdc2801493a4395dfbcea2b2e38f425efe8161dbcb0ec5618178edde77ca86c0f1fba8ff9604327c4f92fac6f86ff7355b572adee30b1cecb96a788d5df50f91285f0f31bff833ccd706932592ac4ed0264e2636e64802b840678bb5bcc06edfa31fd", 0xce}, {&(0x7f0000000180)="582bcbf8b99208", 0x7}, {&(0x7f00000001c0)="f82a46c2c1bca31e528b5b54fbce7494644eeab8ce69b62d2d1118d80710d9eebf809647252946c50c9bccc06ccc0fc1c13a68ee3e2129c26df357f3956f5994676369f0b8c5f9645a4658831a6a5be2", 0x50}], 0x3)
r2 = pidfd_getfd(r0, r1, 0x0)
r3 = getpid()
pidfd_open(r3, 0x0)
perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0xa6, 0x9, 0x20, 0x1f, 0x0, 0x5, 0x80103, 0x9, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000002c0), 0xa}, 0x1810, 0x1, 0x208, 0x0, 0x80000001, 0x81, 0x9f, 0x0, 0x7f, 0x0, 0x6}, r3, 0x10, 0xffffffffffffffff, 0x0)
open_tree(r2, &(0x7f0000000280)='./file0/file0\x00', 0x80100)

13:47:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 16)

13:47:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x2400}, "", ['\x00']}, 0x120)

13:47:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2201, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  677.227313] loop6: detected capacity change from 0 to 64
[  677.233529] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  677.233529]    program syz-executor.2 not setting count and/or reply_len properly
[  677.237800] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x1000)
setresuid(0x0, 0x0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

13:47:21 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, "", ['\x00']}, 0x120)

13:47:21 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x1, 0x5, 0x58, 0x4, 0x0, 0x6, 0x10800, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_config_ext={0x2}, 0x4012, 0x1000, 0x100, 0x7, 0x7, 0xfffffffd, 0x100, 0x0, 0x211, 0x0, 0x1}, 0x0, 0x9, r1, 0x1)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:47:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 31)

13:47:21 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000}}], 0x1, 0x0, 0x0)

13:47:21 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 17)

13:47:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2202, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  686.388316] loop6: detected capacity change from 0 to 64
[  686.393538] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  686.398124] FAULT_INJECTION: forcing a failure.
[  686.398124] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  686.399217] CPU: 0 UID: 0 PID: 6485 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  686.399234] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  686.399242] Call Trace:
[  686.399246]  <TASK>
[  686.399251]  dump_stack_lvl+0xfa/0x120
[  686.399278]  should_fail_ex+0x4d7/0x5e0
[  686.399301]  should_fail_alloc_page+0xe0/0x110
[  686.399325]  prepare_alloc_pages+0x1af/0x500
[  686.399342]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  686.399368]  ? perf_trace_lock_acquire+0xc9/0x700
[  686.399388]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  686.399410]  ? perf_trace_lock_acquire+0xc9/0x700
[  686.399427]  ? __lock_acquire+0xc65/0x1b70
[  686.399440]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  686.399457]  ? policy_nodemask+0xeb/0x4e0
[  686.399474]  alloc_pages_mpol+0xed/0x340
[  686.399490]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  686.399504]  ? lock_release+0xc8/0x290
[  686.399515]  ? find_held_lock+0x2b/0x80
[  686.399533]  ? get_vma_policy+0x23b/0x350
[  686.399551]  vma_alloc_folio_noprof+0xe9/0x440
[  686.399568]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  686.399592]  __handle_mm_fault+0x142c/0x30f0
[  686.399611]  ? __pfx_mt_find+0x10/0x10
[  686.399622]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  686.399647]  ? __pfx___handle_mm_fault+0x10/0x10
[  686.399673]  ? find_vma+0xbf/0x140
[  686.399686]  ? __pfx_find_vma+0x10/0x10
[  686.399699]  ? __asan_memset+0x24/0x50
[  686.399723]  handle_mm_fault+0x2c3/0x900
[  686.399744]  __get_user_pages+0x58a/0x2f10
[  686.399770]  ? __pfx_mas_store_prealloc+0x10/0x10
[  686.399788]  ? __pfx___get_user_pages+0x10/0x10
[  686.399808]  ? lock_is_held_type+0x9e/0x120
[  686.399830]  get_user_pages_remote+0x285/0xaf0
[  686.399849]  ? down_read+0x1b1/0x470
[  686.399864]  ? __pfx_get_user_pages_remote+0x10/0x10
[  686.399881]  ? __pfx_vma_link+0x10/0x10
[  686.399898]  ? selinux_vm_enough_memory+0x108/0x160
[  686.399921]  get_arg_page+0xeb/0x310
[  686.399939]  ? __pfx_get_arg_page+0x10/0x10
[  686.399956]  ? up_write+0x195/0x520
[  686.399969]  ? lock_is_held_type+0x9e/0x120
[  686.399987]  ? count.constprop.0+0x1b9/0x290
[  686.400007]  copy_string_kernel+0x196/0x510
[  686.400028]  do_execveat_common+0x35a/0x770
[  686.400047]  ? __pfx_do_execveat_common+0x10/0x10
[  686.400067]  ? getname_flags.part.0+0x1c6/0x540
[  686.400087]  __x64_sys_execveat+0xe4/0x130
[  686.400107]  do_syscall_64+0xbf/0x360
[  686.400121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.400134] RIP: 0033:0x7f40acb77b19
[  686.400143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  686.400155] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  686.400167] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  686.400175] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  686.400183] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  686.400190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  686.400197] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  686.400215]  </TASK>
[  686.423557] hpet: Lost 1 RTC interrupts
13:47:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x1000)
setresuid(0x0, 0x0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

[  686.449592] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  686.449592]    program syz-executor.2 not setting count and/or reply_len properly
[  686.457535] FAULT_INJECTION: forcing a failure.
[  686.457535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.458648] CPU: 0 UID: 0 PID: 6492 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  686.458668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  686.458675] Call Trace:
[  686.458680]  <TASK>
[  686.458685]  dump_stack_lvl+0xfa/0x120
[  686.458709]  should_fail_ex+0x4d7/0x5e0
[  686.458732]  _copy_from_iter+0x1dc/0x15b0
[  686.458756]  ? __pfx_perf_trace_lock+0x10/0x10
[  686.458772]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  686.458794]  ? __pfx__copy_from_iter+0x10/0x10
[  686.458817]  ? find_held_lock+0x2b/0x80
[  686.458834]  ? __create_object+0x59/0x80
[  686.458852]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  686.458870]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  686.458895]  copy_page_from_iter+0xe3/0x180
[  686.458921]  bio_copy_from_iter+0x108/0x270
[  686.458948]  blk_rq_map_user_iov+0xc07/0x1180
[  686.458975]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  686.458995]  ? __pfx___mutex_trylock_common+0x10/0x10
[  686.459015]  ? find_held_lock+0x2b/0x80
[  686.459032]  ? sg_common_write.constprop.0+0xc36/0x1710
[  686.459048]  ? lock_release+0xc8/0x290
[  686.459059]  ? import_ubuf+0x1be/0x220
[  686.459082]  blk_rq_map_user_io+0x1cf/0x200
[  686.459102]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  686.459118]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  686.459142]  ? irq_work_queue+0x9c/0x100
[  686.459160]  ? __asan_memset+0x24/0x50
[  686.459184]  sg_common_write.constprop.0+0xd75/0x1710
[  686.459211]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  686.459227]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  686.459245]  ? ___ratelimit+0x465/0xa10
[  686.459273]  sg_write.part.0+0x6a2/0xb50
[  686.459291]  ? __pfx_sg_write.part.0+0x10/0x10
[  686.459320]  ? __pfx_perf_tp_event+0x10/0x10
[  686.459339]  ? lock_acquire+0x15e/0x2f0
[  686.459360]  ? get_pid_task+0xfd/0x250
[  686.459384]  ? perf_trace_lock+0xb5/0x5d0
[  686.459399]  ? perf_trace_lock_acquire+0xc9/0x700
[  686.459412]  ? avc_policy_seqno+0x9/0x20
[  686.459428]  ? selinux_file_permission+0x99/0x600
[  686.459451]  sg_write+0x86/0xe0
[  686.459467]  vfs_write+0x2b7/0x1150
[  686.459485]  ? __pfx_sg_write+0x10/0x10
[  686.459500]  ? lock_acquire+0x15e/0x2f0
[  686.459512]  ? __fget_files+0x34/0x3b0
[  686.459531]  ? __pfx_vfs_write+0x10/0x10
[  686.459549]  ? __fget_files+0x203/0x3b0
[  686.459567]  ? lock_release+0xc8/0x290
[  686.459584]  ? __fget_files+0x20d/0x3b0
[  686.459614]  ksys_write+0x121/0x240
[  686.459633]  ? __pfx_ksys_write+0x10/0x10
[  686.459662]  do_syscall_64+0xbf/0x360
[  686.459677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.459689] RIP: 0033:0x7fbb63381b19
[  686.459698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  686.459709] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  686.459721] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  686.459729] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  686.459736] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  686.459743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  686.459750] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  686.459776]  </TASK>
[  686.483867] hpet: Lost 1 RTC interrupts
[  686.515046] loop6: detected capacity change from 0 to 64
[  686.529813] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:21 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000}}], 0x1, 0x0, 0x0)

13:47:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:47:21 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}, "", ['\x00']}, 0x120)

13:47:21 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 32)

13:47:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 18)

13:47:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  686.693460] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  686.693460]    program syz-executor.2 not setting count and/or reply_len properly
[  686.697857] loop6: detected capacity change from 0 to 64
[  686.698549] FAULT_INJECTION: forcing a failure.
[  686.698549] name failslab, interval 1, probability 0, space 0, times 0
[  686.699690] CPU: 0 UID: 0 PID: 6515 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  686.699707] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  686.699715] Call Trace:
[  686.699720]  <TASK>
[  686.699724]  dump_stack_lvl+0xfa/0x120
[  686.699753]  should_fail_ex+0x4d7/0x5e0
[  686.699775]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  686.699791]  should_failslab+0xc2/0x120
[  686.699813]  __kmalloc_noprof+0xb4/0x4b0
[  686.699835]  blk_rq_map_user_iov+0x1fd/0x1180
[  686.699857]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  686.699874]  ? __pfx___mutex_trylock_common+0x10/0x10
[  686.699893]  ? find_held_lock+0x2b/0x80
[  686.699910]  ? sg_common_write.constprop.0+0xc36/0x1710
[  686.699926]  ? lock_release+0xc8/0x290
[  686.699937]  ? import_ubuf+0x1be/0x220
[  686.699959]  blk_rq_map_user_io+0x1cf/0x200
[  686.699976]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  686.699992]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  686.700015]  ? irq_work_queue+0x9c/0x100
[  686.700031]  ? __asan_memset+0x24/0x50
[  686.700052]  sg_common_write.constprop.0+0xd75/0x1710
[  686.700072]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  686.700087]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  686.700105]  ? ___ratelimit+0x465/0xa10
[  686.700128]  sg_write.part.0+0x6a2/0xb50
[  686.700143]  ? __pfx_sg_write.part.0+0x10/0x10
[  686.700159]  ? __lock_acquire+0x694/0x1b70
[  686.700175]  ? __pfx_perf_tp_event+0x10/0x10
[  686.700196]  ? lock_acquire+0x15e/0x2f0
[  686.700207]  ? get_pid_task+0x29/0x250
[  686.700229]  ? get_pid_task+0xfd/0x250
[  686.700251]  ? lock_release+0xc8/0x290
[  686.700267]  ? perf_trace_lock_acquire+0xc9/0x700
[  686.700279]  ? get_pid_task+0x107/0x250
[  686.700297]  ? avc_policy_seqno+0x9/0x20
[  686.700315]  ? selinux_file_permission+0x99/0x600
[  686.700332]  sg_write+0x86/0xe0
[  686.700349]  vfs_write+0x2b7/0x1150
[  686.700367]  ? __pfx_sg_write+0x10/0x10
[  686.700381]  ? lock_acquire+0x15e/0x2f0
[  686.700392]  ? __fget_files+0x34/0x3b0
[  686.700410]  ? __pfx_vfs_write+0x10/0x10
[  686.700428]  ? __fget_files+0x203/0x3b0
[  686.700445]  ? lock_release+0xc8/0x290
[  686.700459]  ? __fget_files+0x20d/0x3b0
[  686.700483]  ksys_write+0x121/0x240
[  686.700500]  ? __pfx_ksys_write+0x10/0x10
[  686.700525]  do_syscall_64+0xbf/0x360
[  686.700538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.700551] RIP: 0033:0x7fbb63381b19
[  686.700561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  686.700572] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  686.700584] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  686.700593] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  686.700600] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  686.700608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  686.700615] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  686.700633]  </TASK>
[  686.732648] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2203, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:21 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:47:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:47:21 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0xbfffffff}, "", ['\x00']}, 0x120)

13:47:21 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[  686.822934] FAULT_INJECTION: forcing a failure.
[  686.822934] name failslab, interval 1, probability 0, space 0, times 0
[  686.824978] CPU: 1 UID: 0 PID: 6523 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  686.825008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  686.825021] Call Trace:
[  686.825029]  <TASK>
[  686.825038]  dump_stack_lvl+0xfa/0x120
[  686.825084]  should_fail_ex+0x4d7/0x5e0
[  686.825123]  ? prepare_creds+0x2c/0x7e0
[  686.825146]  should_failslab+0xc2/0x120
[  686.825185]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  686.825219]  ? __pfx___up_read+0x10/0x10
[  686.825254]  prepare_creds+0x2c/0x7e0
[  686.825280]  prepare_exec_creds+0x11/0x260
[  686.825304]  bprm_execve+0xbf/0x15a0
[  686.825335]  ? up_write+0x195/0x520
[  686.825366]  ? lock_is_held_type+0x9e/0x120
[  686.825403]  ? count.constprop.0+0x1b9/0x290
[  686.825436]  ? __pfx_bprm_execve+0x10/0x10
[  686.825467]  ? copy_string_kernel+0x375/0x510
[  686.825508]  do_execveat_common+0x5b2/0x770
[  686.825542]  ? __pfx_do_execveat_common+0x10/0x10
[  686.825580]  ? getname_flags.part.0+0x1c6/0x540
[  686.825615]  __x64_sys_execveat+0xe4/0x130
[  686.825654]  do_syscall_64+0xbf/0x360
[  686.825678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.825702] RIP: 0033:0x7f40acb77b19
[  686.825719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  686.825747] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  686.825776] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  686.825797] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  686.825815] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  686.825828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  686.825841] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  686.825875]  </TASK>
[  686.878205] loop6: detected capacity change from 0 to 64
13:47:21 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}], 0x1, 0x0, 0x0)

[  686.896415] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, 0x0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

[  687.003669] loop6: detected capacity change from 0 to 64
[  687.008169] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:30 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:30 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 19)

13:47:30 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2205, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:30 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, 0x0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:47:30 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffbf}, "", ['\x00']}, 0x120)

13:47:30 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x1, 0x1, 0x2, 0x20, 0x0, 0x80000001, 0x210, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x4, @perf_config_ext={0xfffffffffffffff7, 0xac1}, 0x100, 0x2, 0x9, 0x1, 0x7, 0x655, 0x3, 0x0, 0x8, 0x0, 0x7}, 0x0, 0x6, r0, 0x8)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:47:30 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 33)

13:47:30 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}], 0x1, 0x0, 0x0)

[  695.613901] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  695.613901]    program syz-executor.2 not setting count and/or reply_len properly
[  695.660525] loop6: detected capacity change from 0 to 64
13:47:30 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 20)

13:47:30 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, 0x0, 0x0, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[  695.694091] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:30 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:47:30 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 34)

[  695.770890] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  695.770890]    program syz-executor.2 not setting count and/or reply_len properly
[  695.796605] FAULT_INJECTION: forcing a failure.
[  695.796605] name failslab, interval 1, probability 0, space 0, times 0
[  695.797686] CPU: 0 UID: 0 PID: 6573 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  695.797704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  695.797712] Call Trace:
[  695.797717]  <TASK>
[  695.797722]  dump_stack_lvl+0xfa/0x120
[  695.797751]  should_fail_ex+0x4d7/0x5e0
[  695.797772]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  695.797797]  ? bio_kmalloc+0x3e/0x70
[  695.797819]  should_failslab+0xc2/0x120
[  695.797842]  __kmalloc_noprof+0xb4/0x4b0
[  695.797861]  ? trace_kmalloc+0x1f/0xb0
[  695.797874]  ? __kmalloc_noprof+0x215/0x4b0
[  695.797894]  bio_kmalloc+0x3e/0x70
[  695.797915]  blk_rq_map_user_iov+0x390/0x1180
[  695.797939]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  695.797958]  ? __pfx___mutex_trylock_common+0x10/0x10
[  695.797978]  ? find_held_lock+0x2b/0x80
[  695.797997]  ? sg_common_write.constprop.0+0xc36/0x1710
[  695.798014]  ? lock_release+0xc8/0x290
[  695.798026]  ? import_ubuf+0x1be/0x220
[  695.798049]  blk_rq_map_user_io+0x1cf/0x200
[  695.798068]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  695.798085]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  695.798110]  ? irq_work_queue+0x9c/0x100
[  695.798126]  ? __asan_memset+0x24/0x50
[  695.798148]  sg_common_write.constprop.0+0xd75/0x1710
[  695.798174]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  695.798190]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  695.798209]  ? ___ratelimit+0x465/0xa10
[  695.798235]  sg_write.part.0+0x6a2/0xb50
[  695.798251]  ? __pfx_sg_write.part.0+0x10/0x10
[  695.798267]  ? __lock_acquire+0x694/0x1b70
[  695.798288]  ? lock_acquire+0x15e/0x2f0
[  695.798300]  ? get_pid_task+0x29/0x250
[  695.798322]  ? find_held_lock+0x2b/0x80
[  695.798341]  ? get_pid_task+0xfd/0x250
[  695.798361]  ? lock_release+0xc8/0x290
[  695.798376]  ? perf_trace_lock_acquire+0xc9/0x700
[  695.798403]  ? get_pid_task+0x107/0x250
[  695.798425]  ? avc_policy_seqno+0x9/0x20
[  695.798443]  ? selinux_file_permission+0x99/0x600
[  695.798462]  sg_write+0x86/0xe0
[  695.798476]  vfs_write+0x2b7/0x1150
[  695.798496]  ? __pfx_sg_write+0x10/0x10
[  695.798510]  ? lock_acquire+0x15e/0x2f0
[  695.798523]  ? __fget_files+0x34/0x3b0
[  695.798543]  ? __pfx_vfs_write+0x10/0x10
[  695.798562]  ? __fget_files+0x203/0x3b0
[  695.798581]  ? lock_release+0xc8/0x290
[  695.798596]  ? __fget_files+0x20d/0x3b0
[  695.798621]  ksys_write+0x121/0x240
[  695.798641]  ? __pfx_ksys_write+0x10/0x10
[  695.798666]  do_syscall_64+0xbf/0x360
[  695.798681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.798694] RIP: 0033:0x7fbb63381b19
[  695.798705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  695.798717] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  695.798730] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  695.798739] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  695.798747] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  695.798755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  695.798763] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  695.798781]  </TASK>
[  695.876611] FAULT_INJECTION: forcing a failure.
[  695.876611] name failslab, interval 1, probability 0, space 0, times 0
[  695.877559] CPU: 0 UID: 0 PID: 6579 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  695.877576] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  695.877584] Call Trace:
[  695.877588]  <TASK>
[  695.877593]  dump_stack_lvl+0xfa/0x120
[  695.877618]  should_fail_ex+0x4d7/0x5e0
[  695.877639]  ? security_prepare_creds+0x101/0x160
[  695.877656]  should_failslab+0xc2/0x120
[  695.877678]  __kmalloc_noprof+0xb4/0x4b0
[  695.877695]  ? trace_kmem_cache_alloc+0x1f/0xb0
[  695.877711]  security_prepare_creds+0x101/0x160
[  695.877730]  prepare_creds+0x579/0x7e0
[  695.877747]  prepare_exec_creds+0x11/0x260
[  695.877760]  bprm_execve+0xbf/0x15a0
[  695.877778]  ? up_write+0x195/0x520
[  695.877791]  ? lock_is_held_type+0x9e/0x120
[  695.877811]  ? count.constprop.0+0x1b9/0x290
[  695.877829]  ? __pfx_bprm_execve+0x10/0x10
[  695.877846]  ? copy_string_kernel+0x375/0x510
[  695.877867]  do_execveat_common+0x5b2/0x770
[  695.877886]  ? __pfx_do_execveat_common+0x10/0x10
[  695.877907]  ? getname_flags.part.0+0x1c6/0x540
[  695.877926]  __x64_sys_execveat+0xe4/0x130
[  695.877947]  do_syscall_64+0xbf/0x360
[  695.877960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.877972] RIP: 0033:0x7f40acb77b19
[  695.877981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  695.877993] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  695.878004] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  695.878012] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  695.878020] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  695.878027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  695.878034] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  695.878052]  </TASK>
13:47:39 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 35)

13:47:39 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}}], 0x1, 0x0, 0x0)

13:47:39 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2270, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:39 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, 0x0, 0x0, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:39 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, 0x0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', r0, 0x0)

13:47:39 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
truncate(&(0x7f0000000040)='./file0\x00', 0x8c)

13:47:39 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 21)

13:47:39 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[  704.750654] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  704.750654]    program syz-executor.2 not setting count and/or reply_len properly
[  704.780502] loop6: detected capacity change from 0 to 64
13:47:39 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400}}], 0x1, 0x0, 0x0)

[  704.811799] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:39 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:47:39 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, 0x0, 0x0, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:39 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2271, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:39 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 36)

13:47:39 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x4, 0x103)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xa321230e5bc5ba8f, 0x12, r1, 0x8000000)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x3, 0x0, @fd=r4, 0x0, {0x0, r0}, 0xfffffff8, 0x4, 0x0, {0x0, 0x0, r5}}, 0x9)

13:47:39 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 22)

[  704.934981] audit: type=1400 audit(1754315260.021:16): avc:  denied  { map } for  pid=6616 comm="syz-executor.3" path="/proc/6616/fd" dev="proc" ino=16617 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
[  704.946625] audit: type=1400 audit(1754315260.022:17): avc:  denied  { execute } for  pid=6616 comm="syz-executor.3" path="/proc/6616/fd" dev="proc" ino=16617 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
13:47:40 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(0x0, r0, 0x0)

13:47:40 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, 0x0, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[  705.010469] FAULT_INJECTION: forcing a failure.
[  705.010469] name failslab, interval 1, probability 0, space 0, times 0
13:47:40 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x1, 0x0, 0x0)

[  705.012611] CPU: 1 UID: 0 PID: 6622 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  705.012641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  705.012654] Call Trace:
[  705.012663]  <TASK>
[  705.012672]  dump_stack_lvl+0xfa/0x120
[  705.012719]  should_fail_ex+0x4d7/0x5e0
[  705.012760]  ? jbd2__journal_start+0x193/0x6b0
[  705.012788]  should_failslab+0xc2/0x120
[  705.012827]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  705.012860]  ? lock_is_held_type+0x9e/0x120
[  705.012905]  jbd2__journal_start+0x193/0x6b0
[  705.012940]  __ext4_journal_start_sb+0x325/0x5d0
[  705.012982]  ? ext4_dirty_inode+0xa5/0x130
[  705.013011]  ext4_dirty_inode+0xa5/0x130
[  705.013034]  ? __pfx_ext4_dirty_inode+0x10/0x10
[  705.013055]  __mark_inode_dirty+0x1b7/0xd20
[  705.013083]  generic_update_time+0xcb/0xf0
[  705.013108]  touch_atime+0x4bd/0x590
[  705.013139]  filemap_read+0xaee/0xcf0
[  705.013176]  ? find_held_lock+0x2b/0x80
[  705.013213]  ? lock_release+0xc8/0x290
[  705.013244]  ? __pfx_filemap_read+0x10/0x10
[  705.013277]  ? 0xffffffff81000000
[  705.013303]  ? perf_trace_lock+0xb5/0x5d0
[  705.013334]  ? __pfx_perf_trace_lock+0x10/0x10
[  705.013372]  ? lock_acquire+0x15e/0x2f0
[  705.013394]  ? avc_has_perm_noaudit+0x59/0x3d0
[  705.013426]  ? find_held_lock+0x2b/0x80
[  705.013457]  ? avc_has_perm_noaudit+0x11b/0x3d0
[  705.013488]  ? lock_release+0xc8/0x290
[  705.013518]  generic_file_read_iter+0x2ec/0x3f0
[  705.013560]  ext4_file_read_iter+0x188/0x4a0
[  705.013598]  __kernel_read+0x3cc/0xbb0
[  705.013635]  ? __pfx___kernel_read+0x10/0x10
[  705.013671]  ? perf_trace_lock+0xb5/0x5d0
[  705.013701]  ? __pfx_perf_trace_lock+0x10/0x10
[  705.013730]  ? selinux_file_permission+0x99/0x600
[  705.013766]  kernel_read+0xc3/0x230
[  705.013803]  bprm_execve+0x809/0x15a0
[  705.013849]  ? __pfx_bprm_execve+0x10/0x10
[  705.013880]  ? copy_string_kernel+0x375/0x510
[  705.013923]  do_execveat_common+0x5b2/0x770
[  705.013957]  ? __pfx_do_execveat_common+0x10/0x10
[  705.013997]  ? getname_flags.part.0+0x1c6/0x540
[  705.014033]  __x64_sys_execveat+0xe4/0x130
[  705.014073]  do_syscall_64+0xbf/0x360
[  705.014099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.014122] RIP: 0033:0x7f40acb77b19
[  705.014138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  705.014159] RSP: 002b:00007f40aa0ed188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  705.014181] RAX: ffffffffffffffda RBX: 00007f40acc8af60 RCX: 00007f40acb77b19
[  705.014195] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  705.014210] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  705.014223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  705.014236] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  705.014273]  </TASK>
[  705.078132] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  705.078132]    program syz-executor.2 not setting count and/or reply_len properly
[  705.092025] FAULT_INJECTION: forcing a failure.
[  705.092025] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  705.093278] CPU: 0 UID: 0 PID: 6632 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  705.093296] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  705.093303] Call Trace:
[  705.093308]  <TASK>
[  705.093313]  dump_stack_lvl+0xfa/0x120
[  705.093347]  should_fail_ex+0x4d7/0x5e0
[  705.093372]  _copy_from_iter+0x1dc/0x15b0
[  705.093395]  ? __pfx_perf_trace_lock+0x10/0x10
[  705.093413]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  705.093438]  ? __pfx__copy_from_iter+0x10/0x10
[  705.093460]  ? find_held_lock+0x2b/0x80
[  705.093479]  ? __create_object+0x59/0x80
[  705.093497]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  705.093517]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  705.093541]  copy_page_from_iter+0xe3/0x180
[  705.093566]  bio_copy_from_iter+0x108/0x270
[  705.093590]  blk_rq_map_user_iov+0xc07/0x1180
[  705.093614]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  705.093634]  ? __pfx___mutex_trylock_common+0x10/0x10
[  705.093652]  ? find_held_lock+0x2b/0x80
[  705.093670]  ? sg_common_write.constprop.0+0xc36/0x1710
[  705.093687]  ? lock_release+0xc8/0x290
[  705.093699]  ? import_ubuf+0x1be/0x220
[  705.093722]  blk_rq_map_user_io+0x1cf/0x200
[  705.093741]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  705.093758]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  705.093782]  ? irq_work_queue+0x9c/0x100
[  705.093799]  ? __asan_memset+0x24/0x50
[  705.093823]  sg_common_write.constprop.0+0xd75/0x1710
[  705.093846]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  705.093862]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  705.093881]  ? ___ratelimit+0x465/0xa10
[  705.093907]  sg_write.part.0+0x6a2/0xb50
[  705.093924]  ? __pfx_sg_write.part.0+0x10/0x10
[  705.093948]  ? __pfx_perf_tp_event+0x10/0x10
[  705.093966]  ? lock_acquire+0x15e/0x2f0
[  705.093982]  ? get_pid_task+0xfd/0x250
[  705.094006]  ? perf_trace_lock+0xb5/0x5d0
[  705.094021]  ? perf_trace_lock_acquire+0xc9/0x700
[  705.094035]  ? avc_policy_seqno+0x9/0x20
[  705.094053]  ? selinux_file_permission+0x99/0x600
[  705.094073]  sg_write+0x86/0xe0
[  705.094087]  vfs_write+0x2b7/0x1150
[  705.094106]  ? __pfx_sg_write+0x10/0x10
[  705.094121]  ? lock_acquire+0x15e/0x2f0
[  705.094133]  ? __fget_files+0x34/0x3b0
[  705.094154]  ? __pfx_vfs_write+0x10/0x10
[  705.094173]  ? __fget_files+0x203/0x3b0
[  705.094191]  ? lock_release+0xc8/0x290
[  705.094207]  ? __fget_files+0x20d/0x3b0
[  705.094233]  ksys_write+0x121/0x240
[  705.094253]  ? __pfx_ksys_write+0x10/0x10
[  705.094280]  do_syscall_64+0xbf/0x360
[  705.094295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.094308] RIP: 0033:0x7fbb63381b19
[  705.094318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  705.094331] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  705.094344] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  705.094352] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  705.094360] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  705.094367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  705.094375] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  705.094395]  </TASK>
13:47:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 23)

13:47:50 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2272, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:50 executing program 3:
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000180)={0x18, 0xd, 0x1, {{0x80, 0x0, 0x4}, 0x5f8bdf10}}, 0x18)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x2, 0x1f, 0x92, 0x6, 0x0, 0x9f92, 0x5000, 0x9, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x41db}, 0x160, 0x7ff, 0x9, 0x1, 0x9d, 0x1f, 0x7, 0x0, 0x7, 0x0, 0x4}, 0xffffffffffffffff, 0x2, r0, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f0000000100)={0x9, 0x28, '\x00', 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0]})
perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x5, 0x4, 0x80, 0x5, 0x0, 0x9, 0x5000, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3ff, 0x5, @perf_bp={&(0x7f00000001c0), 0x4}, 0x2a9, 0xd2b, 0x225, 0x9, 0xa6b7, 0x1a, 0x800, 0x0, 0x42c9, 0x0, 0x6a}, 0xffffffffffffffff, 0xa, r2, 0x1)

13:47:50 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

13:47:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(0x0, r0, 0x0)

13:47:50 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}}], 0x1, 0x0, 0x0)

13:47:50 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, 0x0, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:47:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 37)

[  715.046556] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  715.046556]    program syz-executor.2 not setting count and/or reply_len properly
[  715.053938] FAULT_INJECTION: forcing a failure.
[  715.053938] name failslab, interval 1, probability 0, space 0, times 0
[  715.054992] CPU: 1 UID: 0 PID: 6646 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  715.055009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  715.055016] Call Trace:
[  715.055021]  <TASK>
[  715.055026]  dump_stack_lvl+0xfa/0x120
[  715.055053]  should_fail_ex+0x4d7/0x5e0
[  715.055075]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  715.055091]  should_failslab+0xc2/0x120
[  715.055114]  __kmalloc_noprof+0xb4/0x4b0
[  715.055136]  blk_rq_map_user_iov+0x1fd/0x1180
[  715.055157]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  715.055174]  ? __pfx___mutex_trylock_common+0x10/0x10
[  715.055193]  ? find_held_lock+0x2b/0x80
[  715.055210]  ? sg_common_write.constprop.0+0xc36/0x1710
[  715.055226]  ? lock_release+0xc8/0x290
[  715.055237]  ? import_ubuf+0x1be/0x220
[  715.055259]  blk_rq_map_user_io+0x1cf/0x200
[  715.055276]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  715.055292]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  715.055315]  ? irq_work_queue+0x9c/0x100
[  715.055331]  ? __asan_memset+0x24/0x50
[  715.055355]  sg_common_write.constprop.0+0xd75/0x1710
[  715.055375]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  715.055390]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  715.055408]  ? ___ratelimit+0x465/0xa10
[  715.055432]  sg_write.part.0+0x6a2/0xb50
[  715.055447]  ? __pfx_sg_write.part.0+0x10/0x10
[  715.055462]  ? __lock_acquire+0x694/0x1b70
[  715.055481]  ? lock_acquire+0x15e/0x2f0
[  715.055493]  ? get_pid_task+0x29/0x250
[  715.055514]  ? find_held_lock+0x2b/0x80
[  715.055530]  ? get_pid_task+0xfd/0x250
[  715.055549]  ? lock_release+0xc8/0x290
[  715.055563]  ? perf_trace_lock_acquire+0xc9/0x700
[  715.055575]  ? get_pid_task+0x107/0x250
[  715.055593]  ? avc_policy_seqno+0x9/0x20
[  715.055613]  ? selinux_file_permission+0x99/0x600
[  715.055630]  sg_write+0x86/0xe0
[  715.055643]  vfs_write+0x2b7/0x1150
[  715.055662]  ? __pfx_sg_write+0x10/0x10
[  715.055675]  ? lock_acquire+0x15e/0x2f0
[  715.055686]  ? __fget_files+0x34/0x3b0
[  715.055705]  ? __pfx_vfs_write+0x10/0x10
[  715.055723]  ? __fget_files+0x203/0x3b0
[  715.055739]  ? lock_release+0xc8/0x290
[  715.055754]  ? __fget_files+0x20d/0x3b0
[  715.055777]  ksys_write+0x121/0x240
[  715.055795]  ? __pfx_ksys_write+0x10/0x10
[  715.055819]  do_syscall_64+0xbf/0x360
[  715.055832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.055845] RIP: 0033:0x7fbb63381b19
[  715.055854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  715.055866] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  715.055878] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  715.055886] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  715.055893] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  715.055900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  715.055907] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  715.055925]  </TASK>
[  715.094144] loop6: detected capacity change from 0 to 64
13:47:50 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}}], 0x1, 0x0, 0x0)

[  715.121879] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:50 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2275, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 38)

13:47:50 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2400}, "", ['\x00']}, 0x120)

13:47:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 24)

13:47:50 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000}}], 0x1, 0x0, 0x0)

13:47:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(0x0, r0, 0x0)

[  715.249151] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  715.249151]    program syz-executor.2 not setting count and/or reply_len properly
13:47:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 39)

13:47:50 executing program 3:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0)
ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000080)=[0x6, 0xffffffff])
r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
sendmsg$IPSET_CMD_RENAME(r3, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x5, 0x6, 0x401, 0x0, 0x0, {0xc, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000000)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r4=>r1}, './file0\x00'})
ioctl$EVIOCGPHYS(r4, 0x80404507, &(0x7f00000003c0)=""/214)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f00000005c0))
readv(r4, &(0x7f0000000300)=[{&(0x7f0000000180)=""/104, 0x68}, {&(0x7f0000000100)=""/58, 0x3a}, {&(0x7f0000000200)=""/233, 0xe9}], 0x3)

13:47:50 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}}], 0x1, 0x0, 0x0)

13:47:50 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, 0x0, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[  715.380925] loop6: detected capacity change from 0 to 64
[  715.398894] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
13:47:59 executing program 1:
clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, 0x0}, 0x58)

13:47:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000011300))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setresuid(0x0, r0, 0x0)
lchown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

13:47:59 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:47:59 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 25)

13:47:59 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 40)

13:47:59 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, "", ['\x00']}, 0x120)

13:47:59 executing program 3:
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, &(0x7f00000000c0)=0x1c)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:47:59 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2276, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:47:59 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x0, 0x0)

[  724.221209] loop6: detected capacity change from 0 to 64
[  724.236762] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  724.249509] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  724.249509]    program syz-executor.2 not setting count and/or reply_len properly
[  724.266223] FAULT_INJECTION: forcing a failure.
[  724.266223] name failslab, interval 1, probability 0, space 0, times 0
[  724.268276] CPU: 0 UID: 0 PID: 6710 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  724.268310] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  724.268324] Call Trace:
[  724.268333]  <TASK>
[  724.268342]  dump_stack_lvl+0xfa/0x120
[  724.268400]  should_fail_ex+0x4d7/0x5e0
[  724.268438]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  724.268484]  ? bio_kmalloc+0x3e/0x70
[  724.268524]  should_failslab+0xc2/0x120
[  724.268567]  __kmalloc_noprof+0xb4/0x4b0
[  724.268602]  ? trace_kmalloc+0x1f/0xb0
[  724.268625]  ? __kmalloc_noprof+0x215/0x4b0
[  724.268665]  bio_kmalloc+0x3e/0x70
[  724.268706]  blk_rq_map_user_iov+0x390/0x1180
[  724.268753]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  724.268789]  ? __pfx___mutex_trylock_common+0x10/0x10
[  724.268825]  ? find_held_lock+0x2b/0x80
[  724.268860]  ? sg_common_write.constprop.0+0xc36/0x1710
[  724.268890]  ? lock_release+0xc8/0x290
[  724.268913]  ? import_ubuf+0x1be/0x220
[  724.268957]  blk_rq_map_user_io+0x1cf/0x200
[  724.268992]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  724.269025]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  724.269073]  ? irq_work_queue+0x9c/0x100
[  724.269103]  ? __asan_memset+0x24/0x50
[  724.269146]  sg_common_write.constprop.0+0xd75/0x1710
[  724.269187]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  724.269218]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  724.269254]  ? ___ratelimit+0x465/0xa10
[  724.269302]  sg_write.part.0+0x6a2/0xb50
[  724.269333]  ? __pfx_sg_write.part.0+0x10/0x10
[  724.269365]  ? __lock_acquire+0x694/0x1b70
[  724.269398]  ? __pfx_perf_tp_event+0x10/0x10
[  724.269433]  ? lock_acquire+0x15e/0x2f0
[  724.269457]  ? get_pid_task+0x29/0x250
[  724.269500]  ? get_pid_task+0xfd/0x250
[  724.269539]  ? lock_release+0xc8/0x290
[  724.269568]  ? perf_trace_lock_acquire+0xc9/0x700
[  724.269594]  ? get_pid_task+0x107/0x250
[  724.269631]  ? avc_policy_seqno+0x9/0x20
[  724.269663]  ? selinux_file_permission+0x99/0x600
[  724.269699]  sg_write+0x86/0xe0
[  724.269726]  vfs_write+0x2b7/0x1150
[  724.269762]  ? __pfx_sg_write+0x10/0x10
[  724.269789]  ? lock_acquire+0x15e/0x2f0
[  724.269813]  ? __fget_files+0x34/0x3b0
[  724.269850]  ? __pfx_vfs_write+0x10/0x10
[  724.269886]  ? __fget_files+0x203/0x3b0
[  724.269921]  ? lock_release+0xc8/0x290
[  724.269951]  ? __fget_files+0x20d/0x3b0
[  724.270000]  ksys_write+0x121/0x240
[  724.270037]  ? __pfx_ksys_write+0x10/0x10
[  724.270087]  do_syscall_64+0xbf/0x360
[  724.270118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.270143] RIP: 0033:0x7fbb63381b19
[  724.270163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  724.270186] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  724.270210] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  724.270227] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  724.270241] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  724.270256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  724.270271] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  724.270307]  </TASK>
[  724.321742] hpet: Lost 2 RTC interrupts
13:48:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 26)

13:48:12 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:48:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2279, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}, "", ['\x00']}, 0x120)

13:48:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 41)

13:48:12 executing program 1:
clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, 0x0}, 0x58)

13:48:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x0, 0x0)

13:48:12 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x4, 0x103)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xa321230e5bc5ba8f, 0x12, r1, 0x8000000)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x3, 0x0, @fd=r4, 0x0, {0x0, r0}, 0xfffffff8, 0x4, 0x0, {0x0, 0x0, r5}}, 0x9)

13:48:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227a, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  737.173949] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  737.173949]    program syz-executor.2 not setting count and/or reply_len properly
13:48:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 42)

13:48:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x14}], 0x1, 0x0, 0x0)

13:48:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbfffffff}, "", ['\x00']}, 0x120)

13:48:12 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0611, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x9}, 0x320c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:48:12 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2276, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 27)

13:48:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 43)

13:48:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227b, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:12 executing program 1:
clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, 0x0}, 0x58)

[  737.381669] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  737.381669]    program syz-executor.2 not setting count and/or reply_len properly
[  737.387416] FAULT_INJECTION: forcing a failure.
[  737.387416] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  737.388374] CPU: 0 UID: 0 PID: 6765 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  737.388390] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  737.388397] Call Trace:
[  737.388402]  <TASK>
[  737.388406]  dump_stack_lvl+0xfa/0x120
[  737.388433]  should_fail_ex+0x4d7/0x5e0
[  737.388458]  _copy_from_iter+0x1dc/0x15b0
[  737.388481]  ? lock_is_held_type+0x9e/0x120
[  737.388504]  ? __pfx__copy_from_iter+0x10/0x10
[  737.388524]  ? find_held_lock+0x2b/0x80
[  737.388543]  ? __create_object+0x59/0x80
[  737.388558]  ? lock_release+0xc8/0x290
[  737.388571]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  737.388595]  copy_page_from_iter+0xe3/0x180
[  737.388617]  bio_copy_from_iter+0x108/0x270
[  737.388639]  blk_rq_map_user_iov+0xc07/0x1180
[  737.388661]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  737.388678]  ? __pfx___mutex_trylock_common+0x10/0x10
[  737.388695]  ? find_held_lock+0x2b/0x80
[  737.388711]  ? sg_common_write.constprop.0+0xc36/0x1710
[  737.388727]  ? lock_release+0xc8/0x290
[  737.388737]  ? import_ubuf+0x1be/0x220
[  737.388758]  blk_rq_map_user_io+0x1cf/0x200
[  737.388775]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  737.388791]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  737.388817]  ? irq_work_queue+0x9c/0x100
[  737.388833]  ? __asan_memset+0x24/0x50
[  737.388855]  sg_common_write.constprop.0+0xd75/0x1710
[  737.388875]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  737.388890]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  737.388907]  ? ___ratelimit+0x465/0xa10
[  737.388931]  sg_write.part.0+0x6a2/0xb50
[  737.388946]  ? __pfx_sg_write.part.0+0x10/0x10
[  737.388961]  ? __lock_acquire+0x694/0x1b70
[  737.388977]  ? __pfx_perf_tp_event+0x10/0x10
[  737.388994]  ? lock_acquire+0x15e/0x2f0
[  737.389006]  ? get_pid_task+0x29/0x250
[  737.389028]  ? get_pid_task+0xfd/0x250
[  737.389046]  ? lock_release+0xc8/0x290
[  737.389060]  ? perf_trace_lock_acquire+0xc9/0x700
[  737.389073]  ? get_pid_task+0x107/0x250
[  737.389091]  ? avc_policy_seqno+0x9/0x20
[  737.389107]  ? selinux_file_permission+0x99/0x600
[  737.389124]  sg_write+0x86/0xe0
[  737.389137]  vfs_write+0x2b7/0x1150
[  737.389155]  ? __pfx_sg_write+0x10/0x10
[  737.389168]  ? lock_acquire+0x15e/0x2f0
[  737.389180]  ? __fget_files+0x34/0x3b0
[  737.389198]  ? __pfx_vfs_write+0x10/0x10
[  737.389216]  ? __fget_files+0x203/0x3b0
[  737.389233]  ? lock_release+0xc8/0x290
[  737.389247]  ? __fget_files+0x20d/0x3b0
[  737.389270]  ksys_write+0x121/0x240
[  737.389288]  ? __pfx_ksys_write+0x10/0x10
[  737.389312]  do_syscall_64+0xbf/0x360
[  737.389325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.389337] RIP: 0033:0x7fbb63381b19
[  737.389352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  737.389363] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  737.389375] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  737.389383] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  737.389390] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  737.389397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  737.389404] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  737.389422]  </TASK>
13:48:22 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 28)

13:48:22 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227b, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:22 executing program 3:
r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x808, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x6, 0x10004}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netfilter\x00')
perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x4, 0x2, 0x3f, 0x7, 0x0, 0x1f, 0x12140, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xce, 0x0, @perf_bp={&(0x7f0000000000), 0x8}, 0x80, 0xa0e, 0xffff0001, 0x3, 0x6, 0x0, 0x1, 0x0, 0xf2, 0x0, 0x24000000}, 0xffffffffffffffff, 0xe, r0, 0xa)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000000280)={0x3ff, 0x9, 0x2, 0x0, 0x9, [{0x9, 0xec0, 0x200, '\x00', 0x100}, {0xdce, 0xfffffffffffffe00, 0x7fff, '\x00', 0x8}, {0x2, 0xfffffffffffff53d, 0x1, '\x00', 0x1}, {0x80000000, 0xab, 0x5, '\x00', 0x800}, {0x1fffffffe00, 0x79, 0x0, '\x00', 0x400}, {0x3f, 0x0, 0xe2bb, '\x00', 0x2008}, {0xbe08, 0x3ff, 0x8, '\x00', 0x702}, {0x2, 0x1, 0xffffffff80000001}, {0x809, 0x3, 0x7fffffff, '\x00', 0x2}]})
r3 = dup(r2)
setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000001080)=0xfffffffd, 0x4)
dup2(r0, r0)
perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x0, 0x5, 0x6, 0x8, 0x0, 0x9, 0x20, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7e5, 0x0, @perf_config_ext={0xffffffff9166621b, 0xe47}, 0x0, 0x1, 0x10001, 0x3, 0x93, 0x8, 0xd78, 0x0, 0x9b, 0x0, 0x9}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:48:22 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 44)

13:48:22 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x1400}], 0x1, 0x0, 0x0)

13:48:22 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffbf}, "", ['\x00']}, 0x120)

13:48:22 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227c, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:22 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0], 0x1}, 0x58)

[  747.535808] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  747.535808]    program syz-executor.2 not setting count and/or reply_len properly
[  747.543174] FAULT_INJECTION: forcing a failure.
[  747.543174] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.544853] CPU: 1 UID: 0 PID: 6783 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  747.544880] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  747.544891] Call Trace:
[  747.544898]  <TASK>
[  747.544906]  dump_stack_lvl+0xfa/0x120
[  747.544946]  should_fail_ex+0x4d7/0x5e0
[  747.544981]  _copy_from_iter+0x1dc/0x15b0
[  747.545022]  ? __pfx__copy_from_iter+0x10/0x10
[  747.545055]  ? find_held_lock+0x2b/0x80
[  747.545084]  ? __create_object+0x59/0x80
[  747.545108]  ? lock_release+0xc8/0x290
[  747.545128]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  747.545163]  copy_page_from_iter+0xe3/0x180
[  747.545197]  bio_copy_from_iter+0x108/0x270
[  747.545230]  blk_rq_map_user_iov+0xc07/0x1180
[  747.545263]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  747.545290]  ? __pfx___mutex_trylock_common+0x10/0x10
[  747.545317]  ? find_held_lock+0x2b/0x80
[  747.545342]  ? sg_common_write.constprop.0+0xc36/0x1710
[  747.545372]  ? lock_release+0xc8/0x290
[  747.545389]  ? import_ubuf+0x1be/0x220
[  747.545420]  blk_rq_map_user_io+0x1cf/0x200
[  747.545446]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  747.545470]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  747.545504]  ? irq_work_queue+0x9c/0x100
[  747.545527]  ? __asan_memset+0x24/0x50
[  747.545559]  sg_common_write.constprop.0+0xd75/0x1710
[  747.545591]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  747.545614]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  747.545641]  ? ___ratelimit+0x465/0xa10
[  747.545677]  sg_write.part.0+0x6a2/0xb50
[  747.545700]  ? __pfx_sg_write.part.0+0x10/0x10
[  747.545725]  ? __lock_acquire+0x694/0x1b70
[  747.545755]  ? lock_acquire+0x15e/0x2f0
[  747.545774]  ? get_pid_task+0x29/0x250
[  747.545803]  ? find_held_lock+0x2b/0x80
[  747.545828]  ? get_pid_task+0xfd/0x250
[  747.545857]  ? lock_release+0xc8/0x290
[  747.545879]  ? perf_trace_lock_acquire+0xc9/0x700
[  747.545898]  ? get_pid_task+0x107/0x250
[  747.545925]  ? avc_policy_seqno+0x9/0x20
[  747.545949]  ? selinux_file_permission+0x99/0x600
[  747.545977]  sg_write+0x86/0xe0
[  747.545997]  vfs_write+0x2b7/0x1150
[  747.546024]  ? __pfx_sg_write+0x10/0x10
[  747.546044]  ? lock_acquire+0x15e/0x2f0
[  747.546062]  ? __fget_files+0x34/0x3b0
[  747.546089]  ? __pfx_vfs_write+0x10/0x10
[  747.546116]  ? __fget_files+0x203/0x3b0
[  747.546141]  ? lock_release+0xc8/0x290
[  747.546164]  ? __fget_files+0x20d/0x3b0
[  747.546200]  ksys_write+0x121/0x240
[  747.546227]  ? __pfx_ksys_write+0x10/0x10
[  747.546264]  do_syscall_64+0xbf/0x360
[  747.546285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.546305] RIP: 0033:0x7fbb63381b19
[  747.546319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  747.546337] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  747.546356] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  747.546369] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  747.546380] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  747.546392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  747.546403] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  747.546431]  </TASK>
13:48:22 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x40000}], 0x1, 0x0, 0x0)

13:48:22 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_secret(0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f00000000c0)=0x1f)
r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14, 0x0)
dup2(r0, r2)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
write$binfmt_script(r4, &(0x7f0000000180)={'#! ', './file1', [{0x20, 'fd\x00'}, {0x20, 'fd\x00'}, {0x20, 'fd\x00'}], 0xa, "45ef00d6bcf44ea3dff5a8c6e3727fbc8551eedabfc5ad146cdab71d21c8a52e52239bbb5f4c93639128f8ba02fe4cedc61a01a9ed34b2fa2e5608dd28f36a202e5eb02c761ccdb0d75652a395b5d980f6ef6c054f62891adaded1547eabf6cf97a02ed74fd66fc85f1c072769c0ff223ef4bd3ff55ebc59a8a4348d0656c373"}, 0x97)

13:48:22 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227d, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:22 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227a, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:22 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) (fail_nth: 45)

13:48:22 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x80000}], 0x1, 0x0, 0x0)

13:48:22 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 29)

13:48:22 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:48:22 executing program 3:
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8102c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6061}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xb)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1)
ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000040)=0x7)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:48:22 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0], 0x1}, 0x58)

[  747.926784] FAULT_INJECTION: forcing a failure.
[  747.926784] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.928528] CPU: 0 UID: 0 PID: 6819 Comm: syz-executor.5 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  747.928558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  747.928570] Call Trace:
[  747.928578]  <TASK>
[  747.928587]  dump_stack_lvl+0xfa/0x120
[  747.928632]  should_fail_ex+0x4d7/0x5e0
[  747.928672]  _copy_to_user+0x32/0xd0
[  747.928712]  simple_read_from_buffer+0xe0/0x180
[  747.928746]  proc_fail_nth_read+0x18a/0x240
[  747.928784]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  747.928820]  ? security_file_permission+0x22/0x90
[  747.928852]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  747.928888]  vfs_read+0x1eb/0xc70
[  747.928928]  ? __pfx_vfs_read+0x10/0x10
[  747.928963]  ? lock_release+0xc8/0x290
[  747.928992]  ? __fget_files+0x20d/0x3b0
[  747.929037]  ksys_read+0x121/0x240
[  747.929070]  ? __pfx_ksys_read+0x10/0x10
[  747.929114]  do_syscall_64+0xbf/0x360
[  747.929139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.929162] RIP: 0033:0x7f40acb2a69c
[  747.929178] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  747.929199] RSP: 002b:00007f40aa0ed170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  747.929220] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f40acb2a69c
[  747.929235] RDX: 000000000000000f RSI: 00007f40aa0ed1e0 RDI: 0000000000000004
[  747.929249] RBP: 00007f40aa0ed1d0 R08: 0000000000000000 R09: 0000000000000000
[  747.929262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  747.929275] R13: 00007ffeef3c066f R14: 00007f40aa0ed300 R15: 0000000000022000
[  747.929308]  </TASK>
[  747.954720] hpet: Lost 1 RTC interrupts
[  747.981249] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  747.981249]    program syz-executor.2 not setting count and/or reply_len properly
[  747.986118] FAULT_INJECTION: forcing a failure.
[  747.986118] name failslab, interval 1, probability 0, space 0, times 0
[  747.987318] CPU: 1 UID: 0 PID: 6825 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  747.987337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  747.987350] Call Trace:
[  747.987355]  <TASK>
[  747.987360]  dump_stack_lvl+0xfa/0x120
[  747.987392]  should_fail_ex+0x4d7/0x5e0
[  747.987417]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  747.987436]  should_failslab+0xc2/0x120
[  747.987461]  __kmalloc_noprof+0xb4/0x4b0
[  747.987487]  blk_rq_map_user_iov+0x1fd/0x1180
[  747.987512]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  747.987532]  ? __pfx___mutex_trylock_common+0x10/0x10
[  747.987553]  ? find_held_lock+0x2b/0x80
[  747.987573]  ? sg_common_write.constprop.0+0xc36/0x1710
[  747.987592]  ? lock_release+0xc8/0x290
[  747.987605]  ? import_ubuf+0x1be/0x220
[  747.987630]  blk_rq_map_user_io+0x1cf/0x200
[  747.987650]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  747.987669]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  747.987695]  ? irq_work_queue+0x9c/0x100
[  747.987713]  ? __asan_memset+0x24/0x50
[  747.987737]  sg_common_write.constprop.0+0xd75/0x1710
[  747.987761]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  747.987778]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  747.987799]  ? ___ratelimit+0x465/0xa10
[  747.987827]  sg_write.part.0+0x6a2/0xb50
[  747.987845]  ? __pfx_sg_write.part.0+0x10/0x10
[  747.987863]  ? __lock_acquire+0x694/0x1b70
[  747.987886]  ? lock_acquire+0x15e/0x2f0
[  747.987899]  ? get_pid_task+0x29/0x250
[  747.987923]  ? find_held_lock+0x2b/0x80
[  747.987942]  ? get_pid_task+0xfd/0x250
[  747.987965]  ? lock_release+0xc8/0x290
[  747.987981]  ? perf_trace_lock_acquire+0xc9/0x700
[  747.987996]  ? get_pid_task+0x107/0x250
[  747.988017]  ? avc_policy_seqno+0x9/0x20
[  747.988036]  ? selinux_file_permission+0x99/0x600
[  747.988056]  sg_write+0x86/0xe0
[  747.988072]  vfs_write+0x2b7/0x1150
[  747.988094]  ? __pfx_sg_write+0x10/0x10
[  747.988109]  ? lock_acquire+0x15e/0x2f0
[  747.988123]  ? __fget_files+0x34/0x3b0
[  747.988144]  ? __pfx_vfs_write+0x10/0x10
[  747.988165]  ? __fget_files+0x203/0x3b0
[  747.988185]  ? lock_release+0xc8/0x290
[  747.988202]  ? __fget_files+0x20d/0x3b0
[  747.988229]  ksys_write+0x121/0x240
[  747.988250]  ? __pfx_ksys_write+0x10/0x10
[  747.988279]  do_syscall_64+0xbf/0x360
[  747.988295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.988310] RIP: 0033:0x7fbb63381b19
[  747.988321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  747.988334] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  747.988348] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  747.988357] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  747.988366] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  747.988374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  747.988382] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  747.988403]  </TASK>
13:48:33 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0], 0x1}, 0x58)

13:48:33 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227d, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:33 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='auxv\x00')
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
finit_module(r1, &(0x7f0000000040)='auxv\x00', 0x3)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:48:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)

13:48:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x1000000}], 0x1, 0x0, 0x0)

13:48:33 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:48:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227e, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 30)

[  758.068168] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  758.068168]    program syz-executor.2 not setting count and/or reply_len properly
13:48:33 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

13:48:33 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227c, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x14000000}], 0x1, 0x0, 0x0)

13:48:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227f, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2)

13:48:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 31)

13:48:33 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x6, 0x5, &(0x7f00000013c0)=[{&(0x7f00000000c0)="20d59173a6589672ee619e81d46967fdbbef4cad21c3bc3dd7300f43c771c418cf2a6640fb9ea68d82d1dec243f95c443927ca71013a32a5b5ad0a2820dbc6a96ed89beffc268bbfd2e85c282d15a9e1d6cf682c0a0ae1e75c33bc221280025b3d547ffede5394a005356aad3cd1", 0x6e, 0xfffffffffffffffa}, {&(0x7f0000000180)="65189f2b81267f9ff8872a18e963639e0671264fd778de86ba9db9adceb120752de5a7a288e79590441150c75131c2", 0x2f, 0x3}, {&(0x7f00000003c0)="e9b93aa81cc8f3bde6220c57cdff38cd0f51c3ee5afcbbfdc2c5468503fb6b25a1fc7c27e83f41aff45abe81887eb8ab2144b9cdb662be05819e401c75a784fa46183cbd63acb8884b1ae10df812fe47ffbcf4f8d8c9a87232e5abe8dc651a55eb82d58b7a9cb60590ee6c0a64b9b22b1cf9700cf117429c5f6066f87ffef3a5a4655266558ecda68f04dd0a6c383158ef488239ddcb01642194b5b90560fe62639f134ea8e395f910ba1aaa6c12adbe66fe5f0abbd61e6156e3122e9a6c8fdafa0bbfd6ad77568952f1951afd22a0fdd1b994f8017d9e3e74b4ffed74982b2fec04e4cfb9f717cc6ce44f19d8a20f3ea9b400f1db155dedd845443df59b8177a3e9fdc63fa11f311abb7fd0f29c833a0600de6165a8127bdd9c81eec68452fab667adec20a1f8134ddcac6a9f22811c1ded97b1a171e493614134aff44a93a406937e88e45b8b70665bd04052fded1a6e75e1986bc32f4f3aa3f3e4e66555d4c6c6226a0f41e86703828b01d4b09138dd77afd5b623f127670757bb9ef96b6a8c626a710b2e0680e435f61a0f8a856b7cc9a8f0f89105fcc2028f34140e89deff68c1f7b45dda8e4ea171afa19383c0e37a0e33233a563c51a72c090c0a948128cefb1afa07843f251221e95faaaf574cbf248e0014b85127f87e17ecdce4e4f62efece20cbefa079a65ab49b7fc14b0bb3ae52a855e613f2f8a4220235ca3c535296d6c1444267f8ba2ca171b1be94f8a6453b1bbf9ffd84af5b85055c4abf0c431c954c97a510ab43b5211948aad19aaeeed7040a045cb1534ed2b9779b60a2d78b505e6f2205098f27db517d3229344ba4ce50358d4e6237735cd3b4b6d6d3a91dfe605f81157246fac1e41f3265268ab47d66ca3eaa2c4a078ffc40d532345a9f9815f7d3e5812689e03956a48daf453020d3ca33871f24516cc19484cc83b8860c9cb11a5017a30f88461256889bf36099c05dd00d74fa8a4e15bce86e42b90689d0da40e62abeb290c2be35b07a99daec323ca4e3a08b0aa0e8535054bc9e26791dceba48560503ea501d34d42c7968db99213010342e605f1599e124eb1e0156363e4ef7ce0ca31035aff3313ab35d51addfa6984a0be8c70d008cb9a0b77cf3b27149f1ee19c959a7a5591c79a03c1d13ead61ac4aa302aba447896d67e7ea8cf1cd67140016d2774c8b54514a2c96666bb5cfb4a4dcc1c77d3f5d6133211e46f6f67a80ae20766f956efbcd7b20a82a672da5fb2f434c1453719e8ccd477d51e5fde8c87d8b4a7b27e5cf31fcc0b4009f98a3427b5d57e2bcdfaab202dce157c5f3b9ae2f065a469afaef3416550f2d0cb0154f30a88f6ed9ce71c4ebd5e70dba9c5d38f00fb5ffea6f5c6e6f28fbcadc201a8ee827a508a2d28c213e40ae51b38bc891896a6192a6ebecd1d658e1e0a23cb7c4ae63917f9d9fc343ced701c3974b07eb1a6de02f2985ac59ffa5225908c7aa09ffa16af1ac9311bff36cd5759311fcbaa6bf44872bd58d978c4467d076ac371ea6d31b6358b8a504a776f5ce8028a4fc01e5ecca97b90844984d126fdb62fc86ae5236f5c3f050998ab798aaba92355b577ef3dce3668ed7c586d2ca40f6dec5766680cc34416fcfff347561a4c8386a367154e09ef09b496bbab7bdf23bb90e0d5ab6d1e4ddeffcaaa1d6aaf2cfe93c34e9127fb5df72ff6c5fb1f4b0aae9dd1564c38581f86819c5f63b15151e0739aedcc6d151f010da7033ac53a1a54f11e968ff89fd4d82921858ba4b380a782ce7762b4a72ebbd8074305ddaf4ebfdcae6a0267aeaf3a4185a3712bd02573e220596f7f294f6298279d87307a098124793cf4f3bedb079d7ea58323ffd173a55e518bd86e507aabb4da230093fe14bf57b40cdd9bc21114779e3d644bc2b21a76ed5882d46a60b6c9b252097e1912bf7d217d74658aa07ba34ada07644cadfdd50df6591e4f7040bcf5fd266951416d609e3efc3e5bef08a5f94c1f9eee015c0621bf10b21d608f9d3b105b41f0664730d392d0928186df3315637b98b694fc914dfc1f36d492f3a2941183250c2749e1906b09fbf1330a6108aa6b8eb2b2b880d8bc468e48db5d34a6e209242cb19368cfaf11a42f08cee11ed9592419a7dbcad23d4276fcc7f8f62dc6949e3eb5ce38a4f68e81a2d9db05d659813debe8a2cc130e6b175ca27ba6d69541f6d17967eda8505c1c106cb156850d63da3fdd1024759bf399b3a2ee8f0e6230e500796127d9a2150697128d90bfbf3e3850872d55fdce364b59902f7a06bd4887173ffd00b005515bd09e9ca439ce8c7d2e97c4655b23700dc0503f75f66f6b93dfec4df8ebbd11224f6b70768a4d5657881debd955e6b1ba963467cceb76548a615febc938d7f59b3c6daa060c98f95dcc3f27668f9f3b4b2205cf63043b6131c77effe2b5bc585e3bdd2b9e1b1ebd2c4861ddc0d0cd3a3f63deb063ce344f7afb9e091ee9e57f8aa444db517cfdfc56a7b254fb7e1db801ade39f898d9ab97ce0a987b075405c9055fc92a3139775c19dd2781dc9ccf2eb79d1d0a101f5a48ceb88baf8194c678b9ddd3eda0a88e693d7451455b915657c1d1e14b4914a477d2e31fca7b46d3bc772ddc4741bb216b18d8348d98a8d4943c16f1ad1959d6f8df82d369758657ce6859b15d3ec318e6efbfa5f576f302ea1be69c5392b6a4996ff5211015a4fe24c155dcfe5f9196f3d06844b9e83c42b619cfb204a9a8ae1556c4874a0e5328174ccabac060a4fc2163d7bd6d921baab5ffbf2365c59151612708bbd48e40405c6eb9ea81a3e0ba0aedfc5540dd80edba8cf7b9a209b42880e6eb6c27bffcd0c952e6b83a9afeed23d7b58a52addf9979cea34e21761d73fedbdefe2288d4eb03a878c17b4ed08326f11dc3bd4ad95763023489e26b596bd81e9e6b40889d3c7e31f8333d84c6d84573ea30993b560dab067fa12e5bc14ac13446aaee304caba9584eb00328eea6f602409fbcee4f6e4388e6ad3f13ab05154665cbcedcf180feb1d9d75f02a17da5a769afa49a5c47cd8880142ec682d2860e762e708a7cc4c3f0e6fbf4b468e4489731076869c4de896ef04eddd482aff70b668ab244098cbc2742a8bdf0ad9c232dc999e726f1c7ddb04fb26b2c453d6d9553a7c86de73167cfd9896702be59345aa35f1196c5511c5172b139e89aa9f7f9b2cbd3fcae9312b1440f2246ef29a102b5a8f1762b087a3c996386f200379349c6721dd02d295d30a953aeeaf5b350b2de45572c8c99ad33f56f01bf04f39faed10bef09105f3b20e4ee6ba4472c306e3c6a784d6c3122ac1d0e6020d9be880f548c1f27835ea7ff5424b8ee3b96a53c599652c01bccc677923758dcd47664f0aacba710f41863934210ee689af71ee27df7a86b9c10488bdee3f77e6cfa3c5e3309314960d4f19b6c7db4c744fc100a5fbb7a01e0d496a5d222450958e0c73ba6fb72af4d8155a74b378088f5edb8df3fe4135b28adc8c328ffb217c7a66bb5f1330f6d7eb02037619ce12e452c1d1d3b591ecb60d15d4e5c3d1c2db757b9297bb364c684fa22723e6110db8f8e7a503e6ca4104f54bce26348b8daf4f470658a0fa754ae424544f759d43bee31ab6b073414397ad3191c641f19304c66ea596eb2d3a76cd8f8671e8702f2690fd19c0421d97ff6daec32ea96f81fccc8132bca542a751e3584096457996f1e0d863d89a739fec0fd1d5b4d75aad6522a62742a7c1f37ab1f753f390d8629600b6772c458067068571a981d347c37d47315bd5dbe8035981a4240bf0c68be46a26e269edc3497470bdb614c8ad98602062066a54dfbc6bd8a2ce555e55b23b04ee307cb63e9c21d911a4c548a5b3b8e0b342eaafec104ec175fa2aa780263857d4dc555a5dd6bb54c48b04b80637400db2a934bbbd39b8034c2343a50e18511ffeefa20e42d39a51e5912b10c35937b8689e0eae0b0bdacfb8c0f8b2149666728224a0f6126991c8bf284f7528619695bc6ff12cf920b7ad2a2f295db11d79970b19da87049a8f8793a7b18587fad9c50f98457e81e7813198c20420cedd7396ddac8c4cbda457d98622d7ceb49a996a1475cbfa78757181e3dc6aeec509099a2dd40c981a89bc158437aae4abc8b1d0fba488ea36126dfa3780f7688d8b36414d15217d60bfc66bab65f4f2f3d326ccea1c2b2be03b7e5ff0b2f960579052cb74289fd080e079373f1bf2caeb23f9a254f9dc37274ddda71245c5d32f2f632acfda216436a5d1534932e8691e66f5dc1db80de96ef3e30b6d7b52e0047a87020d58a4ec5cdc46026daa4568f6a4a65d92b85f593936abafac5a45a41853b713465c9d4fe4bd96b65cea4ff4d39110cd2de237d1edea5593cb35421e870db4586790258218b02dcc810ff2fb208c92f529a3d511d46de931aeb68dc29240f3c16b127f10bf86ddccffbff78fae7d2dbb9d364d87c107897c2dd6987411727db321c4e80c3d0f23a312aa1d5c82c9d07840c4bf3ad390574c9bf61f1b13d258afe9bbe6a682367f1bbe652966e98958b77309bb6424b2a21fab42ab6e88e4b4ff30c3b79fcacc4b5035a589530ebcb2f9f2b7d061c4fb92708b33abca2d8223b019803e5d9e2ed34f5194190c97ad769485a4b60a678f2676775423aff503d11bbf86a5d132e364a0c28244ff79659be90878ac84a9c7b4e9d0c2099a1a31a8958d0f6e9df65a10bc5471a2ea57d1346a55300c8960337e0bb08691cf1a0ce8e4aa833c94a8a83e1a1fd0ee4855c81b66019b4ce3bcd1b37aefc5b4001371ac90e4cbb118e46ebfcfc3dac6511cc9f95c5f7ac18b1b9955958df8710b2514efafdf3d2d60f153cf48a57d4bc1d5a8083a2312f0e22cf4bd4dd33b08ce7afb60db911a4cc3d46317eaf34d7ba716ec9868482e39688d036718dec286f7445d203663005678097b8b294282115f08224ec874fcbd2f143c4d2e2ca0934f5d1757e0cdff4feaea801017a736175792df521e54a26b74700c290acf48fca698cdeec3aaa72116c92efad2dc6b4716821bd0bc38eab1850db0435453bbe29b90cb300f11a8492d6422fff304c28df5bd14d3fd8e6a4696ebd30223021945d119bafb03457794422e3286c83e99f0b03610e8059cb86cab878bb4ac9572b0f3c3dcca28bfa688a8bf02d32025342daba4b9ce3f494325ea4e901d6b29087edfa4d3dc3fb8fcc9a649b150b17fdcec449c35e21d92160f1a4a46e79b7ee79bd3cf89016fcb489409935ac13f5dc536285b0cf08a7f672b2031bd95c6a080100de809ae047bc73ef8ee6bcf67d7d55234757119bd6cb187178092f8b9ffdbf623d285d66f8d5d08fb3f38e060d949fd15182d9097a48c39237a41ccac0dc7512b29eb8f3bd93a48edabef28e770f9afe630f18462cc650b45c86c4ea61587d9cffa361a007fef897c51580079f9dc0ff15842c523c6e1090d29f7938b27b08dbb77e1c5ed7dccc8e5c4be2253b71c26dd7e8f4f80a8fb81fcd255a8fd1c6248e5b4082ba78c42899f8feb2c762ed97229595ec6d2a06c2a317073eba4e32ecf48dc4d4e5c4fb7e11b455f4d71ddcbf3d5b0d93e326fc58629d9c7bd013811ac0650851a8ca0ceaab7c38861066b6d30f19ceaf0030b172b51da47d4b00512c64999089dd556307f108ef08d58a067d12cd7e1650e7e3c535a9243005d5f48e078496521f8fb9911786a50db9d364b9dcccbdac0f9817d4035f0fc86b39be1187711790921b2f1500d86922cc0f9896f6717c253d76a12a3d6f0120706aaf7f1f344", 0x1000, 0x9}, {&(0x7f00000001c0)="c15495912926e6e2f149ff8ffc3d1e9eb89f872d19", 0x15, 0xffffffffffffffe1}, {&(0x7f0000000200)="f48d3a0f3ac13f08209bca00198fe84138f1eec9f29cb4c3bfaa6d52f927ca124b2bcc2884686479cb0184c464923ec79650d2407f32117502f5896ed87be99a8f547067f06771238d5db04adcc7964ecdef4782508b239d0c90acdd84a90408b55c5f8ffc9a29c2e317398bb7440d7a32437734f6781c60f3ce6612b0a994c0eb53ae68fae532bd6b036847e6197c1bcea0ac5cb6611e4776ffb4211e0b48e39c0ce2f580394c8d7dae2b82b30e0bb45bbf52eb5984d21f6c56cd498b421687d48fb13be378d209748402", 0xcb, 0x5}], 0x400, &(0x7f0000001440)={[{@iocharset={'iocharset', 0x3d, 'maccyrillic'}}], [{@smackfsfloor={'smackfsfloor', 0x3d, '\x91(\'}]*!)*#@!(\'\x99{-&))-:.}'}}, {@fsuuid={'fsuuid', 0x3d, {[0x33, 0x39, 0x32, 0x63, 0x63, 0x30, 0x31, 0x61], 0x2d, [0x33, 0x34, 0x32, 0x66], 0x2d, [0x62, 0x30, 0x31, 0x36], 0x2d, [0x39, 0x64, 0x30, 0x32], 0x2d, [0x33, 0x7, 0x36, 0x30, 0x39, 0x38, 0x30, 0x63]}}}]})

13:48:33 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, 0x0], 0x2}, 0x58)

13:48:33 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227e, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  758.373922] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  758.373922]    program syz-executor.2 not setting count and/or reply_len properly
[  758.385274] FAULT_INJECTION: forcing a failure.
[  758.385274] name failslab, interval 1, probability 0, space 0, times 0
[  758.386559] CPU: 1 UID: 0 PID: 6877 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  758.386582] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  758.386591] Call Trace:
[  758.386598]  <TASK>
[  758.386604]  dump_stack_lvl+0xfa/0x120
[  758.386640]  should_fail_ex+0x4d7/0x5e0
[  758.386666]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  758.386698]  ? bio_kmalloc+0x3e/0x70
[  758.386724]  should_failslab+0xc2/0x120
[  758.386753]  __kmalloc_noprof+0xb4/0x4b0
[  758.386777]  ? trace_kmalloc+0x1f/0xb0
[  758.386793]  ? __kmalloc_noprof+0x215/0x4b0
[  758.386821]  bio_kmalloc+0x3e/0x70
[  758.386849]  blk_rq_map_user_iov+0x390/0x1180
[  758.386882]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  758.386907]  ? __pfx___mutex_trylock_common+0x10/0x10
[  758.386932]  ? find_held_lock+0x2b/0x80
[  758.386956]  ? sg_common_write.constprop.0+0xc36/0x1710
[  758.386977]  ? lock_release+0xc8/0x290
[  758.386992]  ? import_ubuf+0x1be/0x220
[  758.387022]  blk_rq_map_user_io+0x1cf/0x200
[  758.387065]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  758.387087]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  758.387119]  ? irq_work_queue+0x9c/0x100
[  758.387140]  ? __asan_memset+0x24/0x50
[  758.387170]  sg_common_write.constprop.0+0xd75/0x1710
[  758.387200]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  758.387221]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  758.387246]  ? ___ratelimit+0x465/0xa10
[  758.387279]  sg_write.part.0+0x6a2/0xb50
[  758.387301]  ? __pfx_sg_write.part.0+0x10/0x10
[  758.387323]  ? __lock_acquire+0x694/0x1b70
[  758.387358]  ? lock_acquire+0x15e/0x2f0
[  758.387374]  ? get_pid_task+0x29/0x250
[  758.387402]  ? find_held_lock+0x2b/0x80
[  758.387425]  ? get_pid_task+0xfd/0x250
[  758.387451]  ? lock_release+0xc8/0x290
[  758.387472]  ? perf_trace_lock_acquire+0xc9/0x700
[  758.387489]  ? get_pid_task+0x107/0x250
[  758.387514]  ? avc_policy_seqno+0x9/0x20
[  758.387536]  ? selinux_file_permission+0x99/0x600
[  758.387561]  sg_write+0x86/0xe0
[  758.387580]  vfs_write+0x2b7/0x1150
[  758.387605]  ? __pfx_sg_write+0x10/0x10
[  758.387624]  ? lock_acquire+0x15e/0x2f0
[  758.387640]  ? __fget_files+0x34/0x3b0
[  758.387665]  ? __pfx_vfs_write+0x10/0x10
[  758.387689]  ? __fget_files+0x203/0x3b0
[  758.387713]  ? lock_release+0xc8/0x290
[  758.387734]  ? __fget_files+0x20d/0x3b0
[  758.387769]  ksys_write+0x121/0x240
[  758.387794]  ? __pfx_ksys_write+0x10/0x10
[  758.387829]  do_syscall_64+0xbf/0x360
[  758.387848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  758.387866] RIP: 0033:0x7fbb63381b19
[  758.387879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  758.387895] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  758.387911] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  758.387922] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  758.387932] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  758.387942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  758.387952] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  758.387979]  </TASK>
13:48:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 32)

13:48:42 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x1, 0x2, 0x7f, 0x8, 0x0, 0x9, 0x100, 0x6, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x6}, 0x810, 0x64e, 0x5, 0xbfc21e19ba152179, 0x8, 0xf9d1, 0x9, 0x0, 0x8000, 0x0, 0x6}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0xa)

13:48:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x3)

13:48:42 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0xffffff7f}], 0x1, 0x0, 0x0)

13:48:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2282, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:42 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227f, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:42 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, 0x0], 0x2}, 0x58)

13:48:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2400}, "", ['\x00']}, 0x120)

[  767.690621] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  767.690621]    program syz-executor.2 not setting count and/or reply_len properly
13:48:42 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227f, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:42 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mknodat$null(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:48:42 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)

13:48:42 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, 0x0], 0x2}, 0x58)

13:48:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 33)

13:48:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, "", ['\x00']}, 0x120)

13:48:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2283, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x4)

[  767.947029] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  767.947029]    program syz-executor.2 not setting count and/or reply_len properly
[  767.957160] FAULT_INJECTION: forcing a failure.
[  767.957160] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  767.958112] CPU: 1 UID: 0 PID: 6929 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  767.958128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  767.958136] Call Trace:
[  767.958140]  <TASK>
[  767.958145]  dump_stack_lvl+0xfa/0x120
[  767.958172]  should_fail_ex+0x4d7/0x5e0
[  767.958195]  _copy_from_iter+0x1dc/0x15b0
[  767.958221]  ? __pfx__copy_from_iter+0x10/0x10
[  767.958242]  ? find_held_lock+0x2b/0x80
[  767.958260]  ? __create_object+0x59/0x80
[  767.958274]  ? lock_release+0xc8/0x290
[  767.958287]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  767.958310]  copy_page_from_iter+0xe3/0x180
[  767.958333]  bio_copy_from_iter+0x108/0x270
[  767.958359]  blk_rq_map_user_iov+0xc07/0x1180
[  767.958380]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  767.958397]  ? __pfx___mutex_trylock_common+0x10/0x10
[  767.958414]  ? find_held_lock+0x2b/0x80
[  767.958431]  ? sg_common_write.constprop.0+0xc36/0x1710
[  767.958447]  ? lock_release+0xc8/0x290
[  767.958457]  ? import_ubuf+0x1be/0x220
[  767.958478]  blk_rq_map_user_io+0x1cf/0x200
[  767.958495]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  767.958510]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  767.958533]  ? irq_work_queue+0x9c/0x100
[  767.958549]  ? __asan_memset+0x24/0x50
[  767.958570]  sg_common_write.constprop.0+0xd75/0x1710
[  767.958590]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  767.958605]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  767.958623]  ? ___ratelimit+0x465/0xa10
[  767.958646]  sg_write.part.0+0x6a2/0xb50
[  767.958661]  ? __pfx_sg_write.part.0+0x10/0x10
[  767.958676]  ? __lock_acquire+0x694/0x1b70
[  767.958695]  ? lock_acquire+0x15e/0x2f0
[  767.958707]  ? get_pid_task+0x29/0x250
[  767.958727]  ? find_held_lock+0x2b/0x80
[  767.958744]  ? get_pid_task+0xfd/0x250
[  767.958762]  ? lock_release+0xc8/0x290
[  767.958777]  ? perf_trace_lock_acquire+0xc9/0x700
[  767.958789]  ? get_pid_task+0x107/0x250
[  767.958807]  ? avc_policy_seqno+0x9/0x20
[  767.958823]  ? selinux_file_permission+0x99/0x600
[  767.958840]  sg_write+0x86/0xe0
[  767.958854]  vfs_write+0x2b7/0x1150
[  767.958871]  ? __pfx_sg_write+0x10/0x10
[  767.958884]  ? lock_acquire+0x15e/0x2f0
[  767.958896]  ? __fget_files+0x34/0x3b0
[  767.958913]  ? __pfx_vfs_write+0x10/0x10
[  767.958931]  ? __fget_files+0x203/0x3b0
[  767.958948]  ? lock_release+0xc8/0x290
[  767.958963]  ? __fget_files+0x20d/0x3b0
[  767.958986]  ksys_write+0x121/0x240
[  767.959004]  ? __pfx_ksys_write+0x10/0x10
[  767.959028]  do_syscall_64+0xbf/0x360
[  767.959041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.959054] RIP: 0033:0x7fbb63381b19
[  767.959064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  767.959076] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  767.959087] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  767.959095] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  767.959102] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  767.959109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  767.959116] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  767.959143]  </TASK>
13:48:52 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5)

13:48:52 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227c, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:52 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 34)

13:48:52 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}, "", ['\x00']}, 0x120)

13:48:52 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0], 0x1}, 0x58)

13:48:52 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0)

13:48:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2284, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:48:52 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
ioctl$KDSKBMETA(r4, 0x4b63, &(0x7f0000000100)=0x3)
ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f00000000c0)=""/58)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r2)

13:48:52 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4, 0x0)

13:48:52 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x227c, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  777.210847] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  777.210847]    program syz-executor.2 not setting count and/or reply_len properly
[  777.221975] FAULT_INJECTION: forcing a failure.
[  777.221975] name failslab, interval 1, probability 0, space 0, times 0
[  777.223674] CPU: 1 UID: 0 PID: 6952 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  777.223706] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  777.223719] Call Trace:
[  777.223727]  <TASK>
[  777.223736]  dump_stack_lvl+0xfa/0x120
[  777.223784]  should_fail_ex+0x4d7/0x5e0
[  777.223827]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  777.223858]  should_failslab+0xc2/0x120
[  777.223901]  __kmalloc_noprof+0xb4/0x4b0
[  777.223944]  blk_rq_map_user_iov+0x1fd/0x1180
[  777.223985]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  777.224020]  ? __pfx___mutex_trylock_common+0x10/0x10
[  777.224055]  ? find_held_lock+0x2b/0x80
[  777.224088]  ? sg_common_write.constprop.0+0xc36/0x1710
[  777.224118]  ? lock_release+0xc8/0x290
[  777.224140]  ? import_ubuf+0x1be/0x220
[  777.224182]  blk_rq_map_user_io+0x1cf/0x200
[  777.224216]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  777.224248]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  777.224293]  ? irq_work_queue+0x9c/0x100
[  777.224323]  ? __asan_memset+0x24/0x50
[  777.224371]  sg_common_write.constprop.0+0xd75/0x1710
[  777.224410]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  777.224440]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  777.224475]  ? ___ratelimit+0x465/0xa10
[  777.224521]  sg_write.part.0+0x6a2/0xb50
[  777.224551]  ? __pfx_sg_write.part.0+0x10/0x10
[  777.224581]  ? __lock_acquire+0x694/0x1b70
[  777.224618]  ? lock_acquire+0x15e/0x2f0
[  777.224641]  ? get_pid_task+0x29/0x250
[  777.224681]  ? find_held_lock+0x2b/0x80
[  777.224714]  ? get_pid_task+0xfd/0x250
[  777.224752]  ? lock_release+0xc8/0x290
[  777.224779]  ? perf_trace_lock_acquire+0xc9/0x700
[  777.224804]  ? get_pid_task+0x107/0x250
[  777.224840]  ? avc_policy_seqno+0x9/0x20
[  777.224873]  ? selinux_file_permission+0x99/0x600
[  777.224906]  sg_write+0x86/0xe0
[  777.224932]  vfs_write+0x2b7/0x1150
[  777.224968]  ? __pfx_sg_write+0x10/0x10
[  777.224994]  ? lock_acquire+0x15e/0x2f0
[  777.225017]  ? __fget_files+0x34/0x3b0
[  777.225052]  ? __pfx_vfs_write+0x10/0x10
[  777.225088]  ? __fget_files+0x203/0x3b0
[  777.225121]  ? lock_release+0xc8/0x290
[  777.225150]  ? __fget_files+0x20d/0x3b0
[  777.225195]  ksys_write+0x121/0x240
[  777.225231]  ? __pfx_ksys_write+0x10/0x10
[  777.225279]  do_syscall_64+0xbf/0x360
[  777.225305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.225330] RIP: 0033:0x7fbb63381b19
[  777.225348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  777.225371] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  777.225398] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  777.225419] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  777.225439] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  777.225458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  777.225478] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  777.225527]  </TASK>
13:49:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 35)

13:49:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0], 0x1}, 0x58)

13:49:02 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8, 0x0)

13:49:02 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0xfffffffffffffff7)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbfffffff}, "", ['\x00']}, 0x120)

13:49:02 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
ioctl$KDSKBMETA(r4, 0x4b63, &(0x7f0000000100)=0x3)
ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f00000000c0)=""/58)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r2)

13:49:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2286, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x6)

13:49:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffbf}, "", ['\x00']}, 0x120)

13:49:02 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x14, 0x0)

[  787.844670] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  787.844670]    program syz-executor.2 not setting count and/or reply_len properly
13:49:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7)

13:49:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2287, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:02 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
ioctl$KDSKBMETA(r4, 0x4b63, &(0x7f0000000100)=0x3)
ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f00000000c0)=""/58)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r2)

13:49:03 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 36)

13:49:03 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:49:03 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0], 0x1}, 0x58)

13:49:03 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
pread64(r0, &(0x7f0000000040)=""/45, 0x2d, 0x9)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r2, {0x8971}}, './file0/file0\x00'})
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r3 = perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x7, 0x81, 0x1, 0x1, 0x0, 0x8001, 0x89cab0e5c72dce0c, 0xd, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0xd6, 0x2, @perf_bp={&(0x7f00000000c0), 0x3}, 0x4, 0x7, 0x8, 0x5, 0x100, 0x3, 0x3f, 0x0, 0x56d, 0x0, 0x1}, 0xffffffffffffffff, 0x10, r0, 0x1)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000100)=0x2)
r4 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4)
ioctl$FIONCLEX(r1, 0x5450)

13:49:03 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1400, 0x0)

[  788.019885] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  788.019885]    program syz-executor.2 not setting count and/or reply_len properly
13:49:03 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
ioctl$KDSKBMETA(r4, 0x4b63, &(0x7f0000000100)=0x3)
ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f00000000c0)=""/58)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r2)

[  788.037566] FAULT_INJECTION: forcing a failure.
[  788.037566] name failslab, interval 1, probability 0, space 0, times 0
[  788.038608] CPU: 0 UID: 0 PID: 7006 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  788.038626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  788.038634] Call Trace:
[  788.038639]  <TASK>
[  788.038645]  dump_stack_lvl+0xfa/0x120
[  788.038676]  should_fail_ex+0x4d7/0x5e0
[  788.038700]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  788.038730]  ? bio_kmalloc+0x3e/0x70
[  788.038753]  should_failslab+0xc2/0x120
[  788.038777]  __kmalloc_noprof+0xb4/0x4b0
[  788.038796]  ? trace_kmalloc+0x1f/0xb0
[  788.038810]  ? __kmalloc_noprof+0x215/0x4b0
[  788.038831]  bio_kmalloc+0x3e/0x70
[  788.038853]  blk_rq_map_user_iov+0x390/0x1180
[  788.038879]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  788.038898]  ? __pfx___mutex_trylock_common+0x10/0x10
[  788.038919]  ? find_held_lock+0x2b/0x80
[  788.038938]  ? sg_common_write.constprop.0+0xc36/0x1710
[  788.038955]  ? lock_release+0xc8/0x290
[  788.038968]  ? import_ubuf+0x1be/0x220
[  788.038993]  blk_rq_map_user_io+0x1cf/0x200
[  788.039013]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  788.039030]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  788.039056]  ? irq_work_queue+0x9c/0x100
[  788.039073]  ? __asan_memset+0x24/0x50
[  788.039097]  sg_common_write.constprop.0+0xd75/0x1710
[  788.039119]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  788.039136]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  788.039156]  ? ___ratelimit+0x465/0xa10
[  788.039183]  sg_write.part.0+0x6a2/0xb50
[  788.039200]  ? __pfx_sg_write.part.0+0x10/0x10
[  788.039217]  ? __lock_acquire+0x694/0x1b70
[  788.039236]  ? __pfx_perf_tp_event+0x10/0x10
[  788.039255]  ? lock_acquire+0x15e/0x2f0
[  788.039268]  ? get_pid_task+0x29/0x250
[  788.039292]  ? get_pid_task+0xfd/0x250
[  788.039314]  ? lock_release+0xc8/0x290
[  788.039329]  ? perf_trace_lock_acquire+0xc9/0x700
[  788.039355]  ? get_pid_task+0x107/0x250
[  788.039375]  ? avc_policy_seqno+0x9/0x20
[  788.039393]  ? selinux_file_permission+0x99/0x600
[  788.039413]  sg_write+0x86/0xe0
[  788.039428]  vfs_write+0x2b7/0x1150
[  788.039449]  ? __pfx_sg_write+0x10/0x10
[  788.039464]  ? lock_acquire+0x15e/0x2f0
[  788.039477]  ? __fget_files+0x34/0x3b0
[  788.039497]  ? __pfx_vfs_write+0x10/0x10
[  788.039517]  ? __fget_files+0x203/0x3b0
[  788.039536]  ? lock_release+0xc8/0x290
[  788.039553]  ? __fget_files+0x20d/0x3b0
[  788.039579]  ksys_write+0x121/0x240
[  788.039599]  ? __pfx_ksys_write+0x10/0x10
[  788.039626]  do_syscall_64+0xbf/0x360
13:49:03 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2288, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  788.039642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.039656] RIP: 0033:0x7fbb63381b19
[  788.039667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  788.039680] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  788.039694] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  788.039703] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  788.039711] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  788.039719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  788.039727] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  788.039746]  </TASK>
[  788.066956] hpet: Lost 1 RTC interrupts
13:49:03 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[0x0, r0], 0x2}, 0x58)

13:49:03 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x8)

13:49:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x10)

13:49:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:49:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2289, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 37)

13:49:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000, 0x0)

13:49:12 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[0x0, r0], 0x2}, 0x58)

13:49:12 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
ioctl$KDSKBMETA(r4, 0x4b63, &(0x7f0000000100)=0x3)
ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f00000000c0)=""/58)

[  797.198868] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  797.198868]    program syz-executor.2 not setting count and/or reply_len properly
13:49:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

13:49:12 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)
pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/100, 0x64, 0xd3)
io_uring_setup(0x3f2f, &(0x7f0000000040)={0x0, 0xc821, 0x1, 0x8, 0x25, 0x0, r0})
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0xc00, 0x0)
lseek(r1, 0x1, 0x4)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 38)

13:49:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x80000, 0x0)

13:49:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[0x0, r0], 0x2}, 0x58)

13:49:12 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))
ioctl$KDSKBMETA(r3, 0x4b63, &(0x7f0000000100)=0x3)

[  797.330777] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  797.330777]    program syz-executor.2 not setting count and/or reply_len properly
[  797.337697] FAULT_INJECTION: forcing a failure.
[  797.337697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  797.338651] CPU: 1 UID: 0 PID: 7062 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  797.338667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  797.338675] Call Trace:
[  797.338680]  <TASK>
[  797.338685]  dump_stack_lvl+0xfa/0x120
[  797.338713]  should_fail_ex+0x4d7/0x5e0
[  797.338736]  _copy_from_iter+0x1dc/0x15b0
[  797.338763]  ? __pfx__copy_from_iter+0x10/0x10
[  797.338785]  ? find_held_lock+0x2b/0x80
[  797.338805]  ? __create_object+0x59/0x80
[  797.338822]  ? lock_release+0xc8/0x290
[  797.338835]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  797.338861]  copy_page_from_iter+0xe3/0x180
[  797.338884]  bio_copy_from_iter+0x108/0x270
[  797.338906]  blk_rq_map_user_iov+0xc07/0x1180
[  797.338927]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  797.338945]  ? __pfx___mutex_trylock_common+0x10/0x10
[  797.338962]  ? find_held_lock+0x2b/0x80
[  797.338978]  ? sg_common_write.constprop.0+0xc36/0x1710
[  797.338994]  ? lock_release+0xc8/0x290
[  797.339004]  ? import_ubuf+0x1be/0x220
[  797.339025]  blk_rq_map_user_io+0x1cf/0x200
[  797.339043]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  797.339058]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  797.339081]  ? irq_work_queue+0x9c/0x100
[  797.339097]  ? __asan_memset+0x24/0x50
[  797.339119]  sg_common_write.constprop.0+0xd75/0x1710
[  797.339139]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  797.339154]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  797.339171]  ? ___ratelimit+0x465/0xa10
[  797.339195]  sg_write.part.0+0x6a2/0xb50
[  797.339210]  ? __pfx_sg_write.part.0+0x10/0x10
[  797.339225]  ? __lock_acquire+0x694/0x1b70
[  797.339244]  ? lock_acquire+0x15e/0x2f0
[  797.339256]  ? get_pid_task+0x29/0x250
[  797.339276]  ? find_held_lock+0x2b/0x80
[  797.339293]  ? get_pid_task+0xfd/0x250
[  797.339311]  ? lock_release+0xc8/0x290
[  797.339325]  ? perf_trace_lock_acquire+0xc9/0x700
[  797.339342]  ? get_pid_task+0x107/0x250
[  797.339360]  ? avc_policy_seqno+0x9/0x20
[  797.339377]  ? selinux_file_permission+0x99/0x600
[  797.339394]  sg_write+0x86/0xe0
[  797.339412]  vfs_write+0x2b7/0x1150
[  797.339429]  ? __pfx_sg_write+0x10/0x10
[  797.339454]  ? lock_acquire+0x15e/0x2f0
[  797.339468]  ? __fget_files+0x34/0x3b0
[  797.339492]  ? __pfx_vfs_write+0x10/0x10
[  797.339515]  ? __fget_files+0x203/0x3b0
[  797.339533]  ? lock_release+0xc8/0x290
[  797.339548]  ? __fget_files+0x20d/0x3b0
[  797.339571]  ksys_write+0x121/0x240
[  797.339589]  ? __pfx_ksys_write+0x10/0x10
[  797.339613]  do_syscall_64+0xbf/0x360
[  797.339627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.339640] RIP: 0033:0x7fbb63381b19
[  797.339649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  797.339661] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  797.339672] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  797.339680] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  797.339688] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  797.339695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  797.339702] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  797.339719]  </TASK>
13:49:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf4)

13:49:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x4b47, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:12 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ppoll(&(0x7f0000000080)=[{r0, 0x1}], 0x1, &(0x7f00000000c0), &(0x7f0000000100)={[0x7]}, 0x8)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:12 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))

13:49:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1000000, 0x0)

13:49:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 39)

13:49:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0], 0x1}, 0x58)

[  797.560694] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  797.560694]    program syz-executor.2 not setting count and/or reply_len properly
[  797.567963] FAULT_INJECTION: forcing a failure.
[  797.567963] name failslab, interval 1, probability 0, space 0, times 0
[  797.568897] CPU: 1 UID: 0 PID: 7087 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  797.568914] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  797.568922] Call Trace:
[  797.568927]  <TASK>
[  797.568932]  dump_stack_lvl+0xfa/0x120
[  797.568962]  should_fail_ex+0x4d7/0x5e0
[  797.568986]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  797.569003]  should_failslab+0xc2/0x120
[  797.569027]  __kmalloc_noprof+0xb4/0x4b0
[  797.569051]  blk_rq_map_user_iov+0x1fd/0x1180
[  797.569075]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  797.569094]  ? __pfx___mutex_trylock_common+0x10/0x10
[  797.569115]  ? find_held_lock+0x2b/0x80
[  797.569133]  ? sg_common_write.constprop.0+0xc36/0x1710
[  797.569151]  ? lock_release+0xc8/0x290
[  797.569163]  ? import_ubuf+0x1be/0x220
[  797.569187]  blk_rq_map_user_io+0x1cf/0x200
[  797.569206]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  797.569223]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  797.569252]  ? irq_work_queue+0x9c/0x100
[  797.569270]  ? __asan_memset+0x24/0x50
[  797.569293]  sg_common_write.constprop.0+0xd75/0x1710
[  797.569315]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  797.569331]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  797.569355]  ? ___ratelimit+0x465/0xa10
[  797.569385]  sg_write.part.0+0x6a2/0xb50
[  797.569402]  ? __pfx_sg_write.part.0+0x10/0x10
[  797.569420]  ? perf_trace_lock+0xb5/0x5d0
[  797.569437]  ? __pfx_perf_trace_lock+0x10/0x10
[  797.569454]  ? lock_acquire+0x15e/0x2f0
[  797.569468]  ? perf_trace_lock+0xb5/0x5d0
[  797.569480]  ? find_held_lock+0x2b/0x80
[  797.569498]  ? get_pid_task+0xfd/0x250
[  797.569522]  ? perf_trace_lock+0xb5/0x5d0
[  797.569537]  ? perf_trace_lock_acquire+0xc9/0x700
[  797.569550]  ? avc_policy_seqno+0x9/0x20
[  797.569568]  ? selinux_file_permission+0x99/0x600
[  797.569588]  sg_write+0x86/0xe0
[  797.569602]  vfs_write+0x2b7/0x1150
[  797.569623]  ? __pfx_sg_write+0x10/0x10
[  797.569637]  ? lock_acquire+0x15e/0x2f0
[  797.569650]  ? __fget_files+0x34/0x3b0
[  797.569669]  ? __pfx_vfs_write+0x10/0x10
[  797.569689]  ? __fget_files+0x203/0x3b0
[  797.569707]  ? lock_release+0xc8/0x290
[  797.569723]  ? __fget_files+0x20d/0x3b0
[  797.569750]  ksys_write+0x121/0x240
[  797.569769]  ? __pfx_ksys_write+0x10/0x10
[  797.569796]  do_syscall_64+0xbf/0x360
[  797.569811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.569825] RIP: 0033:0x7fbb63381b19
[  797.569835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  797.569847] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  797.569860] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  797.569868] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  797.569876] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  797.569884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  797.569892] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  797.569912]  </TASK>
13:49:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 40)

13:49:21 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2400}, "", ['\x00']}, 0x120)

13:49:21 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))

13:49:21 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2284, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x4b49, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf5)

13:49:21 executing program 3:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
r0 = getpid()
pidfd_open(r0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1550, 0x77e}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x80000000}, r0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:21 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x14000000, 0x0)

13:49:21 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0xffffff7f, 0x0)

13:49:21 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, "", ['\x00']}, 0x120)

[  806.820228] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  806.820228]    program syz-executor.2 not setting count and/or reply_len properly
13:49:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf8)

13:49:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5382, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 41)

[  806.968912] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  806.968912]    program syz-executor.2 not setting count and/or reply_len properly
[  806.970873] FAULT_INJECTION: forcing a failure.
[  806.970873] name failslab, interval 1, probability 0, space 0, times 0
[  806.971896] CPU: 1 UID: 0 PID: 7134 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  806.971912] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  806.971921] Call Trace:
[  806.971925]  <TASK>
[  806.971930]  dump_stack_lvl+0xfa/0x120
[  806.971957]  should_fail_ex+0x4d7/0x5e0
[  806.971977]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  806.972001]  ? bio_kmalloc+0x3e/0x70
[  806.972023]  should_failslab+0xc2/0x120
[  806.972045]  __kmalloc_noprof+0xb4/0x4b0
[  806.972063]  ? trace_kmalloc+0x1f/0xb0
[  806.972075]  ? __kmalloc_noprof+0x215/0x4b0
[  806.972094]  bio_kmalloc+0x3e/0x70
[  806.972114]  blk_rq_map_user_iov+0x390/0x1180
[  806.972138]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  806.972156]  ? __pfx___mutex_trylock_common+0x10/0x10
[  806.972174]  ? find_held_lock+0x2b/0x80
[  806.972192]  ? sg_common_write.constprop.0+0xc36/0x1710
[  806.972208]  ? lock_release+0xc8/0x290
[  806.972220]  ? import_ubuf+0x1be/0x220
[  806.972242]  blk_rq_map_user_io+0x1cf/0x200
[  806.972259]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  806.972276]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  806.972300]  ? irq_work_queue+0x9c/0x100
[  806.972315]  ? __asan_memset+0x24/0x50
[  806.972336]  sg_common_write.constprop.0+0xd75/0x1710
[  806.972362]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  806.972377]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  806.972396]  ? ___ratelimit+0x465/0xa10
[  806.972420]  sg_write.part.0+0x6a2/0xb50
[  806.972436]  ? __pfx_sg_write.part.0+0x10/0x10
[  806.972452]  ? __lock_acquire+0x694/0x1b70
[  806.972471]  ? lock_acquire+0x15e/0x2f0
[  806.972483]  ? get_pid_task+0x29/0x250
[  806.972504]  ? find_held_lock+0x2b/0x80
[  806.972521]  ? get_pid_task+0xfd/0x250
[  806.972540]  ? lock_release+0xc8/0x290
[  806.972554]  ? perf_trace_lock_acquire+0xc9/0x700
[  806.972567]  ? get_pid_task+0x107/0x250
[  806.972585]  ? avc_policy_seqno+0x9/0x20
[  806.972602]  ? selinux_file_permission+0x99/0x600
[  806.972619]  sg_write+0x86/0xe0
[  806.972633]  vfs_write+0x2b7/0x1150
[  806.972651]  ? __pfx_sg_write+0x10/0x10
[  806.972665]  ? lock_acquire+0x15e/0x2f0
[  806.972677]  ? __fget_files+0x34/0x3b0
[  806.972696]  ? __pfx_vfs_write+0x10/0x10
[  806.972715]  ? __fget_files+0x203/0x3b0
[  806.972732]  ? lock_release+0xc8/0x290
[  806.972747]  ? __fget_files+0x20d/0x3b0
[  806.972770]  ksys_write+0x121/0x240
[  806.972789]  ? __pfx_ksys_write+0x10/0x10
[  806.972814]  do_syscall_64+0xbf/0x360
[  806.972828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.972841] RIP: 0033:0x7fbb63381b19
[  806.972851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  806.972863] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  806.972875] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  806.972883] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  806.972891] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  806.972898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  806.972906] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  806.972923]  </TASK>
13:49:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x220)

13:49:32 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf8)

13:49:32 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 42)

13:49:32 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}, "", ['\x00']}, 0x120)

13:49:32 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000000000, 0x0)

13:49:32 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))

13:49:32 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
pidfd_open(r1, 0x0)
perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xff, 0x3f, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x10001, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0xf040, 0xd0f9, 0x401, 0x0, 0x4, 0x4c20, 0xffff, 0x0, 0x800, 0x0, 0x3}, r1, 0xa, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x4d2f)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:32 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5385, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  817.440489] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  817.440489]    program syz-executor.2 not setting count and/or reply_len properly
13:49:32 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000000000000, 0x0)

13:49:32 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x4b49, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:32 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbfffffff}, "", ['\x00']}, 0x120)

13:49:32 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5386, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x250)

13:49:43 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x254)

13:49:43 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x40, 0x0, 0x0, 0x1002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:43 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x541b, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:43 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100000000000000, 0x0)

13:49:43 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 43)

13:49:43 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8001)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))

13:49:43 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2203, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:43 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffbf}, "", ['\x00']}, 0x120)

[  828.234091] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  828.234091]    program syz-executor.2 not setting count and/or reply_len properly
13:49:43 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1400000000000000, 0x0)

13:49:43 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 44)

13:49:43 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2bc)

13:49:43 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000040)=0x7)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
pwritev2(r2, &(0x7f00000023c0)=[{&(0x7f00000013c0)="9febc8fd91abe5ec5583535b0691050e531dcd066987ad98dabda4ab31940d5040a8b8d079ee09243b7ef5449dd57cff6f92e192959996de0909b8164640f971e4fc8a49d68cce3e859ce6106c53f27c50d4166fc159f2b6d21f41572d0441741e26313fd113085f8fc97bcd18d5e8a3999c3fcd87edc5b17861aa529e3013a0f20b9f539be7eef26951ae6fe070c3801eb6594c5980fdda1c46013ea13f6fb2e82713f5cf5957bc192e54979da07852ad2ec58294aee10c6602a65bb3b7c68888f88782681daaf2bb1f204bf5e9ff5b87d1aa609013a7f18d7a44c0ca2c4b7a129257cc1eb82beac005df436d2d625a2e592fcdcd4c62df25c4cf1ba39d3daf40ce649aaa91cb78c26e4c319f7a06cce57793d45f9dae404b445cc93eb08609c66ce264fce2341d5df739df7c55cf0cbf4ab4f5f56ed0bda99a4625b0c8a2b44bed5fb92e75891da8e1b74c2d00b2abc3edeb272ffd92947274b138cc10613643605dddccc7aa7de0d12e24dec332ee7ed173c4598d5f562d25014f9d2ce6ea88a4c7770e5c72face0d3160663b8421ee43fc35bcd9ba3cd2aa0696dc9013eb7fbba812ae16b8835ec603aefa50a927c73a415b789135d22dfdc28bfdbc27c8a8bf57f6dfd5c2cef7c39adb0cbd25768104bb023cb517e2b35b2d559da7ef3b0a03960ca19cd84bc56088b82514c1b61ef6def8421416ea1340a5ffc41a2047f091aa55d6070ef49de11d7edfe5abc9cd3aa1dd63f3f7439eac0740b323c819688b7b106e479a5b9a5cdeb5e3639f2dbeed70bf92236af1e5571904962d7776dbd8ea5b18d26fec4127b67049527cd96a1fea408138e9f9fa2865ed10225a51968cea7dd314eae718c5d0b7cad21fb4531167c7657a5f853a857d5fb8ec14729736a2edb263b19bd4236a9e24192c557c6a365c10a43b7c03872377a160ac691d788cd3c18a1840d8b9bb73eace0c63c0962b6a6ba1cd8ba29f1e30b23bc4c74ef979136e81f0c59ba9cbda61e660c064e88ddee4a5873b30a216390b205d1782215857ea2ba7803461cb0dc661270ef16350ef8d9f76f592c69e29f795c6a9de32ecad5199d0301867d842a03d6dcd75b5133f03b71374f6433dd035a66e33c255bc09fa0ee6b363bef8fc29b37e50ea13eb0b23163927d6de1ca9e22fdeb2bf16ba8f78be0e2bf6c49a8732f988a6cf0ba5b8a87ab195b11142590d8701bda8ceb994d14cb0ab674759046717ef3fc92a614a1a8154362b748f0f6850dbe620367563a99997bd7d7464f9b588f8d4bd4c2c985b83215b361b481a67c6ce7743dc2365d29ac2e45ebad35178530b7057099fbbd1541f8ab58af288844b054fc41e73f831161eae5dd1c4fcf4e52a4399c2bdd3a0ced81eeb9cf8680747d0e9642b5f9b3b579f564861027c7590414c5b7f561430a4677a2b3af8a79dd94da7ca9a76ff054622d5bc9574987aa1bc8ee31f8d653f876cfe2ddbf3d6ffc706158dccacf214c6860b38911f4a8d5a1df0387d58f9be11f0990f901495a419ee895380208da7fb61fe875e9642bea3e5fca89e0efda38fa8216b9cc45fa2534078377a607bc0b66f4e77cf8f223fb951cff749ab1d88c9904f586f870d28303057cb443acf91b5ddef920a297373077d9ad490f60787148b7d159779fa272cfed4aca8a7446aca706282ec8b926de4a038962d1ca49dbc93bd0cc3a7e473d3a5a2fc418673d0bc3c37508642bc5aa4ff59602be5d972919b5933da317de80857c17a3baf70365269ac41553b1c81339d4d539b88704076d3a3dd6bd9a4dd21fa5ec4e852179e48e53f34e6aee376a93d0d3df505e1a0d3d1c575dac527d43f690b885d32fbe6304d07a8f8b555bc5f886afd1aab90979c01b7ad4eca2b6aeb71a01190d44224669224fbda9ddaf7cb28dfeca470ad2c1ef1f3c425888ed7854cc42f954c609774bfc18943de659d1020b62e4bb96333d32b6592b4a0c4c9aeed1325b452a52b6e7df30d506cb1c0a6801a6bb6505de5cadcb3cdafb40ba251b93db08e1f6ec5963f8141b01eabf3afd3cedf51604fbf1b602173c54699196ea1480650c2eef14e67fb0466c80ffb63136fcc5d8ca1f425f268abe095aa0c358a208fd58f8f730a4f18ce97d3e605e0dd140da6d30af357ae9fc78970a2e350aae12976005b0a025a315db1bc52f7e892516864a4236cbed39aca266e332f7bf9022cb1ed36f7bf812e9639d6ba0cff8202cd4630d3cabe4f38a4a061bc9d8d48ed965db6e6e737f24919b0cb3fbbab38cd1f67a505e78be0bd5ff4823bb34472f27962a375f34ef4ad8938be022f941330e4bcfa8be70372ed9c7d19de2ca326ae83da3ece29b9de63f6b2fe2e1ee79e25907dad11b71c078c8421e610caaf2fd49b8b43f85947c9641264f173ae884e62dbbf8cc2fe6db7ab1e060fc0ff34280a483fcd20062e6ad7f102e885526a3e9891b26d4ab8819dbf6a8c74f13f2bbadeb3062d1d56d2148473d55309b18ad05eb185dd16a4fe8764af4792fb1304b489bdb5eb3dd564b9318b531cdd868488400e461b9d179dc067f5059530269d8a8f93eed874dfa8f524200ce2c9d72fd45a2d118a5fc89319b409c8b7bec364c0fd3e7cb66626336b918edfbde2ef3adb9c881fcdf65cbbdacfb5f354a861b50afcb5717f444ecccb14a40ed7f8e5f052b0e87e444448c51369874e5f9342989f9c8d17b8e0bc350b1be651d2d63db50e24c82e6bd66a2b718cb2c1dd681a9087b0b665c0d2774940036622fbdddcf38f1c790b396f164b3b8d8a9af3c8f8fb4c7df7271f2336bd2f41effc6bacd120ea565601a300f43293fd8b91c6b1343f7e634de45898b83575aa10d73d3497c0462695046413e83385e23327e1f55a6bc881edd0f4a3ace380c914cef386abe6d394db1d05ab5935852df6d1ec354c28cc8f90d1350ceb7f99c4cebe149093390c57ec1f90cd99d110a104b6b6efff614f6430bda0fe6a18ace74cdcaebd9fa079cea31287aabed4d3331aff81a1339a1b0412897bd7f9b7ed388072454c90f30773615994eb022167963b13410774def27e61d6b53c03caf4aaa35d096c92c49b6de2bdea829f0b6dafbb470e6f6386a2a4817f14530d5d758a3d7d009814525da6175c6aa75e5707a0f7e85daf224fe6087f1c812cbe0bf8c4c6499d235d0c2c3039f1b30726a9aacbbf09da9850f7ce6d3194cfccbad3968aaf8ac0e599d3650fe0fbf50fb4c0c1f9ccf6e708e4c794e1b1d8fcbe5bb1989746249a907da8cda4407993f211648f9ecf248ff2bad3f11cd3a83e0cd9c30c772fde573fa08ac05e42fd1bed8d893f045042af54bb4e17c05d1a3ce79fad56837757bf687acfc000ea0ed445fcf17d5b2edfd8c1c2532936848f505c0e78055f8636dd0825bbda2a4b2e279275ba1fe33d15a36be91b829a6139cd7493f74687a21edc183649392090eb367ecf1d7ffd725a1cccd053c2d9ea992411b60a9cfc8e792afeaa3e222bc44e76710ee82c2a7d9225624e1f4f131796a0b8742a6cabafcfe142a075ffce87c360c9f2d274801326dcdfbcfda8b947f2d26f3c32c4901d91df184e5e1b979c9c6b3af82b5f484b8cf3da7520831c74a1cd6c59f5c4281cc8d4c4fb73e30eecea481309963f22323aed938bca26c5cb609dcab040a67f9b3bd16012a529471d76a9333e6dc09808f6908c7f1eee0e429a96d42302344fdb8e7747150174acc4c22e251a249089ab584d19d34250aed1dfb181297dba912a226583a895e80454893aa99194a5fc31736c2a30f14b6bfb813a13110e7eeea152a537a5f6726fb9f2066746a4994a3d590edb7a85ad69de31e9a0967b04cbda2117bb6c492266ec7143e2e58a3eb7fc101a5d98c64335b43f267029fc20ad9dc2deb6565592b06cac82a2dadbc0a8bef0d6562193f460a43dff6494e67c17dd1c926fa4576a8a773275727baae180d72c01439ff0039c16b0ef79976db59dc64c25072cd3c69a78de482bc46096bc117977f713e17c622a6d17071e015a056bd05d4b9fb7fb60b77f67c4745a0b658876d42157e1125bdced436306d4f77022c8db295fe52dce0938aa4a95e4fc0045c2965c0eaae32685c08089d6b3bcd6ae46e8cbc2a1e6912765d1c2e6b81b8ab6b914205699b1bbad9295146d9e0bd4db88b20cb5f1508d69176ec79c5012cf3151a76186bdb6d08af6daa5159c2810a2fcc288ab3b869877b276e69113d733abb2e3d90f967fa6f53ccd525aebe9c4eed918401973f18f63dbd19b2a48df5dc3412ec8d1d9eff4ea3a21169a206262c69b090d9f5ab3844cdabcce8113e3ef72fae862c2663154249b432b7d17a66ff9022aab81c11cc7eb8d21fe61c497322febae74277be6de311997bc55310c458bf3bc186c13b004268b3709d993816d2b47b01a48477142528aefa4f638eb29f7688e22807278aef847283b8f661d43fd15a2514ae201a170d6a5043f590d18c81a8792cff2b8d011ced3891f15d5ef119cd97495e966b2f1c52f81038c37b7c5871927c580e0cf3256c6d4812e3714cb6b15322ba3ff9328ffec92cad0a0ed5ea998bc63fb6a7a92b81bf5caa526d368ef1695cbfbe9587729339f634ca5015510358b6ff79bd33030e55fe600e71a375b03493264dfec109eeee3aaa93681b06978d3be4448a9e7f1a168ba346ba0bcd47684934dc492b5367b534986dfbd118ab555ace5cc1dc6687e29b5bbcfa37f145fc372c5f7d00611fd4afa817235f50ea205caba2c538bb3bb719715d9ca356249deab6073544125f0ccf056ab5f8abdb65572b2d2e875c7fc6a4fd7b9c355f8ab2d13830e8f5fe7c1bfa84503e38f231dcf24117d7a80b8026964d5151e9240119a744b55e33d29d5f28a7a1b40bf6fe7782c90491e325989a3dc0ff2c02d99a97008d8dbbdbd76b9cca9799e59dca6957417587208cbd3498177c6d0e5b0f505a7674621ef3b1241f2a8877cd51a51bad937b28d11bd48ec19577fd65bba6a318c2421b34866c64452fef2d5c3a3ea67b93b82f248047f658b34bc7967d357cbfe907514d39fc197b704e3440d9d7e5d22bf19e53c442c1c0d6721b98a6ff464c5ec2c8bc25a93bad9149f80bd7c9854783663545bacd8ac2793dadf357624d674debaaf178dadca5692fa789f663f6fe9395fe4c02ffef472dfd3461d5a732079bca407f684b8f37982f646b3c57fa42def2f4bfa1c81e62284407733cf3e97454a0befaf931875589a701ba1124e587dad244f7b6e7533af850ce8478870892fbf9dd39ba821fe7fdcc838e928bcbc29e38187d305e6b24932c6bc9b6f7ff8e05719fae2df71d789db84df99003787d49a1f1633be0f9b61087d768d72f3c54fc29e647fd6edcaefa68f369ce3d492f70d05f1e69e2c9bc5803506a02fb81c935c3a151b48f011305bd4aad7116c142efafbf0a68bbbb6625c2bb7adfcb414281da8715c6577cb80590c220f9ba57fd3bc87ffbcf23ff3a1d9fcb9b71880e186dd165064f99bbc56d0ca5c909feef795b8266396082f15848afd9b3474ddc30236fdf19af6ab513ef8be9157a710c9cc5e88c2cd5e02e2a9355199c6c7244316f2e700510b19cce1a4f6766d41714361ff775e7b634f890d6d733b50045b2c03de217991a15f412305306c72053fc5fbe292864863a48c4d56968c8ee2d3eacfadf210e6bbc6a65b8e36aa4cbe8d4f1df1d5937b9be1da3c5ff1a371d911d2fb20f002545c940126db23be36fc596cf2e00cbc97d95f90a7fe984f64368c449bcfe9c2ae", 0x1000}, {&(0x7f0000000240)="443f1f8fe247c42c34ebce43e1ee917288f62cba5bcc16147b741cea2bb8cdad5ee9d801d1ffb68d4bdaabba2fa5529123003068dd7acc32a4f570cf66833692f193aebf5ca280391d08d05e54e35f26f1134a322fe86aed880acdfa0358a0e61968cf0a38b2d1ff821c1c3a35c613b8b85fb249014b0cd5b5f8ea4b1c6119dbf748b50f155e1b9d7a794742ac2ab7415fbc842cec9118e6211baf8eec282da61c08e613a29074446562c3e1a89095d121f74c4dc6e625b9819fea880a01561e0f439d49510e8600dafef8ec2d68a2e92a9c0669798b56d29928e0842793103975ad7a92b5c0328f801f6f6c71c990438632c36a47a686892c", 0xf9}], 0x2, 0x1, 0x6, 0x2)
pwritev2(r2, &(0x7f0000000200)=[{&(0x7f0000000080)="cf4d2ae428fb943161bd8f79412bf43a8e31816eab4edf274c267ce672612357b6f386ac94a84d8e1d7cbd7991dfb3f9b6c62ba220f1e5c859dbb9a34529c1216fdf64362fb9a5f5a8d71be25c", 0x4d}, {&(0x7f0000000180)="caadb3690a21b5ed3cfa2a584dc6efebefda6b15508d3b43eb5c6f93b42be017dd9f467caf76bdf0b0647eba17dcb166fa417391c3011cf61c0613c3c41ee2dbee5aeb21bef72382ba07d62ee6766490", 0x50}, {&(0x7f00000003c0)="ac9a84b9f84a6ed240463000a1ad31ebf28ecb920fbbf8212ee38df14b8c596c59266aac34c0ed31f9e60b0e6aeee162b22c149a1bba85111ab305444de91a61616060333b5988ad34a52efe5f4a29fc1381e8e54a23659ad08106100da7e49633ee67bce68ee46e017f391e0cff6c08f422b10963c8fd32efe5e098dacfe3258e13ed9ea1cb91ab616b7c382fcc17d082a28e91ffaa5a4f1e73896e59d66bf6258c8afe3d5dce676fdb31556f1a62be6c8533aee5d806030415aadd025fc14d73ff46a2bf7d2bad2afb48e11af57c46c7c6af1ddef56c1d79cab6acf79c022f27bbc8f21ff1a75a5548dee121e34b4ac2fd3301ca49ed2d3e25b00598adadd5e44fe4d839a0322b8b638021a7eb7fa6ce1d491b39ca443c77c2ae647c122905604ca62ef3b540ecc05153d5bbf31218a30a3051c3bceae795cccefb933d69e9ffff893b3ed5847a362e9ce36bce59dfd466870a5bf96ed1265f53f03d2651c1c8ac8022533373e38addae5026747984be8a631adb7f9bd28cb8a451852f430df790287b39eac1ec1da0c325c2704efac4e6eac40070da2d9b62a03a50e1bc7ea230bfba06184a861265aa1ca165cd85be483847496d81f8c26e4c7f25bd4446e7681a650fa3677f452f0ae46b34e12ff9c1de6eefe5fa111f8c1e9f980d7b29db6f143d3b5ab3e5af597eb063bdc8a44f19a1904cfaaa4aa07e09ff500047817a7ca228a9a265d08ac08b01cf466117e00504d21433ca8a7852526c10825695f65c598d069639d7f1a2a3c5411b58a6b4d70996de5734fb049d03b9d0fd67a4dba526266ec9d0aeacb3afaaeaee298ba8f7230cf645abb261ad932cfae720067a581f7f54cacbaf18575ff49d6e11444f933e90de4b54a2c717cffadc7fe0d3aa293798dbc8b094b897c60e406691f63a0c2a4435befcdba022e5110edcd2b05b2519261d881d0fd3ca6100857addcfff8a1509dd6cb31b071975b8c486fb007426041fd62ddc8378fb8d587e91c5396999727d2d0dd5566425c8e4b44e596f43e75f803a81905b7d9bc44e6cafdefecc6a0114e795aad25838c7d786cfb3ed31d917deee1a611a26d1d37919b3bfb406ad2a8801b0a569e5349d8e619193d41627a8c3503fe0f586c1336d618dc81e5ca579378273b4b3a2a74f9a61444a80617cca298885b28943e27f249d1b4829a10fa6f0705cf70fd45db8475797c30dda8dcf5cac28713715e2cf3b187a8eef23c473594998064272c6bbdc07c6737290f5c131461f3815f31aed8beeef9884ddda7bfa54c6b0466187935a4caa5090f5c3486819ba38330a3c0550df68bca616e22f751f8c59446e26ba9e27d73ba67b80ad693d51503ef9b6699c2c3d0aba8bd840df9e7100683b1c4d1387c29ebcc99114ab68eefaf3f7284a8a5503491e552eab60f015af2cbe1ed6152f282d802e8b24082d321bbc370355693d535572356a21614b701324887351f8365ef9a61d2112392b682fea99ef1908c242c18d95f49598a94a510081a561cb7addb7a48e71e3b4923658640c2058b35729e99a9a020d162432cf52074de2d024e59cc2a544385093d52c81cf5f5e888db9afa413df60e39077b3ea89684edfbd6e0f854b7c517aef8370f7e5158bfdf8606c28499a8c9f887a1b3db2f7d4be88559374290301e9c324745cfa10317d487535f98718d03eaec46c9ae19e69ff38006e36fe3662833feb3c719bce1b570d391c8a39ba108bb492f31756c9b0451c0d11b5e3c2711ba84f06b900022b8d7a19b8d8c8f4d54a6965ca9a15dc39596628b3a4436f54c9e80d2482f61f1e5c8f0df72d0a44950174e04e23d5adbb19ef3954ca983a89f78e27f38b1f16cccf89fc97623f8f9e3f4701bf941061d4ce571cb10474f575cf193aa6ce9c45f3cd7b59db830e9085ca4a3d09b19dd4f8de820b171a73b1e0fc31864df624dbc6fb83e399a370d0cd3900393e11b66ceebf19218dc5cbbba3b023716c39abbdd6b06d868d6c2bc5b4d4eda437139f35afec4243e1cea513c414253b045f1f321b71d9d17f3584d0f47145bb3348b9b35789150c82108657757c671ffb827cb0d9817ac7f091fb728fac1c452eae3757ab221e81abad80faeb57abeda7e73243549e34b492ee905ebcc6e158956841945c7738caa9ae9c115cee04a298d4d71a2d19c122ceca8773e47455425293a8b0bd4533cbb473aeb8add253c41e48d93e49e857faf3dfa2d81927698f902fa86d29549128b961f4533a062e41f4b6bd5bec2ad1a03b07331f5565e5c86764ed725b23f5a9da0a0e3298b2fd65f940b4f23d3532d77d4d8495132c6c44aad66975d4fd597d8ab6c4820af8a13024d801d075b101dbae23ba60534dfa7471edde0d89508d242a1cde0e79470b46084433f7e806162bdd7bd1b22ae847f58d0cac020240567693257abc218846713c03a7173be543c4b095efe63a05f31a0a85ebcb9097f08a4c3c0e4dec7f2f8c3d13c3c354a3838ba9f5470c9a74d1c62a5ade0602dcf4c829bbf2914880ea55b48f787211a5ec6dc331c76d4f0bb3713d7a72401a651a2f59cd00e9f6245f91b4ed61c407cb7e4f56ed2ebf43626446dc75118a8465f669b0d7a114f4c2776f489131d3fba36d4a018255c99da46cf8db0992f6b4535285457f7788e93e73094a5d830ccfea31edd7e44ea4330d934b89cfee700c2d6e87a116870e8da15460cfcaec35455ef9f1dfc94663c251fa60c4343ad69ecccdb3df22192f306d87a1430d33d1da05aa68a738ac63d9c48414f7a5182cd66b112d46502db2af5b6f94ebb2e773fe8624f01a03f547f521c18583f37096d75506d08a7b5192975e765f53b543c17bfd1e7df67801c321da23679fdc4973af97e664594f090c21bfb0d6254a8cfa78dcad73fdad8ce7028d3b1e9e6e42d0fc27b16f7d4a883ce9b62baff3b92a4cc1952c0ac1553f8f9513698d40ec440de7264c2afdd6e71a16ef4f0c2d0eb96529b81a885740365edad61a0cd889258d4b336e16f89e93b1b8a14604ccb224c0107676204fccf25bfc3e80c59df30e415103b6e561859cfc7787d2b293620e37586428626644eea136f631e48f7837168ad786b252d41d806af092ee17818f26006f6c09ba13426e941635ef0531808ef4d0ae8472b66b4516d6297e55ac98566109438f7acbe640de1ba0196a5527bc715803aea6de86ff3f9751e55d85c3e547d830b4f444dca5e092d3e74d31c3cc1209224999d5867b0a2d202cabd3d4327ac5c2c3df2b0233f569b43ee2d24c8f3ace5241987769ad6f49ff782146867eb53fec62046c31c341ddd13534df85bae3b21f7946d0a22c0ec59fa7a104af99b06ab1f61f44e3828ee8b57a660c15bb411d8043444ad17edfc42ccf9c50fc363237a03248bf0be2bd6b12837f3ff33f252aa6d0ee4fb5e97f5cd035b2ffb7160cd0530cd28f44e05fdbcdae27a5ed929d4fcdd8390858e363ad667975c04b33baf7218835a79eba24d6e86ef8aa78447a52f4b188319b2bad081f804c893d4f7925be8569c15a9f52a922b24d431ca484d090e5a501d973e2327b70e4578b6c1a6b49e377ed4248503af81619975b62b1158b10d60d740d12673317f580039ed2bc72ca814638603f8f4117d1c4ffaa9d8cf308140dddb18f64fea0f0ca464a155ebe6c458dbe5fcf31ce836c92dc5dd3bc1076de56ffc821b83d24eb78a001b8013015f14893c306322c3f83ea775f3096cf0b45285105423fbedbc4f3068d97ef917ef1d032d30c1be3ca3ddf21f95ee4a71e7dd0fcf599e81a063da98bb5d4523567252ede4bfce9e91121f70c9f3c59fb50e2baa95bcfafe8fbbde00a164bb8d72518706732b97eba3e039a4e9666290d1927c859565c6bdbb5201d6a89bbf073447e7a8d986a2ecdbd745aca8f522f0a1f0b06bed126255cb6155c7b7508ac33f72994a20f6a13170ae81b6e1543a11e9cb7946dac39e2280f98a9be5cd21e1e4623197c092348573848760ff86e8040e481ed8b4f37690d96c36a1a61b3e01b6dd3fa4dbbcc2f7e68f51786b7a2190c654bcb8dfef721162c0830772335047005bbbbfbdf5af4a08a56ae45b20adb4acaea78c49ef1265ed713581df225f359af36475c466ef67da0ad1183405cea302af55b7ea21c0b930510c35dd7394a46ac8bae933dd26a1d4fe5c3646e67f3cb7c38c75aed109c908b15d191bc09ed501b95c63c384385294e07d39c4c34ccfc1b70e9ee46f7e54d568f00d180ce075b56d933aa16c26fef5af4135d8fb461c0619334630df43b6380bc2c71d760a63cddae50e61eadf3d4835b02ee19c4d5846dff827706bdd18d8dcb334f280c65295343554f9282225021b910ed38afc7d0a678bf442a1143c8a3c185c6891d2d06a9a6db8cddf95a1b5adae00e9e3243c5c16ead6e2fee489f62c08084a022ecfd84528d14dd38ef3730c464922938c11447132fc80e478d0b960b5a4c176f7ca5cc1023d8032d323e309b1302ba7e18fc6ebc13f8ebab6c976d6af35b989f1b5776b8b4ba4dd3eb8f0097ec21319349c025028a76b4f6108e08c786c41d709709bdc4cb8b611f3cdc14768d30c152d8f99643e6cb7e770160ee420e61333cc64aedeca2bdfa61dbb08b36b1f92f657525d826d52844ffdd762c0380c832e2e9c9e58f717f5ff7de4c8477c8cbad315bf61f9758abb6cd96ef916466193ad29bfb9cdd67b53184770f912819cab5521a7e511b9dacacfe5dd7713f239aa929220b4e210557af58de003dfe8c1419b9284c12af65adb202551031b75555174b653bef5611bdd8430653877e2e96c8414088b519c0394dc061ffcfd982c16447570838609038ec569ec6530c1b52bb98b06126b99b730f6c3ac9029ab675b69b9a85d06809cfc51a2ad58c85f0aafeb2ab80a34145b2b26eea1798300f0f5635044f7ce0fe6ad1a9969ae5b60c39cff8bb62f435896a7c887d14ef6c937f56b5ac882fdd9f2d3a75f4a10effc54fbd1e6df140486a45d906f5e1c04f9389327aab21b087b913fbae1c2c5cef68ef3026ae6501adea5e90fc876a62560884d49b81768be5d490ee3cf7e5f76500b24e06ceb76b86ccaead17d2ce9f91fa9a99bdad705884c5b46f1cedb7cc859cb34e0ae9849e8285134ceabb5ebc696f6374bff505fb6296835ba6d6d96c34a56f19edcfd23b72cd187aa9d0941ebbce57a22e6b93cc0b6953bc6f1183b8e0c7bb702c17fd80f7a5ba4a301f4288d8d2a470e89f59080246796c698895a4e2a955a7fa615cf47dd739be0eba8d960d0a90cdeaaf30d3315623eba1a61bdbfdc3384818494c62aba90cb25fb52da63f0324a84c9d8872180e8c97afc6aeb0036f4efe6eb11b4443d68bd8a70c620c025b5eeed876e3a9f403b819c596f678ac70c41d7c3bd1243bfe6e090b3d25f4e2b4855fc8306b2acd384b7eccd89ce0ef87cad7ad9417ba71b15208ef9de52705c634ee1551bca30d43c61088c75d05518a29ff0fe386962dad09b34c921abb4c4ece9637d3cf141002e40a2b3740d585341d94cfb5149d540d4d51f195683dd34de041b5e86cb0a227ff9cf2b961bc388684a9bcacbcae69b71552194783c2dc7b70e49337661e864f551228305c4114edeb5d9834b1096eb0f87cc27aba4cfa37c1a00d3551b2063baf7cc561410cc5a4d3d20d736449946ba3e34ca076f55ebe28809f2081adf2e4956251250839c191bebc59aec4420e8c1ef9d278c848667825ea99f482844e129ca5037c99e7fcad59109a591a24efa7", 0x1000}, {&(0x7f0000000100)="dc2e27", 0x3}], 0x4, 0x6, 0x7, 0xa)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000002480), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
splice(r1, &(0x7f0000002400)=0x5, r3, &(0x7f0000002440)=0xb2, 0x2, 0x9)

13:49:43 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))

13:49:43 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5386, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:43 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:49:43 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5421, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  828.567743] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  828.567743]    program syz-executor.2 not setting count and/or reply_len properly
[  828.583010] FAULT_INJECTION: forcing a failure.
[  828.583010] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  828.584978] CPU: 0 UID: 0 PID: 7216 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  828.585008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  828.585021] Call Trace:
[  828.585029]  <TASK>
[  828.585037]  dump_stack_lvl+0xfa/0x120
[  828.585084]  should_fail_ex+0x4d7/0x5e0
[  828.585126]  _copy_from_iter+0x1dc/0x15b0
[  828.585166]  ? __pfx_perf_trace_lock+0x10/0x10
[  828.585199]  ? __pfx__copy_from_iter+0x10/0x10
[  828.585237]  ? find_held_lock+0x2b/0x80
[  828.585269]  ? __create_object+0x59/0x80
[  828.585295]  ? lock_release+0xc8/0x290
[  828.585320]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  828.585373]  copy_page_from_iter+0xe3/0x180
[  828.585417]  bio_copy_from_iter+0x108/0x270
[  828.585458]  blk_rq_map_user_iov+0xc07/0x1180
[  828.585500]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  828.585533]  ? __pfx___mutex_trylock_common+0x10/0x10
[  828.585566]  ? find_held_lock+0x2b/0x80
[  828.585597]  ? sg_common_write.constprop.0+0xc36/0x1710
[  828.585624]  ? lock_release+0xc8/0x290
[  828.585644]  ? import_ubuf+0x1be/0x220
[  828.585684]  blk_rq_map_user_io+0x1cf/0x200
[  828.585716]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  828.585746]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  828.585788]  ? irq_work_queue+0x9c/0x100
[  828.585817]  ? __asan_memset+0x24/0x50
[  828.585859]  sg_common_write.constprop.0+0xd75/0x1710
[  828.585899]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  828.585927]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  828.585961]  ? ___ratelimit+0x465/0xa10
[  828.586005]  sg_write.part.0+0x6a2/0xb50
[  828.586034]  ? __pfx_sg_write.part.0+0x10/0x10
[  828.586078]  ? __pfx_perf_tp_event+0x10/0x10
[  828.586110]  ? lock_acquire+0x15e/0x2f0
[  828.586138]  ? get_pid_task+0xfd/0x250
13:49:43 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0xffffff7f00000000, 0x0)

[  828.586178]  ? perf_trace_lock+0xb5/0x5d0
[  828.586204]  ? perf_trace_lock_acquire+0xc9/0x700
[  828.586228]  ? avc_policy_seqno+0x9/0x20
[  828.586258]  ? selinux_file_permission+0x99/0x600
[  828.586292]  sg_write+0x86/0xe0
[  828.586318]  vfs_write+0x2b7/0x1150
[  828.586350]  ? __pfx_sg_write+0x10/0x10
[  828.586376]  ? lock_acquire+0x15e/0x2f0
[  828.586398]  ? __fget_files+0x34/0x3b0
[  828.586431]  ? __pfx_vfs_write+0x10/0x10
[  828.586464]  ? __fget_files+0x203/0x3b0
[  828.586496]  ? lock_release+0xc8/0x290
[  828.586525]  ? __fget_files+0x20d/0x3b0
[  828.586571]  ksys_write+0x121/0x240
[  828.586605]  ? __pfx_ksys_write+0x10/0x10
[  828.586653]  do_syscall_64+0xbf/0x360
[  828.586679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  828.586702] RIP: 0033:0x7fbb63381b19
[  828.586719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  828.586742] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  828.586765] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  828.586783] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  828.586797] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  828.586810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  828.586824] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  828.586860]  </TASK>
[  828.630658] hpet: Lost 2 RTC interrupts
13:49:43 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))

13:49:43 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2f0)

13:49:43 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:49:43 executing program 7:
ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000000)={0x156, 0x1d, &(0x7f0000000280)="35e338569e6ed748493dff930967cf0f9d2d1a4bf05befe32953a1790ea0f3ad9848f2ad7a9aa8a5a6a7b558d4d1992c6c98e04241ebcb418ef580e1ca2bb43f958563aa8892b03fdb02b54081685b62ff3c37b23d414df8dd0f3cc7c58ebb2cd41722c5b56a3347e64007950c40d0b6ada2a0dee509b7f5ff61205fc1c30f6496e9f20e2189f7e45304ab1eb59f091d35942ba5adc2d6a5f02034f4ba9184e916e5bed03454c953b72bbb9901b114d317b0c0581a5c5fdb189dbb88d3698de3cdab89e24841493491fe47eaf38345a09268a8cdc2de68a7297d8964708d998d8aa7afd07da76464a00fb8e7c1a64f4c07458314bd2df97b5f6df50b223e7cc4b1f238925ef0f3f9bd85399b4174e60873813dc94b5840574d44dab25bc977a5c9fac70ae30320d82b1c62d2c3bfaaa2076dc4f8651b2c6f6e818de1773f7e98a87dfb83c387765983e7e0b0f9984018b4e502a77cb65adacbd8c2a9c35937173854f4da122a69dc64dbd89a71d35ca241ddb5f709e84627d44c8e563f7ed59b9b4a69aa92901482d6b16303acb4f1cf408d614f06f40a435ec9f8e99377c79af0b5cb4c6be969543298d884113901856c6e074fb017c3aeae3c787b95903e7ef8d248e183320d413fdc59659466e765457f858e408b67401c5a943ceda5350ab3f3c9a52f2d623becdd89001470ac34274829dd87ea98a47bbab816802ef28e5f3c01837f4c04b3b149b7780481d85284fb0acadfa3e2032b24f0852970b2c90eb26b872b5b079439ab20cc1daa2bcb166425e3702b0229742f978247fe6c1e43cc3e9f533c5b0e163a4f597a930e6e809ad2eae917af68f40cc10b0d734b75fbec3ca01553fea318ca6bcb109368d54453a0e536010d922f0555e63a6480f4eb338a2f91b28dedce89a56327d9ab42337c8cab965ed2a27856932e2f61f48655a437e9e1b633e546130a7951efdac7d62867088eb9e146636f5f9d12cd66d59d8e34bcbae45eaaefb5d285bb6647eb2199b02deb3b270da2603b1b28a3ca7d4e388da718376fbb45c77949dbf6c26a9fdf98776705d3535c21d243929959c31ae6185e32513d4fd03754bac894010a3e20941bdfde271c506dd28be19264a5fd0edd520c28d87301720fe3096f104531b77f2e6594033011c310905ab737b673c634a28bd490a3392c165928974a7363c7e1fbcd4cb8bb7c0b457197f758bf60b82d30dadc116ced2da7037ff37bbff739b587f955aa4ce8f27dc795883832cf0c5d83e957d939ae91d818a6e4078762af2cf04bbe21fb6e5c6a1da2a67154bf2fff50320cb7558a58078cc67079a86c574bb3a03c91ffbe08bcced28906121bca027a32f79546223c09d1706f6fa7b352863da5000b32f77e0b11039101e2368a4443beffbdfdbf0664e8d01a730b0ab087939b227bcd853db00cc1a290b3"})
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:49:51 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24}, "", ['\x00']}, 0x120)

13:49:51 executing program 7:
bind$802154_raw(0xffffffffffffffff, &(0x7f0000000040)={0x24, @long={0x3, 0xdaa4e591c4aecf61, {0xaaaaaaaaaaaa0102}}}, 0x14)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)=""/210, 0xd2}, {&(0x7f0000000280)=""/201, 0xe2}, {&(0x7f0000000000)=""/36, 0x24}, {&(0x7f0000000380)=""/20, 0x14}, {&(0x7f00000001c0)=""/105, 0x69}, {&(0x7f0000000380)}, {&(0x7f00000003c0)=""/137, 0x89}, {&(0x7f0000000480)=""/187, 0xc4}, {&(0x7f0000000580)=""/93, 0x5d}, {&(0x7f0000000600)=""/200, 0xc8}], 0xa}, 0xc}], 0x1, 0x0, 0x0)

13:49:51 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 45)

13:49:51 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080))
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))

13:49:52 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x300)

13:49:52 executing program 3:
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0, <r0=>0x0})
perf_event_open(&(0x7f0000000340)={0x4, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:49:52 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5386, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5450, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:52 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x7ccb, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udplite6\x00')
pread64(r2, &(0x7f0000000200)=""/193, 0xc1, 0x2)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000300)={0x3a, 0x12, '\x00', [@jumbo={0xc2, 0x4, 0x40}, @calipso={0x7, 0x20, {0x2, 0x6, 0x0, 0x2, [0x7d, 0xdf87, 0x7]}}, @enc_lim={0x4, 0x1, 0x12}, @generic={0x5, 0x66, "def0aed4a0eea15ece6d5091f234938cb5ed5375f9c2c734c5fb0abc4746e3b12ab5554d2faebb47df8af34ca819a3d273c5b42e1b2d11e0de55bd5bca064618fad60dca734942b2ab0b2b882563ca44802a3f6fef50d7d6be65dc581547ec98bd9035ac31e1"}, @enc_lim={0x4, 0x1, 0x7f}]}, 0xa0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000400)={0x0, 0x2, '\x00', [@jumbo={0xc2, 0x4, 0x3}, @generic={0x7, 0x9, "7075aa1bc3f4c5794e"}]}, 0x20)
recvfrom(r0, &(0x7f0000000100)=""/169, 0xa9, 0x2000, 0x0, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000000), 0x6d, 0x40000)
ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000040))
getsockopt$inet6_int(r4, 0x29, 0x13, &(0x7f00000001c0), &(0x7f00000003c0)=0x4)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[  836.995907] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  836.995907]    program syz-executor.2 not setting count and/or reply_len properly
13:49:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5451, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:52 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2400}, "", ['\x00']}, 0x120)

13:49:52 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
syz_open_dev$ptys(0xc, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))

13:49:52 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5421, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:49:52 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 46)

13:49:52 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$CDROMSTART(r1, 0x5308)
recvmmsg$unix(r0, &(0x7f0000000300)=[{{&(0x7f00000000c0), 0x6e, &(0x7f0000002580)=[{&(0x7f0000000180)=""/130, 0x82}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/45, 0x2d}, {&(0x7f00000003c0)=""/197, 0xc5}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000024c0)=""/153, 0x99}], 0x7, &(0x7f0000002840)=ANY=[@ANYBLOB="1c000000000000000100000002000000e12f443aeb295c92a39c4f8da416eeb744700ac2e2b5c6818f8008e929f91a442c75de4da3400b7cd8ca95e3d7826627de1733dab3b31a375bc1434a3b21d8259dcc03eb5b2712a9f7d555731c48f002cad35cf96c7206695fac47273e8873db067ba6ca5effdae89458afc2c6c1874434b6ed239b24dcf13e25b4bb0adf3e08e6f14d021fec57f9f686e312efe8f0148a63fff7e460aa54fb1516a34fa56ba7205fc2668ba885fe575c49872274311e23d495aa4631262b73afb5803ef39e6e2c11374c45a53c8faa7c391585fce3c6be0348fa7d913880e8d7d86f06c14edaeef88bcf6d172762958cf60f3287b10b5e815b63841b989f107789bf50ff17659d6a5cde2445228ee844e8f7b05c00189896772f582e8ac6f6e7e6cd10fbe5c1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32=<r2=>0xffffffffffffffff, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x120}}], 0x1, 0x40010040, &(0x7f0000002740)={0x77359400})
io_uring_setup(0x25b6, &(0x7f0000000040)={0x0, 0x2ffb, 0x8, 0x2, 0xdb, 0x0, r2})

[  837.295504] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  837.295504]    program syz-executor.2 not setting count and/or reply_len properly
[  837.324192] FAULT_INJECTION: forcing a failure.
[  837.324192] name failslab, interval 1, probability 0, space 0, times 0
[  837.326291] CPU: 0 UID: 0 PID: 7389 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  837.326323] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  837.326338] Call Trace:
[  837.326353]  <TASK>
[  837.326362]  dump_stack_lvl+0xfa/0x120
[  837.326420]  should_fail_ex+0x4d7/0x5e0
[  837.326463]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  837.326520]  ? bio_kmalloc+0x3e/0x70
[  837.326556]  should_failslab+0xc2/0x120
[  837.326593]  __kmalloc_noprof+0xb4/0x4b0
[  837.326623]  ? trace_kmalloc+0x1f/0xb0
[  837.326644]  ? __kmalloc_noprof+0x215/0x4b0
[  837.326677]  bio_kmalloc+0x3e/0x70
[  837.326711]  blk_rq_map_user_iov+0x390/0x1180
[  837.326751]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  837.326783]  ? __pfx___mutex_trylock_common+0x10/0x10
[  837.326815]  ? find_held_lock+0x2b/0x80
[  837.326845]  ? sg_common_write.constprop.0+0xc36/0x1710
[  837.326871]  ? lock_release+0xc8/0x290
[  837.326891]  ? import_ubuf+0x1be/0x220
[  837.326928]  blk_rq_map_user_io+0x1cf/0x200
[  837.326958]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  837.326987]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  837.327026]  ? irq_work_queue+0x9c/0x100
[  837.327053]  ? __asan_memset+0x24/0x50
[  837.327089]  sg_common_write.constprop.0+0xd75/0x1710
[  837.327126]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  837.327153]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  837.327184]  ? ___ratelimit+0x465/0xa10
[  837.327225]  sg_write.part.0+0x6a2/0xb50
[  837.327252]  ? __pfx_sg_write.part.0+0x10/0x10
[  837.327291]  ? __pfx_perf_tp_event+0x10/0x10
[  837.327321]  ? lock_acquire+0x15e/0x2f0
[  837.327347]  ? get_pid_task+0xfd/0x250
[  837.327388]  ? perf_trace_lock+0xb5/0x5d0
[  837.327425]  ? perf_trace_lock_acquire+0xc9/0x700
[  837.327462]  ? avc_policy_seqno+0x9/0x20
[  837.327495]  ? selinux_file_permission+0x99/0x600
[  837.327527]  sg_write+0x86/0xe0
[  837.327552]  vfs_write+0x2b7/0x1150
[  837.327585]  ? __pfx_sg_write+0x10/0x10
[  837.327609]  ? lock_acquire+0x15e/0x2f0
[  837.327630]  ? __fget_files+0x34/0x3b0
[  837.327663]  ? __pfx_vfs_write+0x10/0x10
[  837.327696]  ? __fget_files+0x203/0x3b0
[  837.327727]  ? lock_release+0xc8/0x290
[  837.327754]  ? __fget_files+0x20d/0x3b0
[  837.327797]  ksys_write+0x121/0x240
[  837.327830]  ? __pfx_ksys_write+0x10/0x10
[  837.327893]  do_syscall_64+0xbf/0x360
[  837.327917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  837.327940] RIP: 0033:0x7fbb63381b19
[  837.327958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  837.327980] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  837.328001] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  837.328016] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  837.328030] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  837.328043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  837.328057] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  837.328089]  </TASK>
[  837.370692] hpet: Lost 1 RTC interrupts
13:50:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x321)

13:50:02 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
pidfd_open(r1, 0x0)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x40, 0xe9, 0x7, 0x40, 0x0, 0x6, 0x100, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x1, 0x8001}, 0x618, 0x2b73, 0xfffeffff, 0x5, 0x2, 0x9, 0x8c9d, 0x0, 0x9, 0x0, 0x3}, r1, 0xb, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x3, 0x3f, 0x3d, 0x0, 0x0, 0x0, 0x80000, 0x9, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x0, 0x1}, 0x40042, 0x8000, 0xbd, 0x6, 0xfffffffffffffffb, 0x8, 0x5, 0x0, 0x3, 0x0, 0x8000}, 0xffffffffffffffff, 0xd, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:50:02 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))

13:50:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, "", ['\x00']}, 0x120)

13:50:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5452, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:02 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5451, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:02 executing program 7:
r0 = accept4$unix(0xffffffffffffffff, &(0x7f0000003740), &(0x7f00000037c0)=0x6e, 0x80000)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000003800)={0x0, 0x6f})
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201)
r1 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r1, 0x0, 0x3b, 0x20044001, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r1, 0x5421, &(0x7f0000000240)=0x1000000402)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r3)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r3)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000001740)={0x3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r4=>0x0}], 0x81, "eea319166963ba"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, &(0x7f0000002740)={r4, 0x0, "8dbb6c9dadab8918bab6c7367920cf16a98bd6145fe34655531d83d9560f60861a92c2efc94b9c4441ff27ae3defde66b879530e4c6a391e3784b01713e71eccd863fdfddd6fe5d303f96f2b1d5b701ce5306dead1f1c80674a9473c8b8a7dc8fb53daa761a6b680f1b74df4cdb0977256afdbc0b3ddbc81587e4d7970f2ef43b0955af567669e89c24cd8bf0a90d57e149e3db859ffef52d9df110c782e5ad15fbe6528cd0f2a6bd8aeb2f9122b33b8bd36bff27eb6e7ded2c3b270c6264ebb74dfac5095562202907803ab9dae633bf5829352ebd92824f2ca7b9898be8e302ab4a2051eeb61c3b8252bfb2ec37933bf9e519f7b028d695628a4d703d5f88a", "9ee8fe522ca09e78f10eab2c7e27a6116f33d997a964fe044d756f6d568a31eddbede67837a818d99e98addb0c5d816685e73768a84d616ae2514e1f82488f88c5ea521c83dd944d2700d6f0225c716d500a79aab1a24825dd4e61813051b2c03fa017b7d77772d67c3980387fa5c58b8bfed73005ba596f6fc611809086c0eccc3c0548f0a65f47cace847956cd8dd24f90cdf728ccce944d7f4dcd38a9140829748820b90013ca25343b0fb5da0ca3c779e84c64bf8ac1b48040a9f2d5e69ade603ec698d0d967c423a8d1f93410f15bb6e604eebd7222b6d1de2fc63dbfb6e966701476d4c96ee4ee539d044b5f1357c4de1b1df9290da80f1bf6d723750b4c2252714485bac0779b6816eaa1e09999d1c866952a0f6307b9cf0ada0382d74784264d0b780a7c5b328abd2b75110476058b2756e6440b9c04f902c66d2607fb67e25c59329e516e14e34a0e2662a5f229a45656f3b615a825c6e57ddec80f1afc939264686a7e9efe1d772abc27c61f23e66c0af4fa4b2d8b9a07531168b455d69a1c7205e108ad5fa578390ad9ce38377523807457775bb2ec5151b9cb8bafbf76a0fb213cf9b1a9ef6ab26917feda1b3d8e9563485056b0b2040b08b4b4046e2f693e1b0d7f8e6417b2ffa2b1a74ebb1dc01f171e52d8b613ec818e8f0658c1556fc63a95312c47a65c43657b7710e955c2ee55e5d5e7134824fdc2b187e167ef4af3cbac221fd343d3b40ee3678a030a314307382b869ee9248ac94e302eeff3caf60d2ebb00b61c0aff5d97d4c321ad4a3fd6f3a2141ac0bae8df17162261674fdf7c113f39607d2cc264bec683fef44bb281d67554440c6ea9fc93018ef17cd1f6f56ca8245451450c24f03742f3933df6626db8f40e6b74025baa02b4059b1e1523ce99e4da67a664d578ee9b8c3f4369d36fc459fb7f27c1c8939fb98a53f90115c27e7732a20fadc3261c952969284344461947122b20bb6529569ef1d214050739c48ad7e831aad19440b2dc9e3423978b7d45a0e5a839c08e7de354040d667e5fe9205d2f69ba0e60de9726b97d3c95cfe3b07a14df06586ea4eb99090fc301200b092223fefe0a667900c9b4540a7d8c61a25f7d36a99aa9c1c8c9c9a3011c6ffc4f2e6fe2599abba9e715f4e188682fe58cdfe5e348be14813b3335231f0944d89168b7c40647f36fdb017d84490989b94f5457545037700be9d56f39d16d414e11bd5af70f8a962cd2565711fc05587361f45e2c488ffb37bc68419fb500dec9ea7fcb97e9136020083f2df104592e6a9ddddd2d148bdc73567ee898760724ded83c468e4e236d85c95ee1aaecb72a6ba33e171fed76d2411929bbcd91aec2e518658a55dce32c487a855edc090053675024de3b431285e9174df91039049f39ddea181fb2138fc6b559778482bdf6ba9b0dae8123859a109d0dc6b49e788e808da0e4c7481d5648c028279e720b5276bbbc272e06b3be6ae73032f27017fc1bc6ba127cd85a42f77ce589e8ba206f48b2621bf171e8a1136b3c85bb1c1e9a5c2c333c2948c336246a91f6237804de2bebda8cb487b8ced4d7cb4b7050f52ba88d92280b62339ffb0ff407b2410999c8ecfae1e5c15ebac51cc5214e1e2bc059297dff5e89e064be5869b38176a9a3f3e3ab39b377012a8282708f0c6e169968cb1a0a9f92d25260714bca9b1a4c7d7922e4abf08ae124fb76452fd7a059604ebff5832443ddae1435ad66b230fe66b7f383da8cb186e6e04e15a37300d7993742b7cb4310bb002175569162e4a9c9f8345d12d9e745b2485109527999453c6ded3d1c5c4549a22f39063609f9e592d693b9c0a02c7274f53a923d2ca6acd0dc4ea4edd1ff9af3714785645689fc9541bbab624c3c66d7254c81f3ef67190990a5e2ccd500d2c6383924bac250eb014bd741124282b76822bd74a0b9259810e84e0ed88bbfed31cf9e8b1f55eedd56ce080ac8d1a60bf467c4d89708cfb106e9f75bdd3a807c07a2da11a6a9b74e104d380f60471d9d629ff28e8cd28abb81345c9b6f40fa6a710583fff5d816f7d0e8bd226e5bd602de3c36e1849b095c9b8e367ddcba7a210df652ce562cddf9ccc1421e22ccb43f156a7d764c1cb30fc75036bf1bc49f11a6ee207c06a8cd2e4236151fe5dfceed2f57a05eef076a0888a1357beb60fc55cb7ba632b43f31c3b0dfac045d09d2178bbb58f5d4c7b7bbcbaa3c1d0f9c8458bbee7b986f462df91321002ce030e485830bbf40969e5b2935732cd3ca155fcb2d8d7fc30576ad5ed3a49d5364ef5a9ae2644500d9583adf6c8fecbc085b5fd8ff284be51312c4780fcba4753dde3f7d581800d17e906deaf81c891b87a02ce803714d4ec151283ef9b94b124d4e23219072df5fccc3c751ab3d807439a90a53c2cd31e8b204d768e66d0fe950f7f8c93f49d0cf6f45ce41a05d7be62dd08e75feed303d93c5a5a224878918629d1935e62abc731c75579e52f53e417cabad18fe6dd430f7c3c55603abfb707392c6c994295faf8975be66970d511fbf77b2204da1a26afa0a54e881aa86e06b7641215142c0d60a5498911270d53029a1e7802cc068bfa704c51e73be2e16aac0236a3909031e0c6f1ec63156d9cc6ff0ece5a7f96250a37a4824226ad13eadb25b11147e96d13d9fbbe9ccc1e1baafa939fcc91c6a7c09d23ecdb60049ac5d35cdd3ce39bb8811babe94545d6f91463d7933efa09e6427088c032cb4c8eb67c307040e4ff2403d296a32cf9e9c18e74d21ea59ca9799211caec99d827e93b6bb6073758041d1a1d89de751357ce7740fe52a99ddd5f0245d232510a96844b8d4dc83ddc2c6c7466376ab8b1ce36752e21921d7c13b631cd4c367ec8b059f8999490fb8f0fc6003817e478b5f466bb06dfd38cf182854889f6c8e4f552fc07b9579905d838226050366f076b828629be5974f18a3101702e84e6452558ff7fddee0fdeba937b5db5a148d6fa97e49da4ad2ca5959850ac7d99e61fd4675beab3ede1b3c475851580e83d0c658e5bc9faa07268dbbb04a106e636cc978c63fc382c1c4b822113e43c18e0978f21e5849e18e88c249d22bcf3fb3d2b5558a4fc22bc3fd3eaee135038231c17659879301c78f34918e13f8b6eb873ed66df2000742e7034e9fca70f25cfb1b58893f87ee1693609bc16555e36550acb2f5abb9c6b48d3d4399af538091481c4199c4efe5e4bddff52a1188196fa16f64d72e30b57603a994b7200726e3266fa46cff3e4894ed0bdce9d8ae65daea65b59a489663a9373c81a0e7989a56e10deccb3b5d91090b787e8dc116ecaaa58b7700d08a00b41a7e7ad4172d8c5a86a05a90970ba3aaf6df6abfda2f78a1b117386a19f1dca11466f3b8080e7f8540366f4f6634355d5f2cbddeb1525cadf6057b4d385033e1cb59684e91ba9fa8ff75dd9ea8efe0ab03ed8520e1b94308df01c8a709c8186d4bc791c568de9aee05e4288e21fa40af106af6a0ff85b04ba7532b479734455cd9a4b2285f509772d453ffb827a2aa403fb020b81bd442302ab11ba1369cbcbbea62995749770fa2faa4092287f2f63fe77cdee1fed65c0d9575d00a852cb3ece8cc2ee76a4fb184a1710e00ef167ed7605d732b504224d5acc3f123ffb6f9a807638c1ebb7a8603c23b9a3181bda648d3d11a56910cf5bd7cf1b6540ff4326d8de93b45550779625631a85b67236d1ad6f23fb637330150c1732b5f3020a5ecbaafcf6720ddb1f6e93c767fd6ca5fd9d9e37f1b0c91adec14908b9f0fe1caafeebcb03f05b755c39d6dbda3b0d435cb30e4fd796594a2ed0d51cb6c96a6cdc1a8ee97bdd5bc1357964eaa46f0e412ea37a42017cf2fb83950032b9e4ccc381fca4cb24ef25893331c6eab110437de4d83665f637370befade9dccc5f7eb246b05f7d331f75e95d139a3a439f97f7d4a43acac6c8219b6c375affa94724a1db93d252abf1702598dce0bce579d86f34321795a41e0213a39c278de0001f75865daaefd3e9b439f20f0054d31aaedcc8d08a324f1739fdfd7af743146ea48713386176ac9aa129e3ed9be8b7b44f4d8f04c82134ccd6e761bd2ba09d68c1d9971c36aa960be5d1727bf66df2b9d78b493f89699a81586b89b5b9ed7bf153a7396155a8467b3a7e88ff9005bc7fda0ead6276d4a7155f161fb4f156e8d2eb0895049abb814a7f2ee298e67e262783a50c4a013ae72ec4e5ec46fceb9c437cc8526512a5d29264fb5f970bf5291d3822a974c872a63a14e058a3897bbe4613818aaa6ecb5f01d1318bd70bb3c75b5d89628598b18b4eb3b6775d2014aad0212ecc912d572154b1d08bca89d3e1b8eb3f92d2434c62a44c74d01e1fa53668ce2e3cce7d3a2ba9177930e8cc23005a3ab389716fa671812de73c9d10ba783cd67a9b7efa2fa6e698341d97bb997b838e18758af64f8699f061f33b4a9c811a8f7e0c0bc7b6a7e9b7ef2188ce0bbf8ed0af4face3795faa2e233c3ebb18adfe29721bbf684b554229c897ad7f6d0597cbc82476730b11573a9646480b0546abb2f0d77bf62b29f79ce53b82df771d5b09bca5f438961f048a843b09cbac712821d260a74707acf509d454701e64d908f97a65e0ad04669bad43bc98afc5e61729d311954fcc7301bf611a3f8f63a6cb99703488ea4661a85c000260f3b28d31b83993f16f048ee71fe92fdc47d473b9114fd246d32ed4144035659bfd33c8ae7c6d3c479d683b882d8fb6a6f8d0b589d6b2f66334637152a507272ac598828f0c8163d8fe92c5f77a8afac6d7645a1024bb2ec639c0f7c871f46b689754d0a03559bc57eda23106bf994ee3e820165979b3a013a17bc4a9fd5b8b5906ae1bcf04570cfa8cb76303e420223c938e235cdaf24295f1a7629f3027339ef083cbba1eeef095ed2f95c2811e83e220c2b985e941f59f9d2ae800eefe9267236cefef24a0c8ec9ece91f4e5fd002167ce6658b37b11fa10d1990550839a1e5d8a563ca032dbcb88f37fa11a26335c9e5c35b015d7358869e6e1d217df161b86683691c42e84df447b80d0d73e98f8df29da00d6b483953c463353ccfc302cb7e427f08163b4e4eca5b1391fafdc61811640f0c125e1f4ba43a2407886334012b726d90b616d653e8375428430ee22ee9ce3e0087f06fc9a79e179ade1d81aeb72347b3ef14c4c1d5b15a9990dcee54c791dbbefc82c0f9450568d8b9fa75e892e98e487b6822d5ddd14ec233e44478c170856828dd86ca10e4880fb10cd42f70bbb09c766614cc5988dfac35dceff387c1759c29469f6d573b996347459ce8ea1dd3903f55dcd464514aff010776072e2fbb08e744dbc65ee78c018122bcb4a15cc8fcacf3a7a357623b2cdf831197b531221f4d4a95ec6aa4ab"})
recvmmsg(r1, &(0x7f0000005140)=[{{0x0, 0xfffffffffffffff7, 0x0}}], 0x1, 0x12102, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f0000001700)={0x3, 0x3, 0xa9a3827858cab56})
r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x10000, 0x40)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
sendmsg(r5, &(0x7f0000000040)={&(0x7f00000000c0)=@nfc_llcp={0x27, 0x1, 0x2, 0x6, 0x1, 0x1, "7328bfd7d073ed1072b9c82b1c95157dc752f66a45c6d8d11bb4eb6c53a12d84ffc884cfd6d4960e340762b7c55be9dc21fc287ce170cc0db6ff92f49df512", 0x14}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000280)="faaa3db02fd30339ca89b69b049ea1ff775e9e4bfbbc48b0ea9f9fedee46d740976a2c9a1f3e097663b988249f1d4aecabbf162558dc0b37cc5e96e4efcc4f677cc7c623bd26e62be12e2897b1a5b5e0408ddac315c5064141702d14f3a095e3d15ae3632ba9e804224792ee8510a3e27d6a43a6dd2b88cc6659875b74a349641aec0c6a34ee4ef1257f487b495b044779f270df0ce93803b6185bfbd9858599f09e6abfc4ea4d1541e2177de53b17d4b01dc252338a7c655a90f393b7dd94c3334ee05b81d288d3ebf4b272049046c70bfcbe655ab645779490d49095e093fc44a16e4f3d96ebda50f6899316adcca953346f773e52987563076c8f446cfc575e6062ee870473158ea0bbb14311219d1cbfa5476c7619e6ebf53e0ce8334c5d4657e99197a4d5eb825d64531c0a74e92176c0eaf5e944508e5e8f96ef12678c9f57cb42ae7d40d67b4c88d553de1d273e3b2da27cd26dd2c39ebe5e44e2876582024a1c478cb34932d396a3fb259c3ceb6a73350da270fed0b9c2362c14c91f611ca7fa0764929c0202765441d7eb8de04a39e973a464f80de8730df498bede50c8d5795bdcc7e84ee70a11adc44d21e1e208c0593318a4d9817ba7d25e736ef740e7eb90ac50866d895ec9a5e539caeaedd2b9b78466ed32fe5c99caeabdd423ebf7c228c8c465738aca796b64a75d99a22afb52ed1c1cb9529b3be69ee6c72870779698c96ea750078b5c494b036805ce336140fa2c32ed5e14a8c2b6cae9c83855bbc534c90f5131bc16dd03e838c99af81615966d5abb5931fa625012d6a1e6d1a9c716e66dcc70ce5ca3a512f9813c4ddd81307f2ba3d91ba03429c717d17ceb5d767f0c385c7939c2fce6e1ffc4204d46d88f3d9de9d1c085ead36533a7180493741719d4b758de6253770174df7842ffd7139b5efa99e76521913f6855a76df6105acf4527358025b3aa79fe6c2b8cea3e621e08587bfbfdb242a81f7cc546346942373aeb6c6f00b87541f0d93be7c4161979b7dff5e5d36dee4a53b6f75706a705768b6c7a7aa6f5cf3236c693ca03ab60cb7a7dce86a3fef1fe98fc0461efe59f025efed0cf8076fd7397e4eac3aa21142fc937439b423add0e37b7e529b433c8cd17279fd01839087dd5e6879eaf710aac5da025c152f770ff2cda38ea36ad0071be5045ec47a82ffa650a105d10fc5f8c4974390012c89ffd705ae32ad4e1f4460dcc5e8b5fb155c6e3d776c458d39065f82e9a8522f549432856aeb1e4ebae7bc0fb4d25dd8f5ebd86a96803fa7db967a73247eecd75ba04a0cbaabaf07d17e917ab836e3a443eb87da38249e9c97e2d93e3e594c5083b10fb00b748d377f2ac51dbee1ff7234e7f9489f0fa53d6d94008f4aea29c158195a30d8035ef29a9b57bba554926aa587c2b9df0e1caab0bfe8474df876f3fb3ae82ff9b0d26e073481a6188e033684c12e07a05c4bb22fe43dcdf7a78a1dfe96c6ad8ccd55356729b9c52960d402873a8f924899ee13999b5ff1684389b03f6dca0c0dd49c67736701fe86a9e2db69ece99cf05333c23ca1d2a10ec80d2e68ff622d682a7f6d96b06dc50ff964a5ecc08023f8d446bce0e27336ce0074d157b3f8f1c2c31898d9da0b72aeab16325de820dc24fc5c67b590837192c48882ea1345e6d7b12ca106326341800a3927287b485dd19883b21fc438cf1c723a3640c5589f98fdfc069d6b7890d1da891abea3ad51b4dfe2063b59095239c7309cb888127ad8e836e6bf0adf861d210f51316f6741b4f800d02c407af15a1bb6bb8e9c1d1d20be6f1257b5026b9f5053b1ab8b11bae8b864b89ff7ba1965d869276106c8fa5c0392efd5a392e484e7b301720da45a6c091ec6ccf2a7a9237697a2f72c75ff07c9046e7af25227a912a2d6b352ca3348be1f52743b0edee6e0e9d1eb536cb9e30f419db26281cfbdf6df7d05927db0d992cc90b08343e20eb41d0286d04bfe7694278349c264fd33df9405593502517badca39439fb40dceb3ca8d4250a5c45ac8572c7ec17597c0674f1b728073f6fca8c0e2a9cac9a6e18136c3170f80f6908ed6a3068090fea7c26d4f82bef2d00bde7b350cecfe524933f9edbef129083cc32e9cede758be349790367880f2b90b0880127d397e03f50a085b017b7c21fd640fe24ebdcb33283dc00a9706764541bf5b070520e340b4eba0d772ab3b1d2f65efd3e3550578fb554a9e1f6a5f57fa01410083d632eddeaea90b2acc4e8c6dcafba95224be4d0db5e14d3ac9d644fd1463b51e5339902010069e01ab82b3e41b2c269705e1276cfa176ea3196b1d163eb17171f02079673804de13cc4ffa7e3ed833ca6a587d52e2c6944d0662949864a7b11ea9c3dd30bd9fc3632341102608153d90459e3aa7b19f347a3bfda6178e8a93de4172745fdd95b80ad4bddc116c165793179fd99046271383a72389dae73bc78589c76f0f1c93b4f37ba0c5932477451f086f9d0d5f6657c5dfcd5e04893ad43d7158fb72cd1a7a49ce77ca6a27b99644e07b0e1e3e2130d659c95dba71262fa6877cd7a5626400cfffa60f334db5e8627db1c52b3df66f7b1ffcfffd017c1b3ceca74f303bf1f31621e5284030f8000b536c400ede0fda7a821df3847e9b17f9dd160868c4616fd957d707036c26bb7a20ced8e073d1a22913567b6c58d3bc1e411f46ffc62178756c13b720a91e972504e4a5511a3976ebb826bc038cf5a53662137bf3ea95cdc0b3056a5d9cc312b370c16cefe39453263d5689de356a8978af14751b81938a97d6e5e0a5691c4cf65011207b3f4a9b5a7895877eee0cc6eae709ae9dbd58adf3df95aa1df26a7589fa86fb3e9311fcea05dd1c735d6dbae4c3062e50d7ecb8b87ba418265bb5b9a5a3092962c1d89d0acdc564732b0a53611e876c8f45014830674069dc81142cb04786249a02a1f6bfc2cfb1edbe82c2d550d00af9251ba550a42829c32bae6a02959adbd6d0627a8408eae020d04375398967614a17391155f6b40b678450e9d5b5104e4628df08764f9d18c65e633bec6d7173c4914b444d543085d15c3cc70123ca1aac3a5430e2c4c41dc871b9927d57e2b3540a2554432a348476ff3657c9f4bf2131e527d087a708027eb151e175fd00e18cf671960ea8e14aa4fa5bf19f59c6716f22f036a3f2e3fc1f66ea9e3d26d97868700d5e67aa7303b65721c72143545c815451a5b456642e1eb5b3891f5dc7b7b8de6685203b25f324889afdf072fdadefe01c56e4b611bba6a0ff840b282768f6f879d371b8a9e6c08982ad7af0e827a2b66894ef63e12b410848a9b687a685413dc79572608852d6550391cb34fded5a5f8ce1852df22cb2fdffdbdb6b811da8e15abc38fbd34507ea669855b487759f7b480f6b2f447e7c8db3f761529cc5a0ba39aef82c5ed0667c46d5a9ae229cb1bb00c6644a443d874d7769a3b8630a469e3d7a62c7ed044eb071c4f5d9a7f18153e4afe6612db90312173034e00d17e5a35501285eae1b6ea57ccc1234d5f1556e989ab955145da388b67a42bea0b64780ab65a2b7ba04a53e0e0fa311cc2a9291f6e9168e567690bc0c683934bf583727222258b9b0b1cad1d866f9e0cab79b4d218cb286c4f4389f1203ad04f8093f736aa42dda96c724c2fde5e41c5892983183c45c073028d4dd407d8474af85d4fb645c64850dff1dbb8dd2943d82e518632ab19b4f8cfbb0440fe854c1634eb53708355d2946188868b7a57ed484e3df717e5589fe504670123dc7a6dd1116baa0b37866bb89110f90ba744ef77736c842a0e961c7ee4c8ee94f2c3689a91bc1dd50616a8c74075935a779ff4e9439dab918c1734da81de49225bb4e5d3af208ba653a96aa6c854d53fbfcf5453e4340c4abcb40b5776479d1e1593993b89a92a0b2e5fee9eaf5b9d04fb7ae1cc95cf09bc19e3a66c572766ed07b6795d52034c7f64a034b12cd75d703d65cf855f13d6ef7a9c960cc3f731cc34e640ac257ae1cd32035a3c169fe9490a16d6386673c3faa1e9711d6b63e0f513b0cbd94b112959ffb6edf0af67ff6a461b0e8c120ea369118a2c8b31cb4d134ad305bf53bc37ee84aecb142b1844b41f06b427f432ec18dfcfb7ed4ecc977fcb2cda64d7bdc5954e00e23e520c002cfb8c89ef4c3cd2335a2dc57d6da29583a70fbf57cb8649fe82359fa2ac4a1927b0a612466f37b4eced58f6cb92705590182e5806c3d2b257541bd4692bff84b2a8b6fd5d2da6d50c9d069db18e903015b6d4f820aeefd7a63a3f7af95dde0b0b78b076c206a5593671730432772432139f37001171ffb3e062456277b1432f823c6450f8756841967ecab210415df9d0738b65a104b9482601008777c2ae4efe8e5833a0c27b636b79c854a0164f2a51ed3500e29cdf7e7a55cc651267bf43c0ef44cd8e82743197ea689c545abb27c5edda6703108580c58f9d2638a7dfe8d383e8dfb139078f4fb9ac1a1b57b40965eef05635bbeb69975bbc7923609afc75dd0df2638d5bd602da0f74e4cb9fe0070442d6814d9cf318faa27ea56f485a73aceae7eea851b9f418362d6f5db08a18acfcbc4631c3a83741c0ec575319fccfe80676a644baea98aff401d8d12d23612d15880fc8d7b20c9308be2fc1879cd759a54b6b8d331ae63d57bd5ec24c72fecee04a087e247a5f4d1a3a45a70a7faab3932044ae1d903ff89720e455fa668a3622370019010f953fe9717a65179db89fc8df4ad5100405db0d58fdbe60cc64922793bd4aec8692cb686704fbb45426cbce0295b2a69b975dfc39bc3acdac4a7768a11f91cef495371f19c82cb72b642bbd60c616e774fa6226a9ea2fd9ac1cbac494052b1bd5c25213e931ba41fd147bc429bca97ee60a80cdd9e48640900f26a9e63d75b6b4d5b9c7ff244bcb0a272313cfe990f10604a3272db070bc5ca446b2aa3aaae0403ea3e44a5888a264aa1e6124b1791edc8707f9ad3b24ea99c7fcc26a4e6409503999913253e5d1591eeeb705d44c9b0b0c3a59852bd1570b43e719fd17f2d7319c1bdcf96aa8db7322a4e127ba3f331068b743e5cdb6fc9b97d80b99e4176174e45acd004ce3daad0e41347f64a6ee0eac9bdd9aff0b952c538c98e98d39adb63f445606b6dcca6b451408ea9a62a323f805cf9ade282ec7f35dcbe074946586feddc073eaff6950e9afc7611787d3657360ea2f5b2625879ff0905e65805f0d76fbe99e6c997ed73a74ed6556808f864f8ba7b40081e592eb4a7ba7c69c27f83bd7e6df41a4c9018053f43768b2a64e9f3d551c59df7390f8028b17df6e10b696a2c95fd48f588fdf8c2664e3423930f9ebbdffa20c9107529b7597df9ce3b53844801c0dd6206077d4ee26f7aa3a0b2b480e76fef3c5d95e61c43953703fb305aeb8fef4742ccab82ece07a569abcb4ad3484c561a33f31f1f6127597de86a5228a49b39e6b2cc839d4fb1dd9e01f924d95ba6d279073bdb24c943483c59fba1b55a0d5c87a86d86f9d80476c05494f39602b4c8024fc93a265e1069bedd0370123f1441e9a8d87a877e108e9124a47f95fda4c9e565f3870ce6c77b199669a45cd1659572c4dd2768cfdb34758464e98353e75dcc65e2696208abaf43072151b7f2acafb4d50b5eba4d11596c37bf563810a2190f501478e9f513c837a63c85be571e49100bd8bcb562522dc6e30b18bc4cb48eae3c7549a4212b8ffe18fc830dd4efbae40aa68317c431405d83ed36051d65a24e662f8720bb2b9bad5f10c4f24832c1c9", 0x1000}, {&(0x7f0000000140)="7130aec9447744562cdc686eb0d0d1106bd809b286a9e96f2e1ea1d4f97ede12814313a1775a6f724bd6dfbf23807ac945079e16e7ef3a93b50caf8ba3d2262993299e8fe4476536fa3a86dfb392eb54a0f6f0f64ef2f1afd08f6d5da475726e1b4d194f9ccf46bbb4f70dcb3e843fb185216227f00609ff4c964987a4937434bb8c4b6e6927430482f7d1702b9f186abf515d14e22cc4a93f8a0ac32738abf7724ca20d5366ff262151d1d5de7cc969299ac1a5bff3369c16abfba2835f3ac3404a0d9b9c9c1a9c6feeb2446e98abc84d14c8d28dd45906025ab84d0c8576ea370978ac1e8567872bc2d5709f77f5f1ffbe8bcd6856bfc51ce45e096c", 0xfd}, {&(0x7f0000001280)="7b5724de41fbfe4e1a0fa112355af5ef8888101ddafb0de6208bb1f8c740af5e37cfbb4cecb6a3d42d2ec1ae6601d179871823b0842d92b3f267e4b5e084f74fb86bfe4851f31a83a12b0aa2517d3087eecd7d0fce974d14eef82ffa0b7d4a1a23a89c59a1193dc4f81ce68791979591d043a6963707216f5f4f30f47d0b07dd0137ff", 0x83}, {&(0x7f0000001340)="2ae25bf268c28fdf6f98feffd588c865c9f85f8f53581998261142c3c81e6976205aacf4520c13f172d15682b561ea56d711663693ba7db6f750e73a2852c96473cb9aba75e10877e646aa08c527320541766ed48325094cbf139828483d57f1bedd5ae9b785b3efefd9f2e3b9bbb33fd71f79d7718a46abd5af3e1018f80528acf7d6bffe6e5a81c8cf798f205b847d81bda53858b21d0d16ab51dab6d700e514c932d41a5f343c8a547f625eba64e83ab1a91ce9a5b80c84e83eb9598133726398d1580a331c0f0c170ae407aca861b80ccbd3edd3a03e7ba2b79d96c28613ee79f05767e0cadd8eb5", 0xea}, {&(0x7f0000001440)="23038b886be39af1df066faa16d5e3e41ef1a7796c463f0f5474f7d44de59f4ee6f0637ddfee0b7e0c95b50902c29c8fb9cf2d9bc432e56e07eb05edc60833ba16105a26f1e91952f781855f8e1f6fd2523031118b097301d23e", 0x5a}, {&(0x7f00000014c0)="7249611958d363bf62e44219747caba2d2f6772f4e750ac46d3f45afc521b77f65f53d2a6a1b8afd6764addfbd5ee7612594f00c22b266f8714aac4f060f14ff49ffb5d7eb3bc5c3a3d16281cd9444091a872abcf89f1af1ab587dc74bc8d563bf19ad43ab5aec1624eb2226e4ab27c25ef80f7c3fcc6f65737e8d881c", 0x7d}, {&(0x7f0000001540)="a7c987c2d7f237807d2f6177830293876f2ec248a8a7b0d21c6de5232d962d032ac7ba71bd93f90e05a1502e217a3bc684ae7946d9a75fb69aa44857e0d7e9312ff993684b835b6cd42bf4efd96b468cb9e4e89fd90ae71e0bf8aecf8ac53cf8cf3fab5e511d428abd62e07a85351f106ea58d5b304d1f1f0ed0a0e38e17162fd1c606", 0x83}, {&(0x7f0000001600)="a071db3a677edd469a69b5714b8a0382b5bfb2caa7d2f9e315aaa1a77e3f95186d6953c1985f48ec32f9422e13a6a18b7546f2ba70c0d030303de4dbf5db63fac4cd2e04042a06fd60fc3972527f3b5f07", 0x51}], 0x8}, 0x10000)

13:50:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 47)

[  847.702918] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  847.702918]    program syz-executor.2 not setting count and/or reply_len properly
[  847.714512] FAULT_INJECTION: forcing a failure.
[  847.714512] name failslab, interval 1, probability 0, space 0, times 0
[  847.716318] CPU: 1 UID: 0 PID: 7414 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  847.716356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  847.716370] Call Trace:
[  847.716378]  <TASK>
[  847.716387]  dump_stack_lvl+0xfa/0x120
[  847.716436]  should_fail_ex+0x4d7/0x5e0
[  847.716472]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  847.716516]  ? bio_kmalloc+0x3e/0x70
[  847.716552]  should_failslab+0xc2/0x120
[  847.716591]  __kmalloc_noprof+0xb4/0x4b0
[  847.716622]  ? trace_kmalloc+0x1f/0xb0
[  847.716643]  ? __kmalloc_noprof+0x215/0x4b0
[  847.716691]  bio_kmalloc+0x3e/0x70
[  847.716745]  blk_rq_map_user_iov+0x390/0x1180
[  847.716792]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  847.716825]  ? __pfx___mutex_trylock_common+0x10/0x10
[  847.716858]  ? find_held_lock+0x2b/0x80
[  847.716889]  ? sg_common_write.constprop.0+0xc36/0x1710
[  847.716917]  ? lock_release+0xc8/0x290
[  847.716938]  ? import_ubuf+0x1be/0x220
[  847.716977]  blk_rq_map_user_io+0x1cf/0x200
[  847.717009]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  847.717038]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  847.717080]  ? irq_work_queue+0x9c/0x100
[  847.717108]  ? __asan_memset+0x24/0x50
[  847.717146]  sg_common_write.constprop.0+0xd75/0x1710
[  847.717183]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  847.717211]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  847.717244]  ? ___ratelimit+0x465/0xa10
[  847.717288]  sg_write.part.0+0x6a2/0xb50
[  847.717315]  ? __pfx_sg_write.part.0+0x10/0x10
[  847.717345]  ? perf_trace_lock+0xb5/0x5d0
[  847.717374]  ? __pfx_perf_trace_lock+0x10/0x10
[  847.717403]  ? lock_acquire+0x15e/0x2f0
[  847.717426]  ? perf_trace_lock+0xb5/0x5d0
[  847.717447]  ? find_held_lock+0x2b/0x80
[  847.717480]  ? get_pid_task+0xfd/0x250
[  847.717519]  ? perf_trace_lock+0xb5/0x5d0
[  847.717544]  ? perf_trace_lock_acquire+0xc9/0x700
[  847.717568]  ? avc_policy_seqno+0x9/0x20
[  847.717598]  ? selinux_file_permission+0x99/0x600
[  847.717630]  sg_write+0x86/0xe0
[  847.717656]  vfs_write+0x2b7/0x1150
[  847.717702]  ? __pfx_sg_write+0x10/0x10
[  847.717728]  ? lock_acquire+0x15e/0x2f0
[  847.717750]  ? __fget_files+0x34/0x3b0
[  847.717781]  ? __pfx_vfs_write+0x10/0x10
[  847.717812]  ? __fget_files+0x203/0x3b0
[  847.717842]  ? lock_release+0xc8/0x290
[  847.717868]  ? __fget_files+0x20d/0x3b0
[  847.717910]  ksys_write+0x121/0x240
[  847.717941]  ? __pfx_ksys_write+0x10/0x10
[  847.717986]  do_syscall_64+0xbf/0x360
[  847.718010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.718033] RIP: 0033:0x7fbb63381b19
[  847.718051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  847.718073] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  847.718095] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  847.718110] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  847.718125] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  847.718138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  847.718152] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  847.718184]  </TASK>
13:50:02 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xa}, 0x7000, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x9, &(0x7f0000000080)=[{0x9c2f, 0x7, 0xe0, 0x1}, {0x7, 0xf8, 0x0, 0x7fffffff}, {0x8001, 0x5, 0x81, 0xfffffc94}, {0x0, 0x4, 0xe7, 0x5}, {0x7, 0xf5, 0x4, 0x7}, {0x2, 0x7c, 0x7, 0x20}, {0x7, 0x3f, 0x1f, 0x7}, {0x8, 0x4, 0x1, 0x2}, {0x9, 0xfb, 0x1f, 0x1}]})
kcmp(0x0, 0x0, 0x0, r1, r0)
pipe2(&(0x7f0000000180), 0x4800)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:50:02 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5421, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:02 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}, "", ['\x00']}, 0x120)

13:50:02 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0)
sendmsg(r1, &(0x7f0000000200)={&(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'sha512-arm\x00'}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000140)="b788a369e255631e4acaaaeedf81e443df5b1bb4d2a8a5f7ff1970eaa10d85b18d41785f9cd1a4cb8954b0f03f25b29025fab17e926a78104a85e78d53b5f321d854d5fa86aefcdaa0eae7052600d2face0f5e7441da104b7d86eb6de25460b0dc243ecaec34d1f1da52ce4445d058a883019aa642f28e3d512158ffc54c84130d0771a7e427d41c3dde6bf0eb6ff16d00f9bd919b70cadd452b0ee5c83ec5", 0x9f}], 0x1, &(0x7f0000000280)=[{0x90, 0x10a, 0x6, "14f1cb4396dbfe0dce396e084f6608f0e24e7a5c0605d7dbec5da585de91a3fdb1fc5288d532ac81297a4f1fb7c217ae2490064851b1bfe7548aebbc27491c83bbb8401d96ecb9b20aa18cb6ca38e73841ce852ff3c8350d14f9a3f89ba8f6c4b1df8c57c392e28e70bf797ba9c624815532ec8d9a1a564258143e98"}, {0x98, 0x10f, 0x7, "b3a6ab5fec5a0965e314e2a7f4b9056838ba8f5f79a945dcc21b011013a2b2b64957a9e42d2aedcf6cc327eb096be2c03cda848d97f9b7aaeacdb383239fcb3c0e35a80406b0e6a15bf9fef44b30846f855e10e0d7f57594b8f5c55b81b52faeebaacd59b1a14eaa63dd3e0cb348a5f411cbb7965c7ddf14bc1ef50247832aba71e5b8d578"}, {0xb0, 0x0, 0x0, "1ec750d5e7e9e6f47cf629e496a045b845fc03a996bd49f9304d063f70b275b640c0de882c86471f7ef2fd895a87736ced4d7c825346211d27514450d58461e3aadb7b0d71930f378bb573ac96211dff0aa4f4de0e86b9f32a75aab86278dd189c75c6c0acb0e5390b4427ea05bfdbaf9b2cbc5476d6255d82566ac30477cc1d3553649038e6ca64c2d56708416b04f5978d68f3b1ce2cb5141261d289b47c"}, {0xc0, 0x111, 0x7fff, "a28306be3d8b6533da9dfd829bc5309b5bf5fb833c9de1d9befcb5f6ef0c54ec1ff8a5cac3eee895a896c864482b88dace19307b3cddabc64bb740b6c84f7d5dab4e6a278a7f055d493e82ca6034746cfb194111705f8c63c00ba3bc1dec279456f6b966e592ad05a1f740e9ac40000937eb074729df1919418702ae346921bb06392e4310270b9d24b33b6b0f5d4489e4ce26e3187957574a8a321cd2e2a365361b181a3ce1b7a9b47c79e3753f7c"}, {0x68, 0x111, 0x6, "8394654b972826a70aea4e10c41d9e4010cc68a750ba68b8f14d108c6f8381474032fe6e7a05122304220db8d6e75d061deeb1024cfa17358e705ecd2ba5a26197aa6ad5acd8c4405ee1770f67968a271b"}], 0x300}, 0x8008)

13:50:12 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5421, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbfffffff}, "", ['\x00']}, 0x120)

13:50:12 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:50:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 48)

13:50:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r0, &(0x7f0000000280)="5a3108ef448c38ab57be5bd220379313b1ab33fca978f4213f0d410b4689eae1bbe332853555aa78e22e863412a449b5b94de7c65a89eae03839754a0127f01fb90c4e7e943467c6bb8a5e79e52588a2273ed66af0bde578edb67e6536c565b8a136f6158ae672f2285058984760c7b982d43822f3c33381311a7fcc7c398b2b52509d895e102cc2624febbfb49884f6beb83804318d919e636d5f6c69602e616bab6d1fda8f270fcd8e95989e6897597fa18fd0a3a6cbc758ebe79a4d43c34064bafddaeb06d58d614f25c0bf56e7a76505b79452f5cf992c253cb7bfa7ad56ac6f69711f83b0e8509d944b579026b83cf913842d5737d70029442756da0fa16abf3c055022341e3e9489613848eb925577665c54d4c41f75bc8031392978fe17a743c0649c29c34ef521546c19129e5d40eb4cedd7ca3a94ec9c3ae4b5274f73f7d94dfa3427e863d3fea6e65d1ceba2f5a92f5752311cbcaa96b265041d2e6ceb2dbeff9853addd36e1063f04df9634dd14a1dcd59eb3a9f0a0d5f5f2ae32e00c543e803c01b54c914ef3387853cd3dc2af29ec1f1bd07f803b12540b8f3e5ca34be509d284d18810ae5f76a14c35a8958b87391c1629bd02f7b754a4a1c59d8fc89a6ec75a063267492b233212e9237c335531359007aa3431c925f57200c2a1e76f3d0772487ca265b84f81cea17fcf464f027107454d9c35bc72fe9b11074cbd31226e680340a779fe900ecb5cb1f72fc0869862661cad0e8f735c4c0da00e4e4eba5af2b3d077087b486fb8e85de4d2e862c633d32d23a2fa18ac78f4156ca882d715f3ba73771a8d44c64437f14b8ba60c424d5eef6da1838c01e6761dabe5eebc90fe88da187db7e9f917cfd99fe7d636f4ba93bb1e41288f29e59b7966634af7864d81e12f25b2793ea76880c8d3aec86a1c39efc1dc501b28970cd98b41445e54e5d75bddf92137ddadb67d320e3ba3ef4b71870675e425db59ed6c9eaa156eab0e3f7a169a3e171b5e239ad6b2bb5da1488b20b233c564ae5e643ac10692665ef8f35795f4e662aaeb30b9fba518fccfa5d6b6dc0ecf187de2394cecef21de2a81d5d3e235d32509581ab2961d60d7ed35c0ef2742c741534f3017afd11ac65b25c4b6426dcee55b03b21358a2a04489f41fd90c2fc722f6c66458c656f26c13ae8471c26ef98b3f65b5ed28f0d5d90eecf3e3b79f71675368aff72e51dcc840618bf279cfdacc77943bee84083ac281af73445b49b7e061f82f761c604c7360b80888dd72ad42a2c842dc65b25022c1c1e26d7e6a0a68a08e1b5f5916cde3ef53800cee67c2ad37143a0283bb98978f70a182f1905f25550b1aa1aaf00ed4f69d28a7690db5e805728dcb804086eb0c5fb7301aeb9031c64e3f30ee1432f75e57941d6fa56c3eb87b9b27eaebf3b1812e777392a748f2f1e847d404e1aeeb80a02de6643c847064b38bcfd873283df4533fd7cb998978c6cff5aa7a308b2831f46828385265f9543d72ad4a0502505663d0f8e80c93c3575cc653fac7e0a7b7d271c13fc57f48f09745339f1559647359fb20a77fe1f727516d02aa5a124442122c9b5cb52f8033b01aa626eed8742ba77e38000942361985344a3cd2c295b5347feb4dd69226984a56144805c312a634e62c2bd88b5aba96ddaf84e78965157b345a880bafd0acd87f67ebff2210304d43eeae72f4c493ae31e5e871772995184bbaffa879583d24e4ba898127038f8a5846e8929ddecea1ecf32ecb380d388d40e755cd65cfd92ece08039cdc9d14984756f9bfc195d5c55527682e4947965989546cb3df25a0a76579e240849e36f228345c496260ca521f2a7aeee1d44b34ce56720ab1a4d7e969cb5c368e2d71bd141a5cfeb71457b87733b3dd6b61484abb65eccf6e3daf8815c2f913c4b04d8d884dcf0fdefc2b2ae33123c0f484e5492cdd567ba4ea504103031f0b31007a020154dd23f682cf64c8c97840b4339aef5dc0a6ceee9d3acb998ceddd174c8ad40e8c1a14f988ecfda21c6b3a71d7c02ba5a89b2463cac07084069f59c09852085eebf9f97303385ccfadb8c8c86371bc3fbcbd883e6c58cf9db6ed2334f8d8085da703b689db516d9a011ad5f488bb971235b896d43fa6117d51a67fedf9ce1bfabf516035065df48e271ed080ccf094a535bebc6cf9a90fc8d9e201c5d9b838db7be5cbd93430ba48106af0157b3b5e999241113267d2571ea06b00d9ee330364e841033b77f2161957e08e2ded8405da83c0c83c6f8ff3df611ea68eed8fbfbd4d0d35c15f26f65c1aa3a8fe44507b73ed8a548042b0b7f9bca54bfee9d82521f777dff36aba45eb7e34ab3463f4e22a3aa6421d4ac0411113cf7b910b976ae846cc399246fa001f9454ce84ce1efc954e52995de91f32314132c59ee430bc4b4d287c1c8a1b2d722e60b29e02aa7fa3bba02879a7b45202f59b903cf40aeff440c6ffbf58f28d19d989b0b8e92d58f4aa7d95dd2225a781e306dee89abca1c43e0d43f08ed684c001382fe50275027583cb0030e1dedd5c7a2641e0b01a348353a7b28000a7dbf5b04b5a2a5af203f3da245f2416591575d29192f3a40593a58124def00008bf4b4d6ba30e127b74eabab5a7d215a6c11f1df4bc2c4285cc5cd343815d1234e51a478f68ee254619142901ed5a61078c703e5b2746353679afd037ecb44a95d0e274aa861f4a1da67b93012984ca54231148b4c2d8a52109fd86385d5674033875c4f03adcd95552d0d5153b7641cf10c318a7187ed15ca749655d30968914036454022649842e5c9aa1c8cc676ccc1f30923a92b31805acd381de97ab490b7c1c7b3650c4d7e368b09b0fb49df9238b1a07b6a0fd42bd3be50fbf761eca1fc8c4ed1e77b5a9c6624a5f62710eb0ff5b8b605bf9c8370ad3ed6f7c3f04693eae8b1442efa4526c5af140dce61ed9cf4491e3d4805203634faaf691ae3a7684f4168fa7851aaf3c18c95d18f81e97118510f2cc599ddd2d76333c1aebae300a34e83eee74881cd72a011a8fb07a0722fcbffd485442a65e2195faf5da218a1c509cdb2f70a28194d00cf0e1695387a2b3714d748375534d828fbd963da177e16e7bf1d7e2af5dabfb8dbd4f75cde667e299946b7f286c9912a0de0ad69a9c382b2a66c0a65dcf4cd095d4b9de7346400ebf099f000f21a94f541281bb3721b2b89d643d6ff6a8fb30e77ac3fbe26b8b1d8fecf6c75b5c42cbaf7cd4a1fb98fa42206ed53b6f1b3e538937a81c603dfc5109f6b2bc5ce66511af72dc7efc2ade7189eb13f9fc73b7ae8f8e97f6e7b8bc40a327a47fe3af41619ab7409b3e1166e91e1a948c697f5c57fa288c6ed0601e06d71d6e8f20d7500056d7a10887f51bd1874921b25b12dfa3f9ff3d4bcd8d0d66af0f7fcf24a3515a7ea9cd10b022e317ad0a5773af34a951fcb9591af17b9f91222e6d2314a815395230cfd1695c46ee00ddf18396f0c7383c456469524738018b6fae0324342907cfd03fad8702cc822a29fd59a46e85ae3ca1cb6438a229a86a868d06dc9449fca0ccc06e29081722826a90bf4a2cc724e2553b05868c45c3005127151417b1f8b71fd81a70e5a300e27f26d2a1b0af13a1c4b84ae3cba8bd5ac787530dcbc388b8e7683fa5744160a50c1dfc418a43ffb3773f44eac94a0e03c47ec612021f8b2f6d254340f234d9bcd9776956c718f1fcaa6cde95629c80f1d5bb91cf27bb4166b99fab38f029e2f3f5942439e6399b60b848b0b98650a631e242eaea66e6cd13763f41b50b3b987af1fe242191fd429a5a90ece9806675fb818aaa76128454488e679490756fb621c9b388d250c0de966a29ed687ae157e0cd368e60c467fb74573013995d7c203f7ae43720fb5f2b225f81b9b4a9fe8b80737e3fff03901aa8327cedef54f2c5849af63087706455ed813513f6ccbc8870f7ed051298af57e17993dc7d68fbc1b5d833d673c0133fb60695a501d8c83d954dff4f3e3ac34ff1ab9b53e71bf7d3231a6ee4225a9b595c72c6db86e682016a450c2c1dead99711353377669d81e7734133756f0e320605f36907aecb10c3c5b2a1d2c59993c76ed04c68768fa4bcefc6102bad0e7b45790fd6ffe9344133d9a6b2f10a9ef8e80e3c3745da97f8da9245dc3f5da114755caa6d26f9724cdec01f70e2d462f398f9dbf6cefd4f6a858f8f0ef42ad26a7e7dd5fc38f4ae7b46d38f59d45f235116b53873b0e2844c69a0027f91a0406761fab1a3fda0a7c32b2fbf4909da7155ddd5ef6f31dc97c1ac95d7e62d73a9558dd4014c6e688ee514f3f2bd0bd89ca9b685bc539f6f3dbabc65617a84f6dad0eb9c46e3e523b569863164db580b9cc7e310f5b31ca8cd5af36792a7a4bec4e9fff1bd10d3f510c46259b1214a786b563c251ce1efe39d09056bfa045759e50fbced4d3bba04ab6082389a57488c2107e926de0edaed52cbf243ec84428374ac348c261b2f331e4dff84761a1df67096342de14e7c732a95e73ff7a2f37c4d9eac604e80220e24a6fc9e110bee417d2c44e381eead192d4b08b83788c7a9ed54f04265b98b3199d05b5a4b21dd1ce514d0381c8035291e916f3b68b392ba99beb1cffee82c37322b7e4be3ec69f7870e7bd839f25808db3f3e1c2ee36a9bd7b3f03865db59b2430cbd2e20825d40f8fe9d1b3b95dce3d74506dea77a8f5c997b3f21afa9bc1951949b8a9befda485ed54543cc597c42a0d5a900159bfb536bc8ea4291af68c6a758da66e5d1a7a74fde91316daaff28e7d648fc50e2a9baddc143bd5b30d7bb9f2679fc590017ef083cf1368029b823ff6d165a6c71ca08a060bdefbc830fb2b5906140423bc27d46c49de02879034b2af1701af35a3c7792caf3a6f3bcd562f62bff2c4b24c0de56e4b0e193c6e6bf900c1a3dd2867bfc738332384c899d7829f111ba590a4e603db5c2c18ecd2f1ad556bf226a76ceeb972b8de00e1b696a6a516b15ee5abe31b381cdee0644c3c42f0cbec327234a0b0cfc6a254560ebca54ba005d8d10b8cd8e6fadcb2e34d8a91dc89c4d3c14ac2faa767b7318748a8b5f1d1996377bdab3adaf307794608c4065ba359d092d901bb0bfd0f7e6cafa2306cb05684a1f756ca9489ddab2c38bff8853eeb24d134551fddcb3937edc128e0dfbca3aba5cbb45649446ff11faa015755c8bda76ddf7f1c0f4d93819654d6d8d859f7a35c47d67d08370b3a3d82bdc0da8f7f3e7e6fa876646b55af0fc6f130f8c4a223b3ed3a8cdcfef1087e2a0726bfb97fa31a37da5ee13d2fd1c4dca92201345b5941a139c035daa10462776ef441b34fd3f9c8ec30c7141e9ddbe014d67d5db363c886d3f82cb586f2e8a8f93ff519062b8e1d60bd060e11b6f2853e86b2babcfcf1664c73851dfec14f37919165c7337e654baa5217fb21285b96572797922e86e193092437aaf98f34d9da91cce598149ca3673725f7e2f60c197be6ce406198a732517292b9709e93fd2d56344e8334cb4ba4d209a8102b60b76ce0c45810e34aa533d4f9bf8ef295abfead314d972b54ab854c1a3b5f6a8cd14f2aa11e727ca512555c60638a69295a8ed433686b4153118e830bac602630b9fd335e80fddc48e8e4965f8782305ef2456ea57899b05e4f9b069118c4b415f9e4098e5f7f0fb489286e2df495227d570c900366db1275f23b4fcc14d669455d92c80a65b7739021ad487aa516a63e00a2b3fd8efcf9179ff000975714c2c04ed86bfff7edc8678c02df0814175e156e8e4f486687e", 0x1000, 0x8000, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:50:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x5460, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x354)

13:50:12 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x6, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
getgroups(0x1, &(0x7f0000000080)=[<r2=>0xffffffffffffffff])
getgroups(0x2, &(0x7f0000000240)=[r2, <r3=>r2])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r4=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f00000003c0)=<r5=>0x0, &(0x7f0000000400), &(0x7f0000000440))
getgroups(0x6, &(0x7f0000000480)=[r2, r2, r3, 0xee01, r4, r5])
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r6, 0x4c80, 0x0)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000200)=<r7=>0x0)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r8, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r8, 0x4c80, 0x0)
r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r9, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r9, 0x4c80, 0x0)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x6, &(0x7f0000000240)=[{0x401, 0x1, 0x9, 0x4a}, {0x2, 0xff, 0x1, 0x2}, {0x84bd, 0x2, 0x69, 0x7}, {0x4c, 0x3f, 0x7, 0xdb}, {0x3f, 0x5, 0x0, 0x3f}, {0xfffe, 0x1, 0x7, 0x19720fd2}]})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000180)=[{&(0x7f00000000c0)="d68e50173233490e427d725d2e2d59da6a83032eb4805dde8cfef1b96696a3a9ab3a56144d74775ce658a9300a7af90d5f2bfaa1429dde3f5e1612e4eb0c0fca276668c500b16947bfedbce2e65a81a869ee0621a34185a5942f82abc456a1ee9099af54bb", 0x65}], 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32, @ANYRES32=r4, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r6, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000ec27000000000000010000000003000000", @ANYRES32=r8, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r9, @ANYRES32=r10], 0xa0, 0x20000000}, 0x20000010)

13:50:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffbf}, "", ['\x00']}, 0x120)

13:50:12 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x541b, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  857.093260] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  857.093260]    program syz-executor.2 not setting count and/or reply_len properly
13:50:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x23)

[  857.110987] FAULT_INJECTION: forcing a failure.
[  857.110987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  857.112047] CPU: 1 UID: 0 PID: 7451 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  857.112077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  857.112086] Call Trace:
[  857.112092]  <TASK>
[  857.112098]  dump_stack_lvl+0xfa/0x120
[  857.112132]  should_fail_ex+0x4d7/0x5e0
[  857.112156]  _copy_from_iter+0x1dc/0x15b0
[  857.112178]  ? lock_release+0xc8/0x290
[  857.112191]  ? lock_is_held_type+0x9e/0x120
[  857.112214]  ? __pfx__copy_from_iter+0x10/0x10
[  857.112235]  ? find_held_lock+0x2b/0x80
[  857.112252]  ? __create_object+0x59/0x80
[  857.112267]  ? lock_release+0xc8/0x290
[  857.112280]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  857.112304]  copy_page_from_iter+0xe3/0x180
[  857.112326]  bio_copy_from_iter+0x108/0x270
[  857.112351]  blk_rq_map_user_iov+0xc07/0x1180
[  857.112373]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  857.112390]  ? __pfx___mutex_trylock_common+0x10/0x10
[  857.112408]  ? find_held_lock+0x2b/0x80
[  857.112424]  ? sg_common_write.constprop.0+0xc36/0x1710
[  857.112440]  ? lock_release+0xc8/0x290
[  857.112450]  ? import_ubuf+0x1be/0x220
[  857.112472]  blk_rq_map_user_io+0x1cf/0x200
[  857.112491]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  857.112510]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  857.112532]  ? irq_work_queue+0x9c/0x100
[  857.112547]  ? __asan_memset+0x24/0x50
[  857.112569]  sg_common_write.constprop.0+0xd75/0x1710
[  857.112589]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  857.112604]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  857.112622]  ? ___ratelimit+0x465/0xa10
[  857.112646]  sg_write.part.0+0x6a2/0xb50
[  857.112660]  ? __pfx_sg_write.part.0+0x10/0x10
[  857.112676]  ? __lock_acquire+0x694/0x1b70
[  857.112695]  ? lock_acquire+0x15e/0x2f0
[  857.112707]  ? get_pid_task+0x29/0x250
[  857.112727]  ? find_held_lock+0x2b/0x80
[  857.112744]  ? get_pid_task+0xfd/0x250
[  857.112763]  ? lock_release+0xc8/0x290
[  857.112777]  ? perf_trace_lock_acquire+0xc9/0x700
[  857.112790]  ? get_pid_task+0x107/0x250
[  857.112807]  ? avc_policy_seqno+0x9/0x20
[  857.112824]  ? selinux_file_permission+0x99/0x600
[  857.112842]  sg_write+0x86/0xe0
[  857.112855]  vfs_write+0x2b7/0x1150
[  857.112873]  ? __pfx_sg_write+0x10/0x10
[  857.112886]  ? lock_acquire+0x15e/0x2f0
[  857.112898]  ? __fget_files+0x34/0x3b0
[  857.112916]  ? __pfx_vfs_write+0x10/0x10
[  857.112933]  ? __fget_files+0x203/0x3b0
[  857.112950]  ? lock_release+0xc8/0x290
[  857.112965]  ? __fget_files+0x20d/0x3b0
[  857.112988]  ksys_write+0x121/0x240
[  857.113006]  ? __pfx_ksys_write+0x10/0x10
[  857.113030]  do_syscall_64+0xbf/0x360
[  857.113044]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.113057] RIP: 0033:0x7fbb63381b19
[  857.113067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  857.113078] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  857.113090] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  857.113098] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  857.113106] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  857.113114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  857.113121] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  857.113138]  </TASK>
13:50:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
sendto$inet(r1, &(0x7f0000000000)="9e49", 0x2, 0x4, 0x0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:50:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x40049409, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:12 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:50:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x29)

13:50:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 49)

13:50:12 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:50:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x40086602, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x480)

13:50:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[  857.383440] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  857.383440]    program syz-executor.2 not setting count and/or reply_len properly
[  857.400160] FAULT_INJECTION: forcing a failure.
[  857.400160] name failslab, interval 1, probability 0, space 0, times 0
[  857.401925] CPU: 0 UID: 0 PID: 7485 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  857.401957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  857.401971] Call Trace:
[  857.401979]  <TASK>
[  857.401988]  dump_stack_lvl+0xfa/0x120
[  857.402035]  should_fail_ex+0x4d7/0x5e0
[  857.402076]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  857.402106]  should_failslab+0xc2/0x120
[  857.402147]  __kmalloc_noprof+0xb4/0x4b0
[  857.402190]  blk_rq_map_user_iov+0x1fd/0x1180
[  857.402232]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  857.402267]  ? __pfx___mutex_trylock_common+0x10/0x10
[  857.402302]  ? find_held_lock+0x2b/0x80
[  857.402336]  ? sg_common_write.constprop.0+0xc36/0x1710
[  857.402371]  ? lock_release+0xc8/0x290
[  857.402394]  ? import_ubuf+0x1be/0x220
[  857.402436]  blk_rq_map_user_io+0x1cf/0x200
[  857.402470]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  857.402501]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  857.402545]  ? irq_work_queue+0x9c/0x100
[  857.402575]  ? __asan_memset+0x24/0x50
[  857.402616]  sg_common_write.constprop.0+0xd75/0x1710
[  857.402656]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  857.402685]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  857.402720]  ? ___ratelimit+0x465/0xa10
[  857.402766]  sg_write.part.0+0x6a2/0xb50
[  857.402796]  ? __pfx_sg_write.part.0+0x10/0x10
[  857.402827]  ? __lock_acquire+0x694/0x1b70
[  857.402859]  ? __pfx_perf_tp_event+0x10/0x10
[  857.402892]  ? lock_acquire+0x15e/0x2f0
[  857.402915]  ? get_pid_task+0x29/0x250
[  857.402957]  ? get_pid_task+0xfd/0x250
[  857.402995]  ? lock_release+0xc8/0x290
[  857.403023]  ? perf_trace_lock_acquire+0xc9/0x700
[  857.403047]  ? get_pid_task+0x107/0x250
[  857.403083]  ? avc_policy_seqno+0x9/0x20
[  857.403115]  ? selinux_file_permission+0x99/0x600
[  857.403148]  sg_write+0x86/0xe0
[  857.403175]  vfs_write+0x2b7/0x1150
[  857.403210]  ? __pfx_sg_write+0x10/0x10
[  857.403236]  ? lock_acquire+0x15e/0x2f0
[  857.403259]  ? __fget_files+0x34/0x3b0
[  857.403294]  ? __pfx_vfs_write+0x10/0x10
[  857.403329]  ? __fget_files+0x203/0x3b0
[  857.403363]  ? lock_release+0xc8/0x290
[  857.403392]  ? __fget_files+0x20d/0x3b0
[  857.403438]  ksys_write+0x121/0x240
[  857.403474]  ? __pfx_ksys_write+0x10/0x10
[  857.403522]  do_syscall_64+0xbf/0x360
[  857.403548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.403572] RIP: 0033:0x7fbb63381b19
[  857.403590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  857.403613] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  857.403636] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  857.403652] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  857.403667] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  857.403682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  857.403696] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  857.403731]  </TASK>
[  857.447145] hpet: Lost 2 RTC interrupts
13:50:21 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:50:21 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x98, 0x20000)
r3 = dup2(r1, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r6, 0x4c80, 0x0)
readahead(r6, 0x40, 0x5)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)
write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[@ANYRES64, @ANYRESDEC=r4, @ANYRES64=r2, @ANYRES32=r0, @ANYRESOCT, @ANYRESDEC], 0x120)

13:50:21 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r2)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
ioctl$RTC_AIE_OFF(r3, 0x7002)
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
sendmsg$TIPC_NL_KEY_FLUSH(r3, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="f4000032", @ANYRES16=0x0, @ANYBLOB="000227bd7000fddbdf2518000000440003800800030004000000080002000200000008000300090000000800020004000000080003000000000008000300020000000800030002000000080001007f6800005400038008000100010000000800030006000000080001004000000008000300000000000800010007000000080002000600000008000200010400000800030000000000080003001f00000008000300190c0000480007800c00030024080000000000000c00030003000000000000000c00030005000000000000000c000400000000000080ff070c00030006000000000000000800020081000000"], 0xf4}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x20, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x14, 0x19, {0x6, 0x8, 0x4}}}, ["", "", ""]}, 0x30}}, 0x40)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:50:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 50)

13:50:21 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x23)

13:50:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x500)

13:50:21 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f00000001c0)={'geneve0\x00', {0x2, 0x0, @multicast2}})
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0xfffe, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000200)={0x7, 'netdevsim0\x00', {0x66}, 0x7})
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f000000a200)={{r1}, 0x0, 0x8, @unused=[0x3, 0x9, 0x4, 0x7fffffff], @name="5c4113723fa8ee9af4e74940ff0f9a2ef3572eb7166579be4af94840eb2ab8221b09155de304a19b3009df4863835c27a59e0cbdbe3a633a3d612b3557d9f51b44d880758c9faa1dee6d2b582044a4fc3fa7e0d940a9e91b18e4e5977639096b8487bf300ad949d8abb57dd59a45673b02c717947d6de56ea13195cfec475a6b66634ea4afaf016958114e7c65c516e64b308c045f3e8f718b317fbd7d0d48bea3fa6e96a9ef52c54e7adc7f1355f1d0abc2c95c143bfc7b80f3939776f12aa7b70ff2882f8e617c64a5c98576efaef81173009abd59caf89292d0343d9690e3754d6a9b5373eabf1f9ba6526c7e1e3aee9cdf4e6032bdfb20560819aa1a12712cf0d97f93b6f3a389c260123a52f87c6d6d410befa25013c2b88e0352f4c7b5af3c0ae5c3da0d513049a58753a6653e0e9f6cf98a1e497246f8ce853c6816abf9c4d76f2c3a98620a2e9117367632fe523b8a82010ae71d12152652cc345f83c1abba22c67a467745e0403f383369eb7e9e9799a6f81948cb99abfa63c468b65766e3678ed70727acfa7d5c115fa60e44543bde59cca37a738c5f391ae7984555ef984b25e7b5a841e9b5b119f015933e1f9af2df5652776f02a493384d3e8ce67f16af99b2e12097c26b0f6f14e117411aaccadb2aa57a88ee2d55a1d2e481403eb7c5d487382acb9267132a18d308460d754c2a09092d56e9bba926a421714ac0de3a0fe5e228fb79207655b59439699de1a4a1ed4adde51dd7b246ef799260ddf7a1c486e6fa08442963330919a9fe532722d058b035f4c8fd4b504b298f79ef3e574f73c46d44326175786a2da32445f347017ae72e8f7db09c1416828f3f66adca2af0a4db055b552562676252dbf063d0873f3991708e202b69f15584f493fc7b9d48934951abe20e7ebfeb0e556324a2a1f2124489d830d536067aeae7c4cac77d03e991e89fe47f7ebfe4d8ec35c9d9f50e02cd8d27812ceb225c9a1bfd4fa4cb292efd2cecd73fd89f884053fe13941c7f2183522c915856c980477b8fbf5b7adc94fd8cd66b931bb8b930b1cd43170364f8c45b4b4fe42072d77602b4a41e3b7dce58a83269cffe1875cd33131cf3760b61621b8e109668805d4c485b251033036aae83aea34ea1f4e78b066177b5fa8e7e788cd87966f9c4ec8ef668ee7a95ba17d0d09b1b69ca6f86172b583e9e890c6fe5c44d4c0b908adc5a93fdc486fdf51e70f1ef8feaee0c92effc81719d6c7a036794935ea81a2a1c118ee5d626ab959169da161574d2cf306424608c8699e7bbda4220301e76946ae5d22cd351dd39541c731aef674b6804cd257147cbd16421fba60ff2b1b3dd42a684a6588f543b8648adcd66ba5f550dda39b397f69de571fa97d7e73a034155e0a73666a26b24a7ce7dd089a3b7fcd8c49cb66d18271e57088aeb10867bb4fd0f204a1968feb90c3aad10fd68d4360615969da783758df53e5a4dc6a11d3ca45b4c4ac3b6a6572bf924869e80ab4a989e66f526013bd87df29db0044421867628cabe274c3c32b84a0bf4eca37fcdcd339c6bb419849fe76eba8c45410dece0d0d80a924d846c346a5ee4c4a1c024c445f775a2667447d2038ec9a2d5d9689ff3cdf322362352740cabbdf692b133d41a65b608a67e5cca8631d76265bffb5ea95462b7dbf95e55000ca395a989a4388f2bc573d4cbc468e49923b6047dcdf84433d33c71bc76402656fc34551815301e96e777e0ce8dccf6d6cef9d0acb5d9016e352e353f312ec3a579e665f9ef4fab43cbd907947e6930a7aea5bfa931e7bf89667deb1c11b03fa86e6a8e455f8cea45e9230e77018699612f3de88b31d02213e64172ada38a212b318c9e41a67df75960dee036c8da7e25b6def5492b91132e2550a1ddcfd609c908441ffddab727f50dd52ab034f614965bd80d165644cfe8408af09753f78fa1245b435982b913e4f4fe0958e6cf50f96f7b2d221e700da11d85d569def555b2311743cac1f4a55444a81dc5a2cb01e52524f0579ec2ca8354309e60952c9b214d402dd545138a02920141e86943194d58af253366fecb8cf04c71c9ea345ad4280da5110fbdf4c5a570a8ebbfddd4b9b5a44f7f3427bf046d0d237560f6a70deb43cb9fdd1afe62fabbc71dfa0b71e3d6985cfa64d522d7161db641e99adc4b9715f128aeff0d31d0324f4f3d0c574e9b201e6c880510919d78784afd493467c7ea9c3e980b09d5abdddf571f9d21f9136c8fdf9786242ebf024a04dd97574eaf5996f222ef2dc99b3e78c035d760f4d98ebfd3faead7710e76d3e3bc6ea42493c3ad431c6cda6c8fc4ff7d8c9252dc67c57880fede065ea7aaa46084dff3d697ef2677babcd702c71ec1aee7d19205b77638c940e9be647b90e44f7eedd6f5d2c8a3bd24d15e36376db53d4804e727668e4e19b516eb9595df85ad1dd3a2fd12fa7049f8acf6402f57c0b99ceec32376fee70db0028ae7e8db94fb60cc8992b0485682544f8d750c138b7f3fe6287e705102c7fe876e601ad6b52572fa1715797f210032f400e84bebe87aaacd33ff029b92bf20f332e16d41eec68f63635383f038349ca69cf8087d470517f4200361979652179a793f03e01c1086e2439ae079667f2f42caef08c796c86d0e3e06f46e03c7dae1789447875a89707480cf5f68d31e60e42fc0951deed56a56cfd4627c4fde143e80c0ae0171a308aebd846805061ffdf538663c88e06d3a0305aab58d395109ceeafc5369fc9084f09a9b49d773138067dfcb39a6411946928332cddfdefa01f4b99ec127050835d8a50b83aae8d1d3c9fae0939e386b7c6dcd11783f1c8eba054d14c604c19faff1a1f43ab9c8a8015657cf9005a037c661b1aeb6a19ff4451fd2e1a6aa7421acdb0775bf9d2648db888900615bbf1e688b486fc59eb288fffe80f034bdb5d3af04a15c0da7aca27c14b9d752162daea3641c18f8d2706d5b5caa09052cf2a7fcbe020b462d37746c16fd74fbcafd171bf8c619333c74cb54511ae00cbe0980624959d51be597b2c7e71348c697d79796c7c31bef7ed45c247175cd390e68eb1e9fbe97beffbae7ea1e142b9e8d59904129a8d1f0f8e59da52124f768868cbe049251b4044b7f5b413798863acc293168e5e5742909ab6dfd58d9ed420c8afd87ebb717f57b23fb66dc614863c1a5919a87b50cd1fc2ae6afd927a28b38febc4a704465019eb7d74a9108153387b3a87042f7586b72830891c0bad26075551f249d5784765a5ec4c6a3550a4f5be8bc2693026e040db6db5ec71d1fe0e708dcf20b885a6935e8ab34f53faf48f57651c17228175bf4b55da507fca1b3e6118d7a2df6cd614f55c4bde9d1b61d91ab328d253c725d49f436fbdb77174bb1f07011330e3f98553da6bf543965ccf538b44e96495c71aea4b7a5f9c9818ab55d67faf91b470c28b27102c0697e4a80147fe03ea31f2f5551d282645e170cba9ee07384c4884b567714e06f112cbfff4efacc429846220713593db9cbe00d945599a6e9b445ddfd270b522c186f0b30e1f55457c019934459383ae79d0f4ad464ad3f580b1e12d81b27dce73f632a6ca539bf4f1afaf23bf0c0a6348e5b7f2f1838990bdd412fde860470708cf379a18e9cb1a8cf2563555460b97f42173154641d95cb9f8518ecde8aa458a7b1bd18528549bf1c019a86c4a3b0820905b409942543636762d1239cb7b3fcd78da6541ed8ef2cdbad6e01439ae38fca786191b3580d959afb0f8391d0be85dbd8720ad059fb59a2d3de4bdd3da53f456d2382c9e8b8eff356041e5021cc5ed01b97b76301cb1712141a7c950ecdadca6faa3d28103de24ae94c66cabee87fd859e20ad1bad9399ef8c5bf21cb65fa501eebc980b1442618b42bbabada4151029277e42ceb616a04a4c3b1594c7dc8fa517d731c009412ef7f184e2c44574e123b9da465a6d7e72afb16f775c04901dfa8e9b72aa9cc11041f46729731f73ebbc927a861811d7e80064adb4c835c4a5ece00039f168768bfc5a08650bb3c1ac8a5d8d7e5ffa44ad8708143d28e63ccfb32e9bcd59df58e251e9f515d0f35b8983c8d68b205673abbd2d5552c2e776ecf3702fc73427646b05207cdc5093e399a19d4494ed9ec10049e09c65fef97dca4bbc07be6c26484b40c09c7f61232e4ef8d6299d48b5ae1074e4bba7bf629c8008402a945de2ec2e473636f4152f79f64e8005670b6367a55a732419cc5995f96240ad27ae3ede779364d0266e0209e601c14247dce478d838962d0715fd40ad28c47d54c26e57cb110cc75235c0de64645d291f2fc3f37321ed56a21afa8b5661ef53c84d82a9c7075528e0b562f5b2e9fa838b1f7ec655827275accd4ebc31ec85e7d42086ad2c35d0472e69fb075ba6afee2f8f46d4881530afabe8ba2da2a127a3d842558b068eb489c6bae76a32f259f8ef695ed1088175a90120444c414176ca6a04b10457bebb05b599d9e046248d9909824ea466b14a75b2e7f898051cc6e3967e4a58b951d8be85104473f8d62d41200308281854e92cd6aa7943ceaa496f7bf17eec243d972e7712ff20055a7d82082340a0a6f5374a70a25e2c118c67ab3af7e4cd076652bc4125b4b7438092eda2c763d8fba57822a400b20650c839fde0c36bd3ae487a8b3f23dbea5256a44aad6173df791cb8d6283f00ad755f182faa230df8a217f859f28092e810f4828c7f65e12c8943534745a70507f7a196828e9f51e041983e1e1340d26ed5595ad8a69a3726f76870f5dbe6367aac637dd1ae28d075cc79aa1373e16d9b515c8b7dfe35b0d82ab7fe2be5db5af554c19dcc937c2a6f12fce8af1c10a42ff8e3bbfce27bdca914cc6c6fddfb6e8fdd2624c79a6208caa0c0c9af8176a99512629a354380b2e7efb17605d77b4d04272761fa9b0f6bea7a025a0f0dd9f5f2d78770c48fc2752aa94192e9e15e99ec13857a34b62f97bbb5c76203ab1485f7cdbec0fc98d9b8e506f802c8ab3a938ef30f884149d90faf19bc31e783c72f010f36f1d73696717c5882f4123a91b06be292714898805da216bf43bceb47a906ec05648f3b0d8ab343254c12265c169c5a51a1ba2aae3458bffe1389b557b0fb09c8e3de5f63083a18e7b5452410918f87a9c6bf9b14e20247f43fc32bacb4aaeef98c9d01622c5397b9c04c2e6e7cb3fd30b043cb80ef77df8fe0dee148c10def4f4518ec12327fe18572856c6accd60c8ecb902d6928f8eef5038ad9c8f2ba267d044456d14680dfd17065984b944c364a066277991bc976944b3cb0ced58ff681105153e9d0747bffab5b2f421647344e51dad940c6ccd954575873cb4ed000a12e83c6f4d40e7cf04d24eb93ac8b0484a2576ad3226246dfa687d8ffbe9c652040b8545201180402e91891fd1aedab58a66dc8b58295b9efa17b3539b1b5c65014797be93104975df9c45f4973ca8343a0af772fca9219a5d18d37db036a2ced3f44719e772ffe3810b78a675e11b343c6c4a1bb46b6829362f469000ae3e63be474211ee46b1f00da58023c4a3a09f72936c00f6ade7b9003b2ccc1468da88fcd2fa9acad68bb22d72685e650c8af75d1d3a84df284082f9385d64ec9a23f6757722a548010615feaef711033af1da45ea27d375712fa89f4e446f5d6e5a8c1c7f4a83871467164b021081bc43a41945db3cd7e58f3616"})
recvmmsg(r0, &(0x7f0000009e80)=[{{&(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000001680), 0x0, &(0x7f0000001700)=""/4096, 0x1000}}, {{&(0x7f0000002700)=@xdp, 0x80, &(0x7f0000002b00), 0x0, &(0x7f0000002b80)=""/41, 0x29}, 0x8}, {{0x0, 0x0, &(0x7f0000002d00)=[{&(0x7f0000002bc0)=""/51, 0x33}, {&(0x7f00000000c0)=""/214, 0xd6}], 0x2, &(0x7f0000002d40)=""/4096, 0x1000}, 0x100}, {{&(0x7f0000003d40)=@qipcrtr, 0x80, &(0x7f0000003ec0)=[{&(0x7f0000003dc0)=""/213, 0xd5}], 0x1, &(0x7f0000003f00)=""/4096, 0x1000}, 0x9}, {{&(0x7f0000004f00)=@can, 0x80, &(0x7f0000005540)=[{&(0x7f0000004f80)=""/178, 0xb2}, {&(0x7f0000005040)=""/51, 0x33}, {&(0x7f0000005080)=""/245, 0xf5}, {&(0x7f0000005180)=""/109, 0x6d}, {&(0x7f0000005200)=""/11, 0xb}, {&(0x7f0000005240)=""/170, 0xaa}, {&(0x7f0000005300)=""/35, 0x23}, {&(0x7f0000005340)=""/244, 0xf4}, {&(0x7f0000005440)=""/206, 0xce}], 0x9, &(0x7f0000005600)=""/226, 0xe2}, 0x1000}, {{&(0x7f0000005700)=@can, 0x80, &(0x7f0000006cc0)=[{&(0x7f0000005780)=""/251, 0xfb}, {&(0x7f0000005880)=""/33, 0x21}, {&(0x7f00000058c0)=""/214, 0xd6}, {&(0x7f00000059c0)=""/226, 0xe2}, {&(0x7f0000005ac0)=""/4096, 0x1000}, {&(0x7f0000006ac0)=""/46, 0x2e}, {&(0x7f0000006b00)=""/136, 0x88}, {&(0x7f0000006bc0)=""/248, 0xf8}], 0x8}, 0x1ff}, {{&(0x7f0000006d40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f00000070c0)=[{&(0x7f0000006dc0)=""/211, 0xd3}, {&(0x7f000000a100)=""/232, 0xe8}, {&(0x7f0000006fc0)=""/215, 0xd7}], 0x3, &(0x7f0000007100)=""/117, 0x75}, 0x2}, {{&(0x7f0000007180)=@alg, 0x80, &(0x7f0000007540)=[{&(0x7f0000000240)=""/46, 0x2e}, {&(0x7f0000007240)=""/208, 0xd0}, {&(0x7f0000007340)=""/212, 0xd4}, {&(0x7f0000007440)=""/242, 0xf2}], 0x4}, 0x48d}, {{&(0x7f0000007580)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000009bc0)=[{&(0x7f0000007600)=""/4096, 0x1000}, {&(0x7f0000008600)=""/217, 0xd9}, {&(0x7f0000008700)=""/209, 0xd1}, {&(0x7f0000008800)=""/223, 0xdf}, {&(0x7f0000008900)=""/158, 0x9e}, {&(0x7f00000089c0)=""/150, 0x96}, {&(0x7f0000008a80)=""/4096, 0x1000}, {&(0x7f0000009a80)=""/251, 0xfb}, {&(0x7f0000009b80)=""/46, 0x2e}], 0x9}, 0xfffffffe}, {{&(0x7f0000009c80)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, &(0x7f0000009dc0)=[{&(0x7f0000009d00)=""/183, 0xb7}], 0x1, &(0x7f0000009e00)=""/122, 0x7a}, 0x6}], 0xa, 0x10000, 0x0)

13:50:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x40087602, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  866.727290] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  866.727290]    program syz-executor.2 not setting count and/or reply_len properly
13:50:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x600)

13:50:21 executing program 1:
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="1cf40020", @ANYRES16=0x0, @ANYBLOB="02002bbd7000fddbdf25300000000500350001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8040)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
writev(r1, &(0x7f0000000240)=[{&(0x7f0000000040)="bee03ae9e7d28f062db9201b1648bc3df5400e07cbe5eb02ca02aad39ebb7ab3c855a3d37ff041e5c552bb59f3ed440f76f1eafc7addb6649ca97f5ae8338f443e60a745a5dde644c0c50635c6e3fadbc68535c33909134e76684bbb2dccee5c4cf32679900f0c83cf540a5cdc2801493a4395dfbcea2b2e38f425efe8161dbcb0ec5618178edde77ca86c0f1fba8ff9604327c4f92fac6f86ff7355b572adee30b1cecb96a788d5df50f91285f0f31bff833ccd706932592ac4ed0264e2636e64802b840678bb5bcc06edfa31fd", 0xce}, {&(0x7f0000000180)="582bcbf8b99208", 0x7}, {&(0x7f00000001c0)="f82a46c2c1bca31e528b5b54fbce7494644eeab8ce69b62d2d1118d80710d9eebf809647252946c50c9bccc06ccc0fc1c13a68ee3e2129c26df357f3956f5994676369f0b8c5f9645a4658831a6a5be2", 0x50}], 0x3)
r2 = pidfd_getfd(r0, r1, 0x0)
r3 = getpid()
pidfd_open(r3, 0x0)
perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0xa6, 0x9, 0x20, 0x1f, 0x0, 0x5, 0x80103, 0x9, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000002c0), 0xa}, 0x1810, 0x1, 0x208, 0x0, 0x80000001, 0x81, 0x9f, 0x0, 0x7f, 0x0, 0x6}, r3, 0x10, 0xffffffffffffffff, 0x0)
open_tree(r2, &(0x7f0000000280)='./file0/file0\x00', 0x80100)

13:50:21 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
fcntl$setstatus(r1, 0x4, 0x2800)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
fcntl$notify(r0, 0x402, 0x2)
r3 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2, 0x4, &(0x7f00000003c0)=[{&(0x7f00000000c0)="f20db87a3e", 0x5, 0x9}, {&(0x7f0000000540)="65109841b699b736ef5b44971e662d8da2682a987c412229e7512400c98a0ffd08a43e04d8e40ed70926a76dc82c724484d29e132546fef420d60cda953f67b79bc8d2f2a26b61c1e50acfc624b39045f1cd3748bd762bbaffc5fa898f5ce2c52844024e9df03232cee073449e8f4ffe1e0f4bf40fd2c4e55cfb82978facbb1764a612eb779240258b82078b347fcdff1b8849521b06ac8b9f2cdc2ed1b5114083d408b6152b19b767ce879eea92ead2332cf8468002bbf1ab9aa4cf24cf042c94a80a1ac2088e4abfb63a0474f94f12c66756ac358459d071efced67730abe04e92bd66061f94c5c744712a2077f5c862a88c985959864dc1c2b1f24f0eaea983ed12ca51eec8524d3f85debbc37053997df80c3cf32c7f10bcc0ceb34bfea5671bcdaa75000460809eeef1321429d5ee0f454ac1d4b53d8865e0653f35855e5e9e5cf72061ded88a1b24cd16221d6a5f0db9ea67f3db192608d34bcf235c5702955da37a6e29d55bb1fe6226c4784c0593ee17f1400d67e2e0d7046bb908f29b5fc90abbce59738972356e182afc7bade80eca965fc7a93eba04945fca3440b8ecdc832c9985de7ae9c584b4d3974c36a840d506d371aeca2dc670ec94f1c1b397d9130f9869b8147690143b739b1de1b853519bfa405e29362accd644efaa17f52d270cade8d6e174694c5d4442aa25f5cc3c160da9f0c41e27f088378c838097e1dab162368c22a2e11a241f00106e93b5e65e1b0604ca157d86c93f3d2eabbfe284750909f5c649429780101722c48eccd26d8dc4701ffa02ec7649d9b3c0012d8322dcd607b0cfd38b3f0ed7f242eea34f05d9dc1dbc7156b37cc451837bf74e6f831e29ca756b9ff1b1fcb1ffbf2c2dd9e59d98112780b1c7ec35c281f04397c7fbff17178d8a4e9f30ddfd8cc53a72ee51bac2794a964ccbad80e1974380dbb136f721acb40e802847ef0f260eef359af9585484a4757254e19698bf9038f6ddc539053f8f3d7164003c9310d0ff8be8e6d47ec5b4960d20c1f78affc4f4a3cbe3db1fcbe131c15e4ba4430b336148482db9388702bda23a016f85c57f2eabe2682fc411be4cbd12837309c0af79de61dc6c54e126c67205ea284c94b978ad77eeec66c5ba0419f17f18520395026b1709cfd97be5951fbac82cf166b481f4d3f101528bb4912422636b113b5c4c9987dca82a97c962c1239aedb85be054b9f53dcd2b295c414f1277ec18ea0074038b63b09e3986353a533cb0a2191a8dd6a3dae9fe19af1571e3dc160bb090368e589bb03ca07c6eef8ed4b63c5c2b2231935030924d956e6463edcaea41a5fc6a42a4111148b487594f4ca34711bb6b93b008232db036a2d8981959e29e537f4fe81dd3a0e8206642dd1d082e2e6f9a0a47b73f470837ea04264bbd7237e8d3bf392aaa855e86e6c5212880e4fcf70fe475e2b397b370c841570d99bcbb6ec003b2b5d9de8f3f85bdaaa77434bd57898deefa45256858b7daad7985462d4d0cc949722f4b8ffce5d0f0366ec36af9c22978c4f1a6baef4ee17dfe0bd6175b81be0ae09bf217aadc81ad5aefee92d33d264bea13354c3aab7de6429bfd26ee963a171144d2f63fdac81951b41ac3a9e2f879946da66582c9cdba6454d366a7e75f44319f5a1d13b101e72db5cacbb2bebab03571b7ed704ff92f9caca97e4acf72366c2c4d4fbeec22e0283e4d6638f36ced61cedc86b354780b4cfda3073ee945784da1345430e76ac5cedbdad3e1ea464ae835ea2e726e0672ba1b95f469e2895b017ab9919e84b5b1a62d55b6b8c384f5314b573a6c070e0d1138a7f2eb2ca9decd37383b29e31d22eda6584cf4649dc9ebbb196dcdb0e9bde63a8505bce37173c2780bdafe65d79ca504850a22f0d7ad2592fa2cc1be431c947a7af6cb420b5732fd79a9789289e3ec83d056450764263aa5acb16368ef042164b09e0bb29f03b83ef45b13acb1670f8f30b69f9c0d2904770a8cfa59cb4732a4b8b0c615fa02496de88bfaa28395e655ba88e89bba5046832b0fae38d364533ff126184c469659600981503273941c550889d203c5b0049855aa900efe99cd40294eda3c7ed09e000863bbeda7b5bcee16bd94158d20624cbae369a1cb46dcd98c6b0a7043e1fb25d6669c62fcda29f677c1169b76d98c94c74e0002e7a37c916efab32205290742930cc1c6575bb05849625e7edcb202fbe76edd017c377ccf44abcc444dbb9c8ca339d40f8d07c61469f4a0c62b29b20a8143c4038c225a183c6ddde12a0258aaf0801287df6c9c79767106b0b8ee0ac9b1ea71b9e9967ca83f3e1648b919001835eb36201297795621082798a09948dda64c12ee5a2aed55bd7dc369e580584f070672cb4902b6f50fb172ef8ebff4ef28d7dadc1f81a1bd6c1609a6a59beb389bd5ec30e62d5441d1c5643f9730aa8ead442ccd18b62f1a7bf71f0d1bd6f4d78e95845927504de704d231d3b6133d44658a2c88a70c098f54bea4f459bebfbd69cd946b89f8fca6a53e29c4207953b31246b696919987d274c29088d2e205d9e3863a22e30fe2caf8a7ee201066f7e4c847613ad1a3595460884ca4f72a53364f175648c74a1356a32696128f35f186ba15a8da8248235c08d2d729222da36c9b1fc779b43350afcff43062d65b4db0e45d882194f0a4436c619eaf8f86254304dbcd8edcd63dd5f534a3b311a5d41986029c20def8d1fe5bddeb990b621253b7a5b2ea8a002f7260df6e9b160b12537cc8c4b6e7dd7c30ecdbf47e47c0bd6d98a06a63c00c057113b11d6ecde04098e9ff3edc35079104e0dc7703424f6e9ee9c0f0dd3528455fd11a932d361f4dfe6488ee50a05af40597cae82cd6ff8125cf602daf1e8d61c4173d595f44a042ebcc180568cfdc37eecdbd8b705b7ad95c346279292aadee905b47c55538d77a5b83749438bbb0500b18d3e46cf0ae66ff47843408ef8e917011f59edac45a760e1ab9b8218fa3239fc2ae96daf38a5ac7ed5678a5b5ab3f9a1d1f6e4d03aec16bba9c22af1d31c5beaa8216368cde9de1bca623df7d4549eea6cae07a6291810cb1e2dd49c558a68281c178f16fae3178525a122a28a40d3af3fca417c2be6c94977ca83f0de4186be03ec0989d6fb503d38f50a3228457f2a1f28bac6c52896f570a5a53fa3db545b029fad687cef8768420205173ae5db30c0874179d8b2d15ebfcae4b08227e02dd948379ad8e6f5504d6543752565004b70aba76eccaefa9fdaa3d4d31bf4aceda21e4fffa30d8dec1b948ec96241e08b331fd22a0050887a0613091e05ac76a877b54e12c2dae09f007cdbc89099755de49a79a7f2df2cc8a730ddb15f91ee62eb6e9f8988417e0dbae24421a8b49c9deec72b754473e6d0ea4ed093e3d7db45daea840300887a5f1f5be05bffffbbd6598a3279c83c266281de0f582d799aa77f36ed8a5b5c8d024082aa493d9af4aa918d307266035ec8efa3595734b01160dcb25c745662a08b35ff65d725d94e76010a097f3eb1f9a605bb1e494c7c8c35440a21b3291958e4a2599372a3712aa7954dd0c7c5ce77f792140fe4944adb991f8a2807ab0dfe5bb9ee7384b3795dee14b309a84c0e1ec1ec98c3b15cf873cdfab880236a937884a680dfd5936315e80f78fb1df3bc9c2ddff957ef32729fee52a343f710fa4f247913e65ba25ba98841ba98b00792b1291de586e177d0e2f1fc6767d9a0053c22db7222b6976bd352388152e98db6fe4f9e116f41e527a1686695cce312da472d087cd17b72dcdd9fb2204e017ab640b19862e7ab6100a13914a0593d5038309eb5d26d0841448ab9f15cd33331cc3e28adc2ab947b77872f840f2c79281282243069fea40b2e61f357c19297506d1e5a5d60e138f381c3e6a77462c7691cddc40843b2f29deb66f8d35ba04adb39d4771276e5f90d1b9936cf2464cbbaed53ada8b4c69a3567fa1b53610653ee744766164def41d64a3751ca2e3ce093ac3b57c6e6cafc06cc2292f6a58f454c0198f93a5bc073b0e7ce2877ace1780d8b14ee2fd50082c51db36075a42d2cb9e2590eef5dd47883828972d0895571a70ce30e8e616aac46781c639da3c62478aaa516c6a0554ebb44497570787105f70b9309e42cdac183c5b2d48848cfdd43ab445d40019ae717e9854555004300dc6b45413e743b7834e65e85d39e485c1c8d00e7df8383bc9a2fb7761890e66b84afd9f91af1e44459180575e6bf7460ed0ee36c63010de27be6743cdddbc4932fdacc3da64dcce128af681d70d9ee3b038f8f6f9217abd07c3892d62fc0e60ba7584c14f9bcc0238401b62ab3ff96cadf09a63350f20bfb5a46d8d6cdbfd55cb69eff8d557c25152b14b0386bd39d7b929d524112e520177882f1669d2868b85e94f64b42cdce73f4db9f53764874a7367582a6f23fb9a4dda0a6c2ea9dabd82aa83e02fd52e297e1e1609e25da21a17fc5cecf975222b7a4ca46172c2dc730c7f12f5b97a685f8a1d12c58fe7b9674b2833963033c0c1d4423b40587dc4fd0c782cfcd71366d3d32b171c6fffdb04aa39d846336b555a35927d85aed4b67f85148bfdc6a024a2b287d81f0077b7a641272ff681a8a33d97c0a807c1ba392974b343bebe9448c70cf4986366d2bed4f49608c54909de92de1c9e87ccdca074e73442e35320f1fed24f6e28433030417c7e580f9e795513b9b1b214a29e078cedd613dd6ad5fa61729bc3a2098504725c9c4e94cee46a51896ef0b67acdeaaf68870515a94c5d7ce02df8bd4c23d6333f2330c08c238b6db8f9e125e77db142f948a132b6bb8c9ff1cc7bc0a23f0e19a4c720e4450dca4c8d229433acc62bac54dbb1d85b6625e2983c75d3cccab63133250fa59a7682a36d06ff99405dfe393ffd761694803ced12b078429a9b4f8f9c31091af2b45aee0bfbc345250456f575796ac12c49161ac2b758b75feb36fe093066f868cbf40f56f71e2f2687881617fb58cd394f54bc79f3eef08b4db70d6329f817bed743b946a449eeb36a02cc9aa9ea1cad8dc062e04305fcc0b061613db743c0db8b5cbba1cdc7d0b15196e88c7a1de9bebdbe9ba43a08107f9ae5165ddc0dda0e7ab3211fd9df9180c5ce366f085f29f8abb27cdb7ff0c7c319b19ae8607dff37230a653f695b5aba5a8490a9c4e5805c5825c4add45b8d65e1e95f3293acd742d67b41445e59e79ba094d98294bff63c075e1cfed9251af0e59de5d52affc306ad689c6bc753dea552563c1b838ac3d2775dc1f127fc36fec7a872a19728e639901a89c71c1da7eb7558d1391f1238f020ddd90d2205a6a3c81e6ef1d16663364e7490666618ca793c5e427e1c252072d02a7f2c69bcad16e0efd33e4a928801f91029feb434476d4f4ac4868f25cf2a25ab16e55ec1b9ed8f6fad0673ef1e8702e7f6f45ec8b4d07730e776c8b50960ff2e0e4379edc74769f7d810bc719f9162fb555c4d41cacbb9c359c9a09acb6f5642c016b83d46633e9ac3cc78cea932d73d90997a07bca3648d98cf2b44d0202922ddb5ad929e8bea9c010f01d384f9b26cdf755fe9fe2c6d6ed736467117ac3c38eddd0700626da012f176d1288edaa659e78aee8fa0e8db95066cdb3fa810642a48ca63859f027c8695604c4316e75ee416bad34de4b4b00aa1bb43cadea1c62f0b5543dcc0e6f98efc985a045745ba6d6bfba155b16dcf747349a3aac1ca5c310dccdb3ae495306e92688dc2bf96f47498852c03fc0b151a2ed1b56026093de722da77f6cfe2bc", 0x1000, 0x498}, {&(0x7f0000000180)="12a9a3e6bd4385e42670341c679d1ca9ad4d16289f06753a17dcc11dd5540f850661a8134fd07f0fd36989aaeee61e74494a3dcd1782c62783c1b859a3b21088645fa6f1b0660b346db7947b36f3391ed49f76c86d05c6cb4f12eb1f5c7ce5c3ab7c7e44ef21d3287b2dea9142b74d11197e6f68991183cbb343207f91605e58c7bd9981283cd682fad6fa21398c2335667ab553ba99767d67eada77cc1bc969b225be3ffa860d2f5945cc9f6f0c2291eb1660b2c59e", 0xb6, 0x5}, {&(0x7f0000000240)="1d08736aaf2b78607bd311905850405fa3d76b4421bc46970bb54a9d4967b16f32f89cd41fb9e037eb6d8915f2519536f3b666bf826301c4b487bbc6f99b9ab624c6af3ff71ee2443b8e180608c79a38615e21d9174f47afdcb177b68dd36b6bdc2e8210c5189065fe49f3563dfc34eeffd43ceec30fbff43ea4be5a66f18ba3fe0f1d297d91aa1d62474db6a991e37e4ec8f5e626189380201311a75dd51c7e1ee92e7d9d53463f9dec3c94051c4c1f8a8b283c98", 0xb5, 0xe7f5}], 0x200000, &(0x7f0000000100)={[{@dots}, {@fat=@umask={'umask', 0x3d, 0x10001}}, {@fat=@check_strict}], [{@obj_type={'obj_type', 0x3d, 'fd\x00'}}]})
write(r3, &(0x7f0000001540)="c97f2df9771dbcaf6e3759b7473145a9abbafaa0eef87f1745c3492a96881c302dcac551dbec97f0d4158c1f34754683a67ec649ed0ae67b6b119818726d49e2b9e62ae7b88a6159d3c1a4212c112225ddf27716997bc2ff5abfbb5cbd81cdd5590938f31b0a70390c6617b2ce5542fe91d73d61e6301cf21cb704dcd33727720a600d55a6cc59c22ec9bc162350fb1a614e9ec79ce9fa5d4aaaadc0d391b18019fc932963985a68f1bf1bd40e6d7573bb8cfbc88b21ea941f4c7467fb493ddd61c115689205db9f8a0dd6d706053981dc793dba9ac8967c93c5f34db4d703195522f1a12f109189e5ac93962df7cd4d6e97bb6112b156f49b285fbee884ee0e25a7b241e65c85d5b7f5b362caf76c5b9045b5203396f25c2536a45e7d13815895cb177785b2a4fb958ab36bfebe03491abe0c7d9fec0615603cae9ea3ff298aa4261026a845d2a315ec3ad4eff56720dcdb1fb70aedf1dc0f267b3e97aa790c0054bf93e0032ee7be99b9426aecdb13a2f8784515acf5869abf2cb5c20c8baa189d8c5a695a9acb1e941780afe4c87fc34bc0b02c11117a7f7560c7cb6eee458113bed0bf38be1a172be1992d5da7a4d2ae3387dfc958dcccf384cf5cca346e0f55431f8f3a61e1b20290aff6144f46a5fcfa76c7b3def2eed1bcb3887dbcc65547e419e81dd85c94232af296a82e40168911f1756bfe5499a5a0d23aeb51333ff93bba712fdad3864646c205353b97a00826010adc43abed4a76d475db9fc931acc3d40a61138faf6c75414abaa78674e1eba202adee3c3f5b389a64e2a3f01696b2498a494a615e9c5e0c09f06c789933fce4461d56d7a611acfcd493f0309f09d497d5c79d5f1369dec370dc5325c7fbf5ad8b5f1a73ab07c44fca861c08dd684a5331ad9dc99c27df602b098f3129dee77a6550d605ddb6ad89edf9c68266ed32793b8e6be43c24968dd9ed93cc37f92a574b823818d9d3879f1bfb3300ad0aa14e9150036543e3a553259fc8c5464cb72a4fac2c7d98b7de64e71d875aa6b251a04320760dbcabe8e00484971e15f30e8103e37b230742e3fe834829483da9b37489cfd4ef14b47aaf3faf5f0cc03ac2c6db5bc4fa1ffaae410b42129c58b571b907e57bceb9c4217cdaaf5d7c436e665d9ca1dda654a3b92a194ed4fca965831bb29437d4e9d3f16591322f1188d1f7c5fbe03ee58abd5a4691f7ff91204c75e241ccf20dcd5a7477f441ee8175552a072dc723c295b7c75cd6f135e8f1de727a60305bb0fe5e72c20ececf37c6e9e5e94038c3fe064ac58260559333573a0590c038f3ebf1178b9c7f5519a25d86a53c662d6b7b0bb8622d3753fa9320f78c0a5a7a6af7b29315f18bf60ed5f82650b7fb86d69e246f99685fb049e163d3a72084e9774a12af378d48b09d4aa667637eb1549bf6821d73b44ef3c91931d3c3cebac1fd924ee9db115b2aecfbf67131923ee2aca0e39984d679731d6e62045952003c3d76fdb0aaa4565b88b799522c386de5d86a9f7578aafa9676b2c328884f7b74fd72c97f9550d3488fea86ba56f886b0e9d0798aa52b50e3666f0bc38b69f4d6b3c42cd0805f7ccd8f9f9a464e80be8477e058432eea53940b1f2d392934694056d32f0bf912177d78a9cadc8075284f6c9b0c36f9d7a4b1bfe6cd79336f328a9a219a6457cf72cccd2d67541e4bad160f99fd9e145f2f7085b9ac321d7b04038d7ee4e97bd20a8a78c18f16a5186a75ed15ff76e2e078a8feeb3d427a8164985072c604d0c472eee273bf4a4d0d705aef5401bf3925870e320338d8e09f0d1d39d71a18aa4da1e2bf01125b2b0f50f2dad765d688f70c8f2a9a0698c0c2e24147ef8489eca975423964bb192fa9fe2cbad52edb1491c2ddb62f6aebf37059e4f2951688567d2e91b48ca5d2a98b32f69705b4ad7d1998fc90cd94392ee0c85ba0fe85f339e5dbafef27a9ce8967c5b9d1d3beda128ba28f6ae8550bff5566395231a579c0089ab0104e8e9496c5d547e7ab76e9351261eb7a220e4df732095f23566efe9b8b0ad4c347b7c53e2e4f717025dff4abe8c6715ded79dc365f17a023dcf4711508a01ef1fb0fd73a4b4227c62236ac4652c43f736a9f01900548c526ec747139f0ae48dfc5d5222cbab9289656bd8b863119052239adc5da0d456446e06c8c5cb97aa1b19089dd1547cc7898448f7d46e1a09c76e0f89f668589bae98c6a7bc814ed1b6423c15650bb49b9e06c5f1df14c59bf239c376339b3927677cc8566695d425f275c97cd69a5c4f4da75b2893ca470f8abe65f69a0634d3088e6ee90bfd94385f8873ec6cc6dc274fc839709cab359f91e512c032189a40230ce84697f69e72b47033b81446d3a3fa4f2a61e24ba9f1062d47716e4123ad3b9b12b0c39085bf1d600dc65467ee3f2309de0142aec6e7143cf0a422e330403359df65f5428b55511f833c75df5e48f807b20225c689dac3d1e34390ca48b99fbf62d2fbf5dd03de93e462076b954b56133226d49dda26d2ead3f08925f44544931ba155bf9fde733898ecb10882454fd437f80ec8c29005a5dc3a7581a4b59f67c2e0b4f516c195d05f69db7d0fb77d0e8034d5b40bdec06a2663bd8b454992ca67030e2643b3b32e3e78470aa0e81cb798cbf8bf06b74625f35776c76c2fecbf48d5cd7de862ffabd418a79f1562708eebc7787cc686e20fe20ff89afaf0963800c84b340f5925dd96a5bac20b65ed85ea998fa41469d5bb1ee2ef19d512dd4ba7bfc9b534c549d08a620a21608d2d96e5fa926d205ebbe6b3a0b450eda83f1b69119fa059b5e98ed9d93aaf4ecd6d6f47708ebf6b81f3d6604331dc32f37c026f5e12bf618adfaccb3cbffe2eb734572df634220484a5ff88b3e527f18770bd031bdf954b265b5e5727d36e1d0b579282566fd216a5bd4ac66c42b28284831f1b594888daa1afc6a35fdf29b41127c2d28755d1491e083fd0686a3ff962263445a3c3e0a889db1dbc592f592dcebf0ea32f761fc6a5d75dfa8c292b60f55623706e97806911c05ec3d4bbf39ef5a435b71d43d777afc0ff25ca81003ac40b3726a848b75e7cd92e15570bbd2688f76c39efed00dff182f943ca40e3f962e2b5dc413f63ca06ef9f27f57d3b6922ba38644b7a10c4bf73afc724784f04791b8c7fe1e826a57fd73fd3106780882d60788c05bcd54ffb9afc4f1be1d4ef61ca45a5df672d221ff2278e748a15702d32a67441a9ccb077b8171e397dd39b5a524707e186b9d121f4b3c5dd1bd36724915ebe45ca968c5f535bf28a1b13be405526f88798fb3777b530874c3b910b8a9c4511411fc2539e83830a341a17d353c08aa5ce8d22d517a1eca1d7c3ff7b5f75586b2a41ae078b64af1e357f13ae6261cabff8df05ee39de703abb94ab70a0c98e1b7f276a107ec7ac89396650a92e6d77266c125aa91d802059014790c7b7d29b7c0c5c44861ee6ff81c2d240f6c9536e6f380620b4832fc1619ad4f1dc162a7b81d500361b103ce2f6aecce96b45e2030e31b96283b45b57c87ec38db17507f753e85ebebd877fb93fdbab62812e657140d739cc2e65c931a1f9ddfd3adcf7b4ef35838b8707db111a7d9e6f285d78da564e06de81fa484289286aee60b8e138319a4eb7089d08a8648a3df98b963ffa605df6245c65ee3d253d2969e11bbfaca78737047d3b5e1573c9187e84778cfba33400815d334b5ecfca2238df17baee70d9f091b78b172a90970fc586fc0c78743abf9cc462d9cbd6e1a38c1ef5f4e4211fdaf5abab84a4ec8d7e173ff3cfe4d76407f20bb0356b0c58532a61c0e1300e7c3d5b68a14d5088c33140f2edec184f3fecf4de613c9348a12bf01fb5c8068de547dcd69be12a4d8ac635e72239aada29557957eb6f00b7a2925bef1f8b99205209310244b38122498efe51bcbc3eaf9cafbd2b86a585003b88d1fb788a9f613dd809cdb16f1d0bf2edd7501d92c4061e995d8276a6f30687a90781e285dd25d05ecb9e059a1f66f1776f677c45611a29c0e426efdcebc8dc1ac626fc1ecc002d23361ff7623d49171218cbbb61657c1ea469246f52ec9a0dde98abc71e014d4cf0c109055a69883dadcd93215eb2d00793d1b3ac4edd07bc6a66fa284acace3ed13bec27bedc55e20561dc742ced7bca0b026d60ec0bf1182e7991cc48e135f7266b909f434f9f1670368e325b870e8b9f12730a8dff285cc2bc907846474290edf47043004ad8c7b4ca52818077ff5ceb3606a51c2bd5d22636e6b0b0551a018365e81f97f83a2df34b7a4c86a1f532acb24e82751c9269da46a62458283afbe135cc02863757e28c8f9b4ed6f9c7776e9c9ced72c0a7d0f4c9ed8a9914991654b46dcf599da1c371145d63e5941edf32d28ff95d628e2a8f28d46f73995978d88e7ba6990cb7743e9be48c6d5f9339e951abd939043727044ce5c36050ab0f9a3b70ff806d6a387d06f614a1744f441b72bb4147d381e32c0e868469905d2ece9c7ecc54a35745b5e60d3a22bb28b4533da1da64e4198f5be68d9c10c474b2de783dcb866fd51996b2f12ec7ec15467873aedbee1309c14f4f4e3920dc60ff1d56ad8a352e86382259a8ace0ba81f22db2675a0ed73c8c43d3c05775a197ca5296d18b49f8b953e9663aa6a597b922038f261d7a94509d58651c6b7c951e329e15539be2fdefd3aadd34924c976817f0bf9708a5ded873d2ac35634564df1f4435388e17b04b7e06dbfc2725733dfe8fac9fdcc01130442f6023d90d05e628004527338a8fac0d18d0e5909e133609260415212ba93840462a146f2bde8d7b43b7030af6350724fe646a7887767f345d2ca217f286f513300ee98bf1c744ae0fb9885560bed50942838acbe583ba2e12e57c4ba81d7f620bdce21bf622d85bfa73350407ae0b2b981791fef19cd3192bf2e790b8207db3b2327a1f20053906177188f9356640a78ee270acfc00e3f4c0c102ec673cdaf09f1c71f367bef9633e09da262654c941fe2047ed44e17ba2dcc007bd974b00d7cd8b228387eb8eef9d942e796d19aac0d3d6a777f28b10bd55011fd18b1b5aa2803b458ae98f28561c70f2a7538e968d4e352db5eb44c1ba455ada44b9fd9271a4fd9cac7c4f74b16477bc27d50a4f339f99acaa7af24892da5ed79c401ce98653cef53dc8c91f173ef2169b58839bc4cfe168eb58f345ec17e0a485cb9e05fbeedbef039d208cc3f8caec0bb5945a76278d72df20009677808fa2d5b7eed9542226e2fe654efc92ac9e8c15486f91ae0de0694f7b996cc1ad964c6e183ec51f788deb024f9c9c6d549ce2680e1258eabaa8471b836f495488c2c2d0dcc7597cb61566ea3d593fa2913f9d579fbe7280e69c46a4be90735c90dfd44f0a4fd415287bbc58b1b9944a2b0a8b8e2d6c54a79abea9fa7f9d2207633c701c8c66eafa10220fd844637a3e03f29b54f011437d0c38e836456b81460873cb018e801aea610e9c9367831f145116d6243d63418bd7efa43234356178409a9536bc25a797a8ac05293f8934e6a82dfaba9a2fe09453985141d530e10fd6d60abc7a20f77e60f554be5038028a21406ebc46170c1cd7eb031476db2f1c608897bc2cf5e879d64b667fe50628a6cca7c32d5563fbf22517b781119b482296b1bfb7ce80afd7c8124f952df904b078b0a132931f53c383d3066288bed0e98a06b4e4ff032598e9a43438d2c81d590e0128238fa1c09bf030d15c6df77742881d8b35750f208e6dc8b84cc786ec6dcfd5e3ebed156", 0x1000)

13:50:31 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 51)

13:50:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x700)

13:50:31 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x401c5820, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:31 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x1275, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:31 executing program 6:
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))

13:50:31 executing program 3:
r0 = fork()
r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8000000000000}, r0, 0xb, 0xffffffffffffffff, 0x9)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSLCKTRMIOS(r2, 0x5414, &(0x7f0000000000))
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r1, {0x4d83}}, './file0\x00'})
ioctl$VT_RESIZE(r4, 0x5609, &(0x7f00000000c0)={0x7f, 0x3, 0x20})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r5, 0x5602, &(0x7f0000000040))
ioctl$VT_RESIZE(r5, 0x5609, &(0x7f0000000040)={0x4, 0x1000, 0x9})
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:50:31 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000240), 0x551202, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r3, 0xc058671e, &(0x7f00000001c0)={{}, {0x2}, 0x94, 0x0, 0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)="2853414c6be352e05c69eeb8c6bb82508b91f59b3b1010eb0f88615f0fb178fa4a10b0c7da787f54f1010c286a4759e8867219772a9be415a33955b5c056957f984f4f1c28c4b611f930ab127af6f8bdb872eb9c6ae9d6981c2ed5370d7750356a541c88e0fda09ed0bbe48324d2c17b400c3ff2cfc0b2e3932e75b465bf0fed5ed4427ad957f0aed0a3290c34b6b22519574e15fa58056702225f435b693dfcd144eed6e004542824b56965078d5b94d2854bf8a628219f7b723b56e808f8ebf4b938ee245c86b54644bc8b390c3bd92ce12ae6e9491d47c83cefe1", 0xdc, 0x0, &(0x7f0000000440)={0x2, 0x16d, {0x0, 0xc, 0xdd, "6beac75d31f9332ef5cc5a50a985d99795ab4af8b2fa0b8ae3f0d524f376ddf0a306bec2c4b0963dea8761debf9d261d37c3d3b3770a4dfca6b6bad5f94654316d91ecd85f3412105a1ca2e440e92af1307e5b01875e10033962002699b4a27fa48504ba5d93e0f3bdbcfcc98e7a47ff0c9a8fb8e704a6027efc1ffb9d6fe0923e515363d6ec86fd5191534a90ad45f21c5a1d461608c2c120cee0c7d78702b932ab74c11dcf91624766a1e31d8d567df3af9c8b17171bf8b8fab1f29295f21032afff5e587c7ccfbbd785fab2838ca2d02297b4feaaf8cab52b1464ca", 0x83, "d2c45bd0e92c06d82756c594556940880b4fc48e833a92d26609b4fd09875fa10b6e5ccf0533af486976109894c393b5701147edfbd32da295419c1401c5973dceb5d84a895cc9ef9df146f6455584034fb3efcc96af07886171882bd491123bd6e65339e4c6500a3fb236d2fdaa816ec99fc8564a110be2f72fcc6e720e5a4b0da6b5"}, 0x88, "472f9aa9c9ea4b9c50cbb9eb884039587491f6392e06f253f2e1bc946befed6f1550f35fc93a7e70862e647bce4e613e735e4ee50d02094e95a15e0dcd94da72381815ea2c6828c94e49a07ae4cd908965572447239efc217c6cdc72a5b865ae8548c22e72aff26eaa04808e7a1c85977a8651b3dc3328bb65079f1482cec33585ba8e7cef88ed8f"}, 0x201})
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e5a6b53d54debbdf9bc0672323deaeb706c6613707560e8cc5e04e956608828b51169c16208897089ccff7a8d44ae33575def9e904cf054686fa3fe2390fbcf2731076"], 0x120)

13:50:31 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r0, &(0x7f0000000000)="6f297ffe2752c2d36204dd02be74cd992d9df15d53b4094caa90394e6dc0", 0x1e, 0x4, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x10)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:50:31 executing program 6:
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))

13:50:31 executing program 7:
r0 = socket$inet(0x2, 0xa, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="e8d276cb5ddbf368e4c83e68ce5ce2d54cb226fcbfad206dd2134f6f0a8fc36b14bd0be91548378b2e139271820f0d9461f7e7a513f639f780ba85069ce2ce3096ca5569034860a58c6d55646a0a1746547c4cc0e47244db5e0af05131d894d2515867a30cac241adb4e23ce416cb554af0ff8e807e36e06cf9267fb2d17fa84ed37c82321cc260be39c206cca326ff69317bb1a43c2a6ef79d7c86b6e72048e06d3b02bb5ba78ae2d579ff84550ee25f8daf79a1f4e739b15563322cf58d24c96b8862fdf29663f09cc366fc501e438c9b1838c1fc5e16078c6d11b", 0xdc}], 0x1, &(0x7f0000000280)=[{0x90, 0x10e, 0xbd0f, "cd6a8cfb1fce6e3d82e2759039cd881b5e9fe1958ddede80caf237060a852e16bf5a7a089d2bff723a8aa0dada2a092c22d5e792d3a9b5932d297bdbfba5330315e7e5abfcb67cbd95d867ddffb9c209f5a777e4725e7bc73d43a519a9f54f561ba035484a5ab19ad31c82b30aed3dcd00a483a72043f61e8e027404cdc9"}, {0xb0, 0x0, 0x4, "fbe0a2832ecad50a5b9ed996cb36bb06cefb3855d513bfe99c8cb659cb908689d8b55826abd6bea7e59b39474b23e8aa91e18d75fe7af1f71f8d15da1ae8d3d21b27042f2821b4f7eae53cf1d801f26b9d8bc4774c160616c3999dc28c76ed080845b5184cea47b526e1c6a76021a6d4d7531cf3a306557c95560e8aa0fe8dba6d599ffb66bbc1010d84b204eda1616d50ce4a474043d99036"}, {0x20, 0x20e, 0x1, "84df0e2a4667346df6838856de"}, {0x1010, 0x108, 0x6, "18c205305c757bbc70df9548ffd0e7d03795ff26b9244ec308a8be0dacc257b9633e6e1f0ee304c17254e6f78907bf15b78c8e3c014bf172bc9aafd6f036ce1c03a43ffbd587543dd415e75ef4f0892f22dbd0870fb5159f4ce518f000d07e704ab240c57cf3dbdcafa1b7cc2381af3493cee97e41c67c0f40c8be2cefb6930b085bee6d3f97664facca8bf2de6e42bef480f636035353f66221ad3f954ce9c109d6d9a35b57de48431e104886d48bb097b92f14285238b8b57a251d74dd627b64687ac6cdf3bc0f75c880245ce13accb448331c87f79a5e0112ef337d8dfc88c1afe0ebe3a07a63123263828e86559d0565e4172c589322db0e6818d7dcc9f45433d8e3001caf20a6234511af0f6d762f19151f94111a1f3b3e4a22431e9f550dba7775b6f2f1d7df67479fa23aa035392e31a525186932d731ae61ff2632be88f2172e16dc75fa9edf6f9769c3e084b030cdbad7d02c8840eafccc09f1a606ecb8b437650e6ed8a9418c8fd4732ff93788f6e5df26e82a32ca42ed156ddb60ce67eb6b314bb4badc416d42d410f98a2a965e62720c61ec739eaabf70247ad557f06099b9311d2801bec086d66083a5c8d8d212f9316b9e31dfaac6a151651139706f883bd428f7609b155e65bf014b26f649083ccb6ead06955596ff77ca0e9ecf6f384cb0184f55ebf72b24558eeff45e3ba56330b68179d5cb00451afc42a50eaa9a2f7843dad802f02ebf38fd70c82b86f4d7a423049c3c7a539b500efa319c72b41bfacddc2048c3fc2731c000c35e89c2bcf735cb68165f166e105fdcb31151bd03d92e76b6b63fd9a8665aa0b50b7a6d0c1be20f558628d1e60d7af847b6602a30528d9d67d632fb9df0c2de9becde6d5cb3d27780684f38512c2d9337a6a704c9e4e75b7f19c2ccf4d48393ec5ca4ecb722be70548b185e79a22cfc2e699233eac64a36015afd9faffa549db12877704eced16a0d19afc15654d0cd57089e4e05d50d1b40e9accd475086f8e023eeb14eb7e369c01fc70515f9cb09a6146389a0a31b1a78928734044135be8e9505738b9fa67b70022b8c770e1798c6cd0196fd4179fa9f891e52d5d0ca94fcd422d3ec6731f855fe20640c22b462d943f254e893b398cc1d60d735d61cc34264b9faabb559ceee107b408924ba81b0a4496d62375a48fdcb98ed9cc4ae654298287d1696fb0a851fce17b6725aaed38dee7b8abc3c89339a97d8e15484a9115cd6f43c4b72c8dcb1f8751a3c46cf99136195604e8bb2dec707f272f26167c1694bcc1d3317be8c2e7bc2f227930b85048bbac82c1d5d4fc42381215927dd2cfc246903174e8b20fe26079056004055655fdc7ebda67bac99a88334854e07554dee7d75edff40e683d6c13b23b15460cc8f1ffd0272c0aa2d619b150e83f5a00477d596018f8fb92351f7597f168dafef2ebfa5a9c8a739308902ecfab3df7198e0fac869dfabd94a50bfa43ae204056c5d5da7155e91936a5d85240e6dda58224b2f205641b92e22b45f4e00e4bb93b29d05aac304afbae53ba0961813aedfeb4aac9e19b8d41ec9ccdd0799075373ec3257f65971d40c754e8e50b4e223da5a82c61fadc0d9c5aeee3328ef4fb6468411f1ef09279311a0ae20a7da3d092d23d51e8d9619f4c83ddd7602d2cf157813264fa54caace75cc0823284dc84916007198d6aa3c72e378960a8f9b516e938d2754bc90b5b66152fac4f752359b2d33d3bc90513426e3fcd2faaf621986adfc52b7625c487f5aa84fcb95bfb69eb104b94641bb73c74cc38bdb3e410bb25f3237619be03891eab7c201f1ad1cc7b5265f7c8e7614d6c1e8f1df56bdc80be80fe7e5cfd5842094851798102a33c327f31dab158a7f1eb15b6f727ef01813efbcacecd23b71b94cb556b8a184be7350982628a5513f75b2e572b3aeadb1da7ce18247ee1713585d3c1ca1add22e042896c01fbf2852c7d22dda5bb00416bb66cdaf6a59d2468df72685230945b2921bff7ebda749d715a38ce03844615bedae77903855e7de17bf612a7a3ab03711ada0903ce6a1562fed44e4be9583fb9cd6057bfb541333700c7b50785e144563cb6981639f2f5991685ac815003e22cfae8fc9330a1c0312eeebee44ec11c9daeff9c96fea791bd5add56a41f229cb3ca23dbe81735f19c28b6f44ad34651f38ae839c3b79ea6b589010be5358f1ee722d1503de3a35f1c070696c2665a5c41d59d68d5cd3cf166aa36b4753bbc17f938fb6131aae874b294c12f6858002e5b818669142ed62cb2add9dadb038b7126e627e58cbd26df978a53be75fae628d22725cdc4ab0cec2eda2aefcc0db8fd7337085f467351ebae5322fb3ff6a1edf6fdeb2fdcfc09b8c74afab85d424ee014544b8052981acf891fbdf2d775158103bd9f8232f510ebcfde18c3e32144204abfee0f88796587663a53cd2347278a7d6f659cb9aa915ecf91efaaf7967adca8be7dc5b716cc6c26a31167b70f03e4850f283ae56c92410cc50cc61f117bb2741ed16486ebb954891a2b5f9938ebb72e13c14d5952cafd1fd3b2279d44986d4b2c5d5d859cb2ea0cdab8bd5b6a68e8d1ca500d1942f6e5bd4bd42641c887e2b721aab8eefb91c4e7012f236dd127260319748fc54d5214e97ecd7ee34c68bb445eb50c82d2225f3b5e19f9f9f5d557fc794c1fbe641e644ba61971b3e1c776e75315942ac2034ee5773ba460dea0e52fe278d3109f2b43d6b41a1a231ef8231ce2c8a9ed00b3155d82a06642658e36151de6be1aa7ac021ab776d93db2503328c1c5c3f124665661939fd2eec0542462d41be00b7afe81f48908098833989330da3a6c3256df0a2e31fa41eb8bf1a3fe58a669a03ba43dc66f7124fbfd24c2bf6c783bb043ea83bd02d7a479ca24ecdd5e27e532f1012c436d586738f178a5749e7b7102aa86020de788b9ad7e88eeaa01c4738788825bf092874a0d5f4c95d3bab6f34dcb032814ac0ab87502e51591a6be31b7869d4f2fc467d342906ddae026e56ca6fb3efe4da063184239ae6c362c9888b41188e7e84c6a0f3f7904cc7addd989f351b33a7b424cebd80e3e194c74bbeb6157b379f91c2ba0d02ce6aa2e2b43aa7df913dde897e37272234d53b4a35becc8c32d75c3276d7b69cde6b51c3d03736b3187339c7e65fcd423eb226a5e9f9a7f0e0095309c836be0a7cdc76b6b3352635d569ce5178437f02a118f911c0a07684c0f964528ea57842a6c060849d908f1bafb2d5d7462489a117e28705eeebb20d12faa51d5c6cad5bdfa6f9cbb6da06e98786756a72a8bbe607be604ea2b352b93f945a3ed927050285b219d27c78b8a43e4b8ff11fa3e490133d1950bf59c5fe00c0ffd117219c9e0c56934731b452d70eb16594b14011c3e478bfea1644ecf71f85ec1ffd7f05cda96f998938a1e15770b95b290f9b5699851d686daeaf2ccfa4770864f688eb45ff0e53af73d9ae6f32caa8b184f99720742e9b3a2ab18f7d00dfd4cb606c6cedaee81a279bfeebefb2268c3ed2157614f15e32e685cb1d789a5c2d9a5e019de9b9ac2857fe2ba5c825cf60c6c30f43a819cfda9d44e53f18e912d50ff31a756f84d3e7259c5e7081b616d28f58f3ccd12508113fef7e3b09dbd15e4c45da00aea44a6fa4622efef9737914df1a8b58b29d25d43b8ab691b5d2a6cf06eb0a2cf5703acc04f466d8c0a9e1787ae3f7e0c41dc597a338177b72e81bb286046f62b6dd3f33e1d47a5d03a63c912c4c5ebe3eecda2b75c684e362e9d2e73b1b25cf284d3bc1a7a2266e94583f6365ab9857ed5b940fb6d07019697c30c2849eb0714b63e35914dce28bdc0225c2c8107ed919975829be928f52184424c7ee2fb8239efe22310990f521426ce5b9dbfce58f07d4724be3af263f047d30aa52dfc50c0761b90b107e250139ac421151691c8280cb4e737416b54121ffc4612381d0111212bbb18fd7ebc4d056c89c53461a3daa44c01e1ce369eaa358134848660f8fab3c77cce2762632547d149844ab131c3e61caef589d091edf03c682dc15d895d58f13db8871b0ec671fa0f8484a6a0ccd0e6a4c8ca56aea99ba0e34071f5b3a87847d4a3534c8322b25bdf3f8ab8d107a99644522cd878870fd4c59ee98f9b99de5e6a5e24fcc6e6ae95f3d5ae4d70cd6e7ae89645af5e0ad29b27e3d8db09adda075668c2e881558b40c21e227824185887c33186ea1e18b9d01f6d9eaac1ce66f2a9f5a73e56660caaab9792e407b0816be0d474d7dec41c85904b75a02b339766dfb8384907eafbdd95abaee355f9225c926b9bfabf4a5b0b4a707da5461818f1efde74ec52473eca776e51d19f18541aef5dc416669c5b02b93fdbfb308ec925ee7b91acf589cc9e5521b5ddd2481096f5d51ad939ecdb0aaaff74649fdd6ea8a22ee8442d144ae638c45eb5981aea46ab11f6db0c8d57af4afeb62bfda91a1f590e9ea16eca1af8c9d8cfaeb2d608f96bc3ab36fd20efc830a39d3ab3cb5c50809a750cb80fbea112b7479f1ac57c3ba222f98e1824011b865286510cc7d11b3b37ecb33b58a8fa22c61356d75b8a237199fa3aafbfe736692265289391ec4bc5e0793cca587c72f2d4237a9eb09c09b9f66de56485033b2e5d49efe69c844d866af6ebc1244802cbeaf4fb2f00fcd8623ccf49efafbe0805df86a5f80c3757ede029c4a88f6ca727db785b36ef9dab9dd9076a0dd6898b396a59d41b7f0a872b786d262a9d6aa6a0690e24fbadc5ede4296e05ad4d6cd743831e06ae4853a157fdb77afcc4a0fc1fc1913c9c9c8245efe39a3c564d1080f870e16fc6b946956f9880b32811f9e1648f606a0691e51bf127452d5ba45b4f8d5049c8a9769d75c783360e6c34f2294c8b54cefe99e7fb460a7b16fab83c16cee414d0ec63c6b9f4293e08449a2e00900af9372dedae75e3f59e8b5cd6f98c3a94cbd6ff5f936ec6c4d67d5d521bb675f3eb36204d2820ade2c8f1b3ca3d4211dc63cf147d0f0667def324dc131b0710ccaababd45077ce3dc0a44e6a3bf7ff694b60ea8f9084341251550af6ae070162857babe40840a9974ca47dd625f8c14b6864a299de237a135075dd01a712512cc5e61849ceaeb5ba0503bea37130af216192968830495a61c7275e0a92b0272e266640fd0a4f61cf3f866c547dffb6c9d66d754b59e622454cfec83950797ff5a4270882ac425f333bee75f8314a311307a90e8cfc7d39782d44aa72832a071333e1c10ba0d835ae26c6ffb374fad28b0ffe49c6d328a2a2e4ea83b35ae74eb2d99bcfbc6ba61cbfb044a85ac39690f5636f6d0480d078472a6fd5577dfb3650a338ead08490f32620bc39e3d1a5c6a032e9f017c9db8cb22ef8101726b5009696b7e9480a8b129616d0b48dd3ea159972db7828e6032b4c08f45ad8f9dd24619eb9d5a232c79ed3b6fc51086a159a27b40fb5c9a9c49eb12a184a059e54250483114fab5979c3e0f2a7be2e3559f826cbc44fe18da7146528c11503249dee5f701382a656b76d2756652159ea120d209986e70472892d646b8a0e631fef7d6e4f89dc6e2512c3b3bceddc30d203102592e5dff82b1ffae5059d984ca39b50c1f65764ebebdac0d0588718803ff86338f49dc64646b6581025d5934ac236f6eb9fd8c812eb3226db46aa4e54bc6a6f5dc9d6066426c2a0a5cbe2c5c8f8dade86fb04d98c553fe2ec9aff2a1a0c76d13aed2ecf54a8e108268706808906666d7cec22d38e977e3c33639ea394d993a342e3a57e26b4a9cda676"}], 0x1170}, 0x20)

[  876.297776] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  876.297776]    program syz-executor.2 not setting count and/or reply_len properly
13:50:31 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 1)

13:50:31 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x4020940d, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:31 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
recvmsg$unix(r3, &(0x7f0000000480)={&(0x7f0000000040), 0x6e, &(0x7f0000000280)=[{&(0x7f00000000c0)}, {&(0x7f0000000100)=""/141, 0x8d}, {&(0x7f00000001c0)=""/168, 0xa8}], 0x3, &(0x7f0000000440)=[@rights={{0x18, 0x1, 0x1, [<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff]}}], 0x18}, 0x120)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r6, 0x4c80, 0x0)
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r7, 0x4c81, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r8, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f0000000540))
ioctl$LOOP_CTL_ADD(r7, 0x4c80, 0x0)
ppoll(&(0x7f00000000c0)=[{r6, 0x42}, {r0, 0x3}, {r5, 0x4001}, {r4, 0x4000}, {r7, 0x400}], 0x5, &(0x7f00000004c0)={0x0, 0x3938700}, &(0x7f0000000500), 0x8)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[  876.316434] FAULT_INJECTION: forcing a failure.
[  876.316434] name failslab, interval 1, probability 0, space 0, times 0
[  876.316475] CPU: 0 UID: 0 PID: 7555 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  876.316506] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  876.316520] Call Trace:
13:50:31 executing program 6:
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))

[  876.316528]  <TASK>
[  876.316536]  dump_stack_lvl+0xfa/0x120
[  876.316585]  should_fail_ex+0x4d7/0x5e0
[  876.316622]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  876.316670]  ? bio_kmalloc+0x3e/0x70
[  876.316710]  should_failslab+0xc2/0x120
[  876.316751]  __kmalloc_noprof+0xb4/0x4b0
[  876.316785]  ? trace_kmalloc+0x1f/0xb0
[  876.316816]  ? __kmalloc_noprof+0x215/0x4b0
[  876.316854]  bio_kmalloc+0x3e/0x70
[  876.316894]  blk_rq_map_user_iov+0x390/0x1180
[  876.316937]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  876.316972]  ? __pfx___mutex_trylock_common+0x10/0x10
[  876.317006]  ? find_held_lock+0x2b/0x80
[  876.317040]  ? sg_common_write.constprop.0+0xc36/0x1710
[  876.317069]  ? lock_release+0xc8/0x290
[  876.317091]  ? import_ubuf+0x1be/0x220
[  876.317134]  blk_rq_map_user_io+0x1cf/0x200
[  876.317168]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  876.317200]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  876.317244]  ? irq_work_queue+0x9c/0x100
[  876.317274]  ? __asan_memset+0x24/0x50
13:50:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x810)

13:50:31 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 52)

[  876.317315]  sg_common_write.constprop.0+0xd75/0x1710
[  876.317355]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  876.317384]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
13:50:31 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000100)={0x0, @rand_addr, @remote}, &(0x7f0000000180)=0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f00000001c0)='\x00', 0x8000, 0x103)
sendto$inet(r1, &(0x7f0000000280)="117d95d02457f28f07e942d77eb5670b110cb29c36a8873da5d68c1c4001a21fed4151677ae8f1b59c9d555fcb1de22a3e86f7168bc10ef340eccce083d57602271fdcdbd3c7ef1ffab9c4cbbb8b3aceea2d90cfafeb8dfad4b73c1f8732fec8fe498ff0024252b20eee96e5f5caf1479fc4298de797574a4cca012f3be6f748e43c77bc56fc0a61e31cf53f6c6af9d61f622b28da8cea4b59177d5790fe15a2b31ce7b63e5dca39493749a009c2382da704aba57fb5c41e671ce4117c328c84ed63dbdaebe0b86dc0bf2623f354864ca17adb8907f235fc30477e92a2105efbd4e0a17a73284d918600a51ba8f4101f166334bd193cb7fd270c1179bf33094330e12c8e9fd695bb13527260e2769f32a9f04998a9f5ce3558ccaf8da040603e2b814d7caaeaa84a7077b81e04e829ec613f0038db464dcb9d5e769f43b2ba66922ea036e9842ddc9b1824d6669753b4f3e3423e64ab396b5a6f0a45c7ea90c101f169522c424bb7238a0100ebe9f3bf009a4d626251a75d68253814f92ff3fa92df83aa48edbe8c92178eba4f6d87e48e73dc0c8fe3c2e7d5c78c580ca20b8524da1ad3aa8d1cef5146e2e93d24f00a9b00182679d41c70d81919d4544526302c31908dd4c037f76f17d10627888994a3efbba8053c9c89a4ac5c2e10218ca7e923cedaf82f0169b60d7ca83d8da655b56f06ed1f1eb5c57bf147d140b186f82fb2744448a2e32abf253387b96fe5ba5d3beecb0a369ccfdbef049cf8a2a40b7599efbf5dfd016831c609648ff714f447517182bd9e113dfa7cc6c2133cac02a3efd7d563607eeed034298dc8cb84bc7f615f6bc8111e104a1412ed664ce8643188b46796573a41559c4788fa2ff6a1cdb48e9ffbb380f08db0a641018d09e1015101c74b530643fabd840431db5931808af50f6b57e0fe795ef8118fc570ae036b4fafd37f02bda0999347e44771f6b2b4aac9bf3887f0a68e666a1b3bedee542af01b68cb862a5e6fff0e9e468cc6f455be78252b0a84c271470ded1ed06dd01aac12a50f9d7fa599ecc89809f8ac09144ca867e27a5a8034640da7533059729c26454bea57fefcc592519478df2efcdb58f4f90dc14b47a336afba45f4d31d3915daacc2a35c8f0112f7f07fef45855122f6b292fa31b0af59ac74eef3e9d5e8cce5ab0a30983d9f986eb6245cc365d8acf0121a5ea5fbe2aee8c0d20eb49dabeffe425dcc3163bc74f464057e91557b215e5d658d930e052ae7c95a6e21231b313889a4fef06746ceab2a2b7a6a210189dd0d991ea4a1705dc8b6eb42ec5f20c1df9399337b179e355ea9e379639146aab45b0dea5c2caade5b31740972e71c07d60c0aefab7aa88e51530ffbed88a18d526c0f28ee509783f83d92401ea678ff0765e4b89c9b502b967a74035fe0ad273cf667f6734731f1f96ba48e1d8623e8f63684d2cca1631da231975dcb598ac29f19675a30171699e796bba80b5f8d682cb43104306218aa5e3743da97c3d9e11b16484c4809ec2f22197d26d869532b1a26b3fcb03e2d5797391b44a859dcd6ec0360cfac8a8571d8203d1c8c75da1cf592f5451dcb2e6a6758a68d6cf08c77fa35de2da72167586d960811f42a443a7f5b5ecdbe59176ab9dfde4fb573959eeed79be1f86d2e08e2e8d72e1d59f8d6ed3e8c87efd8cbfd26933aa8c14dbe8b89f0b1a97d90298b9caa9148abec45ae400c954f40f97433d98a2816d72775bb028a8cfb7d5c21ea90df5cf0fc3e8a69d9a5725322acd49bb4d497c4c0a99b886b5e46e332fb9362ba5cea2206cb305cfabbf825970dda79d640dc9a41d231eda72ebd75785a08cd39de1e86b1f649a52b6ba092b89f1724382d22819d611e058e57beb5c7a1a925977c08b0abb270ec862bb4c8f1e1f5b5c82c112930edb5fc93fca10d7de4a33afeea6a74b644802121d65a5ecc711cd70651ff6b1867cdce160254418cc002dd24ad4c7aaba5066623bdd93bbda9345f49ec864d97454c3bec1256907e6eb2c4dea8d2c7249d407a49f907341f98059cbf06449a93f506e9e8079c3282d286b3bef8a2ef466d3cbdcee7bce30c3a041defa229229d260ea30ba599285e45235cfc34f84a39f258ae45a6887c62c32bcc14bb59c711fdc8677772c416f4920a9d51a0168424e06a7b1b0492c2fad030f20b9ed54eb44d75e4b808a6555241ec36ab4a4a4f825dd907f9b21e69f021e8592048d90b0e53849c113b938fe350220f62cb6d41271660266b72105b5117cc3fa00c80689158d9ace2ee22270f23d3ef206cbb2eb054d5ab3218ce6dafe002456c964736cd4007203b89318b76e20b036dc1fa0acba5d0f983470784a3a56b60156887e43d8487227d6b092144a9d95779c6135eb6ea716661a00e06cfabc549fefaec7a2100732d7da9c8b3bea509debcfd23d00f6e11fc7cde4db9feb03ced0c65850fe0d2e437f2ac156405749272b4f8b31d4de2618dff6a73578176afdd3bda83aebdce904686e18780ea90cc0db4ebea77200ad4b5a504f9b4efc09030318c49d8d2e26cf36bcdae1052235ccc9d9ce6813bf9fbb6f04d58e64fc675c5c0d3602177f819dc9185ad9cc5110b78397c39d64a99bd5d41848eb63cb7ebd7e4fa8f2deac39ecc84b2554256e579879c8b2e8733c1b5d468da13b935ea9ca930fd07fc01e1417ddaf08d47c7b7ae3b238b1cf92c17e6338bdb1cea2a8e0743319043976ce9ab5e5142fcce264dcb02dd1e183397ad700e4d3134fa023a5ea1838bf0444c6be7046302ad8ceb72e6c433686ea2bfa1219504d8089525da7c0f2fbb683c38dd3d27ffd01fda7a008e619b59df30b5e63908f4cbe8d20e39d4db5f3a454a639a1d4e9f55faf1c5343a8e850ea2a74bfe49d93f8e15a719f02d8c14f9867d6d27f3bdbd42367c8676744f28d37b8f460fa03bdb28b1ba4a57404c6ec6bf83a8499d065c8a76b62c732271fab91d9a14cfa65f821a021060f1de203493434bd4120034cf069b834946553c78fb7eb30e543ebad016744f1386d7852672dae2d4a8a66ddd0e3066fb212047f37a4c895adae93b30f95a7d69b011cf84fd962b4db1b3f76e1f6bff3a4d9d6a0f9ed26badcc1017d1629d4de6f38d6c0e5d86aa8b705a52fd6f58431dd62a7f0e3fb9a19822171a1c32705d6dedb8535b7b9e3ce3c6c25c1e35647f7830dee9d129c634e108d7c06f0754c37fe561a4c9223e1cb53c09b674fdec2d7ce7904da27399fc35d4007feeae5bca9d8b7d38887288c3a7bf2bc7830842d34c22cee98937c996ec7e246f9b0bfb342cc36380b4aee35c612b4693e7f08db62fdcc9f44422e40d650ad69c71cfe1f82cdb515e4c7d67db69a4162d400a9aeca12cfe920b1e0a6455a8c8a638c9ba8a43d97686c8c1d451967b48aa877e27c7726f5374220cf315dccf5e97bb35f5802c70e7e11b549bc48173b67bc0de951f8e74284a4cbed3e1c40b0ff57cfdd5a7b7252582649eccbc2e4c9994c926a4f332607a29f73de4b96c4145c22d11288d2eba7f5a7c153cba82da9ff20aaa7937141b29dcde7775cb53c9f94d383b1f8e0d80730f7a14c1321e8d6728026bd57a114be83fc3e156d5ca264b56e8a8f8ef67da8914d893b7e5681dd964829c3a473d8450b1a1f7154765c9542fa08c9e67aec832fea5f273027329a6233fbbe57635bb24ffd993df98429b333a5fcfc29bef03b8292e8a6d47a7835876f16cc1a72c676ad66cef25b3d9b27e56bb55b1b3ddceb8128c929c778c486586e86f454100b7299f5944501a6037b623d23939711eb3bbc23be2909c5e79d6bb2131ec21f34fe1e19b38eeb09328d23995c3eef6106c945ddd9009a8f4c53fdefc17801eee0c629e7de352db116d0669ab3d76b87a0ae5a09bd120b96213af22d15e7723af4f0273d4c99e96956c15d0ec6427e2e825ebaed974a2c37c07c1686ca43a59dcabea83ae4c7f6eff2ea4388b9fb9bc6d9eb7f79c498ce246257948c541ec16c5915a9753923450078037f596f2f9a735f5d7ab2d4033f80e27267364040b17978db203276c26550a4ae9162a947f655c9660ed2218b095d54b52a7384bfc3e8280505b9cc786a21ca80247244d365f33aaa0f349f4b3cd730579025efd29fed6abb8424a562888f6b0b80191e4a372056438dd4e3ca0b245a6ca9e145fef694ee8a7ffe420eff6a63515478a032919fd44ad2e5f03145754aa55134330b08f220fffa07be7f55e50bc6b78a7b6a2c4f865922b605135e9565a178ee8d204e927ce7e07ad8fe6fc88c1aa6a58c7dea39496311dc8708d1f0a4be7d6ae8284b6571070376cad5666ce8bfd3e65424cf17e012d4f217a09aebb98c36d5f3093eb1ce8c7af358103f8238be8a75aeecf1ad045ecd6ad8f4db72aa77241a00f2a0dc35fd1b523a20b87c208755fae849319970b9c2c18e89f44e37173eb81000f90b045d523cf78ed7abb20a23a50303b64190c9428ee53adefbff50c85e35f9474e4845c41ea5e3c1896c834198efd64d8c609a95e34be589bb19dd4f7bc765bd82d296312702dd5e34e78e0296ed6fadf6c0611d68952679679ffab06b34cab5681681b191e84b7ed0ad3001169f5e48d5edb228b32185f81a7b64354e7edf8a37c2104ec6fb06b95200d7ee9c72244239ce390bae93d2c45765e7ccc9b45e9d2f37578cc56b6202147dd857c999d789523eb6d4dc776554a2b0e6af955e6603afee1a0aa3374561a1cc1026eabd6e80ef601896381553b650bd2aeb905d1127e69d3b9c0a04c26e2233f775fa6c7f21233ae0dab2ac566888f8470e203e9dd6fc4818e4b7898579e7287aafe8b3bbc7d2e683d726c5b5a349f3469687c3c4601f673a4e7bb23a3b46ff7eba277dc06ca69bb2f89821e564b40bd3b991d9a14fb65790dd1ca5a1362e69bb3fe8c3cdcb76f8d17852a21c3aa2fa02018756b157d5fbd62ad9e10f4833f7c47cf54eaabdf01215c640ed1512af283d65f0f93f3ba38161d6ce25aa055325fb7d5398b5ffd07b4fe52291063b13beaab9249b78b920b44e275dad933d37a8ba607d0c55ee717a0a4d7d06a0e75cb9df0c8ac492c9aa4238ce935bcd4a607978612b0f8ab599f910c00fc685dad75334feb41b0bf10dc740936f26852c327b63c0681e475a6159af081302d6c302e0b1526e12a7e4923a3e57a59802c34148cc2d6244fdb5c71f2d1afc68246123736f5092f1f26d965f61872f470547dc087dbc3574b561747e24a517708dace5ce2388bb2a2eaca293b71522c8da51953b51cea1eb1b3ab0602a525ba699ff7d45a8735ff9bcc8dfd45b1e7fe179b7ecbd1db7049b1d02e89f4e551014cffb4794b012a2fe95e8f635d6346c24beae8f2279d645c736bbac3e275512b3af652f20657744c94648d276bc76f80fff3b22a1c141a684396f7981d1b6cc74270acd225925a537c1ce05032bac25b87581848cbae5abe90d68b76c7afbf01943e7c5c4aec6effa89b287aa37e7bb168fd7dbaf31d160d85d35cf36c2ef3741eaec922a383d84c6bb6681c8d674738504fb40db387afc359c0a13591f1adf0aecb58427f8518bd8589d93d119d04241c9d62d43aa4a0df172d1cdbef599ac82fd55f506e41e1946acac0ea00a3eb9d9deafe0ed441df52a5b41d7937e79c189216359dc39720d4fb20782d954d1ebe1208127e7e581270bb18faf63ab71d43584c3bb3353a57ac8fb2c6a22edba174a5006eab64ee780736b3c84b93e6e56519962aa62ec1bbff716fd033d0b440ac3e9cddee", 0x1000, 0x40000, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
sendto$inet(r1, &(0x7f0000000000)="63cc36a08b4dbab7a882b28f0506edcb6be693f1f5f84cfb3fc295bea59fd0e18bb33b63f7fe8a8ce22e40813250afb422150b56081e0258cd2b50bcd136eb9c07ec2e37209c8254ff6f280e34b9dc342aaaea96f7b99b264ca4aa8c77ea6b472c240992e7109c110f8b88a673c1fe26", 0x70, 0x8000, &(0x7f00000000c0)={0x2, 0x4e21, @private=0xa010102}, 0x10)

[  876.317420]  ? ___ratelimit+0x465/0xa10
[  876.317466]  sg_write.part.0+0x6a2/0xb50
[  876.317496]  ? __pfx_sg_write.part.0+0x10/0x10
[  876.317527]  ? __lock_acquire+0x694/0x1b70
[  876.317558]  ? __pfx_perf_tp_event+0x10/0x10
[  876.317591]  ? lock_acquire+0x15e/0x2f0
[  876.317614]  ? get_pid_task+0x29/0x250
[  876.317656]  ? get_pid_task+0xfd/0x250
[  876.317695]  ? lock_release+0xc8/0x290
[  876.317723]  ? perf_trace_lock_acquire+0xc9/0x700
[  876.317747]  ? get_pid_task+0x107/0x250
[  876.317784]  ? avc_policy_seqno+0x9/0x20
[  876.317815]  ? selinux_file_permission+0x99/0x600
[  876.317849]  sg_write+0x86/0xe0
[  876.317875]  vfs_write+0x2b7/0x1150
[  876.317910]  ? __pfx_sg_write+0x10/0x10
[  876.317936]  ? lock_acquire+0x15e/0x2f0
[  876.317960]  ? __fget_files+0x34/0x3b0
[  876.317995]  ? __pfx_vfs_write+0x10/0x10
[  876.318031]  ? __fget_files+0x203/0x3b0
[  876.318065]  ? lock_release+0xc8/0x290
[  876.318094]  ? __fget_files+0x20d/0x3b0
[  876.318140]  ksys_write+0x121/0x240
[  876.318176]  ? __pfx_ksys_write+0x10/0x10
[  876.318224]  do_syscall_64+0xbf/0x360
[  876.318250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.318275] RIP: 0033:0x7fbb63381b19
[  876.318293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  876.318316] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  876.318340] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  876.318356] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  876.318371] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  876.318386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  876.318401] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  876.318435]  </TASK>
[  876.348182] syz-executor.7 uses obsolete (PF_INET,SOCK_PACKET)
[  876.491112] FAULT_INJECTION: forcing a failure.
[  876.491112] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  876.491151] CPU: 0 UID: 0 PID: 7572 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  876.491179] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  876.491193] Call Trace:
[  876.491200]  <TASK>
[  876.491208]  dump_stack_lvl+0xfa/0x120
[  876.491252]  should_fail_ex+0x4d7/0x5e0
[  876.491292]  _copy_from_user+0x30/0xd0
[  876.491333]  copy_clone_args_from_user+0x152/0x7a0
[  876.491381]  ? find_held_lock+0x2b/0x80
[  876.491418]  ? get_pid_task+0xfd/0x250
[  876.491456]  ? __pfx_copy_clone_args_from_user+0x10/0x10
[  876.491495]  ? get_pid_task+0x107/0x250
[  876.491531]  ? proc_fail_nth_write+0x97/0x220
[  876.491568]  ? find_held_lock+0x2b/0x80
[  876.491599]  ? ksys_write+0x121/0x240
[  876.491634]  ? lock_is_held_type+0x9e/0x120
[  876.491674]  __do_sys_clone3+0xa5/0x280
[  876.491696]  ? __pfx___do_sys_clone3+0x10/0x10
[  876.491722]  ? __mutex_unlock_slowpath+0x155/0x7b0
[  876.491758]  ? kernel_write+0x613/0x660
[  876.491795]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  876.491836]  ? __fget_files+0x20d/0x3b0
[  876.491878]  ? fput+0x6a/0x100
[  876.491900]  ? ksys_write+0x1a3/0x240
[  876.491933]  ? __pfx_ksys_write+0x10/0x10
[  876.491970]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  876.492014]  do_syscall_64+0xbf/0x360
[  876.492039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.492062] RIP: 0033:0x7f7b289bfb19
[  876.492079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  876.492100] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  876.492123] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  876.492138] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  876.492152] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  876.492166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  876.492179] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  876.492212]  </TASK>
[  876.592238] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  876.592238]    program syz-executor.2 not setting count and/or reply_len properly
13:50:40 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 2)

13:50:40 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xa9f)

13:50:40 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r3=>r2, {0xe0}}, './file0\x00'})
fsetxattr$security_capability(r3, &(0x7f0000000080), &(0x7f00000000c0)=@v2={0x2000000, [{0x448146b3, 0x6}, {0x1, 0x66}]}, 0x14, 0x3)
ioctl$SG_IO(r2, 0x2285, 0x0)
r4 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x1c, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x6, 0xa, 0x0, {0x0, r5, r3}}, 0x8001)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:50:40 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x80086601, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:40 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, 0x0)

13:50:40 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 53)

13:50:40 executing program 7:
syz_open_dev$sg(&(0x7f0000000000), 0x4, 0x2)
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:50:40 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x6dfdbac26a8d659b)

13:50:40 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x5a200, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r5)
r6 = dup2(r3, r1)
write$binfmt_aout(r6, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r6, 0x2285, 0x0)
write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0x120)

[  885.862739] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  885.862739]    program syz-executor.2 not setting count and/or reply_len properly
13:50:40 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@private=0xa010100, @private=0xa010100, 0x1, 0x1, [@loopback]}, 0x14)

[  885.872556] FAULT_INJECTION: forcing a failure.
[  885.872556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  885.874921] CPU: 0 UID: 0 PID: 7616 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  885.874957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  885.874973] Call Trace:
[  885.874982]  <TASK>
[  885.874992]  dump_stack_lvl+0xfa/0x120
[  885.875045]  should_fail_ex+0x4d7/0x5e0
[  885.875092]  _copy_from_user+0x30/0xd0
[  885.875139]  copy_clone_args_from_user+0x4ba/0x7a0
[  885.875187]  ? get_pid_task+0xfd/0x250
[  885.875232]  ? __pfx_copy_clone_args_from_user+0x10/0x10
[  885.875272]  ? perf_trace_lock+0xb5/0x5d0
[  885.875312]  ? find_held_lock+0x2b/0x80
[  885.875358]  ? ksys_write+0x121/0x240
[  885.875399]  ? lock_is_held_type+0x9e/0x120
[  885.875447]  __do_sys_clone3+0xa5/0x280
[  885.875472]  ? __pfx___do_sys_clone3+0x10/0x10
[  885.875522]  ? __fget_files+0x20d/0x3b0
[  885.875572]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  885.875618]  ? ksys_write+0x1a3/0x240
[  885.875658]  ? __pfx_ksys_write+0x10/0x10
[  885.875712]  do_syscall_64+0xbf/0x360
[  885.875741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.875768] RIP: 0033:0x7f7b289bfb19
[  885.875788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  885.875813] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  885.875839] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  885.875856] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  885.875872] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  885.875887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  885.875903] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  885.875944]  </TASK>
[  885.906491] hpet: Lost 1 RTC interrupts
[  885.911672] FAULT_INJECTION: forcing a failure.
[  885.911672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  885.913678] CPU: 0 UID: 0 PID: 7615 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  885.913712] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  885.913727] Call Trace:
[  885.913735]  <TASK>
[  885.913745]  dump_stack_lvl+0xfa/0x120
[  885.913795]  should_fail_ex+0x4d7/0x5e0
[  885.913841]  _copy_from_iter+0x1dc/0x15b0
[  885.913886]  ? lock_is_held_type+0x9e/0x120
[  885.913931]  ? __pfx__copy_from_iter+0x10/0x10
[  885.913975]  ? find_held_lock+0x2b/0x80
[  885.914012]  ? __create_object+0x59/0x80
[  885.914041]  ? lock_release+0xc8/0x290
[  885.914068]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  885.914115]  copy_page_from_iter+0xe3/0x180
[  885.914163]  bio_copy_from_iter+0x108/0x270
[  885.914208]  blk_rq_map_user_iov+0xc07/0x1180
[  885.914254]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  885.914290]  ? __pfx___mutex_trylock_common+0x10/0x10
[  885.914326]  ? find_held_lock+0x2b/0x80
[  885.914369]  ? sg_common_write.constprop.0+0xc36/0x1710
[  885.914400]  ? lock_release+0xc8/0x290
[  885.914423]  ? import_ubuf+0x1be/0x220
[  885.914467]  blk_rq_map_user_io+0x1cf/0x200
[  885.914502]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  885.914536]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  885.914582]  ? irq_work_queue+0x9c/0x100
[  885.914614]  ? __asan_memset+0x24/0x50
[  885.914658]  sg_common_write.constprop.0+0xd75/0x1710
[  885.914701]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  885.914732]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  885.914772]  ? ___ratelimit+0x465/0xa10
[  885.914822]  sg_write.part.0+0x6a2/0xb50
[  885.914854]  ? __pfx_sg_write.part.0+0x10/0x10
[  885.914899]  ? __pfx_perf_tp_event+0x10/0x10
[  885.914934]  ? lock_acquire+0x15e/0x2f0
[  885.914965]  ? get_pid_task+0xfd/0x250
[  885.915009]  ? perf_trace_lock+0xb5/0x5d0
[  885.915038]  ? perf_trace_lock_acquire+0xc9/0x700
[  885.915065]  ? avc_policy_seqno+0x9/0x20
[  885.915099]  ? selinux_file_permission+0x99/0x600
[  885.915135]  sg_write+0x86/0xe0
13:50:41 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x1008)

[  885.915163]  vfs_write+0x2b7/0x1150
[  885.915199]  ? __pfx_sg_write+0x10/0x10
[  885.915226]  ? lock_acquire+0x15e/0x2f0
[  885.915251]  ? __fget_files+0x34/0x3b0
[  885.915288]  ? __pfx_vfs_write+0x10/0x10
[  885.915326]  ? __fget_files+0x203/0x3b0
[  885.915362]  ? lock_release+0xc8/0x290
[  885.915393]  ? __fget_files+0x20d/0x3b0
[  885.915442]  ksys_write+0x121/0x240
[  885.915480]  ? __pfx_ksys_write+0x10/0x10
[  885.915532]  do_syscall_64+0xbf/0x360
[  885.915560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.915585] RIP: 0033:0x7fbb63381b19
[  885.915605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  885.915629] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  885.915654] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  885.915671] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  885.915687] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  885.915702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  885.915717] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  885.915755]  </TASK>
[  885.965681] hpet: Lost 1 RTC interrupts
13:50:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 54)

13:50:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2000)

13:50:50 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
recvmmsg(r1, &(0x7f0000000580)=[{{&(0x7f0000000000)=@qipcrtr, 0x80, &(0x7f0000000440)=[{&(0x7f00000000c0)=""/67, 0x43}, {&(0x7f0000000140)=""/63, 0x3f}, {&(0x7f0000000180)=""/152, 0xfffffe33}, {&(0x7f0000000280)=""/142, 0x8e}, {&(0x7f0000000340)=""/122, 0x7a}, {&(0x7f00000003c0)=""/93, 0x5d}], 0x6, &(0x7f00000004c0)=""/143, 0x8f}}], 0x1, 0x40010002, &(0x7f00000005c0)={0x0, 0x989680})

13:50:50 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 3)

13:50:50 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x80087601, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:50 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, 0x0)

13:50:50 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7d6}}, 0x20)

13:50:50 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x27, 0x5, 0x5, 0xee, 0x0, 0x5, 0xb0000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x40088, 0x1000, 0x9, 0x3, 0x1000, 0x0, 0x2, 0x0, 0x7, 0x0, 0x100000000}, 0xffffffffffffffff, 0xa, r0, 0xb)

[  895.592458] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  895.592458]    program syz-executor.2 not setting count and/or reply_len properly
[  895.596869] FAULT_INJECTION: forcing a failure.
[  895.596869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  895.597826] CPU: 0 UID: 0 PID: 7639 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  895.597843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  895.597850] Call Trace:
[  895.597854]  <TASK>
[  895.597859]  dump_stack_lvl+0xfa/0x120
[  895.597886]  should_fail_ex+0x4d7/0x5e0
[  895.597909]  _copy_from_iter+0x1dc/0x15b0
[  895.597935]  ? __pfx__copy_from_iter+0x10/0x10
[  895.597955]  ? find_held_lock+0x2b/0x80
[  895.597974]  ? __create_object+0x59/0x80
[  895.597988]  ? lock_release+0xc8/0x290
[  895.598001]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  895.598025]  copy_page_from_iter+0xe3/0x180
[  895.598048]  bio_copy_from_iter+0x108/0x270
[  895.598070]  blk_rq_map_user_iov+0xc07/0x1180
[  895.598092]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  895.598109]  ? __pfx___mutex_trylock_common+0x10/0x10
[  895.598127]  ? find_held_lock+0x2b/0x80
[  895.598143]  ? sg_common_write.constprop.0+0xc36/0x1710
[  895.598159]  ? lock_release+0xc8/0x290
[  895.598170]  ? import_ubuf+0x1be/0x220
[  895.598190]  blk_rq_map_user_io+0x1cf/0x200
[  895.598208]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  895.598223]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  895.598247]  ? irq_work_queue+0x9c/0x100
[  895.598262]  ? __asan_memset+0x24/0x50
[  895.598284]  sg_common_write.constprop.0+0xd75/0x1710
[  895.598304]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  895.598319]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  895.598341]  ? ___ratelimit+0x465/0xa10
[  895.598365]  sg_write.part.0+0x6a2/0xb50
[  895.598380]  ? __pfx_sg_write.part.0+0x10/0x10
[  895.598396]  ? __lock_acquire+0x694/0x1b70
[  895.598412]  ? __pfx_perf_tp_event+0x10/0x10
[  895.598429]  ? lock_acquire+0x15e/0x2f0
[  895.598441]  ? get_pid_task+0x29/0x250
[  895.598463]  ? get_pid_task+0xfd/0x250
[  895.598482]  ? lock_release+0xc8/0x290
[  895.598496]  ? perf_trace_lock_acquire+0xc9/0x700
[  895.598508]  ? get_pid_task+0x107/0x250
[  895.598526]  ? avc_policy_seqno+0x9/0x20
[  895.598543]  ? selinux_file_permission+0x99/0x600
[  895.598561]  sg_write+0x86/0xe0
[  895.598574]  vfs_write+0x2b7/0x1150
[  895.598592]  ? __pfx_sg_write+0x10/0x10
[  895.598605]  ? lock_acquire+0x15e/0x2f0
[  895.598616]  ? __fget_files+0x34/0x3b0
[  895.598634]  ? __pfx_vfs_write+0x10/0x10
[  895.598652]  ? __fget_files+0x203/0x3b0
[  895.598669]  ? lock_release+0xc8/0x290
[  895.598684]  ? __fget_files+0x20d/0x3b0
[  895.598707]  ksys_write+0x121/0x240
[  895.598725]  ? __pfx_ksys_write+0x10/0x10
[  895.598749]  do_syscall_64+0xbf/0x360
[  895.598762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.598775] RIP: 0033:0x7fbb63381b19
[  895.598785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  895.598797] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  895.598809] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  895.598817] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  895.598825] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  895.598832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  895.598839] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  895.598857]  </TASK>
[  895.622983] hpet: Lost 1 RTC interrupts
[  895.633702] FAULT_INJECTION: forcing a failure.
[  895.633702] name failslab, interval 1, probability 0, space 0, times 0
[  895.635402] CPU: 1 UID: 0 PID: 7651 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  895.635433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  895.635447] Call Trace:
[  895.635454]  <TASK>
[  895.635463]  dump_stack_lvl+0xfa/0x120
[  895.635509]  should_fail_ex+0x4d7/0x5e0
[  895.635549]  should_failslab+0xc2/0x120
[  895.635588]  kmem_cache_alloc_node_noprof+0x71/0x3e0
[  895.635622]  ? copy_process+0x45a/0x73e0
[  895.635650]  copy_process+0x45a/0x73e0
[  895.635670]  ? __pfx__kstrtoull+0x10/0x10
[  895.635704]  ? lock_acquire+0x15e/0x2f0
[  895.635727]  ? __might_fault+0xe0/0x190
[  895.635756]  ? __pfx_copy_process+0x10/0x10
[  895.635778]  ? __might_fault+0xe0/0x190
[  895.635806]  ? _copy_from_user+0x5b/0xd0
[  895.635849]  kernel_clone+0xea/0x7f0
[  895.635869]  ? get_pid_task+0xfd/0x250
[  895.635907]  ? __pfx_kernel_clone+0x10/0x10
[  895.635938]  ? find_held_lock+0x2b/0x80
[  895.635969]  ? ksys_write+0x121/0x240
[  895.636004]  ? lock_is_held_type+0x9e/0x120
[  895.636044]  __do_sys_clone3+0x1f5/0x280
[  895.636066]  ? __pfx___do_sys_clone3+0x10/0x10
[  895.636105]  ? __fget_files+0x20d/0x3b0
[  895.636146]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  895.636186]  ? ksys_write+0x1a3/0x240
[  895.636220]  ? __pfx_ksys_write+0x10/0x10
[  895.636264]  do_syscall_64+0xbf/0x360
[  895.636289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.636312] RIP: 0033:0x7f7b289bfb19
[  895.636329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  895.636358] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  895.636380] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  895.636395] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  895.636409] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  895.636423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  895.636436] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  895.636481]  </TASK>
13:50:50 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f00000013c0)=[{&(0x7f0000000180)="f3f75390647b9c27987ed43c4e15a0064b4f3352cc68e409c6479b70386064d546eb8aa9b9b20f675c6ca41217da8b5dbec1fbc8fcf5f5067ed8a73d64cd46df5d67e481b00b2ffe366d7bb9cca8d3031a3b140b044ffdb3aa19489f7dc034aa7a", 0x61, 0x3ff}, {&(0x7f0000000200)="f836af9181f0ac849a71c3a10295c86b3c4b2215682018d2218af4742095a9d929c604173d034687d5baab9d55eeccf6927827e08bb1043997b1641cde5438fe3e42530745b67d959add92d3deb78e71ade70a402dea992333a85a5fc2f52a7956629d3d84e565e13041bf1d7370f47e5c436af414bf1b7f8012d2d859b0402c8ddb138cda1b0c22869b6bf38b7a3175a22f2a3cf52449f37503de117020dc37b328bdbf262f41e8754bf229036bdec8bfb1f7c1a767c9950540e65dccf4965dcb35d37d6a7753211aae0f6bc194c3ceccb92f9757ad0d7c3596709ce2f1ab2da3b2871c8b", 0xe5, 0x1}, {&(0x7f00000003c0)="b863aab750bcf8d5784eb53176d5155a3d790a7bd9fd8c0159bdfe5a31d2abf285e33d657b8479f61769f1141af84d2bbfe7fce23d9d4126740fa67d18f8f70579cfa688d71bcbff4ed2c6c04931702b2358095f36eeca280180e0b6ba4c585222c6b88cbb5e6354b3e257cd745c29fd6b84328445d64ee2015c220caeadcc5a240146efddad6ba28c95414b43ad074e616d6f695a0bcc0a9f76b6ea6a45cddb13db889a2c5de9aa30028c07484dc0b214c8c20f7f60fee5baa28d0b07c90b1776a1c2f12a053a6ccee961c5bca6899ad8049f2c64c79b0d4b0ca6aae5c1ab0775c9466a01f15e534984fbd589f28c852328f70d06485794927ac7d67863e0b96a88eec1ae54a41d7e7f0cc4279213aa6150e27ef49fd199dcc39de883423dfa6304c1a6ec115ef1d69fa88904eb84bb5ae250e277935e0454d52aecdd17ee42323dc0a31fa26a8705d1778afec8032604b03d2241a4c49e02690edacb4e816edfcd7252feb4aefed27c9a3490d3862fd2bcabb1c36befe5445f66f23e37fd2b9233f06ecf68ebb7021a2e4497a322ecefceda70b6e1c5a8a5d31c1705ef4b5d3d2e6301e282ec57bca4af4e9cce62ac304cdac7dc80652e61ad9827e5da219e69a3396ff789a02cd053c5c0b46228cd0ca11a1953c842be5133cb91067cc4fc0bcd82fc6fcebcb0cc678c26bdb79905b7b6f6d346157d386f55a78171f4e617ff559e993c31854cb9db6e3cda577450d946bfa1ea6c14cb4cc067820f19bb17163f19a12feb617800a558a3296aa00aeefa618cdcc08fc86829c1c3381457464f1eb01c9ba72ab5b2625260834db3d033dd6b6455a7bff59d7567a5230d01bc8aae688ede3a7a3cecb79a84afe1a8bee8ea494b508ab507bbd1d6cc073bc60b13102127353d62064e367480ea8c63bd138e152e0b108e5fc7a897473d8ea99cbc9656b28b81e1147b6b936648761b6eb5478d9aefacaaedd79c5a6a9af5208473e9d8962540d41810b87b0c830ed78c239b277f45456ca289f360746e80bc4dcf5390f8c7bf6acf54937e0f3f0eca266a7a36dd083cd95b268352f66c8b93ade1405023312fc0ae3bfb5df0cf31a6fbdfc2641df93b173fee47e67605e66eebf29c37eaa724d8e2b4ad85232999b4941cb66b7d69cbf9ad85a7503e64d47115d43564637e3a14d84d63ff4ab6c4997b6f462cb665f23bbc307939cbc364061d59219f1ab8f9c43d75aa3a8e3837b7620c6c2d5c2eafd356ff8aa01ec7eddb0cc2a991365dae7c8ba7645adab88cf620ed64f299bb9441b7dc78235197d9ce95fbd33135d0769894313f33960f41b5ad4dfab89857501fe47e89465eb5c9e5fa3c27998c4f9eab7d6a72d1eb3d2025f3411f9a9c011425197877abba44813a6ac0140af7e731fd6fbcb837f717916dac1caac346da8c6710a270ab84fe8a6c0754ce7b185ff49395ffd5d1efc5ce37c3f9bb072da3965d215cd32243caf1d0109e19325ba79a68e793b4089bd92eb47b8c0db58bb3e9e32a16803f8c9fed95bf619fb2db4c257bc51411cd0ef6feda29cbca09ab79fb73832ef4e5703e9cdc98d00ddf68e7ea3ff5989fb6142237b5e06419c38987ccc410fedc2c49a8f44fcea2250d5c488f28d4fc582dca8967f8ca0624366df6ec76e4b5682892ef10d3453f9d808d40e54af41a2ed9a69f4ba90273663787dd8f6c350999e456a311fd3f5cb58996d2d18c0c9c190df63f5e87cde48673e91704a5674e413fd826042c38036346d0d9641b734fecf79647a73f4df9d64215077690c51754ff7586c02e2a42725c4fc7bba1e27c35d7f3fb19f9214ee2696ac50ae26b315a3f6be4e653aaacd2512c6d78af6edad7e0a651a27ef3abc69978a1133df2dbf328771b957c83cf1d057c4a1eb837be958f7e9b6a14ff39977cba172580a1486708399989abbb691cee3bda39a9ae7e8ce4b5a1e598bc5b352bd9a4ff2a2e3c7f15bcfa9122a77c9c046aae5faf79be830055e25d886b840ea37627423dad7b4c96929ffb7dcc006b87b4a80ac5c348b4b2de57888b428c6b54e5807ca27b6e53f99d0aa66803241281f081a1cde1df44281d8d5b740aac8911b746a6278c973d37d5e41b6a4a7675bcd09793904dcca91cf7651d25199df6fc02651b1cf8ec733e8f6f153c3a212b0b128ca00ac2044bea0eb63b6e7b24fb0bb39fe7a01f6bc3938cbde0143549e76eb80970884cde03457d8c09d995c9476e5341929127e5859224278c0c3e07b6bd80a99f82f9aa12eb40088942982d9364df09b12f5aa869198d09077168ceb4b0dcafabba80771a56cd08d14da576714992d1385b0581a1cfafa671f636d68d91d2730de6bde2451aeeebae0dafb43127b754918ac5f9fd10a043781cea0a37e9ef9ca30851bf485b8c90792449970a1600b01c8df4b82d24f17b34205c506bd43bd0c0723b1b24671cd4bf86cd1ce89b08bd46b2cbbe0c8dd011dc2a1630b9e55a476e7a23e4c407c13cdce6716eade3b2bc0e7745b5f43c0b07386364b71d833de7b00f3627c519dddb1918afa159b2e8a2f8d6145be9a18e20b37bca30ae91de852cf43c3879b9d3ea44adf8bcbcd085bcafd8d68e1ddc6c81b842ddf8101848b75d06e114dd1cd9cc67da06144accc5f73a649a4ea988710037b3850b8ae22b9bab94ab8f805c14a70229bf4a371f76e69116ecdab6863ab35c7bfa77c79eb70a81a635dd624721512465a2fd6f0533e5b0ffc2b10bbc36846731dcccbaae72d60cc9485a897cab0a5778568287f200151c4550b9c782f4163c348e668545f13a59ca0c819de3c6d713f07c917b45783afaefafba31e162adf767026920534a676cbf704fbe61702d9a48af24d3300d9c841cf5707b57a6bcbaa8e6dcf5618cbd82d2bffa68d29393937befcf0b0304ba8a2b7e8a21632484441c3dc22249338a6fd9b65883062fe994bd27534265d884acb88b79704e9dee558e246e788d68184dfca480aa144189a6d2dfd3f5127e63d356f254526d8bef09a1fc31205d586602fc68e538b83eac6eb2d880163d82133bca006e230c1af4bb3873a7b9f029e76fdef4f0203412448df14542e61bdf499ca88bbb6f866fae5e626d58bbefafd268aaa9d59c4bc5bfc7ff5f6f309ab824056772b2741686b37bc0460b3263a1acd09cbc6b0f958ac564e1aaffaf181729955f4cad514d8938cd4ac609224eb88621b8d1f4d420cc10bba71b3491d8a7dbf232b96e5f5fa5e94a8452e60ec3ccb1a4d6dc3ecb08e71fe00440f0f3f612a84a778aed1f5a4dc7b4efcc5ba347d4c52cc546a3f23d38e40a1138255d2a07793c3b97c2e654180c13aaede1399dad47fed09d5080318b79d5c6fdd1522b4a769093b298bcb51c79ed0a89fd5733fa2e730a7db86e3048a407b94255e309ff503c16585187c6d9f12839e38612f4c2ae0878037a28f7f75ea2b4f530783eadd8bf456c12cc8cb5cb866bea565b2ed33d4f7ebc68d74953d6886577b72480e7e93702f8535d0d4cfc734d0ae9525c3563b8b0f6f20f89bd89dc3b0b7e2ba94a33c2bc7772f14a49e7415f59729d662298d0cb3caef5739fae9d6f47350f55346985e36addb00ba433429773d5e203aeb4a53b8c42ea0b69fc61a106dad80fd8e9f6f58fa4c0c01f24546e6ac636e5316b7256f928d0e53260b8308047a01c82ceb4db7f788454eb2f4b0c7a5879a7927339ad8a56245781b254c2cfc111473a3263f44018a727ee4622bba3f333dee8cc484f8d1a6a4f49aff5dcda94015ced855af1949e1b93b48cc0457b659f17936f29f36fdb58b7b06dae4f8c26eceb796f6793f173c8c5e54cedc6226dbde057fad463c617270d155c9e663fdf69d991a79342d30fd563385c78849697147ce6e9e69fe8310c9bbabaaf4cce2127d470712db91f1aff297d79c14fe2c46f5491b911b7ad97a7038ed7d887a23f8e7db0bf415b87ac356421fe110ac70225be289c132fb8062876cb6c32a107a36f9a27b31b18ed015970bee5bda8ad393e79bba886b2609f394b868406ff6d1ade4d0ec7cbbf044a755a1effab7f3aa39659a2a38786d054985064a6d667400c30218385a5f21beab5c940cc37a7a9de84def8de083f330c208f47cf4a62ac96e945863244d33dac75b817fd9ec1387ddbd5221a4aa19486dc5378be9df96ad88fa691d0aac1b5562f70c4c3179c30c6c49a32783f04e472a5543fbb12ea9774980756e78d86fc82cc4387026727649713630805b110fa42401e084015bbda7aa114cc23ff3ef170f7e58ce2f493d3e116ea8378e931334711f6881f2db7805b031c2c50ff7eca79235ccf1442c2ddfd6d61ba003efdc45ef6883ba96388c2ec830ca85f9f0c83151474733eb93d8a5900a5fddf64120afd8a17f99a20c827d8e388ac7e65fd2551e98232c8e35f710b8101e5de93086df9bd1408bb6ff2b44af9cac22887f16381603d83a63e4a3d230fdfd529c0323506f51fc6a26e3e8282ed5cc7efd498e3f3cc40b39b3db428e27c1bb1f9893dfb0e92a719cf2e1f09d9995da4d6f6ca1919dac883c4cb1851e480221aca7d3518daadb1231986e75d420efecc956c801c8b9a939a6277b5ddcb5381d49f371ba167d215f37cdf41bc65f400e962f645af16d5f4aac985902079913484f6166f1a4928a8523b3181babfcc8f59ea0cdba4fb0df74276e650243d3b5b1601b4c695f18639b96d7b82a247d7ff084e42110d9ac22ee5b32ef920d7686af68fff873d8fb1ce2f228a875fb12e70172b98842c09260890bbea038c962d7442be351294cc55775a0b4f869e008831c0263a1ab4a35dde121ac637f5da092166d65740f88cf72ba9b64745eeadbd3692f041ae338e77b304834b1b77c0fba8054da235371d3f53c4ba9babcf07308be27cb88d887169b1a6c44e68c29f323c012c5dc61fb1693f6e5a2b0c24820504a7c0bd991fcea3ee7e5ac130c5e22006dcd4d59f8c3d1be162e5c5234cc710d9b3197375c8161fea13913d18bf973b161b34048bcc8b694eb347c2f069b02022052fb8ccc54abaec6b6ad862477e5afe0799eff04e4a504db255617dc5bd459242a488b14862340d3c2095df19b5aadf04b95e3c534db8ca6ffa6e0873c1eb358df6cef1f835753db123b65d68759bb1e8015ccbcc3effae28be736a5e90b259c5423dff8bb829258c9dce2d830c614232fe24ff79aa2c988875a2892378e7b18105e2da560c016a6963f4d29fee52bb16f7034bacbda5714e254b73f35b49a8276a4bc88720a0711ba7190db750081569758426864586726c16b703b2bb69f564891dc1487feeede6ada4682f3361db2d68f2f2a015ed6991ec9843b2b23fe8f6b16db993597ecf7da099ed06c8e3c2d33d566e845abd39b941b146f159f5dfed11fe1da4a753ed127f6014d4ead23aed8264d1a673fcdd06f25236a4557c2694741a0c7be8ddeaaf290b3e49183e19317abf29181b7827891b6251440db69442faff0e5229426293f48b8e8105f6702ca465e83a20ddc879e2a4701d3405f59cf4dd01c7d93542250e0e97a89aebc95b7a08d2f112f1e393071f70745b0b6990741032993bd9114cb66fc3608ce3dd41808d206a07db308df4ea5383cd5f6ae7af7c2f55d2c5362d3929d80a20cf8c675d7ddf94dd97fa7d6b2db80d3f82c93ca49039cae424988c334dacdebbddd0ccbcc9164d40aa97a42ef29316ed6af4cc6f16268118c9f2eddd071003ae5b443698e6a4d7d2ac4289184c69f43653c63e8ccbdee0ed0b64fd08a973e6", 0x1000, 0x3}], 0x28400, &(0x7f0000001440)={[{@overriderock}, {@cruft}, {@map_acorn}, {@check_relaxed}, {@cruft}], [{@fowner_gt}, {@uid_lt={'uid<', 0xee01}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@euid_lt={'euid<', 0xee00}}, {@measure}]})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r2=>r0, {r1}}, './file0\x00'})
unlinkat(r2, &(0x7f0000000080)='./file0\x00', 0x200)

13:50:50 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, 0x0)

13:50:50 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x80111500, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:50:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 55)

13:50:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2002)

13:50:50 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r4, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
recvmsg$unix(r4, &(0x7f0000000900)={&(0x7f0000000040), 0x6e, &(0x7f0000000780)=[{&(0x7f00000000c0)=""/115, 0x73}, {&(0x7f0000000180)=""/96, 0x60}, {&(0x7f0000000200)=""/153, 0x99}, {&(0x7f0000000440)=""/129, 0x81}, {&(0x7f0000000500)=""/223, 0xdf}, {&(0x7f0000000600)=""/101, 0x65}, {&(0x7f0000000680)=""/200, 0xc8}], 0x7, &(0x7f0000000800)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc8}, 0x10200)
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$CDROM_GET_CAPABILITY(r3, 0x5331)

13:50:50 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 4)

[  895.798005] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  895.798005]    program syz-executor.2 not setting count and/or reply_len properly
[  895.809167] FAULT_INJECTION: forcing a failure.
[  895.809167] name failslab, interval 1, probability 0, space 0, times 0
[  895.810212] CPU: 0 UID: 0 PID: 7664 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  895.810230] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  895.810239] Call Trace:
[  895.810244]  <TASK>
[  895.810249]  dump_stack_lvl+0xfa/0x120
[  895.810279]  should_fail_ex+0x4d7/0x5e0
[  895.810304]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  895.810321]  should_failslab+0xc2/0x120
[  895.810349]  __kmalloc_noprof+0xb4/0x4b0
[  895.810373]  blk_rq_map_user_iov+0x1fd/0x1180
[  895.810396]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  895.810415]  ? __pfx___mutex_trylock_common+0x10/0x10
[  895.810436]  ? find_held_lock+0x2b/0x80
[  895.810454]  ? sg_common_write.constprop.0+0xc36/0x1710
[  895.810471]  ? lock_release+0xc8/0x290
[  895.810482]  ? import_ubuf+0x1be/0x220
[  895.810505]  blk_rq_map_user_io+0x1cf/0x200
[  895.810527]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  895.810544]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  895.810568]  ? irq_work_queue+0x9c/0x100
[  895.810584]  ? __asan_memset+0x24/0x50
[  895.810606]  sg_common_write.constprop.0+0xd75/0x1710
[  895.810628]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  895.810644]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  895.810662]  ? ___ratelimit+0x465/0xa10
[  895.810688]  sg_write.part.0+0x6a2/0xb50
[  895.810703]  ? __pfx_sg_write.part.0+0x10/0x10
[  895.810720]  ? __lock_acquire+0x694/0x1b70
[  895.810737]  ? __pfx_perf_tp_event+0x10/0x10
[  895.810756]  ? lock_acquire+0x15e/0x2f0
[  895.810767]  ? get_pid_task+0x29/0x250
[  895.810791]  ? get_pid_task+0xfd/0x250
[  895.810810]  ? lock_release+0xc8/0x290
[  895.810825]  ? perf_trace_lock_acquire+0xc9/0x700
[  895.810838]  ? get_pid_task+0x107/0x250
[  895.810855]  ? avc_policy_seqno+0x9/0x20
[  895.810872]  ? selinux_file_permission+0x99/0x600
[  895.810891]  sg_write+0x86/0xe0
[  895.810905]  vfs_write+0x2b7/0x1150
[  895.810924]  ? __pfx_sg_write+0x10/0x10
[  895.810938]  ? lock_acquire+0x15e/0x2f0
[  895.810950]  ? __fget_files+0x34/0x3b0
[  895.810968]  ? __pfx_vfs_write+0x10/0x10
[  895.810986]  ? __fget_files+0x203/0x3b0
[  895.811004]  ? lock_release+0xc8/0x290
[  895.811019]  ? __fget_files+0x20d/0x3b0
[  895.811044]  ksys_write+0x121/0x240
[  895.811062]  ? __pfx_ksys_write+0x10/0x10
[  895.811088]  do_syscall_64+0xbf/0x360
[  895.811102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.811116] RIP: 0033:0x7fbb63381b19
[  895.811125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  895.811137] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  895.811150] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  895.811158] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  895.811165] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  895.811172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  895.811179] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  895.811199]  </TASK>
[  895.833983] hpet: Lost 1 RTC interrupts
13:50:50 executing program 0:
fcntl$setflags(0xffffffffffffffff, 0x2, 0x1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000040))
r3 = dup2(r1, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:50:50 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 1)

13:50:50 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x801c581f, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  895.888832] FAULT_INJECTION: forcing a failure.
[  895.888832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  895.890098] CPU: 1 UID: 0 PID: 7679 Comm: syz-executor.6 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  895.890118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  895.890128] Call Trace:
[  895.890133]  <TASK>
[  895.890139]  dump_stack_lvl+0xfa/0x120
[  895.890174]  should_fail_ex+0x4d7/0x5e0
[  895.890203]  _copy_from_user+0x30/0xd0
[  895.890232]  vt_ioctl+0x192c/0x2db0
[  895.890254]  ? __pfx_vt_ioctl+0x10/0x10
[  895.890270]  ? lock_acquire+0x15e/0x2f0
[  895.890287]  ? get_pid_task+0x29/0x250
[  895.890313]  ? find_held_lock+0x2b/0x80
[  895.890335]  ? get_pid_task+0xfd/0x250
[  895.890364]  ? lock_release+0xc8/0x290
[  895.890382]  ? get_pid_task+0x107/0x250
[  895.890407]  ? proc_fail_nth_write+0x97/0x220
[  895.890434]  ? find_held_lock+0x2b/0x80
[  895.890454]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  895.890475]  ? __pfx_vt_ioctl+0x10/0x10
[  895.890493]  tty_ioctl+0x78b/0x1810
[  895.890512]  ? __pfx_tty_ioctl+0x10/0x10
[  895.890528]  ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0
[  895.890546]  ? __mutex_unlock_slowpath+0x91/0x7b0
[  895.890573]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  895.890591]  ? check_irq_usage+0xf2/0x790
[  895.890605]  ? __fget_files+0x34/0x3b0
[  895.890629]  ? find_held_lock+0x2b/0x80
[  895.890650]  ? __fget_files+0x203/0x3b0
[  895.890671]  ? lock_release+0xc8/0x290
[  895.890692]  ? selinux_file_ioctl+0xb9/0x280
[  895.890708]  ? __pfx_tty_ioctl+0x10/0x10
[  895.890726]  __x64_sys_ioctl+0x18f/0x210
[  895.890749]  do_syscall_64+0xbf/0x360
[  895.890767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.890783] RIP: 0033:0x7fd9beabab19
[  895.890795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  895.890810] RSP: 002b:00007fd9bc030188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  895.890825] RAX: ffffffffffffffda RBX: 00007fd9bebcdf60 RCX: 00007fd9beabab19
[  895.890836] RDX: 0000000020000040 RSI: 0000000000005602 RDI: 0000000000000003
[  895.890845] RBP: 00007fd9bc0301d0 R08: 0000000000000000 R09: 0000000000000000
[  895.890855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  895.890864] R13: 00007fff863fbebf R14: 00007fd9bc030300 R15: 0000000000022000
[  895.890885]  </TASK>
13:51:01 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x80811501, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:51:01 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 5)

13:51:01 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
truncate(&(0x7f0000000040)='./file1\x00', 0x7)

13:51:01 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000))
fork()
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:51:01 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2103)

13:51:01 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 56)

13:51:01 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 2)

13:51:01 executing program 0:
statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/130)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$TCXONC(r2, 0x540a, 0x0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
write$binfmt_aout(r0, &(0x7f0000000440)={{0xcc, 0x9, 0x40, 0x138, 0x1f9, 0x60, 0x15d, 0x3}, "d1af1328a0b5fd51bf59a1fb6aa48bbc0bb66f43f8bc42fa0f73cb4a62bb86210420d1244955df05020d6f064892b6ee89a03a3f8352bd708dbe438086d89cf2ff", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa61)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[  906.803750] FAULT_INJECTION: forcing a failure.
[  906.803750] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  906.804893] CPU: 1 UID: 0 PID: 7696 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  906.804911] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  906.804919] Call Trace:
[  906.804924]  <TASK>
[  906.804929]  dump_stack_lvl+0xfa/0x120
[  906.804958]  should_fail_ex+0x4d7/0x5e0
[  906.804982]  should_fail_alloc_page+0xe0/0x110
[  906.805007]  prepare_alloc_pages+0x1af/0x500
[  906.805025]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  906.805044]  ? __print_lock_name+0x82/0x100
[  906.805065]  ? lock_release+0xc8/0x290
[  906.805081]  ? lock_acquire+0x15e/0x2f0
[  906.805093]  ? __memcg_slab_post_alloc_hook+0x443/0x9d0
[  906.805114]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  906.805134]  ? lock_release+0xc8/0x290
[  906.805150]  ? __memcg_slab_post_alloc_hook+0x4ac/0x9d0
[  906.805171]  ? __create_object+0x59/0x80
[  906.805188]  ? __asan_memset+0x24/0x50
[  906.805211]  __alloc_pages_noprof+0xc/0x1b0
[  906.805229]  copy_process+0x4ea/0x73e0
[  906.805242]  ? __pfx__kstrtoull+0x10/0x10
[  906.805262]  ? lock_acquire+0x15e/0x2f0
[  906.805275]  ? __might_fault+0xe0/0x190
[  906.805292]  ? __pfx_copy_process+0x10/0x10
[  906.805304]  ? __might_fault+0xe0/0x190
[  906.805320]  ? _copy_from_user+0x5b/0xd0
[  906.805351]  kernel_clone+0xea/0x7f0
[  906.805362]  ? get_pid_task+0xfd/0x250
[  906.805385]  ? __pfx_kernel_clone+0x10/0x10
[  906.805402]  ? find_held_lock+0x2b/0x80
[  906.805420]  ? ksys_write+0x121/0x240
[  906.805441]  ? lock_is_held_type+0x9e/0x120
[  906.805465]  __do_sys_clone3+0x1f5/0x280
[  906.805477]  ? __pfx___do_sys_clone3+0x10/0x10
[  906.805500]  ? __fget_files+0x20d/0x3b0
[  906.805524]  ? fput+0x6a/0x100
[  906.805537]  ? ksys_write+0x1a3/0x240
[  906.805556]  ? __pfx_ksys_write+0x10/0x10
[  906.805578]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  906.805604]  do_syscall_64+0xbf/0x360
[  906.805618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.805632] RIP: 0033:0x7f7b289bfb19
[  906.805642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  906.805655] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  906.805668] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  906.805677] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  906.805685] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  906.805693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  906.805701] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  906.805720]  </TASK>
[  906.827263] FAULT_INJECTION: forcing a failure.
[  906.827263] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  906.828226] CPU: 1 UID: 0 PID: 7699 Comm: syz-executor.6 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  906.828242] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  906.828248] Call Trace:
[  906.828252]  <TASK>
[  906.828257]  dump_stack_lvl+0xfa/0x120
[  906.828278]  should_fail_ex+0x4d7/0x5e0
[  906.828302]  should_fail_alloc_page+0xe0/0x110
[  906.828323]  prepare_alloc_pages+0x1af/0x500
[  906.828335]  ? arch_stack_walk+0x9c/0xf0
[  906.828351]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  906.828372]  ? perf_trace_lock_acquire+0xc9/0x700
[  906.828385]  ? __lock_acquire+0xc65/0x1b70
[  906.828399]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  906.828418]  ? __lock_acquire+0xc65/0x1b70
[  906.828431]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  906.828449]  ? register_lock_class+0x41/0x560
[  906.828465]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  906.828489]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  906.828505]  ? policy_nodemask+0xeb/0x4e0
[  906.828523]  alloc_pages_mpol+0xed/0x340
[  906.828539]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  906.828553]  ? lock_is_held_type+0x9e/0x120
[  906.828585]  alloc_pages_noprof+0xa1/0x380
[  906.828607]  __pmd_alloc+0x3b/0x980
[  906.828625]  ? lock_release+0xc8/0x290
[  906.828643]  __handle_mm_fault+0xcae/0x30f0
[  906.828663]  ? mt_find+0x64c/0x870
[  906.828680]  ? __pfx_mt_find+0x10/0x10
[  906.828696]  ? __pfx___handle_mm_fault+0x10/0x10
[  906.828724]  ? find_vma+0xbf/0x140
[  906.828736]  ? __pfx_find_vma+0x10/0x10
[  906.828752]  handle_mm_fault+0x2c3/0x900
[  906.828768]  ? access_error+0x17d/0x380
[  906.828782]  ? lock_mm_and_find_vma+0xaa/0x6f0
[  906.828795]  do_user_addr_fault+0x395/0xeb0
[  906.828814]  exc_page_fault+0xb0/0x180
[  906.828833]  asm_exc_page_fault+0x26/0x30
[  906.828845] RIP: 0010:rep_movs_alternative+0x30/0x90
[  906.828863] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 cd 9c 03 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  906.828874] RSP: 0018:ffff888048b17b70 EFLAGS: 00050246
[  906.828884] RAX: 0000000000000001 RBX: 0000000020000040 RCX: 0000000000000008
[  906.828891] RDX: ffffed1009162f81 RSI: 0000000020000040 RDI: ffff888048b17c00
[  906.828899] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed1009162f80
[  906.828907] R10: ffff888048b17c07 R11: 0000000000000001 R12: 0000000000000000
[  906.828914] R13: ffff888048b17c00 R14: 0000000000005602 R15: 0000000000005602
[  906.828932]  _copy_from_user+0x9c/0xd0
[  906.828953]  vt_ioctl+0x192c/0x2db0
[  906.828972]  ? __pfx_vt_ioctl+0x10/0x10
[  906.828984]  ? lock_acquire+0x15e/0x2f0
[  906.828996]  ? get_pid_task+0x29/0x250
[  906.829015]  ? find_held_lock+0x2b/0x80
[  906.829032]  ? get_pid_task+0xfd/0x250
[  906.829051]  ? lock_release+0xc8/0x290
[  906.829065]  ? get_pid_task+0x107/0x250
[  906.829085]  ? proc_fail_nth_write+0x97/0x220
[  906.829106]  ? find_held_lock+0x2b/0x80
[  906.829123]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  906.829138]  ? __pfx_vt_ioctl+0x10/0x10
[  906.829153]  tty_ioctl+0x78b/0x1810
[  906.829168]  ? __pfx_tty_ioctl+0x10/0x10
[  906.829181]  ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0
[  906.829195]  ? __mutex_unlock_slowpath+0x91/0x7b0
[  906.829216]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  906.829231]  ? check_irq_usage+0xf2/0x790
[  906.829242]  ? __fget_files+0x34/0x3b0
[  906.829259]  ? find_held_lock+0x2b/0x80
[  906.829275]  ? __fget_files+0x203/0x3b0
[  906.829292]  ? lock_release+0xc8/0x290
[  906.829309]  ? selinux_file_ioctl+0xb9/0x280
[  906.829323]  ? __pfx_tty_ioctl+0x10/0x10
[  906.829337]  __x64_sys_ioctl+0x18f/0x210
[  906.829355]  do_syscall_64+0xbf/0x360
[  906.829368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.829380] RIP: 0033:0x7fd9beabab19
[  906.829389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  906.829400] RSP: 002b:00007fd9bc030188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  906.829410] RAX: ffffffffffffffda RBX: 00007fd9bebcdf60 RCX: 00007fd9beabab19
[  906.829418] RDX: 0000000020000040 RSI: 0000000000005602 RDI: 0000000000000003
[  906.829425] RBP: 00007fd9bc0301d0 R08: 0000000000000000 R09: 0000000000000000
[  906.829432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  906.829440] R13: 00007fff863fbebf R14: 00007fd9bc030300 R15: 0000000000022000
[  906.829458]  </TASK>
13:51:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 6)

13:51:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2123)

13:51:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 7)

13:51:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0xc0045878, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  906.953321] FAULT_INJECTION: forcing a failure.
[  906.953321] name failslab, interval 1, probability 0, space 0, times 0
13:51:02 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0/file0', [{0x20, '+\\,'}, {0x20, 'fd\x00'}, {0x20, '\'.'}, {0x20, '.)'}], 0xa, "cfd71328d8933d44be07c9647d"}, 0x2c)
perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x81, 0x40, 0x2, 0x48, 0x0, 0x7f, 0x81, 0xe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x7, 0x4}, 0x600, 0x1f, 0xfffffff9, 0x1, 0xe0, 0x101, 0x7f, 0x0, 0xd5, 0x0, 0x7fffffff}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0xa)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[  906.953723] CPU: 1 UID: 0 PID: 7710 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  906.953740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  906.953747] Call Trace:
[  906.953752]  <TASK>
[  906.953756]  dump_stack_lvl+0xfa/0x120
[  906.953782]  should_fail_ex+0x4d7/0x5e0
[  906.953804]  ? prepare_creds+0x2c/0x7e0
[  906.953817]  should_failslab+0xc2/0x120
[  906.953839]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  906.953858]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  906.953884]  prepare_creds+0x2c/0x7e0
[  906.953899]  copy_creds+0x7a/0xa20
13:51:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 8)

[  906.953915]  copy_process+0xf5a/0x73e0
[  906.953928]  ? __pfx_perf_trace_lock+0x10/0x10
[  906.953951]  ? __pfx_copy_process+0x10/0x10
[  906.953963]  ? __might_fault+0xe0/0x190
[  906.953980]  ? _copy_from_user+0x5b/0xd0
[  906.954004]  kernel_clone+0xea/0x7f0
[  906.954015]  ? get_pid_task+0xfd/0x250
[  906.954041]  ? __pfx_kernel_clone+0x10/0x10
[  906.954051]  ? perf_trace_lock+0xb5/0x5d0
[  906.954069]  ? find_held_lock+0x2b/0x80
[  906.954087]  ? ksys_write+0x121/0x240
[  906.954106]  ? lock_is_held_type+0x9e/0x120
[  906.954128]  __do_sys_clone3+0x1f5/0x280
[  906.954140]  ? __pfx___do_sys_clone3+0x10/0x10
[  906.954164]  ? __fget_files+0x20d/0x3b0
13:51:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2321)

[  906.954187]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  906.954208]  ? ksys_write+0x1a3/0x240
[  906.954226]  ? __pfx_ksys_write+0x10/0x10
[  906.954252]  do_syscall_64+0xbf/0x360
[  906.954266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.954278] RIP: 0033:0x7f7b289bfb19
[  906.954287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  906.954299] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  906.954310] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  906.954319] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  906.954326] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  906.954334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  906.954341] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  906.954361]  </TASK>
[  907.049050] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  907.049050]    program syz-executor.2 not setting count and/or reply_len properly
[  907.192303] FAULT_INJECTION: forcing a failure.
[  907.192303] name failslab, interval 1, probability 0, space 0, times 0
[  907.192332] CPU: 1 UID: 0 PID: 7734 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  907.192355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  907.192364] Call Trace:
[  907.192368]  <TASK>
[  907.192374]  dump_stack_lvl+0xfa/0x120
[  907.192403]  should_fail_ex+0x4d7/0x5e0
[  907.192428]  ? security_prepare_creds+0x101/0x160
[  907.192447]  should_failslab+0xc2/0x120
[  907.192471]  __kmalloc_noprof+0xb4/0x4b0
[  907.192491]  ? trace_kmem_cache_alloc+0x1f/0xb0
[  907.192509]  security_prepare_creds+0x101/0x160
[  907.192530]  prepare_creds+0x579/0x7e0
[  907.192547]  copy_creds+0x7a/0xa20
[  907.192565]  copy_process+0xf5a/0x73e0
[  907.192578]  ? __pfx_perf_trace_lock+0x10/0x10
[  907.192619]  ? __pfx_copy_process+0x10/0x10
[  907.192637]  ? __might_fault+0xe0/0x190
[  907.192657]  ? _copy_from_user+0x5b/0xd0
[  907.192684]  kernel_clone+0xea/0x7f0
[  907.192696]  ? get_pid_task+0xfd/0x250
[  907.192719]  ? __pfx_kernel_clone+0x10/0x10
[  907.192730]  ? perf_trace_lock+0xb5/0x5d0
[  907.192749]  ? find_held_lock+0x2b/0x80
[  907.192768]  ? ksys_write+0x121/0x240
[  907.192789]  ? lock_is_held_type+0x9e/0x120
[  907.192814]  __do_sys_clone3+0x1f5/0x280
[  907.192827]  ? __pfx___do_sys_clone3+0x10/0x10
[  907.192851]  ? __fget_files+0x20d/0x3b0
[  907.192877]  ? fput+0x6a/0x100
[  907.192890]  ? ksys_write+0x1a3/0x240
[  907.192909]  ? __pfx_ksys_write+0x10/0x10
[  907.192932]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  907.192958]  do_syscall_64+0xbf/0x360
[  907.192973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  907.192987] RIP: 0033:0x7f7b289bfb19
[  907.192997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  907.193010] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  907.193024] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  907.193034] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  907.193042] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  907.193049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  907.193057] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  907.193077]  </TASK>
13:51:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x10b}, "", ['\x00']}, 0x120)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r2, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x880}, 0x2400c000)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x1000000)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r5)

13:51:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 9)

13:51:12 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x24040884, &(0x7f0000000080)={0x2, 0x4e21, @private=0xa010100}, 0x10)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x4)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)

13:51:12 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 3)

13:51:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0xc0045878, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:51:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x3f00)

13:51:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 57)

[  917.397702] FAULT_INJECTION: forcing a failure.
[  917.397702] name failslab, interval 1, probability 0, space 0, times 0
[  917.399546] CPU: 1 UID: 0 PID: 7754 Comm: syz-executor.6 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  917.399579] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  917.399593] Call Trace:
[  917.399602]  <TASK>
[  917.399611]  dump_stack_lvl+0xfa/0x120
[  917.399662]  should_fail_ex+0x4d7/0x5e0
[  917.399706]  ? __pmd_alloc+0x98/0x980
[  917.399736]  should_failslab+0xc2/0x120
[  917.399779]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  917.399825]  __pmd_alloc+0x98/0x980
[  917.399855]  ? lock_release+0xc8/0x290
[  917.399884]  __handle_mm_fault+0xcae/0x30f0
[  917.399917]  ? mt_find+0x64c/0x870
[  917.399943]  ? __pfx_mt_find+0x10/0x10
[  917.399967]  ? __pfx___handle_mm_fault+0x10/0x10
[  917.400023]  ? find_vma+0xbf/0x140
[  917.400048]  ? __pfx_find_vma+0x10/0x10
[  917.400080]  handle_mm_fault+0x2c3/0x900
[  917.400113]  ? access_error+0x17d/0x380
[  917.400139]  ? lock_mm_and_find_vma+0xaa/0x6f0
[  917.400167]  do_user_addr_fault+0x395/0xeb0
[  917.400205]  exc_page_fault+0xb0/0x180
[  917.400246]  asm_exc_page_fault+0x26/0x30
[  917.400270] RIP: 0010:rep_movs_alternative+0x30/0x90
[  917.400304] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 cd 9c 03 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  917.400328] RSP: 0018:ffff888009a77b70 EFLAGS: 00050246
[  917.400355] RAX: 0000000000000001 RBX: 0000000020000040 RCX: 0000000000000008
[  917.400371] RDX: ffffed100134ef81 RSI: 0000000020000040 RDI: ffff888009a77c00
[  917.400387] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed100134ef80
[  917.400402] R10: ffff888009a77c07 R11: 0000000000000001 R12: 0000000000000000
[  917.400417] R13: ffff888009a77c00 R14: 0000000000005602 R15: 0000000000005602
[  917.400456]  _copy_from_user+0x9c/0xd0
[  917.400501]  vt_ioctl+0x192c/0x2db0
[  917.400536]  ? __pfx_vt_ioctl+0x10/0x10
[  917.400561]  ? lock_acquire+0x15e/0x2f0
[  917.400587]  ? perf_trace_lock+0xb5/0x5d0
[  917.400611]  ? find_held_lock+0x2b/0x80
[  917.400645]  ? get_pid_task+0xfd/0x250
[  917.400704]  ? perf_trace_lock+0xb5/0x5d0
[  917.400736]  ? __pfx_perf_trace_lock+0x10/0x10
[  917.400760]  ? proc_fail_nth_write+0x97/0x220
[  917.400800]  ? find_held_lock+0x2b/0x80
[  917.400834]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  917.400866]  ? __pfx_vt_ioctl+0x10/0x10
[  917.400897]  tty_ioctl+0x78b/0x1810
[  917.400928]  ? __pfx_tty_ioctl+0x10/0x10
[  917.400954]  ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0
[  917.400980]  ? __mutex_unlock_slowpath+0x91/0x7b0
[  917.401022]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  917.401051]  ? check_irq_usage+0xf2/0x790
[  917.401073]  ? __fget_files+0x34/0x3b0
[  917.401109]  ? find_held_lock+0x2b/0x80
[  917.401142]  ? __fget_files+0x203/0x3b0
[  917.401177]  ? lock_release+0xc8/0x290
[  917.401212]  ? selinux_file_ioctl+0xb9/0x280
[  917.401239]  ? __pfx_tty_ioctl+0x10/0x10
[  917.401269]  __x64_sys_ioctl+0x18f/0x210
[  917.401304]  do_syscall_64+0xbf/0x360
[  917.401331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.401354] RIP: 0033:0x7fd9beabab19
[  917.401371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  917.401393] RSP: 002b:00007fd9bc030188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  917.401415] RAX: ffffffffffffffda RBX: 00007fd9bebcdf60 RCX: 00007fd9beabab19
[  917.401431] RDX: 0000000020000040 RSI: 0000000000005602 RDI: 0000000000000003
[  917.401445] RBP: 00007fd9bc0301d0 R08: 0000000000000000 R09: 0000000000000000
[  917.401460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  917.401474] R13: 00007fff863fbebf R14: 00007fd9bc030300 R15: 0000000000022000
[  917.401513]  </TASK>
[  917.460960] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  917.460960]    program syz-executor.2 not setting count and/or reply_len properly
[  917.473210] FAULT_INJECTION: forcing a failure.
[  917.473210] name failslab, interval 1, probability 0, space 0, times 0
[  917.474928] CPU: 0 UID: 0 PID: 7758 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  917.474961] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  917.474976] Call Trace:
[  917.474984]  <TASK>
[  917.474994]  dump_stack_lvl+0xfa/0x120
[  917.475046]  should_fail_ex+0x4d7/0x5e0
[  917.475087]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  917.475137]  ? bio_kmalloc+0x3e/0x70
[  917.475177]  should_failslab+0xc2/0x120
[  917.475221]  __kmalloc_noprof+0xb4/0x4b0
[  917.475257]  ? trace_kmalloc+0x1f/0xb0
[  917.475281]  ? __kmalloc_noprof+0x215/0x4b0
[  917.475322]  bio_kmalloc+0x3e/0x70
[  917.475371]  blk_rq_map_user_iov+0x390/0x1180
[  917.475420]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  917.475457]  ? __pfx___mutex_trylock_common+0x10/0x10
[  917.475494]  ? find_held_lock+0x2b/0x80
[  917.475530]  ? sg_common_write.constprop.0+0xc36/0x1710
[  917.475561]  ? lock_release+0xc8/0x290
[  917.475584]  ? import_ubuf+0x1be/0x220
[  917.475629]  blk_rq_map_user_io+0x1cf/0x200
[  917.475665]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  917.475699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  917.475746]  ? irq_work_queue+0x9c/0x100
[  917.475779]  ? __asan_memset+0x24/0x50
[  917.475823]  sg_common_write.constprop.0+0xd75/0x1710
[  917.475867]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  917.475898]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  917.475935]  ? ___ratelimit+0x465/0xa10
[  917.475986]  sg_write.part.0+0x6a2/0xb50
[  917.476018]  ? __pfx_sg_write.part.0+0x10/0x10
[  917.476052]  ? perf_trace_lock+0xb5/0x5d0
[  917.476085]  ? __pfx_perf_trace_lock+0x10/0x10
[  917.476119]  ? lock_acquire+0x15e/0x2f0
[  917.476145]  ? perf_trace_lock+0xb5/0x5d0
[  917.476169]  ? find_held_lock+0x2b/0x80
[  917.476204]  ? get_pid_task+0xfd/0x250
[  917.476249]  ? perf_trace_lock+0xb5/0x5d0
[  917.476277]  ? perf_trace_lock_acquire+0xc9/0x700
[  917.476304]  ? avc_policy_seqno+0x9/0x20
[  917.476338]  ? selinux_file_permission+0x99/0x600
[  917.476375]  sg_write+0x86/0xe0
[  917.476403]  vfs_write+0x2b7/0x1150
[  917.476439]  ? __pfx_sg_write+0x10/0x10
[  917.476468]  ? lock_acquire+0x15e/0x2f0
[  917.476492]  ? __fget_files+0x34/0x3b0
[  917.476529]  ? __pfx_vfs_write+0x10/0x10
[  917.476567]  ? __fget_files+0x203/0x3b0
[  917.476603]  ? lock_release+0xc8/0x290
[  917.476634]  ? __fget_files+0x20d/0x3b0
[  917.476684]  ksys_write+0x121/0x240
[  917.476752]  ? __pfx_ksys_write+0x10/0x10
[  917.476825]  do_syscall_64+0xbf/0x360
[  917.476855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.476881] RIP: 0033:0x7fbb63381b19
[  917.476900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  917.476924] RSP: 002b:00007fbb608d6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  917.476948] RAX: ffffffffffffffda RBX: 00007fbb63495020 RCX: 00007fbb63381b19
[  917.476965] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  917.476980] RBP: 00007fbb608d61d0 R08: 0000000000000000 R09: 0000000000000000
[  917.476995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  917.477010] R13: 00007ffdd8f6230f R14: 00007fbb608d6300 R15: 0000000000022000
[  917.477049]  </TASK>
[  917.521316] hpet: Lost 2 RTC interrupts
13:51:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 10)

13:51:12 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 4)

[  917.647495] FAULT_INJECTION: forcing a failure.
[  917.647495] name failslab, interval 1, probability 0, space 0, times 0
[  917.649329] CPU: 0 UID: 0 PID: 7768 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  917.649370] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
13:51:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0xc0189436, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  917.649385] Call Trace:
[  917.649394]  <TASK>
[  917.649405]  dump_stack_lvl+0xfa/0x120
[  917.649459]  should_fail_ex+0x4d7/0x5e0
[  917.649506]  ? dup_fd+0x4d/0xa80
[  917.649544]  should_failslab+0xc2/0x120
[  917.649591]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  917.649631]  ? __pfx_avc_has_perm+0x10/0x10
[  917.649679]  dup_fd+0x4d/0xa80
[  917.649729]  copy_process+0x21b5/0x73e0
[  917.649757]  ? __pfx_perf_trace_lock+0x10/0x10
[  917.649807]  ? __pfx_copy_process+0x10/0x10
[  917.649835]  ? __might_fault+0xe0/0x190
[  917.649872]  ? _copy_from_user+0x5b/0xd0
[  917.649925]  kernel_clone+0xea/0x7f0
[  917.649949]  ? get_pid_task+0xfd/0x250
[  917.649994]  ? __pfx_kernel_clone+0x10/0x10
[  917.650017]  ? perf_trace_lock+0xb5/0x5d0
[  917.650059]  ? find_held_lock+0x2b/0x80
[  917.650097]  ? ksys_write+0x121/0x240
[  917.650138]  ? lock_is_held_type+0x9e/0x120
[  917.650190]  __do_sys_clone3+0x1f5/0x280
[  917.650216]  ? __pfx___do_sys_clone3+0x10/0x10
[  917.650270]  ? __fget_files+0x20d/0x3b0
[  917.650320]  ? fput+0x6a/0x100
[  917.650346]  ? ksys_write+0x1a3/0x240
[  917.650388]  ? __pfx_ksys_write+0x10/0x10
[  917.650434]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  917.650489]  do_syscall_64+0xbf/0x360
[  917.650520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.650549] RIP: 0033:0x7f7b289bfb19
[  917.650570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  917.650598] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  917.650626] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  917.650646] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  917.650663] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  917.650679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  917.650695] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  917.650738]  </TASK>
[  917.681542] hpet: Lost 1 RTC interrupts
13:51:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000000080))
fchmodat(r2, &(0x7f00000000c0)='./file0\x00', 0x182)
r3 = dup2(r1, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
ioctl$SG_GET_PACK_ID(r3, 0x227c, &(0x7f0000000040))
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:51:12 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 58)

13:51:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x4000)

[  917.771182] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  917.771182]    program syz-executor.2 not setting count and/or reply_len properly
13:51:12 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 5)

13:51:12 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 11)

[  917.861707] FAULT_INJECTION: forcing a failure.
[  917.861707] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  917.863603] CPU: 1 UID: 0 PID: 7783 Comm: syz-executor.6 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  917.863633] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  917.863646] Call Trace:
[  917.863654]  <TASK>
[  917.863662]  dump_stack_lvl+0xfa/0x120
[  917.863709]  should_fail_ex+0x4d7/0x5e0
[  917.863749]  should_fail_alloc_page+0xe0/0x110
[  917.863790]  prepare_alloc_pages+0x1af/0x500
[  917.863815]  ? find_held_lock+0x2b/0x80
[  917.863852]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[  917.863890]  ? __is_insn_slot_addr+0x140/0x290
[  917.863927]  ? kernel_text_address+0x5b/0xc0
[  917.863952]  ? __kernel_text_address+0xd/0x40
[  917.863976]  ? unwind_get_return_address+0x59/0xa0
[  917.864010]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  917.864038]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  917.864087]  ? perf_trace_lock+0xb5/0x5d0
[  917.864113]  ? perf_trace_lock_acquire+0xc9/0x700
[  917.864136]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  917.864164]  ? policy_nodemask+0xeb/0x4e0
[  917.864197]  alloc_pages_mpol+0xed/0x340
[  917.864226]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  917.864255]  ? __pfx_perf_trace_lock+0x10/0x10
[  917.864288]  alloc_pages_noprof+0xa1/0x380
[  917.864319]  pte_alloc_one+0x1e/0x360
[  917.864360]  __pte_alloc+0x6c/0x360
[  917.864386]  ? __pfx___pte_alloc+0x10/0x10
[  917.864413]  ? _raw_spin_unlock+0x1e/0x40
[  917.864448]  ? __pmd_alloc+0x3f9/0x980
[  917.864482]  __handle_mm_fault+0x24bf/0x30f0
[  917.864511]  ? mt_find+0x64c/0x870
[  917.864535]  ? __pfx_mt_find+0x10/0x10
[  917.864558]  ? __pfx___handle_mm_fault+0x10/0x10
[  917.864610]  ? find_vma+0xbf/0x140
[  917.864633]  ? __pfx_find_vma+0x10/0x10
[  917.864662]  handle_mm_fault+0x2c3/0x900
[  917.864705]  ? access_error+0x17d/0x380
[  917.864728]  ? lock_mm_and_find_vma+0xaa/0x6f0
[  917.864754]  do_user_addr_fault+0x395/0xeb0
[  917.864788]  exc_page_fault+0xb0/0x180
[  917.864826]  asm_exc_page_fault+0x26/0x30
[  917.864848] RIP: 0010:rep_movs_alternative+0x30/0x90
[  917.864880] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 cd 9c 03 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  917.864901] RSP: 0018:ffff888046a3fb70 EFLAGS: 00050246
[  917.864920] RAX: 0000000000000001 RBX: 0000000020000040 RCX: 0000000000000008
[  917.864933] RDX: ffffed1008d47f81 RSI: 0000000020000040 RDI: ffff888046a3fc00
[  917.864948] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed1008d47f80
[  917.864961] R10: ffff888046a3fc07 R11: 0000000000000001 R12: 0000000000000000
[  917.864975] R13: ffff888046a3fc00 R14: 0000000000005602 R15: 0000000000005602
[  917.865014]  _copy_from_user+0x9c/0xd0
[  917.865055]  vt_ioctl+0x192c/0x2db0
[  917.865088]  ? __pfx_vt_ioctl+0x10/0x10
[  917.865110]  ? lock_acquire+0x15e/0x2f0
[  917.865134]  ? perf_trace_lock+0xb5/0x5d0
[  917.865155]  ? find_held_lock+0x2b/0x80
[  917.865186]  ? get_pid_task+0xfd/0x250
[  917.865224]  ? perf_trace_lock+0xb5/0x5d0
[  917.865254]  ? __pfx_perf_trace_lock+0x10/0x10
[  917.865275]  ? proc_fail_nth_write+0x97/0x220
[  917.865311]  ? find_held_lock+0x2b/0x80
[  917.865342]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  917.865370]  ? __pfx_vt_ioctl+0x10/0x10
[  917.865398]  tty_ioctl+0x78b/0x1810
[  917.865426]  ? __pfx_tty_ioctl+0x10/0x10
[  917.865450]  ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0
[  917.865475]  ? __mutex_unlock_slowpath+0x91/0x7b0
[  917.865515]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  917.865542]  ? check_irq_usage+0xf2/0x790
[  917.865562]  ? __fget_files+0x34/0x3b0
[  917.865594]  ? find_held_lock+0x2b/0x80
[  917.865624]  ? __fget_files+0x203/0x3b0
[  917.865656]  ? lock_release+0xc8/0x290
[  917.865689]  ? selinux_file_ioctl+0xb9/0x280
[  917.865714]  ? __pfx_tty_ioctl+0x10/0x10
[  917.865741]  __x64_sys_ioctl+0x18f/0x210
[  917.865773]  do_syscall_64+0xbf/0x360
[  917.865798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.865819] RIP: 0033:0x7fd9beabab19
[  917.865836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  917.865856] RSP: 002b:00007fd9bc030188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  917.865876] RAX: ffffffffffffffda RBX: 00007fd9bebcdf60 RCX: 00007fd9beabab19
[  917.865890] RDX: 0000000020000040 RSI: 0000000000005602 RDI: 0000000000000003
[  917.865903] RBP: 00007fd9bc0301d0 R08: 0000000000000000 R09: 0000000000000000
[  917.865916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  917.865930] R13: 00007fff863fbebf R14: 00007fd9bc030300 R15: 0000000000022000
[  917.865965]  </TASK>
13:51:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x5, 0x5, 0x40, 0x0, 0x5, 0x400, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000080)}, 0x8002, 0x1, 0x4, 0x0, 0x5, 0x2, 0x3f, 0x0, 0x9}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xa)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000040)=0x1)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r3 = dup2(r2, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r2, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:51:13 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0xc020660b, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:51:13 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 59)

[  918.093239] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  918.093239]    program syz-executor.2 not setting count and/or reply_len properly
[  918.098514] FAULT_INJECTION: forcing a failure.
[  918.098514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  918.100213] CPU: 0 UID: 0 PID: 7798 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  918.100242] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  918.100255] Call Trace:
[  918.100263]  <TASK>
[  918.100271]  dump_stack_lvl+0xfa/0x120
[  918.100317]  should_fail_ex+0x4d7/0x5e0
[  918.100365]  _copy_from_iter+0x1dc/0x15b0
[  918.100405]  ? __pfx_perf_trace_lock+0x10/0x10
[  918.100429]  ? lock_is_held_type+0x9e/0x120
[  918.100470]  ? __pfx__copy_from_iter+0x10/0x10
[  918.100509]  ? find_held_lock+0x2b/0x80
[  918.100540]  ? __create_object+0x59/0x80
[  918.100567]  ? lock_release+0xc8/0x290
[  918.100591]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  918.100635]  copy_page_from_iter+0xe3/0x180
[  918.100679]  bio_copy_from_iter+0x108/0x270
[  918.100731]  blk_rq_map_user_iov+0xc07/0x1180
[  918.100774]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  918.100807]  ? __pfx___mutex_trylock_common+0x10/0x10
[  918.100839]  ? find_held_lock+0x2b/0x80
[  918.100870]  ? sg_common_write.constprop.0+0xc36/0x1710
[  918.100898]  ? lock_release+0xc8/0x290
[  918.100918]  ? import_ubuf+0x1be/0x220
[  918.100957]  blk_rq_map_user_io+0x1cf/0x200
[  918.100990]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  918.101019]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  918.101061]  ? irq_work_queue+0x9c/0x100
[  918.101089]  ? __asan_memset+0x24/0x50
[  918.101130]  sg_common_write.constprop.0+0xd75/0x1710
[  918.101170]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  918.101198]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  918.101231]  ? ___ratelimit+0x465/0xa10
[  918.101276]  sg_write.part.0+0x6a2/0xb50
[  918.101305]  ? __pfx_sg_write.part.0+0x10/0x10
[  918.101347]  ? __pfx_perf_tp_event+0x10/0x10
[  918.101379]  ? lock_acquire+0x15e/0x2f0
[  918.101407]  ? get_pid_task+0xfd/0x250
[  918.101447]  ? perf_trace_lock+0xb5/0x5d0
[  918.101473]  ? perf_trace_lock_acquire+0xc9/0x700
[  918.101497]  ? avc_policy_seqno+0x9/0x20
[  918.101527]  ? selinux_file_permission+0x99/0x600
[  918.101561]  sg_write+0x86/0xe0
[  918.101586]  vfs_write+0x2b7/0x1150
[  918.101618]  ? __pfx_sg_write+0x10/0x10
[  918.101643]  ? lock_acquire+0x15e/0x2f0
[  918.101665]  ? __fget_files+0x34/0x3b0
[  918.101697]  ? __pfx_vfs_write+0x10/0x10
[  918.101730]  ? __fget_files+0x203/0x3b0
[  918.101762]  ? lock_release+0xc8/0x290
[  918.101791]  ? __fget_files+0x20d/0x3b0
[  918.101837]  ksys_write+0x121/0x240
[  918.101870]  ? __pfx_ksys_write+0x10/0x10
[  918.101917]  do_syscall_64+0xbf/0x360
[  918.101943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.101966] RIP: 0033:0x7fbb63381b19
[  918.101984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  918.102006] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  918.102027] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  918.102042] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  918.102055] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  918.102069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  918.102081] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  918.102117]  </TASK>
[  918.145414] hpet: Lost 2 RTC interrupts
13:51:22 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 60)

13:51:22 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 6)

13:51:22 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x428201, 0x0)
setsockopt$inet_int(r1, 0x0, 0x0, &(0x7f0000000040)=0x40, 0x4)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:51:22 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 12)

13:51:22 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0xc0481273, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:51:22 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x100)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r4, {0xee01, r5}}, './file0\x00'})
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000180))
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x8}, "", ['\x00']}, 0x120)

13:51:22 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002)

13:51:22 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x9, 0x0, {0x4, @struct={0xb1bd, 0x2}, <r2=>0x0, 0x5, 0x9, 0x80, 0x5, 0x2d4, 0x204, @usage=0x800, 0x3, 0x8, [0x9, 0x600, 0x3ec, 0x6e8, 0x4, 0xee37]}, {0x118, @usage=0x3ff, 0x0, 0x6, 0x4, 0x9, 0x3f, 0x81, 0x461, @usage=0x5, 0x76c, 0x4, [0x100000000, 0x80, 0x9, 0x8, 0xfffffffffffffffb, 0x8001]}, {0x8001, @struct={0x8, 0x1}, 0x0, 0x10001, 0x1, 0x6, 0xffffffff, 0x80, 0x1, @usage=0x7, 0x8000, 0x7, [0x9, 0xfffffffffffffffb, 0xc5, 0x10001, 0x101, 0x8]}, {0x0, 0x9, 0x5}})
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000940)={r2, 0x0, 0x3, 0x1})
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
pread64(r3, &(0x7f0000000240)=""/228, 0xe4, 0x37)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
execveat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100)=[&(0x7f0000000080)='\x00', &(0x7f00000000c0)='fd\x00'], &(0x7f0000000200)=[&(0x7f0000000180)='fd\x00', &(0x7f00000001c0)='.#{%{%\xec.@)#\x00'], 0x1000)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
fcntl$dupfd(r4, 0x406, r1)

[  927.660977] FAULT_INJECTION: forcing a failure.
[  927.660977] name failslab, interval 1, probability 0, space 0, times 0
[  927.661909] CPU: 0 UID: 0 PID: 7808 Comm: syz-executor.6 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  927.661926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  927.661933] Call Trace:
[  927.661938]  <TASK>
[  927.661943]  dump_stack_lvl+0xfa/0x120
[  927.661970]  should_fail_ex+0x4d7/0x5e0
[  927.661993]  ? ptlock_alloc+0x21/0x70
[  927.662011]  should_failslab+0xc2/0x120
[  927.662032]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  927.662056]  ptlock_alloc+0x21/0x70
[  927.662074]  pte_alloc_one+0x86/0x360
[  927.662093]  __pte_alloc+0x6c/0x360
[  927.662108]  ? __pfx___pte_alloc+0x10/0x10
[  927.662122]  ? _raw_spin_unlock+0x1e/0x40
[  927.662140]  ? __pmd_alloc+0x3f9/0x980
[  927.662158]  __handle_mm_fault+0x24bf/0x30f0
[  927.662174]  ? mt_find+0x64c/0x870
[  927.662187]  ? __pfx_mt_find+0x10/0x10
[  927.662200]  ? __pfx___handle_mm_fault+0x10/0x10
[  927.662228]  ? find_vma+0xbf/0x140
[  927.662241]  ? __pfx_find_vma+0x10/0x10
[  927.662257]  handle_mm_fault+0x2c3/0x900
[  927.662274]  ? access_error+0x17d/0x380
[  927.662286]  ? lock_mm_and_find_vma+0xaa/0x6f0
[  927.662300]  do_user_addr_fault+0x395/0xeb0
[  927.662320]  exc_page_fault+0xb0/0x180
[  927.662345]  asm_exc_page_fault+0x26/0x30
[  927.662358] RIP: 0010:rep_movs_alternative+0x30/0x90
[  927.662376] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 cd 9c 03 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  927.662388] RSP: 0018:ffff888046c77b70 EFLAGS: 00050246
[  927.662399] RAX: 0000000000000001 RBX: 0000000020000040 RCX: 0000000000000008
[  927.662406] RDX: ffffed1008d8ef81 RSI: 0000000020000040 RDI: ffff888046c77c00
[  927.662415] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed1008d8ef80
[  927.662422] R10: ffff888046c77c07 R11: 0000000000000001 R12: 0000000000000000
[  927.662429] R13: ffff888046c77c00 R14: 0000000000005602 R15: 0000000000005602
[  927.662449]  _copy_from_user+0x9c/0xd0
[  927.662472]  vt_ioctl+0x192c/0x2db0
[  927.662490]  ? __pfx_vt_ioctl+0x10/0x10
[  927.662503]  ? lock_acquire+0x15e/0x2f0
[  927.662517]  ? perf_trace_lock+0xb5/0x5d0
[  927.662530]  ? find_held_lock+0x2b/0x80
[  927.662547]  ? get_pid_task+0xfd/0x250
[  927.662570]  ? perf_trace_lock+0xb5/0x5d0
[  927.662587]  ? __pfx_perf_trace_lock+0x10/0x10
[  927.662599]  ? proc_fail_nth_write+0x97/0x220
[  927.662620]  ? find_held_lock+0x2b/0x80
[  927.662636]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  927.662654]  ? __pfx_vt_ioctl+0x10/0x10
[  927.662669]  tty_ioctl+0x78b/0x1810
[  927.662685]  ? __pfx_tty_ioctl+0x10/0x10
[  927.662697]  ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0
[  927.662711]  ? __mutex_unlock_slowpath+0x91/0x7b0
[  927.662732]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  927.662747]  ? check_irq_usage+0xf2/0x790
[  927.662758]  ? __fget_files+0x34/0x3b0
[  927.662776]  ? find_held_lock+0x2b/0x80
[  927.662793]  ? __fget_files+0x203/0x3b0
[  927.662810]  ? lock_release+0xc8/0x290
[  927.662828]  ? selinux_file_ioctl+0xb9/0x280
[  927.662842]  ? __pfx_tty_ioctl+0x10/0x10
[  927.662857]  __x64_sys_ioctl+0x18f/0x210
[  927.662875]  do_syscall_64+0xbf/0x360
[  927.662888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  927.662900] RIP: 0033:0x7fd9beabab19
[  927.662909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  927.662920] RSP: 002b:00007fd9bc030188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  927.662931] RAX: ffffffffffffffda RBX: 00007fd9bebcdf60 RCX: 00007fd9beabab19
[  927.662939] RDX: 0000000020000040 RSI: 0000000000005602 RDI: 0000000000000003
[  927.662947] RBP: 00007fd9bc0301d0 R08: 0000000000000000 R09: 0000000000000000
[  927.662954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  927.662961] R13: 00007fff863fbebf R14: 00007fd9bc030300 R15: 0000000000022000
[  927.662981]  </TASK>
[  927.691504] hpet: Lost 1 RTC interrupts
[  927.693034] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  927.693034]    program syz-executor.2 not setting count and/or reply_len properly
[  927.694776] FAULT_INJECTION: forcing a failure.
[  927.694776] name failslab, interval 1, probability 0, space 0, times 0
[  927.695666] CPU: 0 UID: 0 PID: 7807 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  927.695682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  927.695688] Call Trace:
[  927.695692]  <TASK>
[  927.695697]  dump_stack_lvl+0xfa/0x120
[  927.695719]  should_fail_ex+0x4d7/0x5e0
[  927.695739]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  927.695755]  should_failslab+0xc2/0x120
[  927.695775]  __kmalloc_noprof+0xb4/0x4b0
[  927.695797]  blk_rq_map_user_iov+0x1fd/0x1180
[  927.695820]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  927.695838]  ? __pfx___mutex_trylock_common+0x10/0x10
[  927.695855]  ? find_held_lock+0x2b/0x80
[  927.695872]  ? sg_common_write.constprop.0+0xc36/0x1710
[  927.695888]  ? lock_release+0xc8/0x290
[  927.695898]  ? import_ubuf+0x1be/0x220
[  927.695920]  blk_rq_map_user_io+0x1cf/0x200
[  927.695938]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  927.695954]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  927.695977]  ? irq_work_queue+0x9c/0x100
[  927.695992]  ? __asan_memset+0x24/0x50
[  927.696014]  sg_common_write.constprop.0+0xd75/0x1710
[  927.696036]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  927.696052]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  927.696070]  ? ___ratelimit+0x465/0xa10
[  927.696094]  sg_write.part.0+0x6a2/0xb50
[  927.696110]  ? __pfx_sg_write.part.0+0x10/0x10
[  927.696133]  ? __pfx_perf_tp_event+0x10/0x10
[  927.696151]  ? lock_acquire+0x15e/0x2f0
[  927.696166]  ? get_pid_task+0xfd/0x250
[  927.696187]  ? perf_trace_lock+0xb5/0x5d0
[  927.696201]  ? perf_trace_lock_acquire+0xc9/0x700
[  927.696214]  ? avc_policy_seqno+0x9/0x20
[  927.696230]  ? selinux_file_permission+0x99/0x600
[  927.696249]  sg_write+0x86/0xe0
[  927.696262]  vfs_write+0x2b7/0x1150
[  927.696280]  ? __pfx_sg_write+0x10/0x10
[  927.696294]  ? lock_acquire+0x15e/0x2f0
[  927.696306]  ? __fget_files+0x34/0x3b0
[  927.696323]  ? __pfx_vfs_write+0x10/0x10
[  927.696345]  ? __fget_files+0x203/0x3b0
[  927.696363]  ? lock_release+0xc8/0x290
[  927.696378]  ? __fget_files+0x20d/0x3b0
[  927.696403]  ksys_write+0x121/0x240
[  927.696421]  ? __pfx_ksys_write+0x10/0x10
[  927.696447]  do_syscall_64+0xbf/0x360
[  927.696461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  927.696472] RIP: 0033:0x7fbb63381b19
[  927.696481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  927.696493] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  927.696504] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  927.696512] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  927.696519] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  927.696526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  927.696534] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  927.696553]  </TASK>
[  927.717745] hpet: Lost 1 RTC interrupts
[  927.728298] FAULT_INJECTION: forcing a failure.
[  927.728298] name failslab, interval 1, probability 0, space 0, times 0
[  927.730463] CPU: 1 UID: 0 PID: 7814 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  927.730497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  927.730511] Call Trace:
[  927.730519]  <TASK>
[  927.730529]  dump_stack_lvl+0xfa/0x120
[  927.730575]  should_fail_ex+0x4d7/0x5e0
[  927.730622]  should_failslab+0xc2/0x120
[  927.730674]  __kmalloc_cache_noprof+0x6a/0x3e0
[  927.730724]  ? find_held_lock+0x2b/0x80
[  927.730772]  ? alloc_fdtable+0x9e/0x2c0
[  927.730805]  ? dup_fd+0x6b3/0xa80
[  927.730847]  alloc_fdtable+0x9e/0x2c0
[  927.730885]  dup_fd+0x6ef/0xa80
[  927.730932]  copy_process+0x21b5/0x73e0
[  927.730958]  ? __pfx_perf_trace_lock+0x10/0x10
[  927.731005]  ? __pfx_copy_process+0x10/0x10
[  927.731031]  ? __might_fault+0xe0/0x190
[  927.731064]  ? _copy_from_user+0x5b/0xd0
[  927.731115]  kernel_clone+0xea/0x7f0
[  927.731138]  ? get_pid_task+0xfd/0x250
[  927.731182]  ? __pfx_kernel_clone+0x10/0x10
[  927.731204]  ? perf_trace_lock+0xb5/0x5d0
[  927.731242]  ? find_held_lock+0x2b/0x80
[  927.731280]  ? ksys_write+0x121/0x240
[  927.731319]  ? lock_is_held_type+0x9e/0x120
[  927.731375]  __do_sys_clone3+0x1f5/0x280
[  927.731399]  ? __pfx___do_sys_clone3+0x10/0x10
[  927.731447]  ? __fget_files+0x20d/0x3b0
[  927.731495]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  927.731541]  ? ksys_write+0x1a3/0x240
[  927.731580]  ? __pfx_ksys_write+0x10/0x10
[  927.731633]  do_syscall_64+0xbf/0x360
[  927.731668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  927.731704] RIP: 0033:0x7f7b289bfb19
[  927.731731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  927.731768] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  927.731804] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  927.731830] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  927.731853] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  927.731876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  927.731898] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  927.731965]  </TASK>
13:51:22 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000009e00)=[{{&(0x7f0000000000)=@caif=@rfm, 0x80, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/159, 0x9f}, {&(0x7f0000000180)}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/199, 0xc7}], 0x5}, 0x10000}, {{&(0x7f0000002380)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f00000025c0)=[{&(0x7f0000002400)=""/172, 0xac}, {&(0x7f00000024c0)=""/221, 0xdd}], 0x2}}, {{0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f0000002600)=""/150, 0x96}, {&(0x7f00000026c0)=""/11, 0xb}, {&(0x7f0000002700)=""/163, 0xa3}, {&(0x7f00000027c0)=""/184, 0xb8}, {&(0x7f0000002880)=""/116, 0x74}, {&(0x7f0000002900)=""/199, 0xc7}], 0x6, &(0x7f0000002a80)=""/233, 0xe9}, 0x3}, {{&(0x7f0000002b80)=@qipcrtr, 0x80, &(0x7f0000004d40)=[{&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/18, 0x12}, {&(0x7f0000003c40)=""/4096, 0x1000}, {&(0x7f0000004c40)=""/194, 0xc2}], 0x4, &(0x7f0000004d80)=""/181, 0xb5}, 0xfffffff7}, {{&(0x7f0000004e40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f00000064c0)=[{&(0x7f0000004ec0)=""/131, 0x83}, {&(0x7f0000004f80)=""/76, 0x4c}, {&(0x7f0000005000)=""/51, 0x33}, {&(0x7f0000005040)=""/152, 0x98}, {&(0x7f0000005180)=""/158, 0x9e}, {&(0x7f0000005240)=""/155, 0x9b}, {&(0x7f0000005300)=""/133, 0x85}, {&(0x7f00000053c0)=""/4096, 0x1000}, {&(0x7f00000063c0)=""/100, 0x64}, {&(0x7f0000006440)=""/80, 0x50}], 0xa, &(0x7f0000005100)=""/12, 0xc}, 0x3}, {{0x0, 0x0, &(0x7f0000006680)=[{&(0x7f0000006580)=""/250, 0xfa}], 0x1, &(0x7f00000066c0)=""/246, 0xf6}, 0x90}, {{&(0x7f00000067c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000007840)=[{&(0x7f0000006840)=""/4096, 0x1000}], 0x1, &(0x7f0000007880)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000008880)=@llc, 0x80, &(0x7f0000009c80)=[{&(0x7f0000008900)=""/4096, 0x1000}, {&(0x7f0000009900)=""/247, 0xf7}, {&(0x7f0000009a00)=""/16, 0x10}, {&(0x7f0000009a40)=""/121, 0x79}, {&(0x7f0000009ac0)=""/71, 0x47}, {&(0x7f0000009b40)=""/29, 0x1d}, {&(0x7f0000009b80)=""/52, 0x34}, {&(0x7f0000009bc0)=""/4, 0x4}, {&(0x7f0000009c00)=""/113, 0x71}], 0x9, &(0x7f0000009d40)=""/132, 0x84}, 0x4}], 0x8, 0x10000, &(0x7f000000a000)={0x77359400})

13:51:22 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 7)

13:51:22 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 13)

13:51:22 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 61)

[  927.948260] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  927.948260]    program syz-executor.2 not setting count and/or reply_len properly
13:51:23 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040)) (fail_nth: 8)

13:51:23 executing program 0:
getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000006c0), &(0x7f0000000700)=0x8)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))
ioctl$TIOCGPTPEER(r3, 0x5441, 0x2)
syz_open_dev$sg(&(0x7f0000000040), 0x7, 0x10840)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r1, 0x2285, 0x0)
r4 = syz_open_pts(r0, 0x41)
close(r4)
write$binfmt_aout(r1, &(0x7f0000000300)={{0xcc}, "", ['\x00']}, 0x120)
sendmsg$unix(r2, &(0x7f0000000280)={&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000100)="acd7548cb5562a66d4e36c320b6b3241d1f397e628bed057670b18796230f6f23ae97c6c8fc175dd14ad19dc36c551b4d216f336e4e0e5b910adc014b1d217d6fe38740581ed4f3621d48a1b48f3385fd2245bb42aa31a82d0816a6a4f750eec48bad13363df26567cae53090093f76949fde884e9d72027e86cd76504a72669c940ff2015a16e1aec8c8d918d26c69e8b8870639c155114389aa94472c2700610d18c8db186b4aa6867f68551f9cf0b73cd", 0xb2}, {&(0x7f00000001c0)="ccc34c568bf3a99ac89d9482948393145896ee7b", 0x14}, {&(0x7f0000000200)="ce3a64110341447f2186158fd344638ddd97df275ad2d0cc028141cb34c05c1191c91106994239ac2f93627afddbf5772a3ebfbbc91fe9a8444ddf5a78bc1e42152329d851f57aa213c095d45641f0879a0964e8f2a98a431bb3666fb13e4c0018cec539", 0x64}, {&(0x7f0000000440)="572c61568ece96c501eceed8789ebb8de49990f125d0eced0ed8c18f09de4a91ff60c1324a3013bf6a6e5d476446ded771da824f292f824492160d4004b72e810b9a801eed04375a8f6e54b2bdda19c56c69a77b0874ed1b4c7fa2ad0ac16acf6df19e4441ed025dbd8b15a80d175a", 0x6f}, {&(0x7f00000004c0)="70a489e4b65a2521c198adf9529848f69cf38a6ac218fb582780aedaec5a685d71f08d560aedd0388812c644ae4440a76cb1cb2144949c8ac99aed5fd3132dac9b630cb802bd3574b072d2efa59188ed684cb0ac56", 0x55}, {&(0x7f0000000540)="a09d1d967f4fc4f55177eca38e500785a60398970807e84c6089dee1a630dca26139a0a9b200a00fc5bb08aaea2767aa9e1809a3f0cad3c7c3e833c86001644273495d9f954526876a0c96f1e1b0891aa969572f2562618f1277d01334b2cae38c743be132d747568a27072d9c45cbd5a19e1957dec40030abdab63547fca6c30d007bee349a10cd0f5e339a1e139155c00984d3ce50aa4c4e608bb53401cc1e9678ab433570515a41d56516781ea6b1c4757a31730f0e5e70f3750a4e21a99b30aee067cb86fb281df26f39bdcc188e4f90c9abc270433f7e", 0xd9}], 0x6, 0x0, 0x0, 0x20000010}, 0x0)

13:51:23 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES64=r0])

13:51:23 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5402)

13:51:23 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  927.971149] FAULT_INJECTION: forcing a failure.
[  927.971149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  927.972206] CPU: 0 UID: 0 PID: 7836 Comm: syz-executor.6 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  927.972223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  927.972231] Call Trace:
[  927.972236]  <TASK>
[  927.972241]  dump_stack_lvl+0xfa/0x120
[  927.972270]  should_fail_ex+0x4d7/0x5e0
[  927.972294]  _copy_to_user+0x32/0xd0
[  927.972318]  simple_read_from_buffer+0xe0/0x180
[  927.972342]  proc_fail_nth_read+0x18a/0x240
[  927.972364]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  927.972389]  ? security_file_permission+0x22/0x90
[  927.972408]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  927.972427]  vfs_read+0x1eb/0xc70
[  927.972452]  ? __pfx_vfs_read+0x10/0x10
[  927.972471]  ? lock_release+0xc8/0x290
[  927.972488]  ? __fget_files+0x20d/0x3b0
[  927.972515]  ksys_read+0x121/0x240
[  927.972533]  ? __pfx_ksys_read+0x10/0x10
[  927.972553]  ? fput+0x6a/0x100
[  927.972569]  do_syscall_64+0xbf/0x360
[  927.972584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  927.972598] RIP: 0033:0x7fd9bea6d69c
[  927.972607] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  927.972620] RSP: 002b:00007fd9bc030170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  927.972632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd9bea6d69c
[  927.972640] RDX: 000000000000000f RSI: 00007fd9bc0301e0 RDI: 0000000000000004
[  927.972648] RBP: 00007fd9bc0301d0 R08: 0000000000000000 R09: 0000000000000000
[  927.972655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  927.972663] R13: 00007fff863fbebf R14: 00007fd9bc030300 R15: 0000000000022000
[  927.972683]  </TASK>
[  928.086112] sg_write: data in/out 1701603650/4 bytes for SCSI command 0x0-- guessing data in;
[  928.086112]    program syz-executor.0 not setting count and/or reply_len properly
13:51:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x2, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:51:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 62)

13:51:33 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 14)

13:51:33 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:51:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = syz_io_uring_complete(0x0)
sendto$inet(r1, &(0x7f0000000000)="1754c34f8aa2017d1f0ecd459858e0d2b364db22f28763bdd06448f30773ea002d8b4aedf22906e788dd883dd2a2a919a899c7d5fd9ab9a50f6c29accd1c1812bd8de422da13413be1e3f8172e9d8f3c1e7862b4f66c63a864309d40fffb6f1a20", 0x61, 0x4, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000280)={'filter\x00', 0x0, 0x8, 0x73, [0xd4cf, 0x7fffffff, 0x100, 0xfffffffffffffff8, 0x3e, 0x1f], 0x6, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000180)=""/115}, &(0x7f0000000200)=0x78)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:51:33 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
pidfd_open(r0, 0x0)
syz_open_procfs(r0, &(0x7f0000000040)='numa_maps\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:51:33 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
dup2(0xffffffffffffffff, r1)
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000200)={0x0, 0xfffffffffffffffd, 0x65, 0x3, @buffer={0x0, 0x5d, &(0x7f0000000040)=""/93}, &(0x7f00000000c0)="0cb7b4f682e47b6dd97d6d7f9c2a6e48b4c29fa685545dad33c0aea91de89969e79da3c8c1a367f86069294fb7d954b67e074168843749d9bf7ad8e0888a8d6d8c20e88c6fc64063e3bc5712785a564d1003192496b6adc1ac7081f370f2b47559263e4e5a", &(0x7f0000000140)=""/91, 0xffff0001, 0x2, 0x3, &(0x7f00000001c0)})

13:51:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5403)

[  938.915459] FAULT_INJECTION: forcing a failure.
[  938.915459] name failslab, interval 1, probability 0, space 0, times 0
[  938.917329] CPU: 0 UID: 0 PID: 7872 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  938.917368] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  938.917383] Call Trace:
[  938.917391]  <TASK>
[  938.917401]  dump_stack_lvl+0xfa/0x120
[  938.917451]  should_fail_ex+0x4d7/0x5e0
[  938.917497]  should_failslab+0xc2/0x120
[  938.917543]  __kvmalloc_node_noprof+0x10d/0x590
[  938.917579]  ? trace_kmalloc+0x1f/0xb0
[  938.917604]  ? __kmalloc_cache_noprof+0x1b3/0x3e0
[  938.917638]  ? alloc_fdtable+0xed/0x2c0
[  938.917682]  ? alloc_fdtable+0xed/0x2c0
[  938.917714]  alloc_fdtable+0xed/0x2c0
[  938.917752]  dup_fd+0x6ef/0xa80
[  938.917800]  copy_process+0x21b5/0x73e0
[  938.917825]  ? __pfx_perf_trace_lock+0x10/0x10
[  938.917873]  ? __pfx_copy_process+0x10/0x10
[  938.917899]  ? __might_fault+0xe0/0x190
[  938.917933]  ? _copy_from_user+0x5b/0xd0
[  938.917984]  kernel_clone+0xea/0x7f0
[  938.918007]  ? get_pid_task+0xfd/0x250
[  938.918051]  ? __pfx_kernel_clone+0x10/0x10
[  938.918073]  ? perf_trace_lock+0xb5/0x5d0
[  938.918111]  ? find_held_lock+0x2b/0x80
[  938.918147]  ? ksys_write+0x121/0x240
[  938.918186]  ? lock_is_held_type+0x9e/0x120
[  938.918234]  __do_sys_clone3+0x1f5/0x280
[  938.918259]  ? __pfx___do_sys_clone3+0x10/0x10
[  938.918308]  ? __fget_files+0x20d/0x3b0
[  938.918356]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  938.918401]  ? ksys_write+0x1a3/0x240
[  938.918440]  ? __pfx_ksys_write+0x10/0x10
[  938.918495]  do_syscall_64+0xbf/0x360
[  938.918523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.918549] RIP: 0033:0x7f7b289bfb19
[  938.918568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  938.918593] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  938.918617] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  938.918634] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  938.918650] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  938.918665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  938.918681] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  938.918721]  </TASK>
[  938.952027] hpet: Lost 2 RTC interrupts
[  938.954933] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  938.954933]    program syz-executor.2 not setting count and/or reply_len properly
[  938.960610] FAULT_INJECTION: forcing a failure.
[  938.960610] name failslab, interval 1, probability 0, space 0, times 0
[  938.962403] CPU: 0 UID: 0 PID: 7875 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  938.962434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  938.962447] Call Trace:
[  938.962455]  <TASK>
[  938.962464]  dump_stack_lvl+0xfa/0x120
[  938.962507]  should_fail_ex+0x4d7/0x5e0
[  938.962540]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  938.962583]  ? bio_kmalloc+0x3e/0x70
[  938.962620]  should_failslab+0xc2/0x120
[  938.962661]  __kmalloc_noprof+0xb4/0x4b0
[  938.962694]  ? trace_kmalloc+0x1f/0xb0
[  938.962716]  ? __kmalloc_noprof+0x215/0x4b0
[  938.962756]  bio_kmalloc+0x3e/0x70
[  938.962796]  blk_rq_map_user_iov+0x390/0x1180
[  938.962843]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  938.962879]  ? __pfx___mutex_trylock_common+0x10/0x10
[  938.962914]  ? find_held_lock+0x2b/0x80
[  938.962947]  ? sg_common_write.constprop.0+0xc36/0x1710
[  938.962976]  ? lock_release+0xc8/0x290
[  938.962998]  ? import_ubuf+0x1be/0x220
[  938.963041]  blk_rq_map_user_io+0x1cf/0x200
[  938.963076]  ? __pfx_blk_rq_map_user_io+0x10/0x10
13:51:34 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getgroups(0x8, &(0x7f0000000080)=[0xee01, 0xee01, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xee00, <r3=>0x0])
write$P9_RGETATTR(r2, &(0x7f0000000180)={0xa0, 0x19, 0x2, {0x50, {0x20, 0x4, 0x4}, 0xc, 0xffffffffffffffff, r3, 0x8000, 0x5, 0xff, 0x8000, 0x9, 0x3, 0x282, 0xf0c5, 0x80000000, 0x6, 0x1ff, 0x1ff, 0x612, 0x20, 0x1}}, 0xa0)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000040))
r4 = dup2(r1, r0)
write$binfmt_aout(r4, &(0x7f0000000080)=ANY=[], 0x2e)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000a, 0x20010, r0, 0x136b3000)
ioctl$SG_IO(r4, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000826d3e5dbe2d138c52b4fad9fa5fac4f1b52cefae3f478c0efe5c9f40c64c4d0d5afa7d142988273cf9f15a0c60e4587a83a0c756dcc46eabf6120691eca8488ac80c56b3479f6f90f3fdb7daa24f53a79b222ef6914ad733e88c5b5bd4ea8eee5"], 0x120)

[  938.963108]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  938.963152]  ? irq_work_queue+0x9c/0x100
[  938.963183]  ? __asan_memset+0x24/0x50
[  938.963225]  sg_common_write.constprop.0+0xd75/0x1710
[  938.963268]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  938.963299]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  938.963341]  ? ___ratelimit+0x465/0xa10
[  938.963390]  sg_write.part.0+0x6a2/0xb50
[  938.963421]  ? __pfx_sg_write.part.0+0x10/0x10
[  938.963466]  ? __pfx_perf_tp_event+0x10/0x10
[  938.963501]  ? lock_acquire+0x15e/0x2f0
[  938.963531]  ? get_pid_task+0xfd/0x250
[  938.963572]  ? perf_trace_lock+0xb5/0x5d0
[  938.963600]  ? perf_trace_lock_acquire+0xc9/0x700
[  938.963625]  ? avc_policy_seqno+0x9/0x20
[  938.963656]  ? selinux_file_permission+0x99/0x600
[  938.963693]  sg_write+0x86/0xe0
[  938.963720]  vfs_write+0x2b7/0x1150
[  938.963755]  ? __pfx_sg_write+0x10/0x10
[  938.963784]  ? lock_acquire+0x15e/0x2f0
[  938.963807]  ? __fget_files+0x34/0x3b0
[  938.963841]  ? __pfx_vfs_write+0x10/0x10
[  938.963877]  ? __fget_files+0x203/0x3b0
[  938.963911]  ? lock_release+0xc8/0x290
[  938.963941]  ? __fget_files+0x20d/0x3b0
[  938.963991]  ksys_write+0x121/0x240
[  938.964027]  ? __pfx_ksys_write+0x10/0x10
[  938.964078]  do_syscall_64+0xbf/0x360
[  938.964105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.964128] RIP: 0033:0x7fbb63381b19
[  938.964146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  938.964168] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  938.964191] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  938.964207] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  938.964222] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  938.964236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  938.964250] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  938.964289]  </TASK>
[  939.010204] hpet: Lost 1 RTC interrupts
13:51:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x2, &(0x7f0000000040))

13:51:34 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)

[  939.118141] sg_write: data in/out 60893/4 bytes for SCSI command 0x0-- guessing data in;
[  939.118141]    program syz-executor.0 not setting count and/or reply_len properly
13:51:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 63)

13:51:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 15)

13:51:34 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x8}, 0x0, 0x80000000, 0x0, 0x4}, 0x0, 0xb, 0xffffffffffffffff, 0x8)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs\x00')
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f0000000040)=ANY=[@ANYBLOB="04000000fc00000000000000"])
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[  939.181112] sg_write: data in/out 60893/4 bytes for SCSI command 0x0-- guessing data in;
[  939.181112]    program syz-executor.0 not setting count and/or reply_len properly
13:51:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b2f, &(0x7f0000000040))

13:51:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x8004)

13:51:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x6, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  939.303163] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  939.303163]    program syz-executor.2 not setting count and/or reply_len properly
13:51:34 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x25, 0x1, 0x7ff, "f1991ec869f3772c855bef080b1deab7811fe85783a7e273028dff5523e25a50eab1126741"})
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SG_GET_PACK_ID(r1, 0x227c, &(0x7f00000000c0))
write$binfmt_aout(r0, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
creat(&(0x7f0000000080)='./file0\x00', 0xcc)

13:51:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b30, &(0x7f0000000040))

13:51:34 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000040))
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[  939.440782] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  939.490640] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
13:51:43 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = dup2(0xffffffffffffffff, r0)
write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r1, 0x2285, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1af}, "fe89ecb8ac09ef704af9329dbdc41f8bff6546bfa51caa1ddbcacb7650eb5f172add2f9f801147445d226f1d73d05710f72a005f64b2a2b2f1be72db50facdb9ad1b084c941c23a480e6c3c9ebb0dc11670caff3cf825d9e08dca38d5bdfd00a632791f770f575676895b015539b566c722ae9d9eabb2df0d271d630b377236f042bafcbc6108c0ce714d376347ad1992327143f4b5109c80c882b9589cc0f5fd47ca44e059a29bb5d72f41bc2ff96a3ffa8b2f3bba66569a292fd14cd4128aa8be5f91155fe256727a0c86bd2efd71b523250e4ba8611532da01a257bd950be28ba96867472f0a3e216408f138c871c4632a4ba62b6b07306b78d", ['\x00']}, 0x21b)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, @out_args}, './file0\x00'})
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000440), &(0x7f0000000480)='./file0\x00', 0x8, 0x1)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000300)={"f94e3414d576fd653538e76ca63c0ca5", 0x0, <r3=>0x0, {0x81, 0x7}, {0xb3, 0x6}, 0x8, [0x3, 0x8000, 0x800, 0x8, 0x101, 0xffffffffffffffff, 0x3e, 0x4, 0xa60, 0x4, 0x3, 0x40, 0x3, 0x6, 0xff, 0x6]})
ioctl$BTRFS_IOC_WAIT_SYNC(r2, 0x40089416, &(0x7f0000000400)=r3)

13:51:43 executing program 3:
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14, 0x2, {0x2, 0x101, 0x8, 0x98, 0x71d1, 0x74979822}}, &(0x7f00000000c0), 0x1000)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x47, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0)
pidfd_open(r1, 0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000100)={0x933e050e2a5896cf, r1})
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:51:43 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 16)

13:51:43 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 64)

13:51:43 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x9f0a)

13:51:43 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x9, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:51:43 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x52)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
recvmmsg(r2, &(0x7f0000005140), 0x0, 0x42, 0x0)

13:51:43 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b31, &(0x7f0000000040))

[  948.523634] FAULT_INJECTION: forcing a failure.
[  948.523634] name failslab, interval 1, probability 0, space 0, times 0
[  948.524680] CPU: 1 UID: 0 PID: 7925 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  948.524697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  948.524704] Call Trace:
[  948.524708]  <TASK>
[  948.524713]  dump_stack_lvl+0xfa/0x120
[  948.524741]  should_fail_ex+0x4d7/0x5e0
[  948.524765]  should_failslab+0xc2/0x120
[  948.524787]  __kvmalloc_node_noprof+0x10d/0x590
[  948.524805]  ? trace_kmalloc+0x1f/0xb0
[  948.524817]  ? __kmalloc_cache_noprof+0x1b3/0x3e0
[  948.524833]  ? alloc_fdtable+0x159/0x2c0
[  948.524856]  ? alloc_fdtable+0x159/0x2c0
[  948.524870]  alloc_fdtable+0x159/0x2c0
[  948.524888]  dup_fd+0x6ef/0xa80
[  948.524911]  copy_process+0x21b5/0x73e0
[  948.524924]  ? __pfx_perf_trace_lock+0x10/0x10
[  948.524949]  ? __pfx_copy_process+0x10/0x10
[  948.524961]  ? __might_fault+0xe0/0x190
[  948.524978]  ? _copy_from_user+0x5b/0xd0
[  948.525003]  kernel_clone+0xea/0x7f0
[  948.525023]  ? get_pid_task+0xfd/0x250
[  948.525045]  ? __pfx_kernel_clone+0x10/0x10
[  948.525055]  ? perf_trace_lock+0xb5/0x5d0
[  948.525073]  ? find_held_lock+0x2b/0x80
[  948.525091]  ? ksys_write+0x121/0x240
[  948.525110]  ? lock_is_held_type+0x9e/0x120
[  948.525133]  __do_sys_clone3+0x1f5/0x280
[  948.525145]  ? __pfx___do_sys_clone3+0x10/0x10
[  948.525169]  ? __fget_files+0x20d/0x3b0
[  948.525192]  ? fput+0x6a/0x100
[  948.525204]  ? ksys_write+0x1a3/0x240
[  948.525222]  ? __pfx_ksys_write+0x10/0x10
[  948.525243]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  948.525269]  do_syscall_64+0xbf/0x360
[  948.525283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.525296] RIP: 0033:0x7f7b289bfb19
[  948.525305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  948.525317] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  948.525330] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  948.525343] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  948.525350] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  948.525358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  948.525366] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  948.525385]  </TASK>
13:51:43 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = syz_open_pts(r0, 0x0)
write$binfmt_script(r2, &(0x7f0000000600)={'#! ', './file0', [{0x20, '##.-'}, {}], 0xa, "2939b691ff7f5ee53de85775c9305816ad1e3ca2ba8ad9e4a57ec288e575718ab2bf90b0cf8adfd6dba2e7e2d5443bfcf8c17b1d193c273693449e09580ca3f65fa4202b3f014664fb36e8612715270f31c92fbc336a73d582687868065e0181fe8585696a7358796d215e32c419d362694dd909d86d949ecfdc99c06572eebfdbc4368f65e5dfa323c692fa7911ec60e698ccabe4e2359df7074627d7b60fa0176dfcf209330ad85d1544b7e2b8f0de95a9c47f"}, 0xc5)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000005c0)=ANY=[@ANYBLOB="60f43e72fef1840818000000", @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00./file0\x00'])
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
fcntl$setpipe(r3, 0x407, 0x800)
r4 = fsmount(r0, 0x1, 0x0)
sendmsg$AUDIT_TTY_GET(r4, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x10, 0x3f8, 0x4, 0x70bd2c, 0x25dfdbfc, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4008804}, 0x8881)
perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0x2, 0x2, 0x8, 0x3, 0x0, 0x7c, 0x1000, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000040), 0x7}, 0x860, 0x200, 0xf9a, 0x2, 0x3f, 0x2, 0x2, 0x0, 0x8000, 0x0, 0x5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
openat$sr(0xffffffffffffff9c, &(0x7f0000000480), 0x391140, 0x0)
recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/1, 0x1}, {&(0x7f0000000180)=""/124, 0x7c}, {&(0x7f0000000200)=""/229, 0xe5}, {&(0x7f0000000300)=""/49, 0x31}, {&(0x7f0000000340)=""/110, 0x6e}], 0x5}, 0x10001)

[  948.587066] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  948.587066]    program syz-executor.2 not setting count and/or reply_len properly
[  948.601816] FAULT_INJECTION: forcing a failure.
[  948.601816] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  948.603572] CPU: 0 UID: 0 PID: 7934 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  948.603602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  948.603616] Call Trace:
[  948.603624]  <TASK>
[  948.603633]  dump_stack_lvl+0xfa/0x120
[  948.603682]  should_fail_ex+0x4d7/0x5e0
[  948.603725]  _copy_from_iter+0x1dc/0x15b0
[  948.603766]  ? __pfx_perf_trace_lock+0x10/0x10
[  948.603792]  ? lock_is_held_type+0x9e/0x120
[  948.603835]  ? __pfx__copy_from_iter+0x10/0x10
[  948.603874]  ? find_held_lock+0x2b/0x80
[  948.603906]  ? __create_object+0x59/0x80
[  948.603937]  ? lock_release+0xc8/0x290
[  948.603964]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  948.604010]  copy_page_from_iter+0xe3/0x180
[  948.604054]  bio_copy_from_iter+0x108/0x270
[  948.604096]  blk_rq_map_user_iov+0xc07/0x1180
[  948.604139]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  948.604173]  ? __pfx___mutex_trylock_common+0x10/0x10
[  948.604205]  ? find_held_lock+0x2b/0x80
[  948.604236]  ? sg_common_write.constprop.0+0xc36/0x1710
[  948.604265]  ? lock_release+0xc8/0x290
[  948.604285]  ? import_ubuf+0x1be/0x220
[  948.604325]  blk_rq_map_user_io+0x1cf/0x200
[  948.604366]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  948.604396]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  948.604438]  ? irq_work_queue+0x9c/0x100
[  948.604467]  ? __asan_memset+0x24/0x50
[  948.604508]  sg_common_write.constprop.0+0xd75/0x1710
[  948.604550]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  948.604578]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  948.604612]  ? ___ratelimit+0x465/0xa10
[  948.604657]  sg_write.part.0+0x6a2/0xb50
[  948.604686]  ? __pfx_sg_write.part.0+0x10/0x10
[  948.604729]  ? __pfx_perf_tp_event+0x10/0x10
[  948.604762]  ? lock_acquire+0x15e/0x2f0
[  948.604790]  ? get_pid_task+0xfd/0x250
[  948.604831]  ? perf_trace_lock+0xb5/0x5d0
[  948.604857]  ? perf_trace_lock_acquire+0xc9/0x700
[  948.604881]  ? avc_policy_seqno+0x9/0x20
[  948.604911]  ? selinux_file_permission+0x99/0x600
[  948.604946]  sg_write+0x86/0xe0
[  948.604971]  vfs_write+0x2b7/0x1150
[  948.605005]  ? __pfx_sg_write+0x10/0x10
[  948.605044]  ? lock_acquire+0x15e/0x2f0
[  948.605066]  ? __fget_files+0x34/0x3b0
[  948.605100]  ? __pfx_vfs_write+0x10/0x10
[  948.605133]  ? __fget_files+0x203/0x3b0
[  948.605165]  ? lock_release+0xc8/0x290
[  948.605194]  ? __fget_files+0x20d/0x3b0
[  948.605241]  ksys_write+0x121/0x240
[  948.605275]  ? __pfx_ksys_write+0x10/0x10
[  948.605323]  do_syscall_64+0xbf/0x360
[  948.605349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.605372] RIP: 0033:0x7fbb63381b19
[  948.605390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  948.605412] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  948.605434] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  948.605449] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  948.605463] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  948.605476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  948.605490] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  948.605526]  </TASK>
[  948.649327] hpet: Lost 2 RTC interrupts
13:51:43 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 17)

13:51:43 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xbc02)

13:51:43 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))
ioctl$GIO_SCRNMAP(r3, 0x4b40, &(0x7f0000000040)=""/155)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:51:43 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b32, &(0x7f0000000040))

13:51:43 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r2 = fork()
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x1, 0x81, 0x0, 0xdc, 0x0, 0x8, 0x148, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x1, @perf_config_ext={0x4bb, 0x3}, 0x65aa4, 0x3, 0x3, 0xd, 0x3, 0x3, 0x32, 0x0, 0x0, 0x0, 0x6}, r2, 0x1, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r4 = openat$cgroup_devices(r1, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0)
pidfd_getfd(r3, r4, 0x0)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x216582, 0x0)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000000c0)=')(-&,%\x00', 0x0, r1)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
statx(r5, &(0x7f0000000940)='./file0\x00', 0x6000, 0x800, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
r7 = geteuid()
syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000200)='./file0\x00', 0xe8e7, 0x8, &(0x7f0000000880)=[{&(0x7f0000000240)="57f820d309c3274f2bb1ea19d9b845f236a0f4ac4875592ca28bc158e9f660c7dc25a97411825de8fa58f9f69f45c954449bf3617c1fb04ffb91044abe2e674dd0c667e789b79012c29aa714f0300ea6979f3faabd948b65249b0df3a2f2a116dae31168ff1d5d2c51faf10a5bb4170c4e7e8f55dac39fddafb3cabbd772a31975a91f99dfb41bd05da841ac47e04f138fa937e81cdc0b86c1831f4f38c14e17116c18ad6204cbe5f154a3cba152fdaf2b02d55febaca9df0f6bbb5991fc789b7952425abba01d162dcc2d99020c12e9f4b1c88f96ee03e52abeb4d866bdb5a42282c97fc8353afbfb", 0xe9, 0x9}, {&(0x7f00000003c0)="8e1bc1c316023f934464e59c17a1ca5e54eb553e27520e049581f83db7fc0ca3ebe9d331ef707982c50a8dba055366dd0844e755235f99c55e45865f25acea846703f0762427080c686cdd69c37e33bf4985bf36f42a0c50a80ee22a4135ac82635ca0eae3fa7e6f5ae2801f057b6e03069d3b11681ed6c97b302faf1c4c067062baf487e595e9a21d60990a67f8bf28ea02320c4800bac31a5a4333346b3a6b5ff4f348b985", 0xa6, 0xa0cc}, {&(0x7f0000000480)="10ecb0350f68f0645e10fbb3ce3eaf55ae189cebd70969582b5318b81556be1258da2a37dd6335bb2dbbeec8a62e396fe47d7040e367322802c893c7d5b813c221bb6991f3765deae63bf65e31b8f5fe480f026848941239352918b1265968953412f12a8d5733feb3631755162493b7dc9458ba203f86025c122e422e9cbb72cb3f7c6dcafa68234670ece0534577e96a6c48dc4d04577d050f4015febcfbfa46c3c5f62c24b24f2a7a57a512804ba63c656466571f0551ccbddca0f11e037b832faaad0b49a92044fc5ad74b6ea5a3fa498487c24a78543c8918a67d14e2950c", 0xe1, 0xdbc}, {&(0x7f0000000580)="50314d03c3de63af2bf84fb5551ea501619bb90b32c7dc7cff49983c4c6a78612c15058d3f21bba945c0758d8c7252b3ed54e51892671617b9", 0x39, 0x8}, {&(0x7f00000005c0)="cdcf21a43ca1adb5edd7ba13e986e892606cc0a4e28e7d5c255cb4c5da6aaf0f7316e847bcf909d8459d7937e1093674b8ac49ca6216f67207342e8567dd01cb6aaed5856b6b94fd9ed36d679eb90df514ceb19ee5f9364ff9d8376d5230f5153b5517906d3b5bd66b71b02426d71ed6a996f868f9b2ea357d164900767234cbd78da54b16bc09d9c836c0691735c791f87071d537fb7b8cb6745bb4874a0a75d8ac9509ed4fb41e1a278d0fb4ae", 0xae, 0x100000000}, {&(0x7f0000000680)="6de32187a9bdda9caec591017be68583532d124fe550d7801ab884f09689831558d93748f7c43749e6360d1e1c67d2b1c0777db9f21ecd897edc9b180c2b7a3223c81b8af0bdbc226f00f4c447d286", 0x4f, 0x9}, {&(0x7f0000000700)="fd549ea78cf80ca76fadf6b5a79ad56e2cb91cfd9bd82099d5d637e19f0d762a4b66b66e68b7ca57a9aa3fe7ad8ede96f105e942f65c9e787ab3e149119d86b0baf5b9e1c06ce7dd4595cbda0108299459a7d69c43072082626a7733610a5f701bc4bdeaf369dab228a4edc9e1ce9b0b62ce7d08628bf6b009b5537e12298235a08ae5f130f63a7f28ad34671f69be1d7b4c1da71d0328b1cc5436adf6fb5e1099784ca3746808d42dcc22e9158fb155259ae055f3b513e156d32cbb", 0xbc, 0x800}, {&(0x7f00000007c0)="8dfbc2a94b7a8052c49f10ca2f262d39cf96d3efe87bb0f93d9ac48113e9d854119aa0967d5fcbc027da371b2761ca4b40bb0674ffbae61394de2d46d5c9ec14d75954018cf8402a87e5381337a5cff490bbea0a1ed8ee045df0f4142d1bb8b7a60ae77552d6807adb5ae0a3ad92cb74f6f6eb1253ef005c3a1b51e9a4f23d270f", 0x81, 0x20}], 0x2004, &(0x7f0000000a80)={[{@huge_within_size}, {@huge_within_size}, {@uid={'uid', 0x3d, r6}}, {@size}, {@nr_inodes={'nr_inodes', 0x3d, [0x78, 0x38, 0x46, 0x65]}}], [{@subj_user={'subj_user', 0x3d, '&!'}}, {@hash}, {@pcr={'pcr', 0x3d, 0x24}}, {@fsmagic={'fsmagic', 0x3d, 0x83}}, {@fowner_eq={'fowner', 0x3d, r7}}, {@smackfsdef={'smackfsdef', 0x3d, ')(-&,%\x00'}}, {@smackfshat={'smackfshat', 0x3d, '/dev/null\x00'}}]})
r8 = getpid()
openat$sr(0xffffffffffffff9c, &(0x7f0000000c80), 0x309800, 0x0)
pidfd_open(r8, 0x0)
ptrace$setregs(0xf, r8, 0x20, &(0x7f0000000b80)="8c3f2bc99838679321fffbdb551675ea1691f7ba6ee4f168498f7e132962f5ecceeee85bcd7de5e7bc1aa96cd399e0f5a53a76d6dc5070bc7184e7a5ae934cb83176ce745a36e65d766532c0a0edc64dcb448b0a884cd370fc909e22ca0c73987ac4b88cd2906c37f5e0a4859551478d41d8de9cd24c8864c1b8095b513c2fe21fd314f966316d79eea7a5cfeaacba47aff1617a0d263c09c501a32468df6450d0ca8ca69393fdf0d2c424cfe32bc8fc3c1ba923599f81e1fd6bd42dfd68bc131476193ea3903850e7328c4ba189088822b7e8e925f2cd64f54306d3041cec115b5d2bf915e1")

13:51:43 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 65)

[  948.878681] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  948.878681]    program syz-executor.2 not setting count and/or reply_len properly
[  948.887329] FAULT_INJECTION: forcing a failure.
[  948.887329] name failslab, interval 1, probability 0, space 0, times 0
[  948.889747] CPU: 0 UID: 0 PID: 7965 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  948.889779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  948.889793] Call Trace:
[  948.889801]  <TASK>
[  948.889810]  dump_stack_lvl+0xfa/0x120
[  948.889858]  should_fail_ex+0x4d7/0x5e0
[  948.889899]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  948.889928]  should_failslab+0xc2/0x120
[  948.889968]  __kmalloc_noprof+0xb4/0x4b0
[  948.890012]  blk_rq_map_user_iov+0x1fd/0x1180
[  948.890055]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  948.890088]  ? __pfx___mutex_trylock_common+0x10/0x10
[  948.890123]  ? find_held_lock+0x2b/0x80
[  948.890156]  ? sg_common_write.constprop.0+0xc36/0x1710
[  948.890184]  ? lock_release+0xc8/0x290
[  948.890205]  ? import_ubuf+0x1be/0x220
[  948.890246]  blk_rq_map_user_io+0x1cf/0x200
[  948.890279]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  948.890310]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  948.890360]  ? irq_work_queue+0x9c/0x100
[  948.890390]  ? __asan_memset+0x24/0x50
[  948.890429]  sg_common_write.constprop.0+0xd75/0x1710
[  948.890470]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  948.890499]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  948.890532]  ? ___ratelimit+0x465/0xa10
[  948.890578]  sg_write.part.0+0x6a2/0xb50
[  948.890607]  ? __pfx_sg_write.part.0+0x10/0x10
[  948.890650]  ? __pfx_perf_tp_event+0x10/0x10
[  948.890683]  ? lock_acquire+0x15e/0x2f0
[  948.890711]  ? get_pid_task+0xfd/0x250
[  948.890752]  ? perf_trace_lock+0xb5/0x5d0
[  948.890777]  ? perf_trace_lock_acquire+0xc9/0x700
[  948.890801]  ? avc_policy_seqno+0x9/0x20
[  948.890831]  ? selinux_file_permission+0x99/0x600
[  948.890865]  sg_write+0x86/0xe0
[  948.890891]  vfs_write+0x2b7/0x1150
[  948.890924]  ? __pfx_sg_write+0x10/0x10
[  948.890949]  ? lock_acquire+0x15e/0x2f0
[  948.890972]  ? __fget_files+0x34/0x3b0
[  948.891005]  ? __pfx_vfs_write+0x10/0x10
[  948.891039]  ? __fget_files+0x203/0x3b0
[  948.891072]  ? lock_release+0xc8/0x290
[  948.891100]  ? __fget_files+0x20d/0x3b0
[  948.891147]  ksys_write+0x121/0x240
[  948.891181]  ? __pfx_ksys_write+0x10/0x10
[  948.891229]  do_syscall_64+0xbf/0x360
[  948.891255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.891278] RIP: 0033:0x7fbb63381b19
[  948.891296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  948.891319] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  948.891342] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  948.891358] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  948.891372] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  948.891386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  948.891400] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  948.891437]  </TASK>
[  948.930491] hpet: Lost 1 RTC interrupts
13:51:54 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 66)

13:51:54 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))
ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000040)=0x20000)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:51:54 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x0, 0x0)

13:51:54 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b33, &(0x7f0000000040))

13:51:54 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0xd, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:51:54 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf002)

13:51:54 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
fcntl$setlease(r1, 0x400, 0x2)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0xffff)

13:51:54 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 18)

[  959.600884] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  959.600884]    program syz-executor.2 not setting count and/or reply_len properly
13:51:54 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  959.667057] FAULT_INJECTION: forcing a failure.
[  959.667057] name failslab, interval 1, probability 0, space 0, times 0
13:51:54 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 67)

[  959.668978] CPU: 1 UID: 0 PID: 7988 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  959.669011] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  959.669025] Call Trace:
[  959.669032]  <TASK>
[  959.669041]  dump_stack_lvl+0xfa/0x120
[  959.669090]  should_fail_ex+0x4d7/0x5e0
[  959.669145]  ? copy_fs_struct+0x49/0x350
[  959.669167]  should_failslab+0xc2/0x120
[  959.669209]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  959.669242]  ? do_raw_spin_unlock+0x53/0x220
[  959.669274]  ? __asan_memset+0x24/0x50
[  959.669318]  copy_fs_struct+0x49/0x350
[  959.669351]  copy_process+0x302d/0x73e0
[  959.669375]  ? __pfx_perf_trace_lock+0x10/0x10
[  959.669421]  ? __pfx_copy_process+0x10/0x10
[  959.669444]  ? __might_fault+0xe0/0x190
[  959.669476]  ? _copy_from_user+0x5b/0xd0
[  959.669523]  kernel_clone+0xea/0x7f0
[  959.669544]  ? get_pid_task+0xfd/0x250
[  959.669586]  ? __pfx_kernel_clone+0x10/0x10
[  959.669606]  ? perf_trace_lock+0xb5/0x5d0
[  959.669642]  ? find_held_lock+0x2b/0x80
[  959.669675]  ? ksys_write+0x121/0x240
[  959.669713]  ? lock_is_held_type+0x9e/0x120
[  959.669757]  __do_sys_clone3+0x1f5/0x280
[  959.669780]  ? __pfx___do_sys_clone3+0x10/0x10
[  959.669826]  ? __fget_files+0x20d/0x3b0
[  959.669871]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  959.669911]  ? fput+0x6a/0x100
[  959.669935]  ? ksys_write+0x1a3/0x240
[  959.669972]  ? __pfx_ksys_write+0x10/0x10
[  959.670022]  do_syscall_64+0xbf/0x360
[  959.670049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.670073] RIP: 0033:0x7f7b289bfb19
[  959.670091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  959.670114] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  959.670137] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  959.670153] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  959.670167] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  959.670182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  959.670196] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  959.670234]  </TASK>
13:51:54 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b34, &(0x7f0000000040))

13:51:54 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = openat$cgroup_devices(r0, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0)
fsync(r1)

[  959.780276] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  959.780276]    program syz-executor.2 not setting count and/or reply_len properly
13:51:54 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1100)
setresuid(0x0, r3, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@multicast2, 0x4e22, 0x1, 0x4e24, 0x0, 0x2, 0x20, 0x0, 0x84, 0x0, r3}, {0x4, 0x3, 0x8, 0x6, 0x8, 0x6, 0xfff, 0x8001}, {0x7f, 0xb036, 0xff, 0x5}, 0x80000001, 0x0, 0x1, 0x0, 0x2, 0x1}, {{@in=@local, 0x4d2, 0x32}, 0xa, @in=@loopback, 0x0, 0x2, 0x3, 0x2, 0x1, 0x3, 0xe8b1}}, 0xe8)
dup(r0)
getsockname$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, &(0x7f0000000040)=0x10)

[  959.800853] FAULT_INJECTION: forcing a failure.
[  959.800853] name failslab, interval 1, probability 0, space 0, times 0
[  959.802496] CPU: 1 UID: 0 PID: 7997 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  959.802525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  959.802538] Call Trace:
[  959.802546]  <TASK>
[  959.802555]  dump_stack_lvl+0xfa/0x120
[  959.802600]  should_fail_ex+0x4d7/0x5e0
[  959.802634]  ? trace_irq_enable.constprop.0+0xc2/0x100
13:51:54 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
syz_open_dev$sg(&(0x7f0000000080), 0x8001, 0x200000)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYRES32=r3], 0x120)
ioctl$FIBMAP(r1, 0x1, &(0x7f0000000040)=0x2)

[  959.802675]  ? bio_kmalloc+0x3e/0x70
[  959.802711]  should_failslab+0xc2/0x120
[  959.802749]  __kmalloc_noprof+0xb4/0x4b0
[  959.802780]  ? trace_kmalloc+0x1f/0xb0
[  959.802802]  ? __kmalloc_noprof+0x215/0x4b0
[  959.802839]  bio_kmalloc+0x3e/0x70
[  959.802877]  blk_rq_map_user_iov+0x390/0x1180
[  959.802921]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  959.802955]  ? __pfx___mutex_trylock_common+0x10/0x10
[  959.802988]  ? find_held_lock+0x2b/0x80
[  959.803020]  ? sg_common_write.constprop.0+0xc36/0x1710
[  959.803047]  ? lock_release+0xc8/0x290
[  959.803068]  ? import_ubuf+0x1be/0x220
[  959.803108]  blk_rq_map_user_io+0x1cf/0x200
[  959.803140]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  959.803170]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  959.803212]  ? irq_work_queue+0x9c/0x100
[  959.803241]  ? __asan_memset+0x24/0x50
[  959.803280]  sg_common_write.constprop.0+0xd75/0x1710
[  959.803321]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  959.803356]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  959.803390]  ? ___ratelimit+0x465/0xa10
[  959.803435]  sg_write.part.0+0x6a2/0xb50
[  959.803464]  ? __pfx_sg_write.part.0+0x10/0x10
[  959.803495]  ? perf_trace_lock+0xb5/0x5d0
[  959.803524]  ? __pfx_perf_trace_lock+0x10/0x10
[  959.803554]  ? lock_acquire+0x15e/0x2f0
[  959.803578]  ? perf_trace_lock+0xb5/0x5d0
[  959.803599]  ? find_held_lock+0x2b/0x80
[  959.803630]  ? get_pid_task+0xfd/0x250
[  959.803669]  ? perf_trace_lock+0xb5/0x5d0
[  959.803695]  ? perf_trace_lock_acquire+0xc9/0x700
[  959.803719]  ? avc_policy_seqno+0x9/0x20
[  959.803748]  ? selinux_file_permission+0x99/0x600
[  959.803782]  sg_write+0x86/0xe0
[  959.803807]  vfs_write+0x2b7/0x1150
[  959.803840]  ? __pfx_sg_write+0x10/0x10
[  959.803865]  ? lock_acquire+0x15e/0x2f0
[  959.803887]  ? __fget_files+0x34/0x3b0
[  959.803919]  ? __pfx_vfs_write+0x10/0x10
[  959.803952]  ? __fget_files+0x203/0x3b0
[  959.803984]  ? lock_release+0xc8/0x290
[  959.804013]  ? __fget_files+0x20d/0x3b0
[  959.804059]  ksys_write+0x121/0x240
[  959.804092]  ? __pfx_ksys_write+0x10/0x10
[  959.804140]  do_syscall_64+0xbf/0x360
[  959.804165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.804188] RIP: 0033:0x7fbb63381b19
[  959.804205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  959.804227] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  959.804249] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  959.804265] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  959.804278] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  959.804292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  959.804305] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  959.804341]  </TASK>
13:51:54 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf400)

13:51:54 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x2, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  959.963976] sg_write: data in/out 593982219/4 bytes for SCSI command 0x0-- guessing data in;
[  959.963976]    program syz-executor.0 not setting count and/or reply_len properly
[  960.041944] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
13:52:05 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 68)

13:52:05 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 19)

13:52:05 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)={0xe4, 0x5, 0x600000, "11133db7b86096c0fb659f26d0a2be3a9567e5ad954f5b725e24a3416f43adfaae417ccc1e809f33ba392dd80e3240329995448970e8ff9e659ba9050e91d8600f48227a7693b77c9bfe69e967585c56d68ddf22398d026f8b8ffe3a3ae08fa82e583f68a4f1dd8fd5057e4f70068e97eb5c8582cc8cb5168db461f92cfe11793f7c0152dae006f3e542bb776ee7437098ac646030840e3b3207939961c47c02377083725516c3b7bf497fa4637bb98fa7b190de998f99903ea86953b70c640ff20491c0755f6bb12ae46a4a67937e0d218cf6a652e7f486b6cabd2b4e0a9bc1163dc897"})
ioctl$SCSI_IOCTL_STOP_UNIT(r2, 0x6)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:52:05 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x6, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:05 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x1f, 0x9, 0x1, 0x7f, 0x0, 0x9, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0x8}, 0x4, 0x0, 0xf8a, 0x3, 0x1, 0x3, 0x7, 0x0, 0x36f20977, 0x0, 0x5}, 0xffffffffffffffff, 0x8, r0, 0x3)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:52:05 executing program 7:
fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x2, "5aef2922d2ed9a58d43164a5"}, 0xd, 0x2)
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f00000000c0)={'security\x00', 0x1b, "15d8405a662fc993c0f71a02db919e4c1527113d6443d9211ae94d"}, &(0x7f0000000100)=0x3f)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:52:05 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf500)

13:52:05 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b35, &(0x7f0000000040))

13:52:05 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = getpgrp(0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@ipv4={""/10, ""/2, @private}, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f00000000c0)=0xe8)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003080)=[{{&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000002780)=[{&(0x7f0000000400)=""/232, 0xe8}, {&(0x7f0000000540)=""/113, 0x71}, {&(0x7f00000005c0)=""/90, 0x5a}, {&(0x7f0000000640)=""/186, 0xba}, {&(0x7f0000000700)=""/94, 0x5e}, {&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000001780)=""/4096, 0x1000}], 0x7, &(0x7f0000002800)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, <r5=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa8}}, {{&(0x7f00000028c0), 0x6e, &(0x7f0000002b40)=[{&(0x7f0000002940)=""/235, 0xeb}, {&(0x7f0000002a40)=""/237, 0xed}], 0x2, &(0x7f0000002b80)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}}, {{&(0x7f0000002c00), 0x6e, &(0x7f0000002d40)=[{&(0x7f0000002c80)=""/136, 0x88}], 0x1, &(0x7f0000002d80)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r6=>0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x110}}, {{&(0x7f0000002ec0)=@abs, 0x6e, &(0x7f0000002fc0)=[{&(0x7f0000002f40)=""/50, 0x32}, {&(0x7f0000002f80)=""/31, 0x1f}], 0x2, &(0x7f0000003000)=[@cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}}], 0x4, 0x2040, 0x0)
r7 = getpid()
pidfd_open(r7, 0x0)
recvmsg$unix(r5, &(0x7f0000004cc0)={&(0x7f0000003740), 0x6e, &(0x7f0000004bc0)=[{&(0x7f00000037c0)=""/243, 0xf3}, {&(0x7f00000038c0)=""/4096, 0x1000}, {&(0x7f00000048c0)=""/141, 0x8d}, {&(0x7f0000004980)=""/199, 0xc7}, {&(0x7f0000004a80)=""/80, 0x50}, {&(0x7f0000004b00)=""/47, 0x2f}, {&(0x7f0000004b40)=""/78, 0x4e}], 0x7, &(0x7f0000004c40)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}, 0x10)
sendmsg$nl_netfilter(r2, &(0x7f0000003700)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000036c0)={&(0x7f0000003180)={0x508, 0x1, 0x3, 0x401, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x8}, [@typed={0x8, 0x41, 0x0, 0x0, @pid=r3}, @nested={0xe1, 0x82, 0x0, 0x1, [@typed={0x8, 0x83, 0x0, 0x0, @u32}, @generic="755a27428e4d4073a95032b3b84ff6e7cff0c1c2d691f03f1686f2bb560dd27d1a7d5f817ca721aa8e3e3d5c8bced565362707135651f4e324cf199f965e14952206689861b725c28730532b919998d0062176e4772b7a9eee17a3be79b1a6ac1de45fe6f414069d083d86f0e9c31295043b9b4f1969be72bd72aa9792e7e5514c8ac70f723a9c8c509b0d7bf57c63a6821def471ea70f34c3146bb943d885ed31d0c9aae1c3cd83dd5163a32f66d5803e9de3880f4f35095917b1210a4de580d2f8d6b61f2483a989a25f5282fc74823baf89b76e"]}, @nested={0x2f0, 0x48, 0x0, 0x1, [@generic="910222bb8b4b483767d249b8580d1f4999a79d0eb5fd1a8bf7e4829f97535c360700e0c1cbd73539ace68313ea72d21d08cf554daab51b59140cf72eefabcfbc5320ba6a742c517587abd06adeceb57489e3dc0d93e826798645415f7417125b97c52da8e3a8c2a516d6a456f61dcb60506d0ddd4eb0b6a522fa3654c1e9cbc6c5d898b93737308e0d785e2b657d70bc97953746116b7efd896ea3c8b1d1ab38e8db99cde609241c7876c7fd073ac926874e71188fbe7c19ea0a873accbd84e56b149659256a12b91aecf949f66c0cc397ced3097dbf9405c15d94b12b568a784a48f8feaaa7512e0d53c6f90fb93e9d9413bbaceca2", @typed={0x8, 0x1a, 0x0, 0x0, @uid=r4}, @typed={0x12, 0x12, 0x0, 0x0, @binary="5ba85c7507fc5f00d1b2c47fad0d"}, @generic="db85a9d3bcd09379d640932d61367b2054cf63c7c5817fb310b47b59d1f898d0279e51cba670acc611df2945196924b2779e8e709a8080b707beaa80e31deed9c6eb4bff7e38ab19a0c4175d100168069b0aca261683c05db605ef1facf28d3d618b92dc8ae6fa18dd422375836df64dd3efa5cbd0c528fc2ccb0069e6859f82310e99ce65a09c814b49d6a26cbb4f15b1ba11a9b1b035b0600903aefce4e3c460c709dda8dd6121ca34d6118f6ea858185661d04d7b70f436bc056ba9423a3814", @generic="c11e2c793a216357ba689778add55ba4b9d7f00df9c89bacb88ff9c7b8bb072b3913cb5d52b430c5e643034c60ead58ce38c739ee8080209c07db2a95a88ce57d788d2e9025696545a13d105355dc059", @generic="2252f164eb855272dc5fb2b747d8427810b5336f07a41a2fffa37157aad9c5ba456daeedde4234f51c96f93e25c3f7b688b8e87f755719579ac049fe357251", @typed={0x8, 0x4f, 0x0, 0x0, @uid=r6}, @generic="83351027623ebd5b219021c016ca4914b3b104fe9845d7632b26bdae847b48c4a9f49c00e36e04bde7e107adb011acbffd2082de10152666fcbe0383f6565d00debc27502bc25cd2f9ea3d3aa175853fb3ba22203172c6aa6429b60fdb8aa5999592715b0e2878b9ef5fbd49879fa9fc19f5fa10d8887664956ae341c460da321f6a"]}, @nested={0x10a, 0x15, 0x0, 0x1, [@generic="4c755afd3b509950c7f9cb405be3ce90b43afd9be257066c6324ff6921835b5e1b2185e89a639a287e6cda5701ff83f1a1a3d5e2c79649a0b106b63625ba28fc7cda0e255652da2dff77186f2d746ad47ccf9b7d565631763bda77fe55735b40216c87efd8c9f5e023cf397071144f8fc148aac147260c90fc9d4ea5ae644c333d94dec1d897ee1e65243e1ea4f98fa9dbbd8faddbf967a19702374d1d2dd4601b0ac4e97b53623b7aec4cb0f0eb", @generic="9d7043fc3c8e60875f15bdeb8ece0ad53a61e0281bcf569b9596f6ca9a3c", @typed={0xc, 0x59, 0x0, 0x0, @u64=0x4}, @generic="55e782c760c1f2687dc739480485e84cd198aa7179bb2cbe3e5495651090", @typed={0x8, 0x27, 0x0, 0x0, @ipv4=@loopback}, @typed={0x8, 0x4, 0x0, 0x0, @pid=r7}]}, @typed={0x8, 0x35, 0x0, 0x0, @ipv4=@multicast1}, @typed={0x4, 0xb}]}, 0x508}, 0x1, 0x0, 0x0, 0x4008840}, 0x804)
r8 = dup2(r0, r1)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x111080)
write$binfmt_aout(r8, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r8, 0x2285, 0x0)
write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b5dfd4c97e1d5f8759c49b790000000000000000000200000000004e00c66d33c5f003be4ced9203ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000880000000000000000000000000000feffffff00"/312], 0x120)

[  970.787009] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  970.787009]    program syz-executor.2 not setting count and/or reply_len properly
13:52:15 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b36, &(0x7f0000000040))

13:52:15 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)

13:52:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x8000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = signalfd(r1, &(0x7f0000000040)={[0x10000]}, 0x8)
syz_open_pts(r3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r4, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f00000000c0))
syz_open_dev$sg(&(0x7f0000000080), 0x7, 0x10000)

13:52:15 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 69)

13:52:15 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf800)

13:52:15 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x8, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:15 executing program 3:
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000180)="afdb44c84718e5360df90e3394220f323a08f73377bf161112098727bcb6406229265613be4703fedaea5b7944322a32f5507304a4508465fffb2411e2e22e006c84439665e05d7ca1a9883868c1dd5ad3e740da2837c2fc686984fa8c37a2fea48fa4d2dca3556bae998d29393c39aa7e0c329453dccbbdbebed1e914ef930ded60d5c7f3be31b8c842d5a92fec9ab129f000f87cade8bd688536e8", 0x9c, 0xfffffffffffffffb)
perf_event_open(&(0x7f0000000340)={0x3, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r1=>0x0)
r2 = getpid()
pidfd_open(r2, 0x0)
syz_open_procfs(r1, &(0x7f0000000100)='attr/prev\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = request_key(&(0x7f0000000240)='blacklist\x00', &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000002c0)='*^!', 0xffffffffffffffff)
keyctl$link(0x8, r3, 0xfffffffffffffffe)

13:52:15 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 20)

[  980.735671] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  980.735671]    program syz-executor.2 not setting count and/or reply_len properly
[  980.747551] FAULT_INJECTION: forcing a failure.
[  980.747551] name failslab, interval 1, probability 0, space 0, times 0
[  980.749507] CPU: 0 UID: 0 PID: 8065 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  980.749538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  980.749552] Call Trace:
[  980.749560]  <TASK>
[  980.749568]  dump_stack_lvl+0xfa/0x120
[  980.749619]  should_fail_ex+0x4d7/0x5e0
[  980.749653]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  980.749695]  ? bio_kmalloc+0x3e/0x70
[  980.749730]  should_failslab+0xc2/0x120
[  980.749768]  __kmalloc_noprof+0xb4/0x4b0
[  980.749799]  ? trace_kmalloc+0x1f/0xb0
[  980.749821]  ? __kmalloc_noprof+0x215/0x4b0
[  980.749857]  bio_kmalloc+0x3e/0x70
[  980.749894]  blk_rq_map_user_iov+0x390/0x1180
[  980.749938]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  980.749972]  ? __pfx___mutex_trylock_common+0x10/0x10
[  980.750005]  ? find_held_lock+0x2b/0x80
[  980.750037]  ? sg_common_write.constprop.0+0xc36/0x1710
[  980.750065]  ? lock_release+0xc8/0x290
[  980.750085]  ? import_ubuf+0x1be/0x220
[  980.750125]  blk_rq_map_user_io+0x1cf/0x200
[  980.750158]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  980.750187]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  980.750230]  ? irq_work_queue+0x9c/0x100
[  980.750258]  ? __asan_memset+0x24/0x50
[  980.750297]  sg_common_write.constprop.0+0xd75/0x1710
[  980.750344]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  980.750372]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  980.750405]  ? ___ratelimit+0x465/0xa10
[  980.750450]  sg_write.part.0+0x6a2/0xb50
[  980.750479]  ? __pfx_sg_write.part.0+0x10/0x10
[  980.750522]  ? __pfx_perf_tp_event+0x10/0x10
[  980.750554]  ? lock_acquire+0x15e/0x2f0
[  980.750582]  ? get_pid_task+0xfd/0x250
[  980.750622]  ? perf_trace_lock+0xb5/0x5d0
[  980.750647]  ? perf_trace_lock_acquire+0xc9/0x700
[  980.750672]  ? avc_policy_seqno+0x9/0x20
[  980.750701]  ? selinux_file_permission+0x99/0x600
[  980.750735]  sg_write+0x86/0xe0
[  980.750761]  vfs_write+0x2b7/0x1150
[  980.750793]  ? __pfx_sg_write+0x10/0x10
[  980.750818]  ? lock_acquire+0x15e/0x2f0
[  980.750840]  ? __fget_files+0x34/0x3b0
[  980.750873]  ? __pfx_vfs_write+0x10/0x10
[  980.750906]  ? __fget_files+0x203/0x3b0
[  980.750938]  ? lock_release+0xc8/0x290
[  980.750966]  ? __fget_files+0x20d/0x3b0
[  980.751012]  ksys_write+0x121/0x240
[  980.751046]  ? __pfx_ksys_write+0x10/0x10
[  980.751094]  do_syscall_64+0xbf/0x360
[  980.751120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.751143] RIP: 0033:0x7fbb63381b19
[  980.751161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  980.751182] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  980.751204] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  980.751219] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  980.751232] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  980.751246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  980.751259] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  980.751295]  </TASK>
[  980.794102] hpet: Lost 1 RTC interrupts
[  980.795543] FAULT_INJECTION: forcing a failure.
[  980.795543] name failslab, interval 1, probability 0, space 0, times 0
[  980.797792] CPU: 1 UID: 0 PID: 8071 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  980.797827] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  980.797843] Call Trace:
[  980.797851]  <TASK>
[  980.797861]  dump_stack_lvl+0xfa/0x120
[  980.797916]  should_fail_ex+0x4d7/0x5e0
[  980.797962]  ? copy_process+0x2316/0x73e0
[  980.797986]  should_failslab+0xc2/0x120
[  980.798032]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  980.798068]  ? do_raw_spin_unlock+0x53/0x220
[  980.798104]  ? _raw_spin_unlock+0x1e/0x40
[  980.798139]  ? copy_fs_struct+0x2ab/0x350
[  980.798170]  copy_process+0x2316/0x73e0
[  980.798194]  ? __pfx_perf_trace_lock+0x10/0x10
[  980.798243]  ? __pfx_copy_process+0x10/0x10
[  980.798268]  ? __might_fault+0xe0/0x190
[  980.798303]  ? _copy_from_user+0x5b/0xd0
[  980.798363]  kernel_clone+0xea/0x7f0
[  980.798386]  ? get_pid_task+0xfd/0x250
[  980.798429]  ? __pfx_kernel_clone+0x10/0x10
[  980.798451]  ? perf_trace_lock+0xb5/0x5d0
[  980.798489]  ? find_held_lock+0x2b/0x80
[  980.798524]  ? ksys_write+0x121/0x240
[  980.798562]  ? lock_is_held_type+0x9e/0x120
[  980.798607]  __do_sys_clone3+0x1f5/0x280
[  980.798632]  ? __pfx___do_sys_clone3+0x10/0x10
[  980.798681]  ? __fget_files+0x20d/0x3b0
[  980.798728]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  980.798769]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  980.798811]  ? ksys_write+0x1a3/0x240
[  980.798848]  ? __pfx_ksys_write+0x10/0x10
[  980.798902]  do_syscall_64+0xbf/0x360
[  980.798931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.798958] RIP: 0033:0x7f7b289bfb19
[  980.798979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  980.799003] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  980.799028] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  980.799045] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  980.799061] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  980.799076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  980.799092] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  980.799132]  </TASK>
[  980.854155] sg_write: data in/out 593982219/4 bytes for SCSI command 0x0-- guessing data in;
[  980.854155]    program syz-executor.0 not setting count and/or reply_len properly
13:52:15 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b37, &(0x7f0000000040))

13:52:15 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b3a, &(0x7f0000000040))

13:52:15 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x200, 0x0, 0x0, 0x0, 0xa35, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe01}, 0x0, 0x10, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:52:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000440)={r0, 0x0, 0xfffffffffffffffc, 0x4})
ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000000240)={{'\x00', 0x3}, {0x800}, 0x114, 0x0, 0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)="b93370f1476c49b55ca3103059d13a24ff6731317fa9fe65b9e303b62585bedfec9cf02b51f271cbb3c93e49ff80d96bf80acfba0022e8dc67c406701f31a02316223db575011243ba2b9ae7776a27035f6d419bae9146976dec1bceabefc315e733cea0f42b3db5cd45a9b2dd5b5fbb43a940a6fe6fa8151776de57b6780f", 0x7f, 0x0, &(0x7f0000000140)={0x2, 0xd, {0x1}, 0xc9, "e6b3ad3a407be519dc91b576ee8ba5b26aa8e63296667947425194816143387d1a4c1bb662c8a9d49cd3db03e3a7e4e75073d121af188f88619498d1a867fc64ce6ca594fbce53049482a4d824c9384771f398bd230df65478c147f6e63d9179575481459471dd9998f7c7dc7fc6af3a109f93752a9593961d18d51112f5aad7ea41cebe56094b36ed057b8656247d63a382691a1a964a2a505ebfeebc22c92d8f579dbcc6cc3acb834f63de852f8d2c75c183b064102cd96e5279b9c891b96c31896e8f9c64a77c12"}, 0xe2})
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:52:16 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 21)

13:52:16 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x2c)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
recvmmsg(r1, &(0x7f0000005b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/36, 0x24}], 0x1, &(0x7f00000000c0)=""/185, 0xb9}, 0xfffffeff}, {{&(0x7f0000000300)=@phonet, 0x80, &(0x7f0000000180)=[{&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/65, 0x41}, {&(0x7f0000001400)=""/134, 0x86}], 0x3, &(0x7f00000014c0)=""/139, 0x8b}, 0xff}, {{&(0x7f0000001580)=@nfc, 0x80, &(0x7f00000027c0)=[{&(0x7f0000001600)=""/92, 0x5c}, {&(0x7f0000001680)=""/222, 0xde}, {&(0x7f0000001780)=""/37, 0x25}, {&(0x7f00000017c0)=""/4096, 0x1000}], 0x4, &(0x7f0000002800)=""/186, 0xba}, 0x80000001}, {{0x0, 0x0, &(0x7f0000002980)=[{&(0x7f00000028c0)=""/133, 0x85}], 0x1, &(0x7f00000029c0)=""/60, 0x3c}, 0xffff}, {{&(0x7f0000002a00)=@l2, 0x80, &(0x7f0000003dc0)=[{&(0x7f0000002a80)=""/247, 0xf7}, {&(0x7f0000002b80)=""/8, 0x8}, {&(0x7f0000002bc0)}, {&(0x7f0000002c00)=""/205, 0xcd}, {&(0x7f0000002d00)=""/94, 0x5e}, {&(0x7f0000002d80)=""/4096, 0x1000}, {&(0x7f0000003d80)=""/61, 0x3d}], 0x7}, 0xcad}, {{&(0x7f0000003e40)=@ethernet={0x0, @random}, 0x80, &(0x7f00000042c0)=[{&(0x7f0000003ec0)=""/64, 0x40}, {&(0x7f0000003f00)=""/227, 0xe3}, {&(0x7f0000004000)=""/7, 0x7}, {&(0x7f0000004040)=""/116, 0x74}, {&(0x7f00000040c0)=""/233, 0xe9}, {&(0x7f00000041c0)=""/251, 0xfb}], 0x6}, 0x1}, {{&(0x7f0000004340)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000004600)=[{&(0x7f00000043c0)=""/25, 0x19}, {&(0x7f0000005d80)=""/235, 0xeb}, {&(0x7f0000004500)=""/222, 0xde}], 0x3}, 0x4d4}, {{&(0x7f0000004640)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000005b00)=[{&(0x7f00000046c0)=""/97, 0x61}, {&(0x7f0000004740)=""/156, 0x9c}, {&(0x7f0000004800)=""/197, 0xc5}, {&(0x7f0000004900)=""/4096, 0x1000}, {&(0x7f0000005900)=""/76, 0x4c}, {&(0x7f0000005980)=""/118, 0x76}, {&(0x7f0000005a00)=""/224, 0xe0}], 0x7}, 0x61c0da76}], 0x8, 0x0, 0x0)

13:52:16 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 70)

13:52:16 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x50000)

[  981.102023] FAULT_INJECTION: forcing a failure.
[  981.102023] name failslab, interval 1, probability 0, space 0, times 0
[  981.103838] CPU: 1 UID: 0 PID: 8090 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  981.103876] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  981.103890] Call Trace:
[  981.103898]  <TASK>
[  981.103906]  dump_stack_lvl+0xfa/0x120
[  981.103953]  should_fail_ex+0x4d7/0x5e0
[  981.103993]  ? copy_fs_struct+0x49/0x350
[  981.104014]  should_failslab+0xc2/0x120
[  981.104055]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  981.104086]  ? do_raw_spin_unlock+0x53/0x220
[  981.104116]  ? __asan_memset+0x24/0x50
[  981.104159]  copy_fs_struct+0x49/0x350
[  981.104186]  copy_process+0x302d/0x73e0
[  981.104210]  ? __pfx_perf_trace_lock+0x10/0x10
[  981.104256]  ? __pfx_copy_process+0x10/0x10
[  981.104279]  ? __might_fault+0xe0/0x190
[  981.104310]  ? _copy_from_user+0x5b/0xd0
[  981.104363]  kernel_clone+0xea/0x7f0
[  981.104384]  ? get_pid_task+0xfd/0x250
[  981.104422]  ? __pfx_kernel_clone+0x10/0x10
[  981.104442]  ? perf_trace_lock+0xb5/0x5d0
[  981.104476]  ? find_held_lock+0x2b/0x80
[  981.104507]  ? ksys_write+0x121/0x240
[  981.104544]  ? lock_is_held_type+0x9e/0x120
[  981.104586]  __do_sys_clone3+0x1f5/0x280
[  981.104607]  ? __pfx___do_sys_clone3+0x10/0x10
[  981.104651]  ? __fget_files+0x20d/0x3b0
[  981.104695]  ? fput+0x6a/0x100
[  981.104718]  ? ksys_write+0x1a3/0x240
[  981.104751]  ? __pfx_ksys_write+0x10/0x10
[  981.104791]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  981.104836]  do_syscall_64+0xbf/0x360
[  981.104861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.104884] RIP: 0033:0x7f7b289bfb19
[  981.104902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  981.104923] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  981.104945] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  981.104960] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  981.104973] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  981.104987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  981.105000] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  981.105037]  </TASK>
13:52:16 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x9, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:16 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
truncate(&(0x7f0000000040)='./file0\x00', 0x4)

13:52:16 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b3b, &(0x7f0000000040))

[  981.188207] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  981.188207]    program syz-executor.2 not setting count and/or reply_len properly
[  981.202541] FAULT_INJECTION: forcing a failure.
[  981.202541] name failslab, interval 1, probability 0, space 0, times 0
[  981.204180] CPU: 0 UID: 0 PID: 8096 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  981.204210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  981.204223] Call Trace:
[  981.204231]  <TASK>
[  981.204240]  dump_stack_lvl+0xfa/0x120
[  981.204285]  should_fail_ex+0x4d7/0x5e0
[  981.204325]  ? blk_rq_map_user_iov+0x1fd/0x1180
[  981.204361]  should_failslab+0xc2/0x120
[  981.204400]  __kmalloc_noprof+0xb4/0x4b0
[  981.204442]  blk_rq_map_user_iov+0x1fd/0x1180
[  981.204485]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  981.204518]  ? __pfx___mutex_trylock_common+0x10/0x10
[  981.204552]  ? find_held_lock+0x2b/0x80
[  981.204584]  ? sg_common_write.constprop.0+0xc36/0x1710
[  981.204611]  ? lock_release+0xc8/0x290
[  981.204632]  ? import_ubuf+0x1be/0x220
[  981.204673]  blk_rq_map_user_io+0x1cf/0x200
[  981.204706]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  981.204736]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  981.204779]  ? irq_work_queue+0x9c/0x100
[  981.204808]  ? __asan_memset+0x24/0x50
[  981.204848]  sg_common_write.constprop.0+0xd75/0x1710
[  981.204889]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  981.204917]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  981.204950]  ? ___ratelimit+0x465/0xa10
[  981.204996]  sg_write.part.0+0x6a2/0xb50
[  981.205025]  ? __pfx_sg_write.part.0+0x10/0x10
[  981.205068]  ? __pfx_perf_tp_event+0x10/0x10
[  981.205100]  ? lock_acquire+0x15e/0x2f0
[  981.205129]  ? get_pid_task+0xfd/0x250
[  981.205169]  ? perf_trace_lock+0xb5/0x5d0
[  981.205194]  ? perf_trace_lock_acquire+0xc9/0x700
[  981.205218]  ? avc_policy_seqno+0x9/0x20
[  981.205248]  ? selinux_file_permission+0x99/0x600
[  981.205282]  sg_write+0x86/0xe0
[  981.205308]  vfs_write+0x2b7/0x1150
[  981.205340]  ? __pfx_sg_write+0x10/0x10
[  981.205379]  ? lock_acquire+0x15e/0x2f0
[  981.205401]  ? __fget_files+0x34/0x3b0
[  981.205434]  ? __pfx_vfs_write+0x10/0x10
13:52:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
close(r2)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x6000)=nil, 0x6000, 0x8, 0x110, r3, 0x0)
madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x64)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[  981.205467]  ? __fget_files+0x203/0x3b0
[  981.205499]  ? lock_release+0xc8/0x290
[  981.205527]  ? __fget_files+0x20d/0x3b0
[  981.205574]  ksys_write+0x121/0x240
[  981.205608]  ? __pfx_ksys_write+0x10/0x10
[  981.205655]  do_syscall_64+0xbf/0x360
[  981.205681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.205704] RIP: 0033:0x7fbb63381b19
[  981.205722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  981.205743] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  981.205765] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  981.205780] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  981.205793] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  981.205807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  981.205820] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  981.205857]  </TASK>
[  981.245254] hpet: Lost 1 RTC interrupts
13:52:16 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:52:16 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 22)

[  981.510085] FAULT_INJECTION: forcing a failure.
[  981.510085] name failslab, interval 1, probability 0, space 0, times 0
[  981.511842] CPU: 0 UID: 0 PID: 8117 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  981.511872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  981.511885] Call Trace:
[  981.511893]  <TASK>
[  981.511901]  dump_stack_lvl+0xfa/0x120
[  981.511949]  should_fail_ex+0x4d7/0x5e0
[  981.511990]  ? copy_process+0x66d4/0x73e0
[  981.512011]  should_failslab+0xc2/0x120
[  981.512051]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  981.512085]  ? lock_release+0xc8/0x290
[  981.512117]  copy_process+0x66d4/0x73e0
[  981.512138]  ? __pfx_perf_trace_lock+0x10/0x10
[  981.512181]  ? __pfx_copy_process+0x10/0x10
[  981.512204]  ? __might_fault+0xe0/0x190
[  981.512235]  ? _copy_from_user+0x5b/0xd0
[  981.512280]  kernel_clone+0xea/0x7f0
[  981.512300]  ? get_pid_task+0xfd/0x250
[  981.512346]  ? __pfx_kernel_clone+0x10/0x10
[  981.512366]  ? perf_trace_lock+0xb5/0x5d0
[  981.512405]  ? find_held_lock+0x2b/0x80
[  981.512437]  ? ksys_write+0x121/0x240
[  981.512472]  ? lock_is_held_type+0x9e/0x120
[  981.512514]  __do_sys_clone3+0x1f5/0x280
[  981.512536]  ? __pfx___do_sys_clone3+0x10/0x10
[  981.512580]  ? __fget_files+0x20d/0x3b0
[  981.512623]  ? fput+0x6a/0x100
[  981.512646]  ? ksys_write+0x1a3/0x240
[  981.512680]  ? __pfx_ksys_write+0x10/0x10
[  981.512718]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  981.512765]  do_syscall_64+0xbf/0x360
[  981.512790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.512814] RIP: 0033:0x7f7b289bfb19
[  981.512832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  981.512854] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  981.512876] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  981.512891] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  981.512904] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  981.512918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  981.512931] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  981.512967]  </TASK>
[  981.541955] hpet: Lost 1 RTC interrupts
13:52:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 71)

13:52:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x80000)

13:52:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 23)

13:52:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
fcntl$setstatus(r0, 0x4, 0x40800)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:52:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b3c, &(0x7f0000000040))

13:52:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0xd, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x0, 0x0)

13:52:25 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x6, r0, &(0x7f0000000040)="6732aa436cfc9432801785832fc9080ca806c4923ef2e407c20fcb2f94d3c258dacfd0fd9dd68b99796149cd75515fe86b1e1dae1a2f1410de17fe2ae78c34431205df5e0a2495b7e715c54f99cf3ae678998a4aef6c93044f2fd28ca13c633c697140e9831b660058143e2a7ed9795913b7f6998990000923", 0x79, 0xfffffffffffffbff, 0x0, 0x2, r1}, &(0x7f0000000100))
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[  990.616721] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  990.616721]    program syz-executor.2 not setting count and/or reply_len properly
13:52:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 24)

13:52:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x80002)

13:52:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:52:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b3d, &(0x7f0000000040))

13:52:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x600, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  990.712722] FAULT_INJECTION: forcing a failure.
[  990.712722] name failslab, interval 1, probability 0, space 0, times 0
[  990.713737] CPU: 0 UID: 0 PID: 8148 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  990.713754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  990.713761] Call Trace:
[  990.713766]  <TASK>
[  990.713770]  dump_stack_lvl+0xfa/0x120
[  990.713799]  should_fail_ex+0x4d7/0x5e0
[  990.713821]  ? copy_process+0x6f3d/0x73e0
[  990.713834]  should_failslab+0xc2/0x120
[  990.713855]  kmem_cache_alloc_noprof+0x5f/0x3d0
[  990.713875]  ? __raw_spin_lock_init+0x3a/0x110
[  990.713896]  copy_process+0x6f3d/0x73e0
[  990.713907]  ? __pfx_perf_trace_lock+0x10/0x10
[  990.713931]  ? __pfx_copy_process+0x10/0x10
[  990.713943]  ? __might_fault+0xe0/0x190
[  990.713960]  ? _copy_from_user+0x5b/0xd0
[  990.713985]  kernel_clone+0xea/0x7f0
[  990.713995]  ? get_pid_task+0xfd/0x250
[  990.714017]  ? __pfx_kernel_clone+0x10/0x10
[  990.714027]  ? perf_trace_lock+0xb5/0x5d0
[  990.714045]  ? find_held_lock+0x2b/0x80
[  990.714062]  ? ksys_write+0x121/0x240
[  990.714082]  ? lock_is_held_type+0x9e/0x120
[  990.714106]  __do_sys_clone3+0x1f5/0x280
[  990.714117]  ? __pfx___do_sys_clone3+0x10/0x10
[  990.714141]  ? __fget_files+0x20d/0x3b0
[  990.714165]  ? fput+0x6a/0x100
[  990.714177]  ? ksys_write+0x1a3/0x240
[  990.714195]  ? __pfx_ksys_write+0x10/0x10
[  990.714216]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  990.714241]  do_syscall_64+0xbf/0x360
[  990.714255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  990.714268] RIP: 0033:0x7f7b289bfb19
[  990.714278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  990.714290] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  990.714302] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[  990.714311] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[  990.714318] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[  990.714326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  990.714338] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[  990.714357]  </TASK>
13:52:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 72)

13:52:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b40, &(0x7f0000000040))

13:52:25 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
getdents(r0, &(0x7f00000004c0)=""/237, 0xed)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0x1f, 0x4, 0x20, 0x81, 0x0, 0x66a7, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_bp={&(0x7f00000000c0), 0x1}, 0x11085, 0x8, 0x100, 0x3, 0x1, 0x0, 0x4be, 0x0, 0x9, 0x0, 0x6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect(r1, &(0x7f0000000040)=@ax25={{0x3, @null, 0x7}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default]}, 0x80)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @desc2}, &(0x7f0000000280)={0x0, "d94aec6e7109130b0b52db90fe57dc67dd9eb00943f1f9e82e9fcae08bbc35ca4e7c6b35b9b39faff6d358de7bd2f7d1dbc20603ffe2c2465f51a09b9dc9cb40"}, 0x48, 0xfffffffffffffffe)
r4 = add_key(&(0x7f00000004c0)='id_resolver\x00', &(0x7f0000000740)={'syz', 0x1}, &(0x7f0000000780)="d8", 0x1, 0xffffffffffffffff)
keyctl$search(0xa, r3, &(0x7f0000000680)='asymmetric\x00', &(0x7f00000006c0)={'syz', 0x0}, r4)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000440)={{0xff, 0x1}, 0x0, 0x1000, 0x921d, {0x6, 0x2}, 0x5, 0x80000000})

[  990.835429] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  990.835429]    program syz-executor.2 not setting count and/or reply_len properly
[  990.842610] FAULT_INJECTION: forcing a failure.
[  990.842610] name failslab, interval 1, probability 0, space 0, times 0
[  990.843599] CPU: 0 UID: 0 PID: 8156 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  990.843616] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  990.843624] Call Trace:
[  990.843629]  <TASK>
[  990.843634]  dump_stack_lvl+0xfa/0x120
[  990.843662]  should_fail_ex+0x4d7/0x5e0
[  990.843681]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  990.843705]  ? bio_kmalloc+0x3e/0x70
[  990.843725]  should_failslab+0xc2/0x120
[  990.843747]  __kmalloc_noprof+0xb4/0x4b0
[  990.843765]  ? trace_kmalloc+0x1f/0xb0
[  990.843776]  ? __kmalloc_noprof+0x215/0x4b0
[  990.843796]  bio_kmalloc+0x3e/0x70
[  990.843816]  blk_rq_map_user_iov+0x390/0x1180
[  990.843840]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  990.843858]  ? __pfx___mutex_trylock_common+0x10/0x10
[  990.843878]  ? find_held_lock+0x2b/0x80
[  990.843895]  ? sg_common_write.constprop.0+0xc36/0x1710
[  990.843910]  ? lock_release+0xc8/0x290
[  990.843921]  ? import_ubuf+0x1be/0x220
[  990.843943]  blk_rq_map_user_io+0x1cf/0x200
[  990.843961]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  990.843977]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  990.844000]  ? irq_work_queue+0x9c/0x100
[  990.844016]  ? __asan_memset+0x24/0x50
[  990.844038]  sg_common_write.constprop.0+0xd75/0x1710
[  990.844059]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  990.844075]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  990.844093]  ? ___ratelimit+0x465/0xa10
[  990.844118]  sg_write.part.0+0x6a2/0xb50
[  990.844133]  ? __pfx_sg_write.part.0+0x10/0x10
[  990.844156]  ? __pfx_perf_tp_event+0x10/0x10
[  990.844174]  ? lock_acquire+0x15e/0x2f0
[  990.844189]  ? get_pid_task+0xfd/0x250
[  990.844212]  ? perf_trace_lock+0xb5/0x5d0
[  990.844226]  ? perf_trace_lock_acquire+0xc9/0x700
[  990.844239]  ? avc_policy_seqno+0x9/0x20
[  990.844255]  ? selinux_file_permission+0x99/0x600
[  990.844273]  sg_write+0x86/0xe0
[  990.844287]  vfs_write+0x2b7/0x1150
[  990.844306]  ? __pfx_sg_write+0x10/0x10
[  990.844319]  ? lock_acquire+0x15e/0x2f0
[  990.844335]  ? __fget_files+0x34/0x3b0
[  990.844354]  ? __pfx_vfs_write+0x10/0x10
[  990.844372]  ? __fget_files+0x203/0x3b0
[  990.844389]  ? lock_release+0xc8/0x290
[  990.844404]  ? __fget_files+0x20d/0x3b0
[  990.844429]  ksys_write+0x121/0x240
[  990.844447]  ? __pfx_ksys_write+0x10/0x10
[  990.844472]  do_syscall_64+0xbf/0x360
[  990.844486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  990.844500] RIP: 0033:0x7fbb63381b19
[  990.844510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  990.844521] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  990.844534] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  990.844542] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  990.844549] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  990.844557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  990.844564] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  990.844583]  </TASK>
13:52:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 25)

13:52:34 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
renameat(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00')

13:52:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b41, &(0x7f0000000040))

13:52:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 73)

13:52:34 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = syz_open_pts(r0, 0x40c9c2)
ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000040)={{r4}, 0xff, 0x40})
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:52:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x900, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:34 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
setsockopt$inet_int(r1, 0x0, 0x22, &(0x7f0000000040)=0x3, 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev={0xfe, 0x80, '\x00', 0x26}, 0x4e20, 0x9, 0x4e20, 0x0, 0x2, 0xa0, 0xa0, 0x29, 0x0, r3}, {0x4, 0xd0b, 0x10001, 0xfff, 0x9684, 0x101, 0x7a, 0x200}, {0x100, 0xfffffffffffffffd, 0xffffffff, 0x6b}, 0x6ed5e8d4, 0x6e6bb0, 0x1, 0x1, 0x2, 0x2}, {{@in6=@mcast1, 0x4d6, 0xff}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x2, 0x1, 0x4, 0x1, 0x3, 0x5}}, 0xe8)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r4, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)={@loopback, @remote, 0x0, 0x1, [@broadcast]}, 0x14)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, '\x00', 0x44}, 0x1ff}, {0xa, 0x9, 0x0, @mcast2, 0x20}, 0x1, [0x400, 0xfffffff8, 0x1, 0x4, 0xa951, 0x5, 0x7, 0x1000]}, 0x5c)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:52:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x200000)

13:52:34 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x381, 0x40, 0x2b6, 0x6fde, {{0x12, 0x4, 0x0, 0x13, 0x48, 0x68, 0x0, 0x3, 0x2f, 0x0, @rand_addr=0x64010100, @loopback, {[@ra={0x94, 0x4}, @cipso={0x86, 0x23, 0x2, [{0x6, 0x2}, {0x2, 0x3, '\b'}, {0x0, 0x9, "85bd9af7611880"}, {0x6, 0xf, "4305778e696dc052d52464666a"}]}, @generic={0x83, 0x3, "a2"}, @rr={0x7, 0x7, 0xc5, [@dev={0xac, 0x14, 0x14, 0xd}]}]}}}}})

[  999.629739] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  999.629739]    program syz-executor.2 not setting count and/or reply_len properly
13:52:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0xd00, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b44, &(0x7f0000000040))

13:52:34 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e6f2b30ebed48000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffe800000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900"/288], 0x120)

13:52:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 74)

13:52:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xc9ffff)

13:52:34 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x40, 0x23, 0x8, 0x80, 0x0, 0x80000001, 0x10000, 0x11, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_bp={&(0x7f0000000080), 0x4}, 0x40210, 0x80, 0x7, 0x3, 0x2, 0x80000001, 0xff, 0x0, 0xadef, 0x0, 0x2b}, 0xffffffffffffffff, 0x3, r1, 0x0)
r2 = fsmount(r0, 0x0, 0x0)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:52:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 26)

[  999.864158] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[  999.864158]    program syz-executor.2 not setting count and/or reply_len properly
13:52:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0xfdfd, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[  999.878118] FAULT_INJECTION: forcing a failure.
[  999.878118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  999.879864] CPU: 0 UID: 0 PID: 8211 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[  999.879892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  999.879905] Call Trace:
[  999.879912]  <TASK>
[  999.879919]  dump_stack_lvl+0xfa/0x120
[  999.879960]  should_fail_ex+0x4d7/0x5e0
[  999.879996]  _copy_from_iter+0x1dc/0x15b0
[  999.880030]  ? __pfx_perf_trace_lock+0x10/0x10
[  999.880051]  ? lock_is_held_type+0x9e/0x120
[  999.880086]  ? __pfx__copy_from_iter+0x10/0x10
[  999.880119]  ? find_held_lock+0x2b/0x80
[  999.880146]  ? __create_object+0x59/0x80
[  999.880168]  ? lock_release+0xc8/0x290
[  999.880189]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  999.880228]  copy_page_from_iter+0xe3/0x180
[  999.880264]  bio_copy_from_iter+0x108/0x270
[  999.880298]  blk_rq_map_user_iov+0xc07/0x1180
[  999.880342]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  999.880370]  ? __pfx___mutex_trylock_common+0x10/0x10
[  999.880397]  ? find_held_lock+0x2b/0x80
[  999.880422]  ? sg_common_write.constprop.0+0xc36/0x1710
[  999.880445]  ? lock_release+0xc8/0x290
[  999.880462]  ? import_ubuf+0x1be/0x220
[  999.880495]  blk_rq_map_user_io+0x1cf/0x200
[  999.880523]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  999.880547]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  999.880582]  ? irq_work_queue+0x9c/0x100
[  999.880611]  ? __asan_memset+0x24/0x50
[  999.880647]  sg_common_write.constprop.0+0xd75/0x1710
[  999.880697]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  999.880734]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  999.880776]  ? ___ratelimit+0x465/0xa10
[  999.880814]  sg_write.part.0+0x6a2/0xb50
[  999.880838]  ? __pfx_sg_write.part.0+0x10/0x10
[  999.880874]  ? __pfx_perf_tp_event+0x10/0x10
[  999.880901]  ? lock_acquire+0x15e/0x2f0
[  999.880925]  ? get_pid_task+0xfd/0x250
[  999.880959]  ? perf_trace_lock+0xb5/0x5d0
[  999.880981]  ? perf_trace_lock_acquire+0xc9/0x700
[  999.881001]  ? avc_policy_seqno+0x9/0x20
[  999.881026]  ? selinux_file_permission+0x99/0x600
[  999.881055]  sg_write+0x86/0xe0
[  999.881076]  vfs_write+0x2b7/0x1150
[  999.881103]  ? __pfx_sg_write+0x10/0x10
[  999.881124]  ? lock_acquire+0x15e/0x2f0
[  999.881142]  ? __fget_files+0x34/0x3b0
[  999.881170]  ? __pfx_vfs_write+0x10/0x10
[  999.881198]  ? __fget_files+0x203/0x3b0
[  999.881224]  ? lock_release+0xc8/0x290
[  999.881248]  ? __fget_files+0x20d/0x3b0
[  999.881286]  ksys_write+0x121/0x240
[  999.881314]  ? __pfx_ksys_write+0x10/0x10
[  999.881354]  do_syscall_64+0xbf/0x360
[  999.881377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  999.881396] RIP: 0033:0x7fbb63381b19
[  999.881411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  999.881429] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  999.881448] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[  999.881460] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[  999.881472] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[  999.881483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  999.881494] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[  999.881525]  </TASK>
[  999.920791] hpet: Lost 1 RTC interrupts
13:52:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b45, &(0x7f0000000040))

13:52:47 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 75)

13:52:47 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b46, &(0x7f0000000040))

13:52:47 executing program 3:
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r0=>0x0}, &(0x7f0000000080)=0xc)
r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0xa}}, r0, 0x5, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000100)=ANY=[@ANYBLOB="010000800100000018000000", @ANYRES32=<r3=>r1, @ANYBLOB="03000000000000002e2f66696c653100"])
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xc9, 0x8, 0x9, 0x94, 0x0, 0x1, 0x2040, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x10001, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0xe2, 0x57, 0x8, 0x1, 0x8df4, 0xc3e9, 0x1dcc, 0x0, 0x3, 0x0, 0x608dd6a3}, r0, 0x10, r3, 0x9)

13:52:47 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000080)={0x100, 0xffff2325, 0x4, 0x0, 0x0, "48ce76495307f6a32d0682ad6b24b65c391856", 0x7, 0x10})
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r3 = dup2(r2, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/288], 0x120)

13:52:47 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x1000000)

13:52:47 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0xffff, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:47 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 27)

[ 1012.255009] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1012.255009]    program syz-executor.2 not setting count and/or reply_len properly
[ 1012.259653] FAULT_INJECTION: forcing a failure.
[ 1012.259653] name failslab, interval 1, probability 0, space 0, times 0
[ 1012.260774] CPU: 0 UID: 0 PID: 8240 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1012.260795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1012.260805] Call Trace:
[ 1012.260811]  <TASK>
[ 1012.260817]  dump_stack_lvl+0xfa/0x120
[ 1012.260851]  should_fail_ex+0x4d7/0x5e0
[ 1012.260880]  ? blk_rq_map_user_iov+0x1fd/0x1180
[ 1012.260900]  should_failslab+0xc2/0x120
[ 1012.260931]  __kmalloc_noprof+0xb4/0x4b0
[ 1012.260960]  blk_rq_map_user_iov+0x1fd/0x1180
[ 1012.260989]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1012.261013]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1012.261037]  ? find_held_lock+0x2b/0x80
[ 1012.261060]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1012.261079]  ? lock_release+0xc8/0x290
[ 1012.261093]  ? import_ubuf+0x1be/0x220
[ 1012.261122]  blk_rq_map_user_io+0x1cf/0x200
[ 1012.261144]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1012.261165]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1012.261194]  ? irq_work_queue+0x9c/0x100
[ 1012.261215]  ? __asan_memset+0x24/0x50
[ 1012.261242]  sg_common_write.constprop.0+0xd75/0x1710
[ 1012.261270]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1012.261290]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1012.261313]  ? ___ratelimit+0x465/0xa10
[ 1012.261349]  sg_write.part.0+0x6a2/0xb50
[ 1012.261369]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1012.261399]  ? __pfx_perf_tp_event+0x10/0x10
[ 1012.261422]  ? lock_acquire+0x15e/0x2f0
[ 1012.261441]  ? get_pid_task+0xfd/0x250
[ 1012.261470]  ? perf_trace_lock+0xb5/0x5d0
[ 1012.261487]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1012.261504]  ? avc_policy_seqno+0x9/0x20
[ 1012.261525]  ? selinux_file_permission+0x99/0x600
[ 1012.261549]  sg_write+0x86/0xe0
[ 1012.261567]  vfs_write+0x2b7/0x1150
[ 1012.261591]  ? __pfx_sg_write+0x10/0x10
[ 1012.261608]  ? lock_acquire+0x15e/0x2f0
[ 1012.261623]  ? __fget_files+0x34/0x3b0
[ 1012.261647]  ? __pfx_vfs_write+0x10/0x10
[ 1012.261670]  ? __fget_files+0x203/0x3b0
[ 1012.261703]  ? lock_release+0xc8/0x290
[ 1012.261723]  ? __fget_files+0x20d/0x3b0
[ 1012.261755]  ksys_write+0x121/0x240
[ 1012.261779]  ? __pfx_ksys_write+0x10/0x10
[ 1012.261812]  do_syscall_64+0xbf/0x360
[ 1012.261830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1012.261846] RIP: 0033:0x7fbb63381b19
[ 1012.261858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1012.261873] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1012.261889] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1012.261900] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1012.261909] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1012.261919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1012.261928] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1012.261953]  </TASK>
[ 1012.286023] FAULT_INJECTION: forcing a failure.
[ 1012.286023] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1012.286300] hpet: Lost 1 RTC interrupts
[ 1012.287312] CPU: 1 UID: 0 PID: 8244 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1012.287350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1012.287364] Call Trace:
[ 1012.287372]  <TASK>
[ 1012.287381]  dump_stack_lvl+0xfa/0x120
[ 1012.287427]  should_fail_ex+0x4d7/0x5e0
[ 1012.287470]  should_fail_alloc_page+0xe0/0x110
[ 1012.287514]  prepare_alloc_pages+0x1af/0x500
[ 1012.287539]  ? __is_insn_slot_addr+0x140/0x290
[ 1012.287582]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[ 1012.287618]  ? unwind_get_return_address+0x59/0xa0
[ 1012.287656]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1012.287696]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1012.287729]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1012.287765]  ? perf_trace_lock+0xb5/0x5d0
[ 1012.287807]  ? do_raw_spin_lock+0x123/0x260
[ 1012.287840]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1012.287870]  ? policy_nodemask+0xeb/0x4e0
[ 1012.287906]  alloc_pages_mpol+0xed/0x340
[ 1012.287938]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1012.287969]  ? pcpu_obj_full_size+0x3c/0x90
[ 1012.287999]  ? pcpu_alloc_noprof+0x12d/0x1140
[ 1012.288037]  alloc_pages_noprof+0xa1/0x380
[ 1012.288071]  pgd_alloc+0x4d/0x610
[ 1012.288111]  mm_init+0x6ff/0x1190
[ 1012.288157]  copy_process+0x6f91/0x73e0
[ 1012.288180]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1012.288225]  ? __pfx_copy_process+0x10/0x10
[ 1012.288249]  ? __might_fault+0xe0/0x190
[ 1012.288282]  ? _copy_from_user+0x5b/0xd0
[ 1012.288330]  kernel_clone+0xea/0x7f0
[ 1012.288351]  ? get_pid_task+0xfd/0x250
[ 1012.288393]  ? __pfx_kernel_clone+0x10/0x10
[ 1012.288414]  ? perf_trace_lock+0xb5/0x5d0
[ 1012.288451]  ? find_held_lock+0x2b/0x80
[ 1012.288485]  ? ksys_write+0x121/0x240
[ 1012.288522]  ? lock_is_held_type+0x9e/0x120
[ 1012.288567]  __do_sys_clone3+0x1f5/0x280
[ 1012.288591]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1012.288638]  ? __fget_files+0x20d/0x3b0
[ 1012.288684]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1012.288727]  ? ksys_write+0x1a3/0x240
[ 1012.288764]  ? __pfx_ksys_write+0x10/0x10
[ 1012.288816]  do_syscall_64+0xbf/0x360
[ 1012.288843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1012.288867] RIP: 0033:0x7f7b289bfb19
[ 1012.288886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1012.288910] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1012.288933] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1012.288950] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1012.288965] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1012.288980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1012.288994] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1012.289032]  </TASK>
[ 1012.326622] hpet: Lost 1 RTC interrupts
13:52:47 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x1f, 0x81, 0x5, 0x5, 0x0, 0x52f3, 0x42080, 0xd, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x7, 0x1, @perf_config_ext={0xa5, 0x7fff}, 0x4040, 0x3ff, 0x749, 0x0, 0x0, 0x8, 0x6, 0x0, 0x1, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0x7)

13:52:47 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b47, &(0x7f0000000040))

13:52:47 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x20}}, 0x20)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000080))
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0xa8900, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
dup3(r0, r4, 0x80000)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x6})

13:52:58 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 28)

13:52:58 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SG_IO(r3, 0x2285, 0x0)
syz_open_dev$sg(&(0x7f0000000040), 0x100000000, 0x4a00)
write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000700000000000000000000000000000000000000000000000000000000000034b1b34e9eacbfe627996500"/288], 0x120)

13:52:58 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b48, &(0x7f0000000040))

13:52:58 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2000000)

13:52:58 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:58 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 76)

13:52:58 executing program 3:
write$binfmt_elf32(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46070601030900000000000000ad35060099990000e503000038000000fa010000070000004000200001000700ff7f7f000000000006000000000000003663000027000000ff0f00000100000000000001ba4700000910789107c72cff5284188f264291473b3025505a83c46c6cd97194e56bd3cc6183768062a0ab3da023146e109137a7f8c675b2bf369f3d1a490000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084a6f9036fc23a7600"/905], 0x392)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x75, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x3}, 0x40100}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000000))
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[ 1023.243877] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1023.243877]    program syz-executor.2 not setting count and/or reply_len properly
13:52:58 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b49, &(0x7f0000000040))

13:52:58 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 29)

13:52:58 executing program 0:
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000001440)=[0x9, 0x3f])
r0 = accept4(0xffffffffffffffff, &(0x7f0000001740)=@rc={0x1f, @none}, &(0x7f00000017c0)=0x80, 0x0)
semctl$SEM_INFO(0xffffffffffffffff, 0x2, 0x13, &(0x7f0000001800)=""/4096)
r1 = accept(r0, &(0x7f0000000080)=@l2, &(0x7f0000000100)=0x80)
r2 = dup2(r1, 0xffffffffffffffff)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f0000002800))
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r6 = dup2(r5, r3)
write$binfmt_aout(r6, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r6, 0x2285, 0x0)
ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000001480)=0x1)
ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f0000000140))
ioctl$EVIOCGMASK(r6, 0x80104592, &(0x7f0000000040)={0x1, 0x1000, &(0x7f0000000440)="f50f58d1f9e042ebf0b74061dbe8dd5634c2b808cb787ba9e8da925b8d346198a15d360844e048fc2c57842bfd2ab2e59ae61748b3e05a7ae99eb97c61f0a15b6fe7874516d67b9199c1c54efa5daf8f31852172d31295d1289c7fefa3096cb2f62f7232b3cc3e489eead15d96be4c9b73978b90195b6a5cb45702f357938d5633ce963693e25c0b8c8adccf902421ee19bfceab4e7e60f0e6cb5de04eb8f786d07989e36b39ea4d2f5e62693f2b108cc21fad4410e65ed98629557abe4e05495d179b07490fb7e2621283ede0c3c7b98a0735cb7f07de79202a21a921c8644efb6c33516bc29121c47d72de0f31f4c5f80e4e98879564ffb4eb8a9488ff098ff79c86979c3f6bfade965bd78146dc6a5be8f6c6d559c611b9ca05abd319351c97c46bd14bd227a5e83493b6d7bee0b0df67aec3c00ca8fcadc5d28fd858cb5782d49f20ef889c0cee1b44678ce3f9688d0884429556fddaa93e80edad5119e83573d7d64f1996f1c55ccc073843fecb32bcb0d38d9cb4c4fed3f477cab3428eeabc47ce33d58713a8b189639dbbe529616a0a2999eb6aaf8de3abad631eb4b8132d29ada29cb87593c456cc349635cc0ec11303ecd83a8814af65e16ea3c21a7229bb7f0f97945b8a6ccf65ed38a5d8950aa4109c6ebe91911e33008adc9ac7713ef5c755e82a8d80c3a772ca9cb8a21f6b81d884af49e0288b61ea2b6df699cf356594fe169b70ffd2fd42354bcc6fdf2a8a97b3282376cc6a9dcbf54543cb20e34f7c98423a1deb004680f6b4bc0f8f0d5ced8f9497cc535717ccee8d80440e185dfeb317ace5351d6288d50431b2bf3d835ca1fbbd7486fe5d1ca43900ef77e6da7e23d841ee91e9a05cd58aa84eabed7ca24ecbc27fcc58b75a3c9adb9f2869c4f5b4d598e01c82fff1a27d99dd750205faaf8d4f71b1612deb543f175511e8b020ff147c04705331a60a13aee63d34a0fdbf376ee11213b3f9d5a1492bfc80f4c7d02a21d973e60dfc9fba3f35b1feb9d5da7af448b28d5f26f97b8fd8a72c4037f3f97a4a1c6dedc324abcbb48740e94445b6d91059dda4f52ac122891ba84fed126ffc783f8bf4a1153bf9b8b97d7a767b5cf0229a554dbb913a942a867a32d4a66b0b868850577d8fbdfeced255afcf8376bb5b480ca967495a02b77cc25fc8b020b65c4ac63526fde35278525db1e494181760d0c0b2ea88de93284f46d5209c0cf59c0be2d5df6380a45bd76eacafd7e9eafbb8979474750ba73f1316bfc8757570aab3600f8f181c4bba06d72d84015cd145a6ee11d84a6dd41cb11523f4834b9a3e8cf6c9bacf4ea7a45e952a4676fdef2542f041dff824fbe35a140bf0165629333ddf1bec3cd46c7ce8ad54816384ef1fad685dd7b0e1492af2f8ccecaa628d9cfa3cf1fde2dfa5f043b155da225ea8072dc71a51e2d963dfe2b1ee8be1fe2c6dd5afaad88c5f8e314a2fab3bc64cf81028a56c6345d7566ce174fc890d0fb77a8e69bb3bf436132a342a8bce4264fd9ca4bc51e25a2a84700cc81c05b8ad043b1ff07f730402fc2223fe9be477f900dfe7abb06193f47d22aeb8f1affb2f891733ce03e735554d7253d9dd8849bf83c106a8aecb24a74cc43f27eb44f11207d5fbff188b29321b364c6f034e5d0c42c402ca2cfd1c996159d364d5e19cae4207630877e6dc7b20945a3571c4ef40c0213cea136df4cf3d1f8a38134d1eb8eb800fe34d166aa073a7d1d7b759bbd8d5f58bf5395786177394e5aca20857fb640ba1ac59ff5549bfbf2cf7f37c7af9d33ffd2828453cfa34b6d9f3d254ef9e62185b5e6d256490c0a01482aeadc34fdf3e8089a8807ad58b8ab13ff67c66e8266bf635a10c1d850d076a9b4ad70301586a08ed90b4b6830fba5675617fc8bdae190a9280768d25df0cb0f60c62bb91be5d19c3e6a935278b18ca73ebad537372406adc4dc69d8dac369f282e6c0cec51236d818a9422ca7fd4ed85ae83f454460c125e253d8822751e1aeff66ebbac6e50e2a56762e52cea97f8ab38b36e14698c8a38f02ae16f12b3b784496afab40e13c715f2ffc56fa46fda2f550ed0e4dccb0312c976ee982b158e36e8eb3709b3a418a357c22211df86bd90a02ccf2c8388559a845174d2d27a6b1331a46529410afab384a46d2a6670d44feb76c814386035c6e2f793e49e934c03394851dec4a5099c3e654960741ab51f72c404ec821c1d9c75e554e651733806c059005507d3d3540d51ee67afff003788f439909d53a7f9ea73945b74536cab4f84dd70c5dbe125e4624ff105c1bd9e82ed60e7fe930cc39c7209c358d64776afb2fa4b849ae5d63f929ef3f98eab9cb23b7cc467df8d29bc7ecb35f4b4ff7954f1e8f1f1ebc8634080680d9382e636f4ae1cbfe88d4061196b64e24e0e95948fafad6ff350383b99841e5e91c06ca934459983cc42e1cafd285513e2f749b7b79ecd54a5e373b2dded1d3a5c6b3c797bd9fe3fdeaea4302e80f53d472cf6c1defd3911f185538198a1ebd52ca5df41f4ce53a830a413719a611f8dbec0a64613dab68836754a4934d6c6d00429cc5f5158003c5fd38856b3a806bc0745f16d782e9ddae20e1257f4fcfdc77b3720da0f18556460a97f2d53639aad27dcf7f3b302ee0dd09b7bcf3e276dc9124d463eff3e223f89203a4f4a49f3109219446b4c453c40257f1cb5431648954e0a153ef2159a20b77ad086e25d17abfb6429f673b53dd52f6fcd1ddd7202daf04a2a61f81cae960bfb7d48dacda648194479f399b040da1d0151260b4e93f0fa19818141e3231faf5e2d86013611ca9530e99a164031eba63ac36c5e1ff3d4e7d07df73babf31461b84198f065109358765a33e836866c8fc0530b9214addfd540d82e754c12a29e7bbd44ab7910fd89e32928abef8262bbf7ba06715fd0c4fd98effc54e4be93533a8714bf226ff1e5935fb44b8961b4e07777e019d5b9e543c5d5919a485a206338a896a869cecf42e74b517f7541966f5a5c04d1c18d011efb2be2697b17266e06615dc7d10b0c5c5e508087511de6e492bc79b593a9672a4838b6305132bf5c431c929a97fd9a088610d697f36aa2f38aceddd7d0c4c7abfc9bb1ebad46da28d768b79072ce762d5df679e5d68d7372ec2162ab2abfab09d6e2fbe0f9983e6e2ac4ed991512ebc6428f30333c2fa7b994356c189f290b5941cc9cd6920599ca33637feb2955e788e749d2e9239de5ff291c81185872a3163fad4fe204f66efad0226d77f7f6fbed6ad467de22bc06f3d7b756c8cad8a2bef68c5e6d45724fa49dc2b72ec672b3bb4750a69b22396476c6ec6401dd5dcb5c220ddb8d49c9406284a8a6610e1301123a86b38fd3594ba5b6ba4138943efa7521284020d21d723b82ccf665f14f4bc1c4423fbd20034d9bb94f96348da2103528bea2d9888d7cba6de86f21bb50b1ad1cb5b1e5cd2b14cd6e9a108e975f78d1286120eeed57ca4b73b82240727deca3a3ef4fb4d9bb1776a3a6a7defe3be0c3749cf5b808161693ad3c6bab9f3a51c44d422f401d39bebe8bdf0804e1aa60f5dc808246ce5de6218a1b17c9304b24708338405213683408975141f2ed044532b24842ef97b9a8e17d72f64fbfa08ce78f32460022df13704bf72dbc0ae7f1146fec164b01416b64205db88cda946ed2a890a39e9f301989680921d7219b5a83393e8b528f369a1db85fdcca1171b642b755f51214b65901b6903aba0eeee841ea68fc00a276f8c763fb66ba4991c8de9e49d42fa235d869f6893e5636b54ce4b0c196237cb4578723cd0eb9a37f87a395dd0a2c3b3c6ef3314d0245dba1947682ae50f93fed8e4d760543795d67a15f1d7ae1953084c725a87889e3ce739ce7cf8659cbcb00291dd8006d78ea0a973f14f52347d5effba84f26f1ff55076499fd04728073dd9601da1d7a9f017bb2e706b21875b0705171f067f2e88ef8f7200b3523ed99ee900b714fe2b3c06432a2282c2d187c0a2c9502df1e200e6aaa63ca8a134098614e3d34399042cef6ae33a4a01f537aa8fb00998d7658b6e6eeb09f446735a338fa4dece7f54b2c092441cd0b28aef07436c3393978353db587f5ef0637fa0883b02923240832b109dc531652471ebca86acf7eb9c43093eb4fbf6bfdb719a1f2d9762caeb705c8e9719335575db95ce02b1e7387ceec166edbaab0706a53f57c9ff39bd7ae1058dcb3cefd363e24538b934507b73ed7b858dcc2885d9ab4b2a2bf4af29edd7a331a3460290e437acf189ce26c6e35fb1afa3fc0fdb7cfacd451a96891bf48ac4f06b4804fafe93fac87aa059ceaac11ff7a4ddb4826a105cd7bbbc42913a865667a9b9a105be9fca8b06533b2182de0eea127a63f1ee5352f939ed9d16d8bbd5a602ff7a5f9cb317a561fd91d3d3e72ec2feb8ab427e6eeb061ca851bb157a7a4db5671e8df977b9dd841929e2ddae24f723cd78a0ffbbf689956b336308937d5c99d1628360759da1cf3fc2150e01319a21e4b3f2d9d4860280d8b2d37469fc501bef74f0e9b564aba7b41804d85d9a0236daad2c0a9ecf0f6fee37e5052e05dcdb193ffa6827f0a4e7d5684d692bcff411e9d37f937e09b4b52f6406d72886881367b0b5d8c3de98b0cb6d330f513307ffee522c032bf2e26a0bfaf7b27d87aa29dd49d08e30be94345dab69404234de37d372fa0a9282d3bd4200bdf640979a0da6a5629bbd28a95a1633cb3f777d902626a206a26b4fdd2cd3d34209017ea86e03c9c6265bb242a3bee00c26de0c4bff92cfc187a3e0e1158f9f697dc3fed9f16f13ccd9d975e01d2bbed0e9ae69f9cfc62a60bcd306a2ee3b2e180e09b4782156404b82877ca942e5893545097a2802c67a03b779fba285a2835b193ae09c7d6c3ec5f8018f05c29a718a390fd85b3b15d3cb7443f8f450768297599b2e3c5653ab6fa6f9a6126ba371df7858f96e5c2a09a37a18b02ba77a07a8c0843c6db9435f07e18f489051bd1b0059d0573b840a178c3772e2fc20238648b35bdfda113343c7f798fa05a4514477e673e47564c4e44085cd8878836e0b264a55c0001b27b6d6dc4fcb3c080dcd849b71c61556363c8f1de6e7449df93021a2e2a910d638c7964e5f5cd9ab439ab6a1bab112a46def36c0f3a0dce93cdad486fbce7794049dce55827c5b816f4e4a2a9dcba3a7b5f18ded36a121ac6fcce967300613b360dbd900876e0cf6296ca0f61cf3c6f295483e9ed570a686e00c61f12abf7d178d2616c6cf1f6da017765732380ddf5518bead24d3079bbe144596f4b35d9db25993dd332e118d0d7a6960458e9251f9cef49b1bad733b7daf167a62e5b5933fbebd7a1907ba7f5b798f15aa022e5e527d3628dc6791c96904809f7a4630731b090af1419c1e9ab048286ea65d6e16b4ce6f4e66b6a869f3dc3649a5fc50bf8ea4cf5c788662704dfbab74521a49e1f9fe974a44d5f4806b7c1494ad1209e98d16ec1542ec7fa8100b3c4f72e5eaa90f2854dab24131c6e5a64b5d342964daffee4e6d777f87e52a94962b26cbda064b06fe9850e85629ad922d448ac227c95a5d289d3b05d00b37e03afc50d4c03c3a55777e4440548ae0c96b65b264c551dabc5b7e9a4128246566ec333ffd76af1fe74eadcaa7a034ed4f80e42b31120f4e78e588769ab324c76cf53f356ead1d53ecca50b039c10fb82b927779f9f6b3a84a0a77129846c61106e46b83ed1db869b9c264e404ba3011dec4a8508aaeabca81332e3a6b7d5453ea8ec99f52916b98fed47"})
recvmsg$unix(r6, &(0x7f0000001700)={&(0x7f00000014c0), 0x6e, &(0x7f00000015c0)=[{&(0x7f0000001540)=""/90, 0x5a}], 0x1, &(0x7f0000001600)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc8}, 0x102)
write$binfmt_aout(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00"/288], 0x120)

13:52:58 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2000800)

13:52:58 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 77)

13:52:58 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:58 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b4a, &(0x7f0000000040))

13:52:58 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
lseek(r0, 0x6, 0x2)

[ 1023.407832] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1023.407832]    program syz-executor.2 not setting count and/or reply_len properly
[ 1023.419758] FAULT_INJECTION: forcing a failure.
[ 1023.419758] name failslab, interval 1, probability 0, space 0, times 0
[ 1023.420886] CPU: 1 UID: 0 PID: 8303 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1023.420903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1023.420912] Call Trace:
[ 1023.420916]  <TASK>
[ 1023.420921]  dump_stack_lvl+0xfa/0x120
[ 1023.420948]  should_fail_ex+0x4d7/0x5e0
[ 1023.420967]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1023.420996]  ? bio_kmalloc+0x3e/0x70
[ 1023.421021]  should_failslab+0xc2/0x120
[ 1023.421046]  __kmalloc_noprof+0xb4/0x4b0
[ 1023.421070]  ? trace_kmalloc+0x1f/0xb0
[ 1023.421082]  ? __kmalloc_noprof+0x215/0x4b0
[ 1023.421102]  bio_kmalloc+0x3e/0x70
[ 1023.421123]  blk_rq_map_user_iov+0x390/0x1180
[ 1023.421148]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1023.421166]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1023.421186]  ? find_held_lock+0x2b/0x80
[ 1023.421204]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1023.421220]  ? lock_release+0xc8/0x290
[ 1023.421231]  ? import_ubuf+0x1be/0x220
[ 1023.421254]  blk_rq_map_user_io+0x1cf/0x200
[ 1023.421272]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1023.421288]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1023.421312]  ? irq_work_queue+0x9c/0x100
[ 1023.421333]  ? __asan_memset+0x24/0x50
[ 1023.421355]  sg_common_write.constprop.0+0xd75/0x1710
[ 1023.421377]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1023.421392]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1023.421411]  ? ___ratelimit+0x465/0xa10
[ 1023.421436]  sg_write.part.0+0x6a2/0xb50
[ 1023.421452]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1023.421469]  ? perf_trace_lock+0xb5/0x5d0
[ 1023.421485]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1023.421502]  ? lock_acquire+0x15e/0x2f0
[ 1023.421515]  ? perf_trace_lock+0xb5/0x5d0
[ 1023.421526]  ? find_held_lock+0x2b/0x80
[ 1023.421543]  ? get_pid_task+0xfd/0x250
[ 1023.421566]  ? perf_trace_lock+0xb5/0x5d0
[ 1023.421580]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1023.421593]  ? avc_policy_seqno+0x9/0x20
[ 1023.421610]  ? selinux_file_permission+0x99/0x600
[ 1023.421628]  sg_write+0x86/0xe0
[ 1023.421642]  vfs_write+0x2b7/0x1150
[ 1023.421660]  ? __pfx_sg_write+0x10/0x10
[ 1023.421674]  ? lock_acquire+0x15e/0x2f0
[ 1023.421685]  ? __fget_files+0x34/0x3b0
[ 1023.421704]  ? __pfx_vfs_write+0x10/0x10
[ 1023.421722]  ? __fget_files+0x203/0x3b0
[ 1023.421739]  ? lock_release+0xc8/0x290
[ 1023.421754]  ? __fget_files+0x20d/0x3b0
[ 1023.421779]  ksys_write+0x121/0x240
[ 1023.421808]  ? __pfx_ksys_write+0x10/0x10
[ 1023.421835]  do_syscall_64+0xbf/0x360
[ 1023.421849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.421862] RIP: 0033:0x7fbb63381b19
[ 1023.421872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1023.421884] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1023.421897] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1023.421905] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1023.421912] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1023.421919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1023.421927] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1023.421946]  </TASK>
13:52:58 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x1)
write(r2, &(0x7f0000000040)="43a319e3731b5708195b0e1128dd0a2f7cee3d1a7f4faa3b49fc6a0f54463354e2b52009f3824f7e362458d2811acd9fd97d5d9db8311ed1b2cb85d4f6bf33cc91ef5cb416448633b6f2a993cb66262cac4b5b918160f06e65ce5dfd2efbf7af4758185e8a80a1bd1d9e57ad9ebcbb2a1506c04b2b6a9c43d1fc762d3430488ebb9352db6371e696a97a5f1fe13929ceea", 0x91)
r3 = dup2(r1, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:52:58 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b4b, &(0x7f0000000040))

13:52:58 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 30)

13:52:58 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:52:58 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x6, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:52:58 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 78)

[ 1023.585274] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1023.585274]    program syz-executor.2 not setting count and/or reply_len properly
13:53:06 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x3000000)

13:53:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 79)

13:53:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 31)

13:53:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b4c, &(0x7f0000000040))

13:53:06 executing program 0:
syz_usb_connect(0x0, 0x5f7, &(0x7f0000000440)={{0x12, 0x1, 0x201, 0x3f, 0xaa, 0x40, 0x20, 0x413c, 0x81cf, 0x3141, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5e5, 0x3, 0x7f, 0x3, 0xc0, 0x1f, [{{0x9, 0x4, 0xe4, 0x5, 0xb, 0xf3, 0x17, 0x27, 0x0, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x80}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x2, 0x7, 0x8, "", "0266ec"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x3, 0x3, 0x3, 0x6, '/('}, @as_header={0x7, 0x24, 0x1, 0x7, 0x9, 0x1002}, @as_header={0x7, 0x24, 0x1, 0x3, 0x5, 0x3}]}], [{{0x9, 0x5, 0x1, 0x1, 0x3f7, 0x1, 0x15, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x8, 0x9, 0x3, 0x5}}, {{0x9, 0x5, 0x4, 0x2, 0x400, 0x1, 0xcc, 0x1}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x2, 0x1, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x4, 0x9}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x97}]}}, {{0x9, 0x5, 0x1, 0x10, 0x8, 0x6d, 0x7, 0x9}}, {{0x9, 0x5, 0xf34f0c1d4e203987, 0xc, 0x20, 0x7, 0x24, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x4, 0xe2}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x5}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3bf, 0xff, 0xd4}}, {{0x9, 0x5, 0x1, 0x0, 0x10, 0x5, 0xff, 0xd8, [@generic={0xa8, 0xa, "7d7820bc41c862ee901a7a967066f3073c0bd04c868c7d4b255d60542ebe973c07672ad41245c3784c95f120283b9d04764a76d4ed66b992bb124f491c8119265aec715f665c5b070ee144e128fb549ff7c6e4c326f3df77f016b7e66ecaeff9a0c2f79b7f996be9aefd0a175fd7f5e79d720f1240c2a09ed9418aeb625ef2472745fa35351ab7204451755c12d65585f575c021feb0d4a62d16fcb31ad0b9cee73a5970be44"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x200, 0xc1, 0x19, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x40, 0x7}, @generic={0xe1, 0x2, "e8ae63ab2e287877dca262511f55b2052bfa0a56ba121e4de1444ee8b51bdf07bd50f7d687a3e6024d9e086495e68c8ded01e3459ee70b76e5e91103eb79b680ff0726bf4a01fe807988bc4ca9c04d3a8c749000df3103fa3789e29e532a54df18027012ccb4d891099f48c4e6992b0a6cc535a756d439619ef9b1f76802b112b14ccc885f1f72f6b6bc55d4a17c785a953c7532f5a28b0b530672ed9ae52a33cb4254215c67fc7e57d82a9bc3b855d1c927583bc8448046b53d8a84423a292e079993a6cb3b3ee8df6167bcb5dd13c6ed10a582a5f906eb4c863f8064d9e0"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x10, 0x8, 0x21, 0x1}}, {{0x9, 0x5, 0x8, 0x1, 0x40, 0x3f, 0x4, 0xf8, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1f, 0x401}]}}]}}, {{0x9, 0x4, 0x1b, 0x5, 0xa, 0xe8, 0xdb, 0xc1, 0x4c, [@hid_hid={0x9, 0x21, 0x2, 0x7, 0x1, {0x22, 0x260}}], [{{0x9, 0x5, 0x80, 0xc, 0x8, 0x20, 0x31, 0x0, [@generic={0x51, 0x21, "d8852517961c94ea44f980392a5c71afbefe0d73e4bc2a44fdf3d23becead1ffa99647e31c75e88fb4ccc17617559b8ce213ea72b0627afb7b290c5cc696f418224cc0a54ab7a18bda703c40941751"}]}}, {{0x9, 0x5, 0xb, 0xc, 0x40, 0x0, 0x4, 0x2}}, {{0x9, 0x5, 0x80, 0x10, 0x400, 0xf7, 0x6, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x51}, @generic={0x62, 0x7, "6d693a526b2dfccbf297c46c7d59d57ca65b89de1c9208512b8c9100f3216cc2634daf8592013959862534497814dad3b68a4d1337550655152144fdcb590f9c0b95f461ad5500f87849193c2df498a81281f1aa0147afe95734bb8f049ba533"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x400, 0x7, 0xf7, 0x9}}, {{0x9, 0x5, 0xc, 0x3, 0x10, 0xa, 0x6, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0x1}]}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x3, 0x0, 0x4}}, {{0x9, 0x5, 0x5, 0x10, 0x400, 0x0, 0x11, 0x9, [@generic={0x39, 0x4, "0e2e51482755d6d425ef2f7ef4eadc971a696584452202e6dbeeb7fdb8ac36c274fe893b2b8d223dba42a4cd878b705d3e6ed1a8e20d39"}, @generic={0x46, 0xb, "52bca998ace9f3b981022e05f227f5db567768bbcbd5fdf17729cfd72cc888a13a888b9c77a220ef2e71734bf25b0ab9f466595487dada5efed6a2fb413a8bd75eea6de8"}]}}, {{0x9, 0x5, 0x9, 0x10, 0x40, 0x3f, 0x7, 0x1f}}, {{0x9, 0x5, 0xe, 0x8, 0x20, 0x0, 0x8, 0x8, [@generic={0xc9, 0x4, "69b78de3772b66982ffe181e836705584ecfc714903a0bdba31f69f7a40d50546ffc45e11682b4b8cf9906ecfad4f7d2a92cbb792e4a3823269c80e5868a2f240db81b038971536c9d9a50f8d8d9bbe7967d1e37df85c45458bf66894046a0a3063af12770de51e1d3a6345e56bd54ebc0bd28ad41033ee2b3476f86db43ac2262bd84ff7d68c6e80e21575cf3d36d5b02be198d9fc2f5c290487b587b564661df7ef415333a7bac083a056e9eb30475854ce12fee3dde6d2e5a9065ab120df702964fad1c5bb6"}]}}, {{0x9, 0x5, 0x4, 0x4, 0x8, 0x78, 0x0, 0x6, [@generic={0x33, 0x22, "138b9aab77f418835f5c1701d9ebe72efe6fb51bb93c77593fa5610818e3a87a47848e5c91ee90abfe63c33ecdb988a211"}]}}]}}, {{0x9, 0x4, 0x79, 0x1, 0x0, 0xff, 0xff, 0xff, 0x3, [@generic={0xdb, 0xc, "ba7a2ca56b26f9f4fb980eaeb7862d30b59c704d0f01b1f82b970014750445766a780b0ba19fa7ce6e7c5cc93893b8bdb6d815f94ba002f9de198b8f8d21ba7fc207622a4275e967ca4ef64366a6d4210adaeebf9d49258583c00a24b086b77b0eabba0f1064f82b82e303eb50ec9ab1a709287907b34b62346a0d441a8bb4b68932c4b6d8965d4328e158d1fd10bd3f6d5c0f86503c9347c370586a179ab1a269c5f362b0ebcf13e4f937979797879226e2e060f3eb39f7f56fdb7b0f01f3cbd4033676d352428115a84c06e6a4646b5a71d8e636f160d7c1"}]}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x251, 0x2, 0x5, 0x1, 0x20}, 0x2a, &(0x7f0000000140)={0x5, 0xf, 0x2a, 0x3, [@ssp_cap={0x18, 0x10, 0xa, 0xf4, 0x3, 0x1, 0xf, 0x8, [0xc0, 0x18018, 0x0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x0, 0x4, 0x7105}]}, 0x1, [{0xba, &(0x7f0000000180)=@string={0xba, 0x3, "0fb3e418dccb8a40ed621858aa605cd0053dcb9a696e237a376c5e81396d3d8ba8d40e137e0bb22595da14975d0cf4b4007ccd198f25bdfe43ac3fc2cebfc36e8a6f93ba279c992f0a30ad02830748c2e751553955b02427551ba471a86f44b54d3bd0baf9031627064fb03fb0d9c0e135191ed153c8d452a939df0741c7560beacf812cd6faee0f73ddab39cebe91a91a8131bca885a1369eebd7efe450d98e2b55cee4cbaeabdbabc6f2847a3c7570f4f84e19a753508c"}}]})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000040)={0x15, ""/21})
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
r4 = eventfd(0x1)
sendfile(r3, r4, &(0x7f00000000c0)=0x200, 0x100)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:53:06 executing program 3:
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
truncate(&(0x7f0000000040)='./file0\x00', 0x8)

13:53:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x8, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1031.639555] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1031.639555]    program syz-executor.2 not setting count and/or reply_len properly
[ 1031.646041] FAULT_INJECTION: forcing a failure.
[ 1031.646041] name failslab, interval 1, probability 0, space 0, times 0
[ 1031.646966] CPU: 0 UID: 0 PID: 8338 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1031.646983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1031.646990] Call Trace:
[ 1031.646995]  <TASK>
[ 1031.647000]  dump_stack_lvl+0xfa/0x120
[ 1031.647027]  should_fail_ex+0x4d7/0x5e0
[ 1031.647047]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1031.647071]  ? bio_kmalloc+0x3e/0x70
[ 1031.647090]  should_failslab+0xc2/0x120
[ 1031.647112]  __kmalloc_noprof+0xb4/0x4b0
[ 1031.647130]  ? trace_kmalloc+0x1f/0xb0
[ 1031.647141]  ? __kmalloc_noprof+0x215/0x4b0
[ 1031.647161]  bio_kmalloc+0x3e/0x70
[ 1031.647181]  blk_rq_map_user_iov+0x390/0x1180
[ 1031.647205]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1031.647224]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1031.647243]  ? find_held_lock+0x2b/0x80
[ 1031.647261]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1031.647277]  ? lock_release+0xc8/0x290
[ 1031.647288]  ? import_ubuf+0x1be/0x220
[ 1031.647310]  blk_rq_map_user_io+0x1cf/0x200
[ 1031.647333]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1031.647349]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1031.647373]  ? irq_work_queue+0x9c/0x100
[ 1031.647389]  ? __asan_memset+0x24/0x50
[ 1031.647410]  sg_common_write.constprop.0+0xd75/0x1710
[ 1031.647432]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1031.647448]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1031.647466]  ? ___ratelimit+0x465/0xa10
[ 1031.647491]  sg_write.part.0+0x6a2/0xb50
[ 1031.647506]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1031.647529]  ? __pfx_perf_tp_event+0x10/0x10
[ 1031.647547]  ? lock_acquire+0x15e/0x2f0
[ 1031.647562]  ? get_pid_task+0xfd/0x250
[ 1031.647585]  ? perf_trace_lock+0xb5/0x5d0
[ 1031.647598]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1031.647612]  ? avc_policy_seqno+0x9/0x20
[ 1031.647628]  ? selinux_file_permission+0x99/0x600
[ 1031.647647]  sg_write+0x86/0xe0
[ 1031.647661]  vfs_write+0x2b7/0x1150
[ 1031.647679]  ? __pfx_sg_write+0x10/0x10
[ 1031.647693]  ? lock_acquire+0x15e/0x2f0
[ 1031.647704]  ? __fget_files+0x34/0x3b0
[ 1031.647723]  ? __pfx_vfs_write+0x10/0x10
[ 1031.647741]  ? __fget_files+0x203/0x3b0
[ 1031.647758]  ? lock_release+0xc8/0x290
[ 1031.647773]  ? __fget_files+0x20d/0x3b0
[ 1031.647798]  ksys_write+0x121/0x240
[ 1031.647816]  ? __pfx_ksys_write+0x10/0x10
[ 1031.647842]  do_syscall_64+0xbf/0x360
[ 1031.647856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.647869] RIP: 0033:0x7fbb63381b19
[ 1031.647878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1031.647889] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1031.647902] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1031.647910] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1031.647917] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1031.647925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1031.647932] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1031.647951]  </TASK>
[ 1031.654772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1031.720245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
13:53:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b4d, &(0x7f0000000040))

13:53:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 80)

13:53:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 32)

13:53:06 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x4000000)

[ 1031.771970] FAULT_INJECTION: forcing a failure.
[ 1031.771970] name failslab, interval 1, probability 0, space 0, times 0
[ 1031.773172] CPU: 1 UID: 0 PID: 8355 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1031.773191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1031.773199] Call Trace:
[ 1031.773204]  <TASK>
[ 1031.773209]  dump_stack_lvl+0xfa/0x120
[ 1031.773243]  should_fail_ex+0x4d7/0x5e0
[ 1031.773269]  should_failslab+0xc2/0x120
[ 1031.773293]  kmem_cache_alloc_bulk_noprof+0x8b/0x8c0
[ 1031.773316]  ? trace_kmem_cache_alloc+0x1f/0xb0
[ 1031.773331]  ? kmem_cache_alloc_noprof+0x1a6/0x3d0
[ 1031.773355]  ? mas_dup_build+0xc58/0x1690
[ 1031.773369]  mas_dup_build+0xc58/0x1690
[ 1031.773393]  __mt_dup+0xed/0x1f0
[ 1031.773406]  ? __pfx___mt_dup+0x10/0x10
[ 1031.773418]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1031.773439]  ? get_mm_exe_file+0x27/0x1a0
[ 1031.773463]  ? find_held_lock+0x2b/0x80
[ 1031.773489]  ? get_mm_exe_file+0x96/0x1a0
[ 1031.773513]  dup_mmap+0x373/0x1d10
[ 1031.773540]  ? __pfx_dup_mmap+0x10/0x10
[ 1031.773567]  ? lock_is_held_type+0x9e/0x120
[ 1031.773599]  copy_process+0x6faf/0x73e0
[ 1031.773612]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1031.773636]  ? __pfx_copy_process+0x10/0x10
[ 1031.773649]  ? __might_fault+0xe0/0x190
[ 1031.773667]  ? _copy_from_user+0x5b/0xd0
[ 1031.773695]  kernel_clone+0xea/0x7f0
[ 1031.773706]  ? get_pid_task+0xfd/0x250
[ 1031.773730]  ? __pfx_kernel_clone+0x10/0x10
[ 1031.773741]  ? perf_trace_lock+0xb5/0x5d0
[ 1031.773761]  ? find_held_lock+0x2b/0x80
[ 1031.773779]  ? ksys_write+0x121/0x240
[ 1031.773801]  ? lock_is_held_type+0x9e/0x120
[ 1031.773824]  __do_sys_clone3+0x1f5/0x280
[ 1031.773837]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1031.773862]  ? __fget_files+0x20d/0x3b0
[ 1031.773897]  ? fput+0x6a/0x100
[ 1031.773911]  ? ksys_write+0x1a3/0x240
[ 1031.773931]  ? __pfx_ksys_write+0x10/0x10
[ 1031.773953]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1031.773982]  do_syscall_64+0xbf/0x360
[ 1031.773997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.774012] RIP: 0033:0x7f7b289bfb19
[ 1031.774022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1031.774035] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1031.774049] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1031.774058] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1031.774066] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1031.774074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1031.774083] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1031.774104]  </TASK>
[ 1031.804192] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1031.804192]    program syz-executor.2 not setting count and/or reply_len properly
[ 1031.811275] FAULT_INJECTION: forcing a failure.
[ 1031.811275] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1031.812541] CPU: 1 UID: 0 PID: 8357 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1031.812558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1031.812565] Call Trace:
[ 1031.812569]  <TASK>
[ 1031.812573]  dump_stack_lvl+0xfa/0x120
[ 1031.812598]  should_fail_ex+0x4d7/0x5e0
[ 1031.812620]  _copy_from_iter+0x1dc/0x15b0
[ 1031.812641]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1031.812659]  ? __pfx__copy_from_iter+0x10/0x10
[ 1031.812681]  ? find_held_lock+0x2b/0x80
[ 1031.812702]  ? __create_object+0x59/0x80
[ 1031.812721]  ? lock_release+0xc8/0x290
[ 1031.812736]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1031.812761]  copy_page_from_iter+0xe3/0x180
[ 1031.812789]  bio_copy_from_iter+0x108/0x270
[ 1031.812813]  blk_rq_map_user_iov+0xc07/0x1180
[ 1031.812836]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1031.812856]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1031.812879]  ? find_held_lock+0x2b/0x80
[ 1031.812896]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1031.812913]  ? lock_release+0xc8/0x290
[ 1031.812926]  ? import_ubuf+0x1be/0x220
[ 1031.812949]  blk_rq_map_user_io+0x1cf/0x200
[ 1031.812969]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1031.812985]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1031.813009]  ? irq_work_queue+0x9c/0x100
[ 1031.813027]  ? __asan_memset+0x24/0x50
[ 1031.813049]  sg_common_write.constprop.0+0xd75/0x1710
[ 1031.813075]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1031.813092]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1031.813110]  ? ___ratelimit+0x465/0xa10
[ 1031.813135]  sg_write.part.0+0x6a2/0xb50
[ 1031.813153]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1031.813172]  ? perf_trace_lock+0xb5/0x5d0
[ 1031.813188]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1031.813205]  ? lock_acquire+0x15e/0x2f0
[ 1031.813218]  ? perf_trace_lock+0xb5/0x5d0
[ 1031.813230]  ? find_held_lock+0x2b/0x80
[ 1031.813247]  ? get_pid_task+0xfd/0x250
[ 1031.813269]  ? perf_trace_lock+0xb5/0x5d0
[ 1031.813283]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1031.813296]  ? avc_policy_seqno+0x9/0x20
[ 1031.813313]  ? selinux_file_permission+0x99/0x600
[ 1031.813338]  sg_write+0x86/0xe0
[ 1031.813352]  vfs_write+0x2b7/0x1150
[ 1031.813370]  ? __pfx_sg_write+0x10/0x10
[ 1031.813385]  ? lock_acquire+0x15e/0x2f0
[ 1031.813400]  ? __fget_files+0x34/0x3b0
[ 1031.813422]  ? __pfx_vfs_write+0x10/0x10
[ 1031.813441]  ? __fget_files+0x203/0x3b0
[ 1031.813460]  ? lock_release+0xc8/0x290
[ 1031.813479]  ? __fget_files+0x20d/0x3b0
[ 1031.813504]  ksys_write+0x121/0x240
[ 1031.813523]  ? __pfx_ksys_write+0x10/0x10
[ 1031.813549]  do_syscall_64+0xbf/0x360
[ 1031.813562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.813575] RIP: 0033:0x7fbb63381b19
[ 1031.813584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1031.813596] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1031.813608] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1031.813616] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1031.813624] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1031.813631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1031.813639] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1031.813659]  </TASK>
[ 1032.241321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1032.245117] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1032.254275] sg_write: data in/out 1668575755/4 bytes for SCSI command 0x0-- guessing data in;
[ 1032.254275]    program syz-executor.0 not setting count and/or reply_len properly
13:53:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x434a41, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:53:16 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000000)={{0x3c, @broadcast, 0x4e21, 0x4, 'lblcr\x00', 0x18, 0x3, 0x42}, {@rand_addr=0x64010101, 0x4e23, 0x0, 0x3, 0x3, 0x1}}, 0x44)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000064bc0)={<r1=>0x0, <r2=>0x0, "3dedb55f389aa502e09a9ee17cbd145dc2d0e11685d4a7c16eb2a6496a605749cf9c79d7dee4f662135f79b2a26895cb7c63ce2ad43fc6d5603b7ad68d3ac45abb9ac9ff3c789696442382b76b3a1a5f94d35fd9f5bdb3a579d01e8f3c5fe0fb175d5b18843681177f63c88a401a6ba4ad36bffeecee25584c9cf0feebe9481115d39de97d6d3adbb2f9d76a0588a180ab92a433a8c6eb0fce4e10bf0db9a62b725a420d554adee7374a3bc2af7c2999856294ef433897705dcf5c623160f52d0734776801ec4e7db0e49236ee2a55c1c9665bd395a00082c99799f7a78de1add9e3bc441213062e655942a4d971000b46e671db65b659afae2848e5ba95b3ac", "8155853a07c53581d08ffc53da447a1060cc0fc32e2ce42545f94112e7ea10daec616b1a611d89db2a838f7dfef7d5a3cc240ca7925a53eec4c9cd9fa21d964925e3a675e1bbf58791c1dd6362f714bfdb7116be19010fba76c854592b8e8524baa05abef47fc7ee273564b604eccaafef5f6a8a6503646c3166669b52bfe9813b2ea0776d60d39dbd38582806e72cdd5b72829ba0a05a6b91f1ab7e552ad534cd60031275428dd9d9ad5931afbdb275d606e39030196dae54324883492da4991b8670f7b1572db992aae2603de91791972f219b547b00dc07deea49cbb839483895b84f596915354017bcad1a7e92337764d3f2f5269c6b675d600ffdfb7e0331bc9f6212800d5b7fa67a0ed35631ab27e4211f5eaa236af62a0643d476e03757869cf1b78a18bd036f2e5f595e8bb24e1485d2e6a45d466e26bc60aeb40203ca9b36dea1d17b66797001c575c8b86bdfa6bd968b121eda1361df37a04fad74f87617189fb3a0f13733dcb21bfc6f9ca98f471b2da6251059888cae85a166a28dd356cc9dc47d160f9afb3217b68d14557af475d7a9daa92af8fcb3e3a0b02b1ad30919e0c32311d6cc0c0a13288aae2a8a14a98c46611c16388e54480d19cafa0c87fb0f93e1f7ee6f9dec317feda3850aabc9444e482ba57bf2f4761086010f0469fc4e4e536ae290806bf55e5d6cf0ff80c81da87ad543fabde82075c19f89c143ba2a3f615f1be387f994608f6e466a5310c0e2dd6f8ddf9ba71507ce9aac14339ed0433c59592080c70d3bd2b3ccf7861fba4e2410659150db393d1acfc4611bb33840e7011fe027c7a69525de6980f4e58cca1961210e24ae1b419139c065e0c45cc193ef6a0fb4b97b1b5f0e400739454584d8e5ea7946c49c2cd75cfd14a9a939b6825094e9068ba55b4533c7997be927f1b341e0dc399d4fae00b3f7fcf0d631cd306c6b085b5fabf85f8b9d3092221aef7e99d92b253798984c454f84490828533588517bef934113bc082a6597ecfe7400135d550bf0ac1a0028d12581192917eb0563fea4f9dba2eee27391a0099ca9b9e55c8d0fd595cb922bcdf311f60aaa8253829d2b6ca5d3eb98a56c5173d398edb6926367d12739f9aaf4b7610567ed9b6f196f40d8912c9965c9ceb0871ad11f4438436a4b8046830b498446e089d0846427213f6a5acb719234985410d9d5ab4e5f80ef24c22498579a08e30765992698079b1df8054decb91ee2853e6e7f2b8a19705389305c52b794ddf9f0d05e41dc5419d8a02227df257082e7904d96fcf1775149b43fa85f0fcefd781cbaa3582cb2e2a2ae660719e059b4937be850a844cd4a3ffbae586c5702b44931d5bae1b5ccb6dd41340734f5d496a077ae4e648e10de2a7534a7b54adc803235b17b8a0fae598723a7392e56a3c69b59c204c116fd60b187998cce09b67cab80cdbfba90b1689722fe1f7abcb6e19d9e3c6bc6988c11f27479be9de5a52c676107b58fdc253050985015dc7eb5a080a653b01941eb0c64b7e9182ea86a33cbfed56e3b02d4b8ae5fa9ddb3730ac94d638804a5c75fe50a5fdf1b6afa5477527f4f3b34c732e77983845292dfc1ee19a3e94209b378a24332ffd3e799cd51815582abd884ab9a3860c402101eaf1bfcb43ff56ea66da4f512dd3df7a3878c3620d035981cd19e19ef496587c890c3e204e7d4047a3bd790bdf0f841da453a79ef3c7c3f12538203bb160e67ad5f3bfa8eb5aea0cc2e137a796d0b64310a7d3fd92e319ff9771669d0d179db7ce45769592664bd6bece7f7d7d1a7ec2553939dcc27f2702c1e58bf5d80f9186b39489ec5704b5994bbd7a030ba4b65c941ffeac6f271f418147ca4338736c7c84a3c1966d507c8ed313120fcb3513eaea337b9aabd3fb57d3f8f053f59d8faa23a0a3c67a78f53988fe48e442a3c0880671cbf580e0a5728648a52af32cab31067a6eb26173df2c62a99b8a0bc7dfd879623f4809185b12223b97bd45f9839b1677ed99c27a2f011c815e5b8a6480e59a3f6fc8684c35a96c8ad0f4fdd4fcf2b3cdb9d0ff57c83f89cc0c2db14e1bc22d173ca489e0d6d0b1658cf950adcb160bccb79e86f68065982a70c331868c6fb8a592ccbecf78af4e507b39ca14c30d5b4f20e8d6f2a22164ac1caa9783089a9795c7424fc7f906f4d8e965edfea8746dae60f851dcf363e765e546eb6ed511a1f827a74805101254b9918d438ee40395fe177981456ff04f63ef1d9db3d80a4487c71cae260167647b954c835e1a8e1753f917caf7f56b3ddf1179fcc27e1b01ee58a0a27621f050027068d64a4f9bf6204bafbc4d4a3e43957ffcc6ed0b0583dcf08f2dba71918f67b3209b699fbb22716c94730aac69d2f877065ec8d41a3e4327caf0a62a4c5c976758f965abb1822f159848a2a8bb97cd20cef6a484924a28e5bec4b2a44b5df1644472ea7c07e10ea17b38aa7c0e5ae598ace69f2757fb23e20fb9448ecb1f3bb07d13628877517870d6cc05b9ef899db1a91da98f0b761ea13dfc20847f4b463b1140e00f8196c5c605bf800f9cb46de4c865620c5cd8053d64b025ce28ac07a1a6b7c1d9ab1561a113022211d3039c51385df9c204bb79fbaa5cab34f771a600ec353b6b964fbb2d6972e9fcc035e3e90256f2207fc75120bb86f1fab740c9d4e9798e4931bf9bdabfa5680f7dbdda157c1d8c96e3abe4ccaac6db8ecb860de8a86023699fa945635ddfaa4954a491777e55bf4489fe9e1c18787e628062c35c7c93de72f7bad219a243e5efb34a958baa0cc9fdb2335e249688ee152f044ce823fb91e58b1cb8eb472293ef16f4f98b701c42b2f57a1046ba9383ccae39f292eea67a2a3ddfd8bdb489d8459b4c7d973ae1944822b6b130d922f1af266a5a82af7e0aac32c93fefa085c4600e4b4773fc5f5ca22ca8d37a4ff69650c0f241573576308818298f93c46b308b66431cdae32d44218240a83e5fe27ad160338ec62b4d21071d53ec52c2ad0ecca9a38e50987f3dc6033c070d6d217bf0e1991f59d6f10f768e2e284972888a65e22d3610b0484e9ffb29d73322c4c57a64274f5758fb01902cd1c36e5df036cbde3f652b766c483dae1770521173e101bdc049ddfadc704d5bdde7a5e7006dd9a05f743d493f11e974e61382bc2875d63fb5cafe51f45c55e3d27efdd0e3c32c68c47439af1106a769680d380901a4356e8ea82a26d9bc0dd576e6b4c9c54ffd9fa6a0f8e1b77a946870f7a3ae6aa4149232b3c690a08d55da51cc59897bcbbd46e39b297953f29ce66baefeb4633a0fbdffaf9be6d6db64932b4a5ea2fa6294bba69afe4dd49d98733c0b9f4d08ea0baaa20399ee45b5bb730ab18efa559c6a6afde527d3d4dc2c7d3bf51a5ef3217e07ffee9f91787ecf6cd8f21cbcfd3118b55f7de7cf390d6c5e936b9cf9a856a311e9cedcc88211f9b55cdafa4544d6a88df08877b542cd164ba6cd6dbaf9353e4d84405150a1d7de7d6944d9d50b60a14791b95c34fd0cf004acfea33cd90b252a7a246db6d788439900c0d3281437e38409cb370bde8b3001d8af29c4bc629ea276ad1ca9d27a9650bedb5b17b34af8d9fff6268fe61e35fc7382ff3d4837c06062f32d9cc02a725f3a8aa9e7944a576f37be6dd35a9e3f89287652d26790eab183cbbf251b398da9af46f611584240f4b78b2fb83989c0eeb37204f236c710deae398994c80ecb685bf9b019254e855828493e7b828dd872344b8ab1fc04c2c4b58094a5de711ee5bd1ba5a013532fc95f73dafefe2aab6840434203434df21af6b6b35e0fb12585de2720083a23ccf63ec4a20a1ca3a44a5d8b2adcb02636dc1cc6b3c4d659da6a3809900ab9c5ded1cbd4e8d09e77db0a8466b1fb50fc524a56fb805d44738b1e3ce6712bb74eed42608ae4a60577737d7043e397fd9eac1ad36124321d6eb801c536fd19fb7840de17a21388e20018bdc100ecdef8c4f8b923ddf0f2f0237a03e4297a0f9b11d81fe4904c5cbea9af6862bd36c26d6a8a1d2a3600522fb08211f8165736a593f9bf25bd7ad02bc292f5b6d75007b58da0cface1a1f964376f47c5684bca323466b78fa72b311f5c673c6fffa82acd49e0b81bfed9eef8d8582a3e8dc5067da94ba66fef09e8987b677a94abd008da23112f78fb5ab1da62bdc6b29ee63c75e80998a5e4f497eb983461817d7428e235de7ef9c8a2f7bfc826aefbec8570791a8134c1349a8890f2d7066f4258833c37dddec06b76615f5dd4a40ca123bf3c69b1a1b83ebab95aa0c22e79c9e019825a50d7114d5366c7ff2cd0487a89387e961c9ca35b26770f23ba5edf32e1f65f39c5c51e7902c550c08d71f29ae5f83faa0c9a727012fdffe02826f28756430ac04c4244425723d4f242b03935e55afa50fe93e86141eeed5fc26ab121eb03a93436705c42574d4ab21341c101ef0342ae67a0c5c36188179a33d2dac4a583f1f294c9baad33eb6b91aba1c709e73c6524a9187679c2348d385170a091603c97685acf722f042512262506c19acd284b1b27c8aa98a3943b9b417148c7812d0386b6b7d23f89bc96a700906b4196a977779df6b838343575984a6afa869e71853bef46c555da78f9afe8842204e27bd65bf12d42ab5a648bfac614e74eb476fd2e74b8586b9cba7a8026a04599c21a3d5f408f9bc347601a6c398a6b6357495eb5622963571ffcc0d98de2586f4d9bbc3e1b8199f749913d3bcb01e8b49636f491e45385f2cd67618b0e550d63b30d81f802acdd38f85c9b587fc2f41cddd2e9966bd2050ca35f5d95619791be4be68bea125e127fcb495d636fd452bde0e7c84b678b8ec6b661bb819e27fc44c440a5da12896a06f9e2951afa0e6f0ddc44a6ff41d34e86dbe1f50f4a5996f7d805c08117808cecff2fe7b52bdbde219282b5fbdac4aa5c9207dbaad316d98481c3516a4e465f0d6099090de37080036c53e3582fa9e592173d0dddc278e8bf8d1c2ac0e25f25cf4e72f4512a7d30021dbc9ee77b6a28ad5d24c749c188b3dd8b2a5f06b72a9d5cf37852bee1b82dc9c2b4501bce3a484ebb0738411b3566e0e3c063effa336e0defb0ff97efed34a0f279d39a0cdbed0058a8ff11dfd7b30c63c290a643ac9240bc281833a9882efd7d4567e2cf13ea209fb04bc828b83d8d555c6906331f2d2b83a27307e440ca83b49b1041af20c715352c09dae5627f48b62081c4d5da0ba1b4b651d3b890bf5297df00f22c66cbb12adee4e7cb23444458d6a5a5932a348065b941b76a0b7b81fb814a070173c2e43a39e1fb06ecedbd24d5311d9ca0981be4a9a21f7dbddb8f1883b5f63408e392f8dc2ab4afba8a774fd1889c60a613b7c694655f5e630a48ec14847590547e29e450a92957ec0"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000065bc0)={0x6, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r3=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r4=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r5=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r6=>0x0}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r7=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r8=>0x0}], 0x1, "b4491d31a313bc"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000066bc0)={0x0, ""/256, 0x0, <r9=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000066dc0)={0x0, ""/256, 0x0, <r10=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000066fc0)={<r11=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000671c0)={0x401, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {0x0, <r12=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {0x0, <r13=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}], 0x80, "bd105af5ffd099"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000681c0)={0x0, ""/256, <r14=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000683c0)={0x0, ""/256, <r15=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000685c0)={<r16=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000687c0)={0xc91f, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r17=>0x0}], 0xff, "374120749ff9a5"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f00000697c0)={<r18=>0x0, 0x0, "b7aeb9cdb6de659423f8ca563780975e7e4d18a622fbb20cfb471474f8c4af83c41edd503cc0204b10d21aaab232512a974b5144795ab23017b737c3f27847ea59c780220079d2c5418c4b4c78a3e9c8a637d64a8368b2b65fbda221cf72918e6dc695e881eb3a629188476050d8f169f6cc4675756ef6a95f19bd747b47d1704e5a2af012858017e9cbf9184e4e8da1ae27ad7e151d24cfe09f4c3aa9f80f99bfba069f2bde57ddb6a5e1a861348b29086cb9106512d51550cff5edd299c5b388c8c27c5d1960834dd572863ba7992a61cf9ad9ed2b461cb324fbcc3f4170563344103da32b64016c77ee360f83c1a3c38246127f85dc6d4aa17f798333d964", "224ea511b05b3d871fc78af97355c803a4ab6b27ba8b4f0a07d09a9d42bc31a11be7025612ca999d33ce7be375f1ad3a847eaf274ca1cdb064da1dbbe8b9e39b4651be65cb68061d5a36d8329986ac2332531b402b209ae0e7aff261a6e613f01b5e48adf5e1f952fa53f8320361d182711282af91be5a742e51f3a72c357d817254e6151aa62ae42c5c41a9bef3781011069988631f574e239c77ab1d9ea2ab618bd93eccb362a47227e47191de0cd636301b95b4d94ac5bb803e95af5e2b3c0710d8e4d66c5e63986ac6acbc12205471380211a02161f209e43d1af59fedb6162d586fa3fb30646156d60f7414e7f7151fae849303f5047ab015fec97b144472873936ed4e18c7928de445caf38c4058edb88257a283a00813deea200226a0659cf2f1c5a7d53e3ce6b284213bdff03d02ce90f72507bc7fc3c344bed6c6e57ca4f34f21f2b1e90d6cc550d414261abbfcc4c3ca80e829f8f22921e9483f79d911b8b06424eaf017684750dff4ffb912161055a93df56d4abf037bf7223f22bf3233cdc063d8052661a21e3e7887c2facd07172dd1deedd6a4a42b0285739a118bd85fcaef6aa3c6c78640515475ec2fc93e8f9e8a568373e5b972df5874f558216b7d263d21ab159372a78b7ca5a1b176068244ef2ad2dfdf3c37fa173c1067f6b919fa6b1a7a405871dfc91d4c6ccb3451275042486b0e596570ce2f1b8723f4768c3a38e49e66af3b3e06353525aa845c4e87bd44069a2b5298ce92b5099e724d3ccf2c1509dcb0ac084bef9dff8e90e30ea4eaa3a17d7d5708b7654c1d936967cffd6f143ecc03856707401cd96401806199c2712b6c40462a0233c64869600e741f080708f183ec9c77b24be4244539733bb32ef1c0b1068a0d11961aa1156c232042da293bc5a2786da55dc3a06e597f6e8d143cdf431c8bd72114cd14b832d27f33ef3823afd73eb2afa8a6ed2ccb037f64cf5253b8282d266545904a7877347197dc50d76c17bdd3b1dae607dad1fc3c81b14ffc093a9fdd09fd17f5978b21286fd4572f2189fa2b72274e16007f1d3851b93d16b8048e7d6bc8adf7a4721ddab2e7bb93f2cbf74fdb0551b83e892b6685fe9f1fa444eb9d32713c35836932bbe520dd7060d80faaeee72742a083ed5d311e1eed19cba2a839a6b32de600860ad54f04f8548ccb1d9f5c613c42edfad3f3738feee1014ee21c858f609d386eb0b18a04b85185101d8f731e3521e36516a2a80f1bcf6e0d9f9d52b0811736ff1a11f16bd7733627c6ec01d41d6fa5644827ff5aecff0a614e348ada6794bd7a72207721a9a593f1a0fe3bcfcad87cfd53675de82b4cd1c086f22882b8a6dd2f286954e6ba9a090821261e57a75bcd207166052710dae80fe013d399183aa791601486d7b09f28791764ccf8e4fdaeb8f2075cabfcd34d8c809e0c39d9ef5f490ca3f580059df855e3f358f877363411a731365ba04c64aa4fc3d05e7323bcb06887301433914ccf6742d323b33c05ae22e5b800bcac98d326e7ff4e1dfbb97d5877ab5f775ef894bff5a571e77e0d51c952415d5d5dc45bfa39277f56b3cf2833b791d93e2920088317413013bcecbf2bf5b724300ae953a3d2991190835db3912cac85c0c8d8b9fd3c9de1416426dbe9bdb26fe82e7bee8c120a953d853fa2d35d65cb5e716611a26b0deedbe8f5563de44be361efcf96246647a530d84d9b055a704e6b18e94973d2d74cc7f11919e2565b1498c0241619b741bf6c147fed634c8f41edb25355b43dd6740872ba151e7451661bcd2a009a2c32e0b117cf2dece140805bd312ff3b2945fa65a4f3deaddcf648382eca1fbb2883a370ee6aa5a884810dc7b80a385c2aaad8384420f8321ad72c1e6e302ad96559c9ba3e5d2e1df63de82146a7c3464e35164e9c18f1cf12b5c2187bed760088a39d165a9ce803b00dd45028541436008ae0bee0df35ad3257b07e8215bd3bf55477b47defa7a54cd22885091a94428afadbb11470bbe4b04a999e8b6a80f3a3f0cac741eb30b139c2aac375fa998ee97447d72b80129546ec54ad60c0492d28fa6d8c1456a508c7e90334e700ec2698857dc6133e643eae6a8c1ed92689e6c6835864fef1342ad3c23388cfe8eb031b8b5e2e1278c81562a67c41f713a28a3e173d08c5ed2d359696fb0cafbecbfed6fcfdb92d15229549c96bcd2d9498f263abfea143d31b4802c3b1e34237eb45da802bff3e0fdb0cadab92e7afc7ea4b2fc3c213dfd5810cb9f187cc46e8488fa55d3ec669f750367aa239bc6ed2276253870e05aee52595c493bb5f10d1d06959801ad34a6b4419390cae21b5d3a4d8075efe047a9147bdde468b41ca527c000e1807b3ba2b118d5e4c8ed41ddc417b42d917d76a91c9329010c2f8972029759815d749d492b482f297200888d1f4d2b669cafaa654b3c927202a7ecd6843616f580e2a78d4819bbfec190e1d3ba3bfbfa9160024c6d090ea342a54f69323c583a7c4bd8ad9dbf1dd42ab6104be74fd0eb0c9e46db54c257b2e05eea708b60d972df325fe1c2b118179f8ebdb45e231457b2cd506c91b7d06983584b776076bc9b072efba5cb572a3175c72075951a3869aec3f7e2c72279bef98443a057c2822a4cc35cef5f4f65e1f0d54f7468274c1850e569697e33176fbfd0cce6e0d50a84dedb2f88c93028c0dcce92a308cf8edfcf1083df014c89b46d3672cee2fce82e097422472c361940b64fa72f52be15ad7d34611e84808ca466dd57ce0228fb15828b3f05c61dce752283de50d21b218362c32e5bc966590c6e7485d9c08f55d9727abdadc01e621d79fad938ba338b6e60d8b19207ace6de7712228b17d2eb99b5b2a70dfab80da84d2b5be7786c7b64e6e05a8ba8a14b48806205c9d4d5e715588f564804b9312cfdb65aef136de0805b9087ca424f2fa84addfebc76b7ab7c24240136a08cae792b60eaa405ccdee221470e1ee868934d69f2c5af25d6c2fe5c9ffb84641d5ce17309058dd90bb405fac9122fb2b8a8c5a2bbc12c2455871be3f3c6bb92d2dfbe1c82aa0676070fca6ee308614d495c53df00e211675667918fc301818fcc2742d2e832f163a5f9245f47618a57f7c531cd7abe2ba84d03f989e3c3e611fc3aa0403dca7a3427517bf5ed69915f2266fa2b2390eb6767a333309779e29d5d0713fe89d1c017410545b9ba23c229ae02cad196aff108cb251bd9ac7b72badd81afcbc8eff6a2dbf08d072c6bc39123b919c7c6ad6e8ed1fdd8e9743985d3d7cabd4908ef2517004c73c502f49184972b33d4ea9cef152a637172f32ddfe3fe3df1493cb1b8f872b24cec36707e4faf2fe11e6ada1ce06e074b2e09e4abce063cbdf38a3eacff06b1df8c937b4046cbc03d305d8990eeb27e83485abad4d0dac0484450701f5f48bd49e944506863633c5306580a0a8d22a216f96a98d3b8678ac22aff86772b9fc0166587a5c8a4097b10d716989ab3e5c035e7ac26c0d9cde9c6171cef2652f46564dee34d3219395bea810d14ab4f4eac3047257622d177e333b8cdc699baf6477243b4767b2f2711745a6148b4cd0f7f0eb9ebf15ff842eeb91a78b5f2af1e68a2404acb0ff33781f88d1386f22f9de18308462231e16f98db9da6277f79a065509c07cff2ec3ce43931ded2bfa46ce9befe72a0b4bfe6b4a52eae235712a088c44a2495257ccaccb5037bc7d98be40c680f93346b264d576d0c7a5242795bc2ee3b88859d5d095ebd1009440382d62c0a5ee2eb700977e8cdf38b3c9cfecf32ca23c014fd1400831b26431cf6d70ab4e16dea8af0e501dc57c3e10c1fd75c04c35e0779813c5bb4f4c4e0aebc4dfe9e1ca6510c09e5f0eafe29dca4619667fbcb0f09dbe97982838c81d849137bea004958a5aee014f8e7687d2b138aa25f090b235f86b37c2ddbc2449adf3de02287c7355535f6375669e45c9d52bc5ab623ce462b765947cd84bc23d8946e3fb307f2860420ecfc2dd7c226478dcb197109e77061e781544859c40f2e919ee71cd395f805fa5d5fe340d2c3039efa00a9a293691244ca52b2b1863bde9f2c1247bc6260b5974002fe6a888de3626ab58c6113847b56d58edf572f33a9d8e1247734bc52650e696517c697c60f2e5b13cf59f10d4374701724bbbdb8806a51b76240a5cd419008fb51f1dc47d7fc15698947a117de58caa014e2fab29e0dec8ddea732cd42a337977909a87ef39d9db2ffce2ab011a152d5b63e1b5ba36d931404fb3415b9debcb449cad7ed01f7985c2923e99db90e0243414bfdc0773590bd54660275bc234f2af6fff6c1cb120adda038ed4eeb1de9ffb267310af52816a22afc1b7a7cec401731939bc912fef7529527e6d5d3464a16481858df4ae2dd19c5b1511ce684b8f9478c1281d5b85c852e9f274a6e8129846157ab441bc86bf97fb85c8f6a624d0d416bdc0ef1c13e3a7aea0cad3bb59a7794f6e7ac14d591f8971f6969b6ad383527baf4d56b29529189c7d0b41257fa964950f866a8bed2c7fd8e4863be082456cbd9ea5bdbd78d0240268ada52771cc3b81705481fb187f975e157345c498f180781ff7514e0873850bcd2bb52dff040e63629b1c3071073df0a2d0dab81aacabe7421a698306c6256df1f043ab6f2cd4764e12af9f8ce93111a91d418a9f3142f991feecc970cfcc217c409ef3d6f9adfebb4d760776ff96bccdf3e5af503eaeab0811daf66be7e9de60b15465665c2aabe256402266ad162ee808c84b35b330db08583e2c5952c22d0d4a0a3aa00e6c509c0ad6103a87f0cf5c48c8064c87fee55b438a6c823222d3e0e77f5b3ba0a91fd9fa4935ff0f1426d7000de18a1c85f571d3f29efff03028e8fcb513801809efbca1366fa006f751fcfe6be7fb7ede72c240c0592bf8c7a90e76ab8886ad7184215b8faf7e9d4bea2973061a28a1b3e4094e8ba7a67146a9975c29b21d86e7f26b5a95df614fe7d0d1f37c9cc3518177dfc28d02e1aefcdc01770721b98df867c3cb200e9f7cea30cac60a433a254cf13bcc9171f6257eab222603ce35a08072a5bbdeca914eb93f4e506ad26c4d8a4886ab864fe2a5fc7868cf0efadcaba18f60c347b327ac369c20bc4f4031abf8d72ab276baa8293f55c7c399a8706ac8efb70fcc98382e982254680d3f2d507d6cbcb9bcf6bd158b7fa34af9a7a648ae72f50b950bd6a4e2e38a87b6445dafbae2db6b2939ab2961939435357182ef9d0b8265811f6f9c4b4639b76500a21590ca18d9fdbb37f3efe9c6a2e67d804294582703fc4718c3f44d72051dcf595ac42e441077a393264bebb5fc2f60c1a1f0225eca9ce4c730e23d4032c7fc367001963fc20d2a0879ec64dc1319fc4528e791fe494e7b2e6186e0633d57"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f000006a7c0)={0x0, ""/256, 0x0, <r19=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000006a9c0)={0x81, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r20=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r21=>0x0}], 0x0, "0774d578c79355"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000006b9c0)={0x20, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r22=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r23=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r24=>0x0}], 0x2, "14d7f9b96abb1a"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000006c9c0)={0x4, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r23}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r22}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {r6}, {}, {}, {0x0, r9}, {}, {}, {}, {0x0, r10}, {}, {r11, r12}, {r14}, {}, {}, {}, {r15}, {}, {r16}, {0x0, r17}, {0x0, r18}, {0x0, r19}, {0x0, r21}, {}, {}, {}, {}, {}, {0x0, r24}], 0x4, "6a3c6357d72f35"})
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:53:16 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 81)

13:53:16 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r2, 0x8030942b, &(0x7f0000000040)={0x1, {0x4, 0x5, 0xffff, 0x3, 0x5}})
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
close(r1)

13:53:16 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x9, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:16 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 33)

13:53:16 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x478ffff)

13:53:16 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b4e, &(0x7f0000000040))

[ 1041.219033] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1041.219033]    program syz-executor.2 not setting count and/or reply_len properly
13:53:16 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b52, &(0x7f0000000040))

[ 1041.259613] FAULT_INJECTION: forcing a failure.
[ 1041.259613] name failslab, interval 1, probability 0, space 0, times 0
[ 1041.261254] CPU: 1 UID: 0 PID: 8373 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1041.261285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1041.261298] Call Trace:
[ 1041.261306]  <TASK>
[ 1041.261315]  dump_stack_lvl+0xfa/0x120
[ 1041.261367]  should_fail_ex+0x4d7/0x5e0
[ 1041.261407]  ? blk_rq_map_user_iov+0x1fd/0x1180
[ 1041.261435]  should_failslab+0xc2/0x120
[ 1041.261474]  __kmalloc_noprof+0xb4/0x4b0
[ 1041.261516]  blk_rq_map_user_iov+0x1fd/0x1180
[ 1041.261558]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1041.261592]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1041.261626]  ? find_held_lock+0x2b/0x80
[ 1041.261658]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1041.261685]  ? lock_release+0xc8/0x290
[ 1041.261706]  ? import_ubuf+0x1be/0x220
[ 1041.261746]  blk_rq_map_user_io+0x1cf/0x200
[ 1041.261779]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1041.261809]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1041.261851]  ? irq_work_queue+0x9c/0x100
[ 1041.261879]  ? __asan_memset+0x24/0x50
[ 1041.261919]  sg_common_write.constprop.0+0xd75/0x1710
[ 1041.261959]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1041.262001]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1041.262034]  ? ___ratelimit+0x465/0xa10
[ 1041.262079]  sg_write.part.0+0x6a2/0xb50
[ 1041.262108]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1041.262140]  ? perf_trace_lock+0xb5/0x5d0
[ 1041.262169]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1041.262200]  ? lock_acquire+0x15e/0x2f0
[ 1041.262224]  ? perf_trace_lock+0xb5/0x5d0
[ 1041.262245]  ? find_held_lock+0x2b/0x80
[ 1041.262276]  ? get_pid_task+0xfd/0x250
[ 1041.262316]  ? perf_trace_lock+0xb5/0x5d0
[ 1041.262341]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1041.262365]  ? avc_policy_seqno+0x9/0x20
[ 1041.262395]  ? selinux_file_permission+0x99/0x600
[ 1041.262429]  sg_write+0x86/0xe0
[ 1041.262454]  vfs_write+0x2b7/0x1150
[ 1041.262487]  ? __pfx_sg_write+0x10/0x10
[ 1041.262512]  ? lock_acquire+0x15e/0x2f0
[ 1041.262534]  ? __fget_files+0x34/0x3b0
[ 1041.262567]  ? __pfx_vfs_write+0x10/0x10
[ 1041.262600]  ? __fget_files+0x203/0x3b0
[ 1041.262632]  ? lock_release+0xc8/0x290
[ 1041.262666]  ? __fget_files+0x20d/0x3b0
[ 1041.262713]  ksys_write+0x121/0x240
[ 1041.262746]  ? __pfx_ksys_write+0x10/0x10
[ 1041.262778]  ? trace_csd_function_exit+0x134/0x190
[ 1041.262814]  ? __flush_smp_call_function_queue+0x443/0x740
[ 1041.262857]  do_syscall_64+0xbf/0x360
[ 1041.262882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1041.262906] RIP: 0033:0x7fbb63381b19
[ 1041.262924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1041.262946] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1041.262967] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1041.262983] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1041.262996] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1041.263010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1041.263023] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1041.263060]  </TASK>
13:53:16 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xd, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:16 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 34)

13:53:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000064dd7267e251ce90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000094bb5b29f407532e000000000000000000000000000000000000000000000000000000020000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffa000000000000000000000000000000000000000000b8c000"/290], 0x120)

13:53:16 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5000000)

13:53:16 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
sendto$inet(r1, 0x0, 0x0, 0x8000, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x64010101}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x10000003fe)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_int(r2, 0x0, 0x22, &(0x7f0000000000)=0x4b11, 0x4)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r4, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000280)={'filter\x00', 0x1000, "da44d57a20d4c045e0c7ef65719735d58663128e14707a866e779255e98d05ddea90a40eeebf9a22850e0ae78f8dfcf314a0a264c248f03646545ff11f10b1642b385627a9f33c0020ebc902e7d4907e37af7e31744896abcf1edff9f3b02fc7c8fd97be79060fa93b4b91964f24c0a59b4a0c3cbdc5682503e8b16e90fec7dad1df940ce7baa69d1301fd5915f41388bba69be5126e6c79e07f0b551cee8eb6d156bc865df409e8a9dbce8f7d97c5483a1ef3e31bf16739dc10fa2d20b28be4f6b2fdcadd682cddd5be27abd38a648e1d2dbe975c77831d5b1b617dc254035328e80270c87376d28ada710cde9c94388495697074e7c119f148fdedbe38ab2c253b5bf6a1e52bf0acb810fd4c68840ceda0bc8614a43abd0ff748c10de25375679e5eb73c8b8a3f75beb0a75045071918402e7cf3eafa7618c9c51561f4cfdd2a5787c324d60d1e4fec5544ff365fed2cc8e9109a699a4650a65972e2775e8a6b4737e04fbc79319ec0c481452a5c620f22ff750d5e6226d98be34b330c3c98a56e91008305d8132636dc2cd0ffd974032801afadded1f9f489e31994d65841446eb49e7af0ff973f65bb39361ea469adfb8d37dd2b062425228bc033308a009dc3c7d1475baadbcf6f142b7b133e42709353c7de8fb2cf39ec93b68c2ef568aa2e26a3036aac5cf7e0a31cb90d29c8035b434b3b39ed0b5859789e2f7ea234013d0b414a22363bd38d1c9add49981ff00caf0804313a0d7f6de655aef140e18b04fe8e58e4d8a9ed9b5352be0418a980f3eba83627190e12e52899280b92dc275270dd85885bc5e1f1d8f34d4ce88e91a6e8a863f270303771970bb42e1d393102430ae45bae7a0e3f0ccb0a174de4ee7dd64c50ca43e7a93115ad0f4a0846f3b431ee35a880e835e47373d92f00513947d25449743b1f678528fc3d826405ad5a4faaa3eadef1e5bd8ccaee245590f1c3a028e7109ccfb51e5eaeea65e66d6744b9063eecd44170b6b8dae5f3d5264baa008497af80adc381dea42a43ed102205a03a81852cc5d13646a9aaa0b6b00f4614381170e48cdc0336c00b48c4fa1ebfe1a13f452197e727e8f636f4c7dc52f5212632b15b134bcdba3d4d692e8ed1eed68d70300f0fcba718b9df137f5e0e4a9b5a06db0133c44e1816a6c25841918363b41cadfaa3e984f20636bd43167190c3e5c547a14c0edfdf962bf8790dc9ed9d8a8e8fe31de8486ee473383a0bdaee8957ae1e18be7256011aad5d8cb5834c3513d8db09b9a55ad966f316632086213124d82f1e99b2faf9d567a80c2ba8c10af72a56928b0bbdc927339d6f90ce976aea143d302f983e2f6e424cafc0d829a3f0e560423b8f7aa0a3d947c8f69066bac764a113aecd5402ebe7218c7a94dcaa84896fc2a6e4a0adaea404b8f13824b54d18527f204fb44fdb8003e1fa1fc3e58f29100823f1973d6cdfafb171f6acf7bfcc466a46b973e71b27c0f565a01ac66881dd8d2b8260f936518cac9f2225b5b51d230048fc5f5ea5e7d57c2a8d34ed9fc4b238f914686bd223cf8a5b9cd5ce9fed0ab952fd62232185d9f144547cd10e07fc8274da2a7abde0c417691979f5a1bcc89c628bce9d1dd5b419c60fd87ce13b86c80559c5a8c01fc6060da86ff46c3bf1e91b9ecdf3017185f28a73f6ffb7ac34f4008a8aee462150369ed1916a6eea9a86cafda3c87d5550d6a19311a14e45c3b83e6fa50a398590319e3eae75f4ba2848ec6da527afeee18dbbaac154ef6fe58a499241c7db1ae772c5c26630f3f8c58f2a2c0c9deb30080a654b88ce5837f74465dedb7e3d00d593d3bdc0eccc9fc5e0be41504627d2c51d18b6afb336aba088dafd714ecd0ffce6400fa09e5d18018b51ac610424793e9ccea4c25f373b49e9d17e420908469e858b70a16cfe0fa83f14fc4a28761ae7c9a91b7e760ee40ea1a07ae55959164cb6443976a204c0630fce429468c7260e52e958f00766d2cbd8680aa4887d3055132710ab3283bd3dba8c5472db4e82770797910c2311193595d3a090d42abfb49b631b37dbc4fe4e8102df6a21193f9a5d008b6e1cf8fdcdb86f126c873cb6905bb08f1c694f6d5e812a9471bfb7971245b4ea73c24dcfc3e1ee46460b1ac5510214dcdce62d1e8e7e3c438c162f8427121b87cc5e5a4a8a509ae8f634d0889f99d8fcb572e2966727dda30d49c189b0956cfc61b0d22de2007038e1f31f6f9abcad7f707717d7bf4e552eff5d35ee9b777a1db92428cddba86ff15a0fa9283130d5f25a0f788abb6a3886ce1d890c2798a54f5531960f18cc30ab39b70826cb59bf55123d43544e555a136101801a0bb1565e00de24e14d8e922e3bcab954d3ad750e0ea52489d313d4c868497052ad7fa05bfe4af735f636cef5c044ff1d0cd3a46d60ab101bd2879235c4b15903b1f8f0e0ed45e3c080c35b2d5a2801dd5604777a8010d8c19a30433db0895cf1cf566b890cfea4d63564dbef3d31de7e9d1fee24dfdffd3fb9df80bc3a487c9fb8dc750bdb939361138e09c732d3377fbbc5e4adf13b48f5d1544e3db07489215f412cea9e04b8a54fa59782ae47cf51bb4ed41a71556bfa75cf6e156091e100fc55676fd460e7fd6208e196f6db781c616139e14dad1dee5c05d57c8e4540b233977b5ec1b34770cf204813040c1d5f9ffa56663b22d05bf0d60d80f16189ce43e40f6f0848e9e4dc2853cc612e107c004cc0f7fd5ef6266c9e3bf3336044f8f1a152376d45e16e72a59216d1718f0ed838ef42c8fc5a9f740a32181e365ee6e7b6ee22e46e8f1fbc7302788e1dc8a6b9f5326682f10646d04e05ef95224f0f303f5c6781e6e2a399023ae7c62ebab104f76716bb8fbbe190c2b84dcb8cb3568535b1fb47f0f932d48c8010906407313b1bf7ade7a091e1e2156e74e84c12d2ddbb5053c9ea3815ad4067bac4ed2a1a7c10d04953ee711627793a084265dee2976f3847ddbf242fdc6315b4217a56330310324356017f757c9f4c6ead255f9f2f7de8063fa8f8a73ff7eecbb05fcee04c0b9430d1a449ae97adc3565dc596cdf40cf6b7160e4fb35c600eef7411d0248af1637fe62020a93332575329971dacf47b6a7a1c262bd1cedc909503dc897628c694ac47e6d09cd9ab2b60345b7db7a77e8745735f0c726ba5b66bd0265c2a3fa70b006027c3de75178663790e37d3570f533244a7d353d5627d41ba4e7622bca64e6a0da670b5b76ecaa33136806730a5536561b2c5b2185fb77891caa9c02929a211a7580ccbba67c144c2ea67b9292bfce4f2ca6112a53d42c99cea2969d65436d163a2acd246f17e174421defa71e899dd47f8c4a67a0269783921e37c0185931827dafede0f5c1f50fc9d1a0f0f781b0ed7e962920486667f41e4a51a64142ada41889dc9fc8d349e3f3a802d2178f53235894a98542f2f729e2d17511cc927680d8208c582ca756e815612cc7af16037e0ce1e83b214c94e2ea1b37f0e2e5db828391488d7a3591fdb438ebc0da325565f8e56a0bc21bf2f6d51ba1db2fee4c36844bafc497926a8cd5af4a00e4f161449490ba006c8e3e8928a8b3820180751903bcd3ff21056b0a2fe4667c40fddbcb0ee15e35a4a849c14c145599f20e71c62bb5239bd4a77d5aff0b09176184c867f3777c83ebcdf50628a9021af5c927ed6f8113261ab2dd8ebebf95aa933bbb7b8464545d581d94445fed2e3f1d8ff546c03d9556933503404ed7769b1b381db08210dd36b8f6cb0b404ce562a062502ae69cb45a773fa4fcb54b682d6b467f3c57a9d4b0a6347f98c6954fd3df2c14820a6a071128f3772d77d0faec05411042732b1e428987e97e9d78915ddac34b6395f439a22fe8376738e40e3fcf7359c6020e1537fc56f097ea924dac7a1d4f6faa93dee4d80781cf5031faf29a9b5fbd1b7f8175d58699ab99e7f7e9271cffd356af23fd35e1c0d7fb0367fb38a922477bc0d9c1c82a6598d2b756f2e59bb25a2818bee8f85abb8f79279ecd727665b7b6f2ebedf73b648fb0c1af0388218acae4315ede0c520595e9a5ee831038ed726a94ce694deede727610db600f79ec95e28fbfdb49f240a7bc6650388453e600631b5f1b420abe1feadaea19354c4283314ecc83b2dd42f9b1cbef88226eb18cd107b7082ea3c9639f5bd8dd60d85cb95714de43c887a8c1a6a64c5e5d6cf0940e54d1a747b077193bbf91134546d38df2610c04048e97b3504e7988df9ba0ca09bf14820887ec55b19a9a5f826d17625feeadde1b464ae44fed74553bdd3097f4541921d7df217490d543b785012c37dda7c7be1d2c6eaf0cb6af970f2a9afcb53eda4549cac4aaf333045ae1142bb5d8c45e54075a1819d1ce7821253af1bb3f92147104eb5180ab1af2beabcebcea0366c7737051c83a2f0ac29404f9762f6bae41cb6c4aeb3e4ead27f0038541f13f3e93ef7ea8f8fe66dc9d2c6deb34fb8730c5647383b39ccc01f05247061a11b596b723c2cf55bd2af3f25b9dfda445fabdd2b841a7d36b92c3d6d5414a5c111de42dd1cb0c22882334f67c192c53d11dbb7226515cdbf8aed4e559ee52b3b0c1a3ab64dc4b00c5f0a25abc4b5307559ecfa7b50adf99d80045a119fb3fb69756be199bc1bd84919129b8059601a96f1c349f44029adf01899fc15371506f4b01fb6532255efca9459bb159089543af52ebea5146069b0c27ae048a5a4a9e20e0fee0fa3d71320d8ef172c3ce3ada3db3fe0c4abaf7f202bc1f7af23e749aac4f1e86fc8886aab1b2960d8d5a0b7bc86984dc9cfa1a0d521216e3e9a0f4ccdcce8f9b77ad2d12e641b6a8609935ccbdc209006c19e441dba5bddf72b810356d044619bdcf3f133cb45adf72d8bccdc104a174be6f274f067eca077a8d28c89887598bef1a574dcd118146e70e3ebcc6b5dc5d7bc0997e98a90e9505f605c23660dd96bc28a204886f0f1d69bdc45326dc10ceed6f9a6aeba0dacb8ff88de648a46b435a824dc94ba3efcdc388accc979f1dc6383f8b1113ed7a0728ddf2bb0083ea7867cbbb5c85b7c5ee2eb061e47d9fd3a2bcf29c682858e6aef6afdc2346005efffeefddc9eb4a9126e4160b14a7e00570e98219c6f3981950f530d5ad3a1c51cc1790f5dc31f02074b6cf7f0c9ef068305ecbaa0b4b86f65d829e763349603142e9c968b91a18c1bde3144be1820ba8d4d54271c8062946018974c4eba582105d07b6320e139a1ddef4bda9db750f28b71e9920bfce47b7198b3185a6c127cc14f51027617e01415e0c6403482436c914e82a05858c6a39715a7c403febf549cbdc14c987e575362af2f13af1496726321a4fec3ec09a5f61647fc7d618bd934491acb54785ef9336598dacd3e0f68723950265b96c0f8ab51f0de4cdda7bccef813462134448e3f6204521d3d8cbf610c9b497a3fb5a9d2fdc717422b6213b488ef7f35268dab3a2ea59a731c205b813fade79b5ca20fbbb2223dc926b55f991429706bb681d502ee6f6ea44b96ebba5dea2600765c1b173e6173eca1e9a659a55bdb85340d7485f5627e21586355a8288f06464e0b82d5c183db26cd270eca31246848f5707ac19cfb45ef2afa38e6b07ffa844ba3305101d7958561a8386154fa543d2626455446396ad5e005604690f0f2d898394f53b0ef130d016b3c230b2054cfbd73302aa1a80490df1f4f5a5d5b066952d9344b8d3133697f58f70e3f1496318f31b69d23a113d98eaba2241a3c8fbcbc64fe70db37246355b3a82664dec5022caed4671c35dcaa"}, &(0x7f0000000200)=0x1024)
sendmsg$NFNL_MSG_COMPAT_GET(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x3c, 0x0, 0xb, 0x0, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_COMPAT_NAME={0x8, 0x1, ']$.\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044004}, 0x20000c10)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001380)={&(0x7f0000001300)={0x4c, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa0}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SHORT_ADDR={0x6}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa0}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000800}, 0x64000884)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)

13:53:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000100)={0x49, 0x1, 0x7, "338e1620407681999c68ba9506f4794605472ca915a7bb8914d22ae7dc8d977534415663c946b6095b8729472394ae7b6c8f66a01b908bffae044faeca9efcb9d0bd6214f422872f69"})
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r4 = openat2(r2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x121000, 0x10, 0x7}, 0x18)
ioctl$HIDIOCGFIELDINFO(r4, 0xc038480a, &(0x7f00000000c0)={0x2, 0x101, 0x4, 0x7f, 0x2, 0x3, 0xce, 0x6, 0x6, 0x3, 0x5, 0xbb32, 0x9, 0x9})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f0000000440)={0x0, 0x6, 0x1, [0x8000, 0xe6, 0xfff, 0x100000001, 0x3f], [0xbb, 0x0, 0x1, 0xee9, 0x2, 0x20, 0x2, 0x80000001, 0x8001, 0x4, 0x20, 0x5, 0x0, 0x4, 0x10000, 0x7, 0x1, 0x4, 0x1, 0x8, 0x4, 0x777, 0x4, 0x23, 0x4, 0x4e0000000000, 0x250, 0x1, 0xfff, 0xff, 0x10000, 0x2, 0xffff, 0x9c, 0x101, 0x9, 0x0, 0xffffffffffff0000, 0x2e74, 0x2, 0xff, 0xbc, 0x8000, 0x7, 0x80000000, 0x7ff, 0x6dbc, 0x1, 0x3, 0xfffffffffffffff7, 0x8, 0x8a5, 0xfffffffffffffff8, 0x8, 0x7fffffff, 0x2, 0x3, 0x1ff, 0x9, 0x6d, 0x40, 0x7, 0x7f, 0x7, 0xab, 0x1, 0x6, 0x2, 0x78b, 0x1ff, 0x1, 0x40, 0x2, 0x7, 0x4, 0x400, 0x5, 0x54, 0x0, 0xc19, 0x10001, 0x1, 0x7, 0x20, 0x5, 0x3, 0xff, 0x10000, 0x2, 0x100, 0x1, 0xffcd, 0xa800000000000000, 0x0, 0xfff, 0x9, 0xfff, 0x4, 0x6, 0x1, 0x4, 0xfffffffffffffffc, 0xed6a, 0x2, 0x3, 0x81, 0xffffffff, 0x2, 0x7, 0x7, 0x7f, 0x474b, 0x3ff, 0x9, 0x2, 0x4, 0x4, 0x5, 0x80, 0x100, 0x80000000]})
ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000000180))

13:53:16 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x600, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:16 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 82)

[ 1041.585475] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1041.585475]    program syz-executor.2 not setting count and/or reply_len properly
13:53:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x20000000, 0x3, 0xffffffff}, "8b74d25102d8fcdfc3976d4503d103", ['\x00']}, 0x12f)

13:53:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x6000000)

13:53:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 35)

13:53:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f0000000040)=0x7ffffffd, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0xfffffda3}}], 0x1, 0x0, 0x0)

13:53:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x900, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 83)

13:53:25 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, r1, 0x5, 0x0, 0x20, {{}, {@void, @void}}}, 0x14}}, 0x4000)
sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="972cc11a", @ANYRES16=r1, @ANYBLOB="000225bd7000ffdbdf25640000000800010066000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:53:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b62, &(0x7f0000000040))

13:53:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b63, &(0x7f0000000040))

[ 1050.539208] sg_write: data in/out 536870876/261 bytes for SCSI command 0x2-- guessing data in;
[ 1050.539208]    program syz-executor.0 not setting count and/or reply_len properly
[ 1050.551970] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1050.551970]    program syz-executor.2 not setting count and/or reply_len properly
[ 1050.568902] FAULT_INJECTION: forcing a failure.
[ 1050.568902] name failslab, interval 1, probability 0, space 0, times 0
[ 1050.570959] CPU: 1 UID: 0 PID: 8436 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1050.570989] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1050.571002] Call Trace:
[ 1050.571010]  <TASK>
[ 1050.571018]  dump_stack_lvl+0xfa/0x120
[ 1050.571064]  should_fail_ex+0x4d7/0x5e0
[ 1050.571097]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1050.571140]  ? bio_kmalloc+0x3e/0x70
[ 1050.571179]  should_failslab+0xc2/0x120
[ 1050.571218]  __kmalloc_noprof+0xb4/0x4b0
[ 1050.571250]  ? trace_kmalloc+0x1f/0xb0
[ 1050.571271]  ? __kmalloc_noprof+0x215/0x4b0
[ 1050.571308]  bio_kmalloc+0x3e/0x70
[ 1050.571353]  blk_rq_map_user_iov+0x390/0x1180
[ 1050.571397]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1050.571431]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1050.571465]  ? find_held_lock+0x2b/0x80
[ 1050.571496]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1050.571523]  ? lock_release+0xc8/0x290
[ 1050.571543]  ? import_ubuf+0x1be/0x220
[ 1050.571583]  blk_rq_map_user_io+0x1cf/0x200
[ 1050.571616]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1050.571645]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1050.571687]  ? irq_work_queue+0x9c/0x100
[ 1050.571717]  ? __asan_memset+0x24/0x50
[ 1050.571756]  sg_common_write.constprop.0+0xd75/0x1710
[ 1050.571797]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1050.571825]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1050.571858]  ? ___ratelimit+0x465/0xa10
[ 1050.571903]  sg_write.part.0+0x6a2/0xb50
[ 1050.571933]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1050.571964]  ? perf_trace_lock+0xb5/0x5d0
[ 1050.571994]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1050.572024]  ? lock_acquire+0x15e/0x2f0
[ 1050.572048]  ? perf_trace_lock+0xb5/0x5d0
[ 1050.572069]  ? find_held_lock+0x2b/0x80
[ 1050.572100]  ? get_pid_task+0xfd/0x250
[ 1050.572140]  ? perf_trace_lock+0xb5/0x5d0
[ 1050.572166]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1050.572191]  ? avc_policy_seqno+0x9/0x20
[ 1050.572219]  ? selinux_file_permission+0x99/0x600
[ 1050.572254]  sg_write+0x86/0xe0
[ 1050.572279]  vfs_write+0x2b7/0x1150
13:53:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7000000)

[ 1050.572312]  ? __pfx_sg_write+0x10/0x10
[ 1050.572338]  ? lock_acquire+0x15e/0x2f0
[ 1050.572360]  ? __fget_files+0x34/0x3b0
[ 1050.572393]  ? __pfx_vfs_write+0x10/0x10
[ 1050.572426]  ? __fget_files+0x203/0x3b0
[ 1050.572458]  ? lock_release+0xc8/0x290
[ 1050.572487]  ? __fget_files+0x20d/0x3b0
[ 1050.572533]  ksys_write+0x121/0x240
[ 1050.572567]  ? __pfx_ksys_write+0x10/0x10
[ 1050.572615]  do_syscall_64+0xbf/0x360
[ 1050.572641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1050.572664] RIP: 0033:0x7fbb63381b19
13:53:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b64, &(0x7f0000000040))

[ 1050.572682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1050.572703] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1050.572725] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1050.572740] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1050.572753] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1050.572767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1050.572780] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1050.572816]  </TASK>
13:53:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x5, 0x8000, 0x7fffffff, 0x0, 0x17, "07bb4715f81e4490dd23ae6c6e32475f7f2313"})
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, "", ['\x00']}, 0x120)

13:53:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 36)

13:53:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc142, 0x0)
pwrite64(r1, &(0x7f00000000c0)="20c94b1d217d8d94013c7648bbceb59bcd925888c77db81dafb74382f6dfeb27c7a1b87169ff431ed56dc94685e1fc3e752e9e14cbee43c6dd22b2ecea9b3ad8a902de852c35541d4de4fe7fc5ca5e9ef446711444eced6a468bc6257b32fa5005e293394bb5be4a7d5d809c574855b70ee0fa5e147cc7", 0x77, 0x1)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:53:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xd00, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x8000000)

13:53:25 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r1 = getpid()
clone3(&(0x7f00000003c0)={0x110040000, &(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0), {0x2e}, &(0x7f0000000200)=""/41, 0x29, &(0x7f0000000240)=""/181, &(0x7f0000000300)}, 0x58)
pidfd_open(r1, 0x0)
perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x42, 0x6, 0xe, 0x40, 0x0, 0x7, 0x8401, 0x4, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000040), 0xb}, 0x104, 0x8, 0x7, 0x5, 0x81, 0x3, 0x80, 0x0, 0xfffffe00}, r1, 0x5, r0, 0x2)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:53:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b65, &(0x7f0000000040))

13:53:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b66, &(0x7f0000000040))

13:53:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 84)

13:53:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x8100000)

13:53:35 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x80, 0x193002)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)

13:53:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xfdfd, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:35 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001680), 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0xff, 0x58, 0x8, 0x16, 0x0, 0x3, 0x20000, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x6, 0x4, @perf_config_ext={0x9, 0x7fff}, 0x12ca0, 0x7, 0x1ff, 0x8, 0x6, 0x1, 0x2e, 0x0, 0xad, 0x0, 0x1}, 0xffffffffffffffff, 0xb, r0, 0x8)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:53:35 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000000)=0x9, 0x4)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000100))
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r2, 0x4018f50b, &(0x7f00000000c0)={0x1, 0xfffffffffffff959, 0x9})
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x440, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x66, &(0x7f0000000180)=0x6, 0x4)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000040))
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:53:35 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 37)

[ 1060.711880] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1060.711880]    program syz-executor.2 not setting count and/or reply_len properly
[ 1060.745328] FAULT_INJECTION: forcing a failure.
[ 1060.745328] name failslab, interval 1, probability 0, space 0, times 0
[ 1060.747085] CPU: 1 UID: 0 PID: 8495 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1060.747117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1060.747130] Call Trace:
[ 1060.747139]  <TASK>
[ 1060.747148]  dump_stack_lvl+0xfa/0x120
[ 1060.747196]  should_fail_ex+0x4d7/0x5e0
[ 1060.747240]  ? vm_area_dup+0x25/0x6f0
[ 1060.747261]  should_failslab+0xc2/0x120
[ 1060.747302]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1060.747344]  ? dup_mmap+0x5d3/0x1d10
[ 1060.747374]  ? lock_release+0xc8/0x290
[ 1060.747405]  vm_area_dup+0x25/0x6f0
[ 1060.747431]  dup_mmap+0x80d/0x1d10
[ 1060.747480]  ? __pfx_dup_mmap+0x10/0x10
[ 1060.747527]  ? lock_is_held_type+0xe3/0x120
[ 1060.747566]  ? lock_is_held_type+0x9e/0x120
[ 1060.747613]  copy_process+0x6faf/0x73e0
[ 1060.747637]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1060.747683]  ? __pfx_copy_process+0x10/0x10
[ 1060.747707]  ? __might_fault+0xe0/0x190
[ 1060.747739]  ? _copy_from_user+0x5b/0xd0
[ 1060.747788]  kernel_clone+0xea/0x7f0
[ 1060.747809]  ? get_pid_task+0xfd/0x250
[ 1060.747851]  ? __pfx_kernel_clone+0x10/0x10
[ 1060.747872]  ? perf_trace_lock+0xb5/0x5d0
[ 1060.747908]  ? find_held_lock+0x2b/0x80
[ 1060.747942]  ? ksys_write+0x121/0x240
[ 1060.747980]  ? lock_is_held_type+0x9e/0x120
[ 1060.748023]  __do_sys_clone3+0x1f5/0x280
[ 1060.748047]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1060.748094]  ? __fget_files+0x20d/0x3b0
[ 1060.748142]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1060.748185]  ? ksys_write+0x1a3/0x240
[ 1060.748222]  ? __pfx_ksys_write+0x10/0x10
[ 1060.748273]  do_syscall_64+0xbf/0x360
[ 1060.748300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1060.748325] RIP: 0033:0x7f7b289bfb19
[ 1060.748344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1060.748369] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1060.748392] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1060.748408] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1060.748423] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1060.748438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1060.748452] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1060.748492]  </TASK>
13:53:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b67, &(0x7f0000000040))

13:53:35 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = fspick(r2, &(0x7f0000000280)='./file0\x00', 0x0)
r6 = creat(&(0x7f00000005c0)='./file0\x00', 0x13)
r7 = dup(r1)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r8, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r8, 0x4c80, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r9, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r10 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r11 = openat$sr(0xffffffffffffff9c, &(0x7f0000000a00), 0x840400, 0x0)
io_submit(0x0, 0x8, &(0x7f0000000a80)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0xdc2, r1, &(0x7f0000000040)="3831405285b3960b9253de33becb092787eb38608b3d896d6a620dd0b802556e41d83585df95c2d2101e9a9e4270a37038097fb1a5ea778c182cf28aebcc9cd7ad4fe051a96df0b7dd8c3deba4d346b0e84edf85793616411ec730215f44dce18bda453f403412ad21c076fef67ded1ec5775075fa187fcb8383eb9a67b7ffbdc6f25d11917a2b7c9b8b8f4ee6", 0x8d, 0x9, 0x0, 0x1, r3}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x470d, r4, &(0x7f0000000140)="35ce6691f3f9bfad2c4f566f5ddcaa666a7f9c791f5b5f0cfc75453fdf6620f5b622ac1df585f6379b80c30dbb832e9d7afefae9905280fbcbe2246cb8684f3ce430be36548d67660a50d5a9f609948b6d4ea39091333671d0a64edf45e6d773c6e1d3b6bd3ab2fecb0a3d30daac2a60fa8759fa676e27ed2e3529aa4a8434bd5534f6fdf9213371738e6f88eef626a0a24bdfc43af12af30367e4122b4aac8d7261b3cc7b2d5b240e7998a2a721807f88853e02bc91ca6c3790d7e7799c2c58d20738", 0xc3, 0x9, 0x0, 0x1, r2}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x4, 0xfff, r5, &(0x7f0000000440)="76a7717c0bd638f847944818efce3c74b8373b75399eec77c24a2883b0cfece8401179116baa0cbe7347127f08626d887ce273d723788b73ca48c68a0dbfe70b9f0c8e09930f75a0e9895c760419793f9468319e81611a13445c1e608f2a13dc77cf1ac5831080edf8b589f80678745843ead70dcd8f177b1dfe89af7cf4707588605c6f9e0da08cecaee424ad0d80fab0581c5f2003e988a0244e48fddbcd107c17a58c4185b0e44b06ca7a64370a663af1c78db27d089ad1bf58d5eccd4924", 0xc0, 0x9, 0x0, 0x2}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000540)="278005fde49febbc5e0c5aa14c888fc1c54358864c5ef921803f97cfced6fc233cab13e872257d62c2b8c6cb09dc618ed8d77e81e84ac4c8e42cb621f12031af811ab523f16fee8835e4fababab7828e8900e5b4f0f3bfbb1b327c246c59925453e2fdc9ecdc717bb64059", 0x6b, 0xc0bd, 0x0, 0x1, r6}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x6, 0x1, r2, &(0x7f0000000640)="1b7f34732c0cf64c6d17f2ccaa1a8ae79875762e094bddd5c5d5c86f3fcdb85f5aa2d56442d76052c09c95d5101e33ef975bad9ba8da0c88d10d748af0cf7ba47516109fcb152f15af7465acde3b48ac7795550d70647c93c8a2c7e6f810872dafe28c5bf2798c5327d9b284acfded2b4dcab2ef365bed3070246c2ccd093182a3775098d022620ac8248442374f5147df1d20a344b611c0313d64118488282ab1006d6cda5e4006e801377538639797fcd7f61f48f27b9ec183a9b26ebf03d21084e77cf6b82d89eb", 0xc9, 0x3f, 0x0, 0x2, r7}, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x5, 0x1, r8, &(0x7f0000000780)="d2d44fc2df6a4547949eb0cbe52d6c21a4aea4a5f42e3294038e59918900a3a3094d443452fcee350c120fb181e2c793542687fdc691185696542c70551b63c9d41e9ea6e26dd0eef2a7023e9fbb37e13f9f8e81eb594e99b1fd7bc946c3c6f20e064e79ba1a81b5a4124e0f9f0bc5452686ca4a6d1759bf8450b3e1bc18191ac5d249304fca84099909b0f46c1328889497ef1c307ad83f6e920a070c9e8d8956c0", 0xa2, 0x7ff}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x1, 0x2, r1, &(0x7f0000000880)="883d50b2213c027d69dabc1b242d1adab3563a0d27850d927a98fff9f7cc26b205e16367d0f7d578eb5868e59544319e628f2633f21b1dc01f5ff12184ebc8852feb7ac0b5b90a4412da1de69a13da92246b424bca18d3d0f20541ba8d76d6b3b9d88286b5ee2c7c6fd0459138d170ecab2c6e4b60f326c708a0d24581df9674e460560286e37f2f0eded5e98bc264a9deef263616c3cf5e9de360be945739549e929d1ac39bd8f0d7f6dc29a8ef7ef638763945c19ff2b861caa98ac693bcbdad3da2b5", 0xc4, 0x3e6, 0x0, 0x1, r9}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x7, 0x4, r10, &(0x7f00000009c0)="21faeb87dc4daa576a63ba06a143ad55bc35270095d993d356aedae47d69c558", 0x20, 0x101, 0x0, 0x2, r11}])
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:53:35 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000040))
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:53:36 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 85)

13:53:36 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x80000, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:36 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xa78ffff)

13:53:36 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b68, &(0x7f0000000040))

13:53:36 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 38)

[ 1061.097505] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1061.097505]    program syz-executor.2 not setting count and/or reply_len properly
[ 1061.112175] FAULT_INJECTION: forcing a failure.
[ 1061.112175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1061.114066] CPU: 1 UID: 0 PID: 8515 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1061.114097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1061.114109] Call Trace:
[ 1061.114117]  <TASK>
[ 1061.114125]  dump_stack_lvl+0xfa/0x120
[ 1061.114170]  should_fail_ex+0x4d7/0x5e0
[ 1061.114224]  _copy_from_iter+0x1dc/0x15b0
[ 1061.114263]  ? __pfx_perf_trace_lock+0x10/0x10
13:53:36 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x1041, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cpuinfo\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r1}, './file1\x00'})
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$DVD_AUTH(r2, 0x5390, &(0x7f0000000180)=@lsc={0x3, 0x3, "d045dae6578f49de037c"})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r5, 0x5602, &(0x7f0000000040))
ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000000200)={0x2, {0x2, 0x1008, 0x0, 0x9, 0x5, 0x3}})
r6 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
fcntl$setlease(r6, 0x400, 0x2)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x101)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x80080, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r7, 0xc018937e, &(0x7f00000003c0)=ANY=[@ANYBLOB="01000001000000180000009f84031c5e7636a6811d2e963918f2ef380d927eb42e77e03f2957fb52c19407000000b43bc5ac4d57dae5409c50d767d69f0000000000000000006852b872149e0addc8f5ae56410729626db04dd3f955868ae721b5cef779f81c7aed9fa589c0a472e9b5cb", @ANYRES32=<r8=>r0, @ANYBLOB="1c0000000000000000000000000000002f688b0e4ec8c5bd5f1baa3bc43a6f280bbf1eca3ffabbe03414cadbe62a612018a7bd3312ccb835b403daaa68f216558b8ad5e4b489c26b24d6dc2ffe5a5b8657b0147940ce1f0fdb3d9266a3524f51bf0a0e4b0263d717ee928e0169bb30bc"])
mknodat$null(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$TIOCL_BLANKSCREEN(r8, 0x541c, &(0x7f00000001c0))

[ 1061.114296]  ? __pfx__copy_from_iter+0x10/0x10
[ 1061.114340]  ? find_held_lock+0x2b/0x80
[ 1061.114372]  ? __create_object+0x59/0x80
[ 1061.114399]  ? lock_release+0xc8/0x290
[ 1061.114424]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1061.114467]  copy_page_from_iter+0xe3/0x180
[ 1061.114510]  bio_copy_from_iter+0x108/0x270
[ 1061.114551]  blk_rq_map_user_iov+0xc07/0x1180
[ 1061.114594]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1061.114627]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1061.114660]  ? find_held_lock+0x2b/0x80
[ 1061.114691]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1061.114718]  ? lock_release+0xc8/0x290
[ 1061.114738]  ? import_ubuf+0x1be/0x220
[ 1061.114778]  blk_rq_map_user_io+0x1cf/0x200
[ 1061.114810]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1061.114840]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1061.114881]  ? irq_work_queue+0x9c/0x100
[ 1061.114910]  ? __asan_memset+0x24/0x50
[ 1061.114951]  sg_common_write.constprop.0+0xd75/0x1710
[ 1061.114991]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1061.115022]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1061.115057]  ? ___ratelimit+0x465/0xa10
[ 1061.115103]  sg_write.part.0+0x6a2/0xb50
[ 1061.115132]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1061.115163]  ? perf_trace_lock+0xb5/0x5d0
[ 1061.115193]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1061.115223]  ? lock_acquire+0x15e/0x2f0
[ 1061.115247]  ? perf_trace_lock+0xb5/0x5d0
[ 1061.115269]  ? find_held_lock+0x2b/0x80
[ 1061.115300]  ? get_pid_task+0xfd/0x250
[ 1061.115339]  ? perf_trace_lock+0xb5/0x5d0
[ 1061.115365]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1061.115389]  ? avc_policy_seqno+0x9/0x20
[ 1061.115418]  ? selinux_file_permission+0x99/0x600
[ 1061.115452]  sg_write+0x86/0xe0
[ 1061.115478]  vfs_write+0x2b7/0x1150
[ 1061.115510]  ? __pfx_sg_write+0x10/0x10
[ 1061.115535]  ? lock_acquire+0x15e/0x2f0
[ 1061.115557]  ? __fget_files+0x34/0x3b0
[ 1061.115590]  ? __pfx_vfs_write+0x10/0x10
[ 1061.115624]  ? __fget_files+0x203/0x3b0
[ 1061.115656]  ? lock_release+0xc8/0x290
[ 1061.115684]  ? __fget_files+0x20d/0x3b0
[ 1061.115730]  ksys_write+0x121/0x240
[ 1061.115764]  ? __pfx_ksys_write+0x10/0x10
[ 1061.115812]  do_syscall_64+0xbf/0x360
[ 1061.115837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1061.115860] RIP: 0033:0x7fbb63381b19
[ 1061.115878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1061.115900] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1061.115922] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1061.115937] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1061.115951] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1061.115964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1061.115978] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1061.116014]  </TASK>
13:53:36 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x1000000, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:36 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 86)

13:53:36 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b69, &(0x7f0000000040))

[ 1061.397549] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1061.397549]    program syz-executor.2 not setting count and/or reply_len properly
[ 1061.402652] FAULT_INJECTION: forcing a failure.
[ 1061.402652] name failslab, interval 1, probability 0, space 0, times 0
[ 1061.404270] CPU: 1 UID: 0 PID: 8535 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1061.404299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1061.404312] Call Trace:
[ 1061.404320]  <TASK>
[ 1061.404334]  dump_stack_lvl+0xfa/0x120
[ 1061.404379]  should_fail_ex+0x4d7/0x5e0
[ 1061.404419]  ? blk_rq_map_user_iov+0x1fd/0x1180
[ 1061.404447]  should_failslab+0xc2/0x120
[ 1061.404485]  __kmalloc_noprof+0xb4/0x4b0
[ 1061.404527]  blk_rq_map_user_iov+0x1fd/0x1180
[ 1061.404570]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1061.404603]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1061.404637]  ? find_held_lock+0x2b/0x80
[ 1061.404669]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1061.404696]  ? lock_release+0xc8/0x290
[ 1061.404716]  ? import_ubuf+0x1be/0x220
[ 1061.404756]  blk_rq_map_user_io+0x1cf/0x200
[ 1061.404788]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1061.404818]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1061.404860]  ? irq_work_queue+0x9c/0x100
[ 1061.404889]  ? __asan_memset+0x24/0x50
[ 1061.404928]  sg_common_write.constprop.0+0xd75/0x1710
[ 1061.404968]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1061.404996]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1061.405029]  ? ___ratelimit+0x465/0xa10
[ 1061.405074]  sg_write.part.0+0x6a2/0xb50
[ 1061.405103]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1061.405134]  ? perf_trace_lock+0xb5/0x5d0
[ 1061.405164]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1061.405195]  ? lock_acquire+0x15e/0x2f0
[ 1061.405219]  ? perf_trace_lock+0xb5/0x5d0
[ 1061.405240]  ? find_held_lock+0x2b/0x80
[ 1061.405271]  ? get_pid_task+0xfd/0x250
[ 1061.405310]  ? perf_trace_lock+0xb5/0x5d0
[ 1061.405336]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1061.405360]  ? avc_policy_seqno+0x9/0x20
[ 1061.405391]  ? selinux_file_permission+0x99/0x600
[ 1061.405424]  sg_write+0x86/0xe0
[ 1061.405450]  vfs_write+0x2b7/0x1150
[ 1061.405483]  ? __pfx_sg_write+0x10/0x10
[ 1061.405508]  ? lock_acquire+0x15e/0x2f0
[ 1061.405530]  ? __fget_files+0x34/0x3b0
[ 1061.405563]  ? __pfx_vfs_write+0x10/0x10
[ 1061.405599]  ? __fget_files+0x203/0x3b0
[ 1061.405633]  ? lock_release+0xc8/0x290
[ 1061.405661]  ? __fget_files+0x20d/0x3b0
[ 1061.405707]  ksys_write+0x121/0x240
[ 1061.405741]  ? __pfx_ksys_write+0x10/0x10
[ 1061.405789]  do_syscall_64+0xbf/0x360
[ 1061.405814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1061.405837] RIP: 0033:0x7fbb63381b19
[ 1061.405855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1061.405877] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1061.405899] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1061.405914] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1061.405928] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1061.405942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1061.405955] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1061.405991]  </TASK>
13:53:46 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 87)

13:53:46 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 39)

13:53:46 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x71, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:53:46 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0xc0, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
setsockopt$inet_tcp_buf(r0, 0x6, 0x21, &(0x7f00000000c0)="03b7d44728151a87dbadc1a4e13e9baaaee1d3d96e86ba0ee59c06e23e18b4db023f567e017a085f3a9c46d04c06c577cb7311c3b15629c694dc19d18ee718c5f727feab366adeb86c472d4dcc59416fe737add90d22", 0x56)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {r0}}, './file0\x00'})
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f00000000c0), 0x0)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000000)='wg2\x00', 0x4)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:53:46 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x10000000)

13:53:46 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x2000000, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:46 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b6a, &(0x7f0000000040))

13:53:46 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000040))

13:53:46 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b70, &(0x7f0000000040))

[ 1071.239303] FAULT_INJECTION: forcing a failure.
[ 1071.239303] name failslab, interval 1, probability 0, space 0, times 0
[ 1071.241410] CPU: 1 UID: 0 PID: 8553 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1071.241446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1071.241461] Call Trace:
[ 1071.241470]  <TASK>
[ 1071.241481]  dump_stack_lvl+0xfa/0x120
[ 1071.241534]  should_fail_ex+0x4d7/0x5e0
[ 1071.241582]  ? vm_area_dup+0x25/0x6f0
[ 1071.241606]  should_failslab+0xc2/0x120
[ 1071.241653]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1071.241706]  vm_area_dup+0x25/0x6f0
[ 1071.241734]  dup_mmap+0x80d/0x1d10
[ 1071.241790]  ? __pfx_dup_mmap+0x10/0x10
[ 1071.241848]  ? lock_is_held_type+0x9e/0x120
[ 1071.241903]  copy_process+0x6faf/0x73e0
[ 1071.241930]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1071.241984]  ? __pfx_copy_process+0x10/0x10
[ 1071.242010]  ? __might_fault+0xe0/0x190
[ 1071.242047]  ? _copy_from_user+0x5b/0xd0
[ 1071.242102]  kernel_clone+0xea/0x7f0
[ 1071.242126]  ? get_pid_task+0xfd/0x250
[ 1071.242173]  ? __pfx_kernel_clone+0x10/0x10
[ 1071.242197]  ? perf_trace_lock+0xb5/0x5d0
[ 1071.242238]  ? find_held_lock+0x2b/0x80
[ 1071.242283]  ? ksys_write+0x121/0x240
[ 1071.242351]  ? lock_is_held_type+0x9e/0x120
[ 1071.242400]  __do_sys_clone3+0x1f5/0x280
[ 1071.242426]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1071.242481]  ? __fget_files+0x20d/0x3b0
[ 1071.242534]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1071.242583]  ? ksys_write+0x1a3/0x240
[ 1071.242623]  ? __pfx_ksys_write+0x10/0x10
[ 1071.242681]  do_syscall_64+0xbf/0x360
[ 1071.242712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1071.242740] RIP: 0033:0x7f7b289bfb19
13:53:46 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x1f}}, './file0\x00'})
openat(r2, &(0x7f0000000080)='./file0\x00', 0x400, 0x32)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x20100, 0x0)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[ 1071.242760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1071.242788] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1071.242814] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1071.242832] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1071.242849] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1071.242865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1071.242881] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1071.242927]  </TASK>
[ 1071.247292] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1071.247292]    program syz-executor.2 not setting count and/or reply_len properly
13:53:46 executing program 7:
r0 = socket$inet(0x2, 0xa, 0x101)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000000)={0x67, @empty, 0x4e24, 0x4, 'nq\x00', 0x4, 0x7, 0x5b}, 0x2c)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1071.329560] sg_write: data in/out 3171656/4 bytes for SCSI command 0x0-- guessing data in;
[ 1071.329560]    program syz-executor.0 not setting count and/or reply_len properly
13:53:46 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b71, &(0x7f0000000040))

13:53:46 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r2 = syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0xbc6, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000180)="1813a862b2f75183918b965dab6add63df3eab7d196b54879b84ba1c47955e6393d5ab14b0af81e8788a93571f92057ea166fec3dd572254036eea8cd01f45e6183b9861c3180f2f60e1d58d2e55cee3e3a88425d33aa50cf475a45482f66ac450a7dfdbeacc69a1291042986c3261", 0x6f}, {&(0x7f0000000200)="ed1962c0b7d61b8ea16bb4bb0530beaca6f2b54eb53609ee5f322685c57b21c2fe77121ed88f4db7902887200e158c1c1ba5ca6a005e0798e4944db2bcafbe0dceaa9d059b08cff8ebece14f66d82b6297e3f6e53be9e29ec7604909f71e57c62500e3180168cb5e61e1576341", 0x6d, 0x4}, {&(0x7f0000000280)="ee69cfefd1de482aad7f28857a9bc4c385bca70dc02b994f2f29c0a8c9538c6782db7c8736bcc36cbe75b53cd14364eeb89efad1ccebd99ae7408a62acad6199301fd66989e5854e6193de481c9361948b10215d561901a545bae2f34e879036f2a81d1e3c4a1d4978fb499e4009f196cdd1d43e29b3253ab5db5e8ef74840cff326299acc9feb613b30e69c9d721853", 0x90, 0xffffffffffffffff}, {&(0x7f00000003c0)="2dcc39d88124f65b1222ed8ac69dd9be82ca7e5977b11eabc8cf3f67b95e0534de9074e05f9a3525047f22aa31988f2924eaae45fbbcea6b4388119949da8b8a14a4ba67cd3cb05bb242bf243d0e2aa9bb5b0b0a79dabb64f97bf2d2bd23c357796c49d582bd4e8c45032afc6b8ad3f202be830a7b1e3013e2bb82cf1f3b5ba9730eac849c8692efe7a1776d7b2f2812802f078f9bbf25488800a0d64a26f0cabf08d086869a819df0ac2939df50ba7fb8533576a2d9613f695843680b1493296a22c47729", 0xc5, 0x10001}], 0x200000, &(0x7f0000000540)={[{@size={'size', 0x3d, [0x38, 0x6d, 0x6d, 0x70, 0x31, 0x35, 0x32, 0x37, 0x78, 0x38]}}, {@size={'size', 0x3d, [0x39]}}, {@huge_within_size}], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}]})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000580)={{0x1, 0x1, 0x18, r2, {r0}}, './file0\x00'})
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000040)={0x4, 0x80, 0x20, 0x4, 0x88, 0x3, 0x0, 0x0, 0x83, 0x15, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x4, 0x20}, 0x1065, 0x4b6d, 0x7, 0x3, 0x6a0, 0xff, 0x9, 0x0, 0x399, 0x0, 0x3})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

13:53:46 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4b72, &(0x7f0000000040))

[ 1071.444208] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
13:53:56 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
write$binfmt_elf32(r0, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x49, 0x7f, 0x7, 0xe1, 0x8, 0x3, 0x3e, 0x1, 0x2b4, 0x38, 0x7c, 0x9, 0x4, 0x20, 0x1, 0x5d, 0xd6, 0x7}, [{0x7, 0x2, 0x7, 0x28000, 0x5, 0xfffffffb, 0x2, 0x3}, {0x70000000, 0x5, 0x401, 0x3, 0xffff, 0x0, 0x0, 0x442db3bf}], "8da6c58e18416950a838471447533e40a892a73e13ed5b957853faa9faba720e9d6440f30395c21be7c6884c8051c01b3a6167c5de86c04e26ee49099d7ba2d9114231f25f772cfd1ac2a5456c83aed6295434fcfbe7aa88bccd0051ed852ddbc16bfe72e3bebc858a05017e7d8e27516d6ae42397796e60c50d354ec170d6bc65b740c3622d2203ffa220422c59e37b9fecac5489fe785196d2b4a1a2f884ec05f56394cd778b0f8b1f5897ff69b14cf958d37e631bdaf03fdb6a23b00a188719477b8ee282bae0a63e3cec53b41dd0cdb5d4d65c9ab1cdb984829e41eff702bd1499e9b7df953e70b7dbd77183063aeaf6b50b792ef69edc233d", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x773)
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:53:56 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="7f0000010a01010101040000060000000a010101e000000164010100ac1414aae0000002e0000002"], 0x28)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000000c0)={'broute\x00', 0x0, 0x0, 0x0, [0x7, 0x7ff, 0x8, 0x510f, 0x8a92, 0x7], 0x2, &(0x7f0000000040)=[{}], 0x0, [{}, {}]}, 0x98)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:53:56 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x6000000, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:53:56 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80300, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r4)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
r5 = dup2(r2, r0)
write$binfmt_aout(r5, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r5, 0x2285, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r6, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
recvmsg$unix(r6, &(0x7f0000000480)={&(0x7f0000000040), 0x6e, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/246, 0xf6}, {&(0x7f00000001c0)=""/161, 0xa1}], 0x2, &(0x7f0000000440)}, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:53:56 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 40)

13:53:56 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 88)

13:53:56 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x20000000)

13:53:56 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4bfa, &(0x7f0000000040))

[ 1081.095677] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1081.095677]    program syz-executor.2 not setting count and/or reply_len properly
13:53:56 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x1ee)
sendmmsg(r0, &(0x7f0000002d80)=[{{&(0x7f0000000040)=@ieee802154={0x24, @none={0x0, 0x3}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="cbaf841d111e9d1cc0c2e4aa978ae5e6b32c645defd6094806fa723218604f23d186c0563bd69450949a0d8a578fc7be6bf03f1b9541fcb6ed2f1ecb709d20c1de0829e0d4c3f8afb32eb8848c9464bef54ba1ed0f7d57a596d54fb297961da5e7ad0cf5534556522383a09fe1133bc586b9426d3b7a407ce26a0c12d4ca79f042fe7ab8c14c202eaf9501fe17a5c291582845fc2a4db6e92bd68d6b4b16f04d2fe15d392f", 0xa5}, {&(0x7f00000000c0)="963b46dc16810ed2a5debdbfdff4929266975b077b5122ab413c5eb592e29b01c8ef03451b144497d09aa70897fab66afbe06808c07676d427724f325d179ff25ff2236c34667c1a4b0f7c49054f35686a25379bb5a67b3baced1b91569e44734fe3ce40945bac38c9809bdcf599388e0a428bc4a83cf491c625", 0x7a}], 0x2, &(0x7f00000003c0)=[{0x1010, 0x10f, 0x97, "e8d6d1ebeecffe9a59dedf020890bb726dfb2335bcfbcf76c3c65b8bfd4d9face704e8361a74ed4ee8a952644ea7e7ab94f68f043c697a70f4703e34fde71f30cc1bfaa533d165fc68b1c373239966c40c5bda2221681e4fa2ae5663d342aed29e240ceb0c06acf2b67d8e6783e8e8b87182a0f65a8981f7dbb602f111ea03af114d5063fce73be974394e0b92512c289e88b1c1465046875cdac799d7788ff7fa4c98f175056650fc4afbae1955f549eca3aa420f8ffcc750ff69b0a4edcd389b7d2131f22537b9a6f948ed96f5b1f58153be7e53c51a30eddaba5b4c0c28224d64bd6f09067428a2421bd1fca4a0238e6e7f62f6388c42cd51203e1b161061fe3676bd492e59318879ba0c941fb646c28249ad48dd7cb8c3fc49d0e081f063f3e9357637f298f77e117a2baaa2194f30051607d33735af329240dc4a345b1410f1e5650d857074e326899e8321b8a5f12356d13a8366ff09f309533be105570328f01c1fd8554e6d6d1ff4839420b7fb7ff8d0e3bcbadaaa3b0923cc41dd345a5f911d4eff1f57478e4e980eb7d2b0bb07a095ba4e0bbe8a131b614658d8e66a0bc32c02c232b0946fae9213c7bb8d71b30ee411a3b5fc51fb62a071abae1d8fe8cef7f8f8bbd254bb4a80a1f11daf96d5acd1776cbc72ff8210cafc689a8fb34032b311e52bb18cf5550c7ef84e658003f69f0a0ace632be85d301694743acb9606791860336cabd51296b5ef3e82b131948d5c3b8d4b54f5ae2089ae6bc5c30c8799e2b148a1f05eb2ef4b1b2ede7f853fd3baaa427bc6bfa6d6d7e36b99eb0dfaaf406141783af73b7dd1dcfb8153ba18a9a31aa4fde85df10e6dee99a07cc20e44a0391ec0dee9f512e3f6547252275dad17ee4e1815c8f91c41234108bce4b61345d00aa283fc9f57cbb4ed722ae964ce86c87014c785c34c7f2ee89ecbb6acd3671f4b73704e873efbad1ce441452ee5952111d45febd282d4c29a5ab27e9e1aebbe956b79e063e5885a63209f30df28807af0978957ac5c6ba5a12efce738a9b8b25631ac4e8ea21b2891391865027804576d888b538f2c850def49b118f46ba5715bcbad269777850cdd61dd75d815081428846c1486b7848227da00d26286b294f533449de244153ba4ed18828bda5efde2367cabb9fffc743d7c423cf449da2ed3e5bee290a27b7806f9086a6ff0e8cca40eca5b355693e23ef9b7c97862d7fc4c2d76a26a862e23355c23c56f57221cf1e1bd28b9d693d45a485b889d959fb0e6cd2a90f3a4be5a72710dd2eb894b7a803c35c4d9ea8c27c8fd630f4f7153f73d543a5124466d38d3d9c22187e757cd1f54667aa1c3200004200d32614dbdea707f427edf5617f57a95d9ab4f82d6a5983fa682042f27668ebe7f314d2d28a0d13725d7f0bb143d555d359c7df3f7c371e145c7b0d5faf30efb45db92053a360801f73ae6a3f4409a61fcc0fd060e5a6dadc610c7082234296d4aab6dd10dc4e67d3fb69428a9a131beafaca3d9f36f07f5b65467deadb0cb572d4b359dc089ae6e2cd1b737f74bd9be7f39dcfe53a891fece1b12a736efb2d28f0ee387511b394fe4dcf2ea45d265ef2b4b57d59d6547a02225c3f3349ae8f868aa5e52086abee2406f1805f1c2b2d9cd9b5c583fe22bac8cd166cb872af45e7f07822beb8cf3bb347041abc687a81cb87cb9f28cf8f426b12c60913507d94f9cd0662820758dfd3e5c8c84b9747356486bdf793c0c0386483b9a207958fd367990be9453e1481c3c46dad0e314d8b8a7e3ffd4f698b599bde82470eafddc2013e270e4124237e22fcc06ac8217d84f4073c127264c0a67eccabdba668e9a4ddf9bdbe9c5a4c5e68d29f54f628654c89d29d4ee4bfd5b70d5ec1300cd4ad02ea5e8555c8c4aa0b44345f782073eeae3bd2fc339f52d113ac2bbfe3c45e6948bd674a4816faf743f25659398b3145190486824ec9c7aa0a5636b93766d6dac65c18dd20a6993988c3e0569d92ed887017af485bc4feaa03a8dfa6f14792f3ef416c1e4368613c8ea8e1d73e1448e24fcc8eef86af88f9bbd1669c7d48d058160e630de90efd8256bc91bb28eb56a63fc140c28884512574b26f732205813bccedee6007f2922d92e163ce0597becca0b0964190a0fd31e7de0153166f7ac113bc8f75553cb34ecefebe12f92a8bdd79e429bc9c7b231979d5cd19026ac8638e582a2c17f1197cb4ce6cc20d4b0e02473f82e1eb28e5de36c6892591cb5f144d3f9eb57fc8e1d358148c5a8273d22a705ca22db4d20fd2be57bf41af276153a2fbf4f35fe70fe2e0975a85ff37ce048914bd37ab3dcdd5c3a4fec6eb6ccdd829b3cb53931b083f7df5cf8933d189f2b5b116567c67970884fe1a5e4178afa30b44cb0914646fe59cc0b4532666053edbd2ef2c038df18129606a1c5aad1f760b40bac76498631de809a08540da6f2f4adac3d057cf5377948908c0fe7289d62cca7735e31f303f497ba3efc24e20bed8a6a3a3e406255ce66ff7c086784704a49138b900596028e52ed21c0f8eea0c8cab881eae24bbf5a9e1c4b736499810d736fa9c3ea3d402fd5fae955499b1fdd8151611bfe8b151d148881ed992dae179d03b7c37193d67a20b343633c318ea9ecb7f9bf4e9443b6f2696c3592241a43bbe83a06ed9057e05bb282a09c0a4e657ba280765b4a7a651bd33263c681172d272c27bc3f57a2c3ea64453cd13d20a520c510a3852f0cf3cccc6ff86087e8cdd14467c1f3101924cb94d928eb5674ddeee40fea877358381b880a81774df4dec431d27430e7535737fc993978bf2287a81c2f9912c326d642eb2d7fc27a5357b63b7f476e0f8ec3b74dfa653ec0af9edcc02d2fae1c933d82912a5376532100034c4e71c4532a3f5d83735e4cf5a96c12370bf5889532c0a5bcb5f64efd7000aefa9612d9bb712a24b9cfd928cefc7e2280973208fc948b56cd2c09ae5d58eebb6751e144206543335068db6885f7b920021dc1d345b1535b36e4aa5ae843c972e30d4d8a828133a1d499fede50fbb88656b101b91f27f53c2c42a94c234334e71d64ff88f216c74ce7f40613a6a68a25564bd94b9d3b0f2c7cbd62f2c281f49f0b1d0d32a2648d3b92749736832fee98f31fb5e1f13cffa0c0afcb9e0190a39c3e190e5a85a162adc3e8fdfe5795862a97ac86500d438ea7246a4f055642bec45e56604a96bb06323b7e6b9762a6af691ca245c0df97dea55d3211f038f164eb8c527376ac756049c7c390b3c940de2ef60c8750dc65c045fe481e2f43565d77bfae557cba74b25aad11c29d40f21dadebff12081134b9bbb1c9b702c631c82595dec8250bf12c4694ca50ebba4be359f6a592439aefcb43b058d05fd8cf41ccab932357d5d403417cf7dc98fab10d81f3cef0984add1f50ec47fe98605d6f272f1a9c3ff94ffdef25828c456c00c4854938638b9e102a4fcdd48d34c1be438edc1abc6c22185bc270dffa93806b6eac98cb6ba1755957f7a8c806bc50c7ead6d2fa0d4539d198b123604cd6ed660b461db57559d4ebbd35e026ae7f1585bdb25254ecdef3d12df3ed603b8c25fb6284d501db90568988d2a234dff2802f78f3d0dd9655da0463737e861e686415e049fb76dae6cee590e853493bdea7a80410016b3d6ea4349dbddf37c1de52cbff7aa758c118a290b79d882dd33df097a8582c336e2296d5ec07b5170777b2640d8952c58de4b94973be70e740a30dba4e2fa76869e56ed94d4fb70ea4c60945e279d8a11cb88a9579c0f77345da09fb60071806a7ab0a7501d920c66fcd94de80efbe612398d385a5ca1b2f31ea9e5bbc2bd72b7d83f1e1437bb8a83d132b7ade46ac9eed021e767391a71a3ae3d64ade51b9e556ed23a9fa2b90a7a657b8094d4188d4b32d6d2e0ec4f4ccad6f19214e29aa1c3d68709b37a42ae6395525a0aa13fe2ba08a1902feaab14f52fd0e199b6ea1e2337ef5e3c51a463a6b62226fc76b1385bf8792daa423224a241ff807b21e6309d05f88319353d1504892732dd39cbd87bc4bb232dcc2272e3d172011905dd107a257d4a8c3f21cf3c536e4a000c4fb71f44eba757a4a39c7073f6916509adcc63b3a5a19923b82019a0ae4ebe8453c2fb8464b2e1f4c97d53ee81d66bda1272d1dd62d3cf027d1b91085cc27a84b072b0eb8dfc330b2a2d7c835fe5d0415ce87872f8affcb3a956c1beb3581b4b3d0696e1773bd25f3d3880815e36d478ad9d0f6c2d622b8f08984b23594e3ccd11fa97ea0ca42fae7728f3f06b428307d5c2413ad7c6a1d344780111970dda798620ea8db789aeb0479b71bfa13682f872eba97c3a275c46e8aabe2d3697cc634390c84a9d74dda6ee34df6bb2a0d459a6620cbf8592a8bc7846f201286044dcfd3d962a54a4566737a7fcf5d1731e025f1a965af1de025c92262bb62128395655fac98f8e15c7a6626fbe545655c93d1a291c7ce521de8f9d0582f6b5549604b10b6ac0a20ea02e684bddf42b2e9fce9b0799d5c7ae9ecfe8358b390b31ce164fae846c067e4da7854a5f6011d757fd57f754da58ecccbe6c9a94f7a9a0be757db5c6c4078fdbe3c21d51028a584b05c1b3a4fdcf1c10cdc01784f115bc6e61f2cf589805850e2af63ce5ebc30f4eae4d8c7548816cb1c1aade25cd4e53417efdf7fbde73222353963796aaf752d087ec3df9299bdbc16a4adb6cb4775f2aedc251bbcb53916076c88c48fb91d47ce7f198ffaa753d2786a1589a4afc4784ece6f1a4d382767ef809431df3a33d52ef8eb1141d34181ea905ab4d5f4fec245de5092347fb11b8ad7197560ca7caef13748932a8edba777c1a0925e07b42dc8a656621959a8f6410b44f57728720767c454e115353bb33ed436cc5052708586b9716cc5508f57ab132dc170d3a2447ab26c9c3f1a682ad6f66b19dbdba11d3a7a4673c3081a081605aed0e9b891eaa6c41d1696c65a0b38403dbcdff5138ec9ed8bd4809a0b100da4b140616c7818670d4c49cbb6bd4877b36874532be3d940f110e680344c467ebef176175a32e94ae67766ae47e7fe5ccaa67e64a03129e0d9e732f70557e2afe92db6ccafb4bd7c88ac1cde93d7f10690f03bfa239ce919ee299830c4ea4db9ebf9559059d7f5f5abf383c7caa3459b3600a64b4f17db6d900694ecba6d2d86634875afe85d2e4a7399e855d6f576891582fb48ca4742e22b44cc3c02dbb6155a0f964e8814fac72ec7215a728334bec57b6507fe2dc0d63b9db787607ba226b853062a688351ab7863d61be230b520cd76e923835637a9da5f04942176e390fdf1505f413735eedc0c0d4115250302e65dde3c3e01f135b67ac921b6b05df1bdfd1cff92de10777a672931fb83f70f91fd65d01589597c61f6920a339a97c0cb595f7570a062aebf675e8b0e00182d476841f0b26619402542e3a72745a53a7ea0b6a60a24e285fc13360fe9c764beb1627cc727759adca87e359c37e3baa0695e4ff72b1887cef1b67e214690066767cd5629768eeee5d42ab06afaedd87effaf6b55c07c2059316f982eaa7684d1341a14bc24da0c0a708e569e8fedfce212da11b5651115c2fcbb3e748fd453202be4b445120063c83748155a82da73b452f75a9f3bd45bb8c24cdf8ac8e26533816c28fb292ac830fb0b9756ccfdbb8c3943d6b3a031486ff16d8a9270c8eea5318f5058136effdc453f2567ea0c670f46dbd506ae4569b68a9890ff5d6aef31288a4d6f701865c9e8e62c79c0522e0b3c526d387359040ce8"}, {0x48, 0x118, 0x3, "3a178edaddf5332b66a617161ddb1851f9829c0cdd5e3cd9a902327ee5773b7fabba98eecf11d094d11bfad40870f1c3e8403fdd"}, {0x20, 0x1, 0x5, "ddb27ada045979ded8"}, {0x70, 0x111, 0x5a, "d9d55c3bd9f752f84aa3247d140b87ea5df94164679e858d256dfeeae6c371e15794b78c6cea7580f38dd34dd435514f2b04ec94eb035edc8e3e1a80750d1d08f60ebbba0fdffdc776aab5f842a9b71642ebbe563999f8f569c97cf61c115957"}, {0xe8, 0x10e, 0x8, "0f358ca1fae31374b3bea98c6d26dd48b4c7ddd96d0e362ea3679a98ea1fca2d8aabe3d4346e1ba453411ff17a0091a8852fb4b5f3c1c3dd2cbf020eaa7573fc812576f08faa02de6bed93562356ee6e7f7c4475724c7db7e90275418caa19fd7bb9548ffb74d1c358285e905a60233be3933a128aca1068373a018f5413096605d5c2d9729abc3e9ebcfc7d85f04026c66953231b3db319e13c6346b386ba572d9ace971775a1fe183fe3003df733c843db241e3069705a0d78735065e94cd7d07bb20d380bbe0012ed28a3cd30215dec"}, {0xa8, 0x118, 0x7ff, "6544f50c71aaeb9c0bedcb396c240accd545755a204e0326d770735b5785e30f7cc79de391b340ec6562e5ca2082ef5b48259aab21ebf1b310a60f2ff1323960c147082d680df0dad1d76d76b8c11c725ed41d24e44a1fa89027def032cce7d3df341215ae2adee0bcf2bfe8c316cf0c6602ad4058d91721d81af44bf580031f11fb1ffecfd558e47229c2f60f695f4df3b960d9"}, {0x110, 0x108, 0x4b, "49924cc53103aa2aef93f94e63b4c2e2831e46b8730e353276a6a53dd4696fdaf67e6c0cfba46ab2f61aa84c0ca30a5dcaa4966f7e9450332452ff3bf1e9e532bbddab04c286deb71e39812aa24a8e4a3af2bcc99464f24d15b3e7f25cd98223289d2b3b9f9d1f04a752fcf5f21d24bfa32a9dd3f122054b75e149071264760317786af36e2cd5ed84d1b2d7c2f50b7135eac688c954242244fa1972370bf8704ed6f8e87f563c41de1492a41bf59115ef006289a2762af9d0df92288698bee3e9088915678e0235ea7ce5342accc4dd3ca9b00931c0843555f8bca349316112943711e3ccf9d3fa354ccdb2f582ee2afc5ab0e7dba943671ba0"}, {0x108, 0x117, 0xffffff9e, "71f0097d9d7bdaa1bc8bf2177b7ae7f66cedcdc0b951725e375580a06b2f639ee035541293d02b8cc6c965fee9517116b72fad04abc14d2fb477c7204fc40e90c405e8ab279981444656f6c13f3ed410a9c88770bb2c319fa154a0f8928c6dd68d095452a3efd95f73644f64948ec3b85cb7c033395938d0ab7afa5838a2883a7aec74f989ea12a16e36e0bb45178d5c3f5ededf2b4b135bf5bd0dba413ad78d30e0440d079bdbd82892acc31b2d7ea4165ffccffd5a4d89f75ae40cd3338e1336e69b19fe4c906594295e62aa646bb5d9a65ed83dba0ddb41a4d98c41bc72ace9973bc2dd25398caa372ee232cebeace4a0447bbf"}, {0x28, 0x116, 0x401, "3e891685ebad19b25435452956dbce8598cefab0"}], 0x14b8}}, {{&(0x7f0000000280)=@ieee802154={0x24, @short={0x2, 0xffff, 0xaaa2}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000001880)="207fc53a03c0f945468576fa29a00713d34a9ec2e963cebfaa5689e0f1a41415219b236ed8a0710fc7e3f5ef6143944f557c8ed8a2bcf242e9ff003dc1d6d470ee1422c09a596ba0c2a04d33af91260c5eb456f2d15b6039f975af77600c40dc63969a501069d6cdf3bc5ecdecb0ea72d0445c4ce2e47eccf6457b78df098175da5d95e77ad64fa52d24a3e4c8366ae01dfe00c6bee762b94c824c695bf1c11a7f0d2c22f8b8fef638da881830a22b62c3947c0d9452d1d6395839ab59369a32c57e112b6a615696e194f0e4b1adfa", 0xcf}, {&(0x7f0000001980)="db80301761890bff8bf933e997b47644d2b0d48e2a9020c553f4d0b19c1daa9002bbdd4aadb75811b9017e03247c2f40e92aa0a738862a8e1daa1b50ffb5313214fc4be68cf21841bbc3c8dc968902fd46f972d03e7702117129ad1b35bb6aa0b344b2e35d970439d3fe6dffbf6ff0120880ef1d37d93855eccdfd7b2747ce266aa3600588cf3ea2d5a14542625199247dbbf0bbacd150b0a45c7c0cce8e0c180e6270602ee45db7c146", 0xaa}, {&(0x7f0000001a40)="6cb6169a530d212353dc9f0d03e99b35b3147cb236df0c62bd7cba2ef7366c25443f91634f2b53762572a93a0d9d954afaeb2b88267a305a8630b3c7fd11b98d3e0331ca5cc9d9695e3379b6188b8482ae8eba3c1ee6ac9c2d24127534f2b849d5c1453d87434b44e02e215e87c83043e43d6e9fb6bda8c1b9a357acef0dcffd2d823fb9611d88af186c32b817d9bcbd325870e5c3b7e263aa321426596df8753942db6a43df7eb44a9ffde2ff3f87c1c56db26f4c818cc60bfa174ffa403207e2d51df4e88adb3a39658ad2a2f91d69221c7202a687b6c490a1eab49983814a47c694606d635a4ace55b59dff424d56359c37e6661ebe7a5727d99196019021ef292f86e603e26ff6c852a7238a0e639fe944ee3d0fff630c52dddcced9bd0b24c7373c4c8f4bad245dc9eedd895d7884f8958334ab8b8c6f9a21219a1add72ae90857b989051fe4d428f81b3adfc2c5d82607ead4148a560a3aff296210cfa5c0c23a1b6f53652ca51c7f63d6b5c9967d4c10cfb6fa60591637a8aba788a4ac3f26990976fbc9efa932c6fdd923932c1c1ff4d4db4ee5fe971a6dd114e74ef83b1699c50250d79453f23f9d70767e193e31d5c9a5a4107bf4a2bf615e8d63b38093f6343daac1ce6d14d0b20abdd4fb272d8d8d2333793924b1e8c51a61d9a9863069ca34dc03cee1ebe95cfea83377b7ada90ac53ef4c6310107866dbd8d75833e33159375d357d6899033eb2364b8c90dc7439ca607974309c501422497d54b1f1c4de5a47d99c623faada490004da4a32da9d52171aecc7326b3320ebaf12a8765174ef585ddc203f7e9da7e86b7ec79ee8ecf9be365b0504d5fbc7f768e3741db38bce649b82ffb0b2db3257bf0ed8be5a81c358f3cf847fbf2daa91a0d9f83711374ee5cb773b9d87284fc38435ee7a8f0ac8ca42ceae5a2980971f7736f38c5c16271e4d936228be6896d0237d3ded8883fdc23a9d57b458eb90503ca2d920a59fe69e2135e0a8b2bf452cbb78a6a8f520eb9b65c03d7e3d19f0a90ad2f12c39f65ae24fffc40436660d644ff20949ca5386b16a6f03451702c860bd7956e41d6f2b073aec61f210b7ed9d9d440ba32fb2e5fd682f94b8934370b91820a984c5fe15049adffe033e4a318c6c9ac6b4974c941ed87a8616d92e5b9448cb6eab9f3df79de66fa16531ae8176214b4a8edd6f326aaf85b6b1d57f2ec9d795ad4e84ebce68b5feadad2760092a975127625ac38b3270ee5fdc7f8b993e7b8745150ae9cc707d5098725d488b2315996f7c6cbdc2db5566985c38a205c17215bb6913205bc617855d2f0ed77cc37dfa9671399d5ecd7ef04254bee075902c2fa1dfa47eb94f8c8c644df2c3472ab71064e51c1446eb2f84b06b632b4a90efade2364065dc8a96f9edac5bd052236acbd23e7aeee5bacbc1a6a21585dafce7015ca599f061fff6aa92fc1c1f6aa9f3a097b37f78b033c784175707f98d29d6a7836ee7095e02e43a7da0d83f20c06b8bf98257f935a896e6fe8b54e567cb24cfa16357e40cd10df7391ce6c3b2920fc3a6ff57f32d4401f68019cb0d8758cf552e7be815cc68e8181eb9f087b57a55677221874e4c47dde59afec14aaa867f4843ec41b50a64ced32e0ab6c98c9e18c6ba20b25c01e75c458204a67d343a35bd10c0f05b151fb775a516fadf8a714039b4a3550cdf91211d8a332ad6cee5a7f1174afc0801fa507da1f530f138359f05edfb6067d6ac1e100c247b9c55e803b048761c6afa12636a223893b3efcfc6dd287241082f1f594454172df2f0c9595d582e55a20c324d2ee9650bac56fd7925eee42897b29c9d4d5eebe7ad6fa74bcdc13c526616d269a82dca174d2548a27c50798fd3a5c4c321b8bbb9c9e82a935db83378b2dc85a85bea34f1624ab7be2e186bb7dd957740103c511fae236f0c66a7c46e83fb683162e890d1b8ab259ddaf85e2ecd1335987dd0b1fc6140ce9bffec37209d53e626dce8d848f2d6162145fdda39d6d4e2df55e90739125ed5698771595eaaf9e756feaab4b227f455867f4cee2f23c6c5a56d277a9528a86207ee87388f2375948fcecab19334016537ce54720d883a72e9b05a2181ca2fb3bde51af8e42dd854fdb7836a6c06c06a82722cb433df454f78fbc75ada997562e482473c929dce47a5b67462eea9b66dc3f0cf91cbb4708a239083a845813c832d1b049262e2e63e28029b51af2fd727b8afb2de5199524656191391f662de15f684b391de6b5d3bbdb0ce148b0bec53f6669c33215d6ca7464efeffbacc5e31b81ad3b25b18dd8c21d30d587089571710a319273c1fb6c2ec49baf0895fe281cc2048df678dd0f76f161da9f11c21ac5a948143305645eacc24673dbeb0befbe6c2a854bf46a7e1d91971cfcbeca56d980f86c94d8beffaded71876c23980c3abb5fb3503fb8bafddc32618024ba3feca79100f87db6b537a29cd8bfb3eba80ae7abb962717ec084517ba10eb0e68477a7705cd54e614359980bb2ae7a141f52892331c1049fefdc51e12c13a640bb59b98269d49712ef0652fea9f38bd8e5d5fdb3acb99cdafc008c486b3997db6dc881a1665fa398e054f352617ee0417dad70026cf494babb5b17952a644e531a4f31ff6f5990e8bb68011c7fb077cd546b14f94f1d52d90bad630b40aac10c9d857a7fefc490eb47ada80bef506e030a3e4d2e06c8d52f11f6a1913d23eafa784fe1d9ad8b20d51931928d1d672d947b50a12c7faf50cdbee46b659599f08677c29ff2d603254bde8f2156a907def5cb1d440d3f54c49f3215dc767e92f6d5e1d9da31329021731232cae75237943193efdb6b130acdbc2922f6202157ed255dcc6ab54f56cfbfacc5d2f1ff42249e3d1cfecd163784ecd6b3343346e51dbf6c7757581623fd60fa36bec99a7eae2c712a423d1b5c1bf06bebf2fe17ed33923c62cb44d4753d43f987062e6077ec83173c1a312fb92d28d8cbcd39f931dae6f9a4d03b459ae8f9b23b079d32c40ba4716273a5b89926855316df474b6a5bee9993680e160a646b7b34a59d8f98be993f6f35b3a61de304cdd7d76d26e24dd07e85296b03205df9948387eaa0a341cc49e08b1ae794410490e43e83d5de25f2c3e1ba745e85862b4223d45b61425fd3a2096fcb189790fe1dfbc006edb1ad5066c55ee671014030ce06a17b7f04811ee2b3ee6837bb6d30ea039495766409bef73d27efae186f2c58eb797a0c1c53dcd3b9e6e00133b14ddd4e5cfffeae0c8b67be156b51eef6849ac424bbaf7a8d29fa17c70aa855ecb85ed6792059bf38de1918bb43259912c1280e88cbbdcbc8ebad140e84a745f40dc85b02b73d115e610abeac67067e1a607260c78fd87345fa4972c801fc4a3ac8c6042c23b0d914b70e3af4dd7a4fbc059ba605793ac73341c4974714c7b2d5506c078d00d717742c51b110ac1349b6d359c13a38dc1723cb8dee87965fa7eb0954ac18b25efef65c1b7bdffa64887cfc6c9200be344d9b7a5dd8db0981b15e81c8b53f14f6324eed691c795f9fb972d8abb607af574bb4a78ea3f355af563062276fa7ee9f69ff095ec49d8be3688076628c90b1fca408850fa869979f0ee62e10b4511f03fc92dbaf63acccf3268f9fcd0ea505f7cda3d798bbcb54b0267e389a673a935e96407ef3d458f99ad9c8feeb29bdcb57ede0cccde483ce4df3553be42e3eba23aaf116a807d94deb7705a0d39b4d01f961af9b8df98bb2ae9b6af123b6a41e74f632b26190daee35f9bb250f84ddb6a25f0585d140680039863017f18ea41d566e696fa48fec1b99f4f6dee76225fd88b3aa9b586be2406530728f9f26fb236ab6fe1d606e19dd3148919d445c495b765a9377be8f2188839b1dc0034bd94c18903c350dc5e6e103f61cd9c66e42bebdb4cb8e5caed01f7d72be40b083133e91952c233cb81f06860d5fc4e5bf5a4881d12648f9d9ef8520246d116aa100668022a6dc66ca1cc82d152a3841e50fc25153d034d51f3ec55484249d9b8d0582b7952e0aace7923c5600573c3f3be2b9a7efa53332e24c80b5080ab3028fbf343f619ce809e5d421e6bd2fae276da83ac67787c4d08ef7ea819cb4d2ef308b3bb005ed1759a354dda1951ff5b548725388f2102cda389b733422b219fb88a52765db3d1e9e9c839da94c5768167a4a51e92f4a1683a31483619e02bf29fa29530ed714a55a04d2f8be7fa0e4f056b6d3a6b0a14790387016276c1167a1708ffa248b01a1a2a36cabd83f90a97618b514134bd1f0dc54eaae93e95688d1537f19d621d11d4f7d4ae35924561811fabbef45b560ba11c44e7eae6116a4710e61a947883d41b4c9d4540d9d20d9b37b5f44b42bacf4a541c3ae898ba6f2ed810a05f4a04139515e7ece7ed76cd053933c5cde7c4cacbe904d419286728eabd72a821396f8f407c07e3ff9358e6d3fa341bbe837e6ac80638d6320dcdb3062787cac27695327387d4beb11012c81e18436830953dd75c314f815042fcdaa6cefebc0e9d96114012322364cfd21ad33b9540d1546a80b03125ad180fe784b8645347e0cda45e21e6cf0f00a673ee65a670c22c4ae62a2aed5c771841960c49ba4652bc9d96302d86b16a61fe29110ec7f2732493a10e2e21ab39632185792281a361b728cbb8680b86074a39ac84dfb0740f7dd80bd398931bda023dbb3f53f1d1e26a643d2c1182b917fb74ffe6b00ba59e803eafffbd0e65257ef1b6d34259cb767d4e050baca9c32d794a6556d61303fb7cab02eade8216dec413d282d5366c1cdf20aaf7964cda6c34ee25b584e062fac6339dfe2ddf7459e546656e90e3009c1de8f044d76ad3bba885b152d25724ade00079e38466742a06f45aec81ee706fe28275e7a6d65515e256b6c0cd65f9983b08f1c94064db3e74e57b0342cf2ed836ea23ea1e0d744418eb0ac9fa93e8ffaf584af16710647729ccf4a1e16e5a2bc28a1c5bc4603a36916a41f261d0df7fe1dea063d3b73de4ad8c1fc9ca981a69d0d8658bf7f75b86ce299706e1c727c1f4acc933f29953bd202a649e238145a4fdef226073e5c2a7c2fc4b0b44be5e0c4d7478b63098841c8ebc8a7afdb80a48e73158ca29f3d923a978fc4d34ceaa0dab3a6d12d0fb53ad6c0fb2f26b0d05a15e99bdd6e2b3314c710a7453a181f56178352b4b14da34c55245596cc66afaf7734a08b94bca25b533b85300a646d74bdfd7b83b99f3a4bb5362f4df2ae2f784f7e5140ff86b535c177dc25f25b5b43e56a74d41d1abaa6e3e497ea17e400e1bd1aa9731464747dad1cccb4efd76eaec5bb455ebf157e4a751e69e10f1825eab75448bbd783bce15873c9413b924d78ac00062798d14e28b798d44e8c05f8dee1c78efe07506daa2b47fa6f3045fd8ebbd3a5816bd1da57496b5ad506b340e088f980bea19c1a954639419c945934372efe3194d4dd05ddbe9590895c68b111ba9e4a5a63ce102e51ab7ce9841ef2b2fdc883f87ecd52d3c442ef11fcfd830623676f2d61e56029de6189391a2df1c8279696d5569fe8e33892d49c84473645fc5b5623ccdcef23039522b09786b087a352349c5c8b0f0a3a7e98b965a72bc559ae4e364e45c211e05b8b8caf22ede732ffad0f2910f49186fe9ff989592d2935f019fe38dab17de5d63ff0381e03ad44e6fa9c511baa12d20373b5c32fd1308d54cf92c55c4128d2c0238706716303eabef270f24ec65d509e12816012a94b90c36e8094fe229c4e12f4e124dbaf7c8f60d422f445144", 0x1000}, {&(0x7f0000000300)="83e9c233370fd6e12577233161be5fa07fa8e35334bd61d98972fb7e38d2205835fa389fbf06fc0b3fddad8807ee45", 0x2f}, {&(0x7f0000002a40)="66a60af3f94a47795d7ac6b071398098315c58fc084114367f475cfc66dc35d3e7f699240effaae56f711423c84ab7b613e88419719ccae13b2ca5502fd5388e87a27fb2d43d6c92d452ea80ecc3cc28c282b3f0ab8eee73b9a1d39a1ca337c064047f688f08f7b360", 0x69}, {&(0x7f0000002ac0)="2db8ab24d8f8cf3c0dedd1b2a5c35bbb23e43da0198bf34bc98a4cb3bec2706a24b6d0c56d7cd8ad1e5728f48f366fd4e57438e1a20a49f3e08d879220fa8066ef21e262535f9a2724bffe207a77487d52cb404dccb569eb605a77bab4f951670e60d1cc525bd5c8738e3f88778c2c161b537e8060ac1f93c32ccc17cf08d9b2a4fdb1712b41ffa902ec9602ae", 0x8d}], 0x6, &(0x7f0000002c00)=[{0x70, 0x0, 0x7, "84cdf18f13807c8a120cc8f494266ce82abd7f381d7a2f182d85f8094816376157d15424bbf2b2132da107f5ff29bc19eac4a719c678b8e114fd4a575b73fd8aea18b199088eaa386bff1998bd299779e3a973d7370437bb5b0e18eeb19078"}, {0xd8, 0x11, 0x0, "07989466b5df82de150a63d5f0a5c04a4e03f47a49a67a433bb133f6e5e86cac81137eeab8012bc61a81b0f2aabd50c0483176f70dd1671cf0a47fda17be710a92535f5fe4d7c3f26cef4118851fa8ecd59031d3ca22f4b1902fc490b8675263d6e09f49c8ecff3d0566ccd8aecb0d6352ad8d3024381d53514318b94c4e56b0b07e74b4f4dfbd5822dce29506b5dc6e19875b80aa992afcbaef149f9da137cb6d19b3c937b7f068d4af1b54f5b0ca9c5fc7c0bd8b34ae186f0ec487a5a9b301efb8"}], 0x148}}], 0x2, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[ 1081.118675] FAULT_INJECTION: forcing a failure.
[ 1081.118675] name failslab, interval 1, probability 0, space 0, times 0
[ 1081.119633] CPU: 1 UID: 0 PID: 8599 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1081.119649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1081.119657] Call Trace:
[ 1081.119662]  <TASK>
[ 1081.119667]  dump_stack_lvl+0xfa/0x120
[ 1081.119696]  should_fail_ex+0x4d7/0x5e0
[ 1081.119716]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1081.119740]  ? bio_kmalloc+0x3e/0x70
[ 1081.119760]  should_failslab+0xc2/0x120
[ 1081.119782]  __kmalloc_noprof+0xb4/0x4b0
[ 1081.119799]  ? trace_kmalloc+0x1f/0xb0
[ 1081.119811]  ? __kmalloc_noprof+0x215/0x4b0
[ 1081.119830]  bio_kmalloc+0x3e/0x70
[ 1081.119850]  blk_rq_map_user_iov+0x390/0x1180
[ 1081.119875]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1081.119893]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1081.119912]  ? find_held_lock+0x2b/0x80
[ 1081.119930]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1081.119946]  ? lock_release+0xc8/0x290
[ 1081.119957]  ? import_ubuf+0x1be/0x220
[ 1081.119979]  blk_rq_map_user_io+0x1cf/0x200
[ 1081.119997]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1081.120013]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1081.120036]  ? irq_work_queue+0x9c/0x100
[ 1081.120052]  ? __asan_memset+0x24/0x50
[ 1081.120074]  sg_common_write.constprop.0+0xd75/0x1710
[ 1081.120096]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1081.120111]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1081.120129]  ? ___ratelimit+0x465/0xa10
[ 1081.120153]  sg_write.part.0+0x6a2/0xb50
[ 1081.120169]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1081.120186]  ? perf_trace_lock+0xb5/0x5d0
[ 1081.120203]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1081.120219]  ? lock_acquire+0x15e/0x2f0
[ 1081.120232]  ? perf_trace_lock+0xb5/0x5d0
[ 1081.120243]  ? find_held_lock+0x2b/0x80
[ 1081.120260]  ? get_pid_task+0xfd/0x250
[ 1081.120282]  ? perf_trace_lock+0xb5/0x5d0
[ 1081.120296]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1081.120309]  ? avc_policy_seqno+0x9/0x20
[ 1081.120329]  ? selinux_file_permission+0x99/0x600
[ 1081.120348]  sg_write+0x86/0xe0
[ 1081.120361]  vfs_write+0x2b7/0x1150
[ 1081.120381]  ? __pfx_sg_write+0x10/0x10
[ 1081.120394]  ? lock_acquire+0x15e/0x2f0
[ 1081.120406]  ? __fget_files+0x34/0x3b0
[ 1081.120424]  ? __pfx_vfs_write+0x10/0x10
[ 1081.120443]  ? __fget_files+0x203/0x3b0
[ 1081.120460]  ? lock_release+0xc8/0x290
[ 1081.120475]  ? __fget_files+0x20d/0x3b0
[ 1081.120500]  ksys_write+0x121/0x240
[ 1081.120518]  ? __pfx_ksys_write+0x10/0x10
[ 1081.120544]  do_syscall_64+0xbf/0x360
[ 1081.120558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.120571] RIP: 0033:0x7fbb63381b19
[ 1081.120582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1081.120594] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1081.120606] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1081.120614] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1081.120622] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1081.120629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1081.120636] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1081.120656]  </TASK>
13:54:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = accept4(r0, &(0x7f00000001c0)=@sco={0x1f, @fixed}, &(0x7f0000000280)=0x80, 0x80000)
setsockopt$inet_opts(r1, 0x0, 0xd, &(0x7f00000002c0)="189505b909fbe7e4c2da6cb91a2fa0c96f80cd7693549d958286af078acd769fca215e6cb1f502cea9abe1374eac109878b41dad395fbd4f924330abd6f0ca40830e1575631b3b72f49c5f82c82b81aa3dfec345a6eae9504bf3dc26e250ca0871d7a67f1c39adb42ec4a596d10de39c108c98b329271e1554d9c96aa2c2812b846245b24a39647d150822ab3510dabc91fd3b0d13220d9a938e0bacc2db6b99625d922e1bddb64980c1d466580b4a0ed676ffa0f224293d2892f8eb746467290ce1cdba4a543f2ff9bc7240867b91e76c51861a7605ae", 0xd7)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r2=>r0, {0x200, 0x1}}, './file0\x00'})
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000400)={0x0, 0xeec7}, 0x8)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
io_cancel(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, r0, &(0x7f00000000c0)="74d2b8b0def8902ef88cc9ee504b06346f78ef5808cd871710bd2851bdaeb2168986cf1c466dc51fd48457ec402ddaadf9b836dcfe41e1c55eae4f25ddc3766ea0fe9c21623b0e8822b479c99b9c6a8b0824347a97594f75c711fa61c23bad02a4f8ffe909961860403d5bf7e6a5819229800cddc70f653268d4f3e3201050d2a83827d893166286d9401b2b3f8a6f25d9ba8b62373dd9fec727eed6e02ac6ce63fb4791d6a2f2f8303f536d5d98a74031873f02ab04271e0bd66dd4caa61af3cb1606361f9170725c05cdcaba00891f2ad23f8192f4d9f6b6deb8fab8d8f01b49bef47f163eb7002b1704acddde", 0xee, 0xde5, 0x0, 0x2}, &(0x7f0000000040))

13:54:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4bfb, &(0x7f0000000040))

13:54:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x9000000, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 41)

13:54:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 89)

13:54:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = accept$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, &(0x7f0000000080)=0x10)
pipe2(&(0x7f0000000540)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r4, 0x1, 0x53, &(0x7f0000000580)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f00000005c0)=0x2c)
recvmsg$unix(r2, &(0x7f0000001780)={&(0x7f0000000600)=@abs, 0x6e, &(0x7f0000001680)=[{&(0x7f0000000680)=""/4096, 0x1000}], 0x1, &(0x7f00000016c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88}, 0x40000000)
ioctl$INCFS_IOC_CREATE_FILE(r3, 0xc058671e, &(0x7f0000000240)={{'\x00', 0x1}, {0x4}, 0x4, 0x0, 0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)="79890900ff9aea299f5a92731a2c61dc73aee5f45bd0e997432f05b5c2fafd46646b937c7bbcde00087b2a7a001bab4fe764849f66620d4032d46bb28b14d5605fb4fa328be300f898609c527cf3282573e8c1ceae1f22948e7317dbaa45d08d5948a50d2002748b59fb0907f8b709431b39c74f76f3017bc8284344d8339f245aa5ccfdf613077b1dfd57819d8379d1a51ca6f2f06a75f8103b455dbb1b7942d6e1525bc87ff414b0b067632228d8c42c7db34dfc556c16dd7560495cc214e83895", 0xc2, 0x0, &(0x7f0000000440)={0x2, 0xeb, {0x0, 0xc, 0x58, "cc5307b53fd92144d96f4a4bd07c5dc9b332f56ec4ad8ebbc397e18b67ea0f25c4ef174ddd43cf0d015f3917cfbb016f4f2294873268d2393359a1fdcbc0e83d051c7776638fcc5b123395eb9007c54efa795e020a9c3127", 0x86, "9cd10cd845776a831c8d54aef51fc6799f14dc6af8ceb3c312539d1d0df0728bff50a9e5c31ddd895dd34cf495ce4b6dd69c8bb7fd1ef9fc2069487dac02f889bc7f453f3a5e5e5d837fd1b966bacbac1751d2ff0aba309b8856f711e4874ba5aece2accfa234d1d5b91b9028a5d8af208c6330087653b8c6dc7816103b3d35890d171b746bd"}, 0x2, '\a1'}, 0xf9})
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:54:06 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000180), r0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000006c0), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000426bd7000fbdbdf250100000008000700ac1e0001"], 0x1c}}, 0x44000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:54:06 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x20020000)

13:54:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$FIGETBSZ(r3, 0x2, &(0x7f0000000040))

[ 1091.054901] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1091.054901]    program syz-executor.2 not setting count and/or reply_len properly
13:54:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xd000000, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:06 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
pread64(r0, &(0x7f0000000040)=""/166, 0xa6, 0x535f)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8004040}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000826bd70000400000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x5}, 0xc080)

13:54:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5409, &(0x7f0000000040))

13:54:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
fstatfs(r1, &(0x7f0000000000)=""/115)

13:54:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 90)

13:54:06 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x21030000)

13:54:06 executing program 3:
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, @out_args}, './file0\x00'})
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
recvmmsg$unix(r0, &(0x7f00000025c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000080)=""/26, 0x1a}, {&(0x7f00000000c0)=""/35, 0x23}], 0x3, &(0x7f0000000180)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88}}, {{0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000000240)=""/130, 0x82}, {&(0x7f00000023c0)=""/167, 0xa7}, {&(0x7f0000000300)=""/43, 0x2b}, {&(0x7f0000002480)=""/83, 0x53}, {&(0x7f0000002500)=""/54, 0x36}], 0x5}}], 0x2, 0x10000, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0xc)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5000940f, &(0x7f00000003c0)={{}, "39d3bddec15fc1b90ba225146592c34a8697ba87b1659d1fcb3201c9b6750cee57c4900d355a85b77e34230501a0b5481e6afd74c4eaf806104b774e26d4e28c13079cef29786905f948f2bdfa44bffb70f6daf3a05bf0eccaba51305a2f061f56445866cf59f16c39b2fd362a6b0cf548b1cd9b257f55286d927dd085fbfcca5eb2fec85d1936e2a22cffb06795d585c16071e7d58f483d1b615b7794ac2e56298a9539cc21e3f2f1c2ff82d0e6cce862db78e6f654bcda6313493a6565ca9380277b4797ce4b4e4a4258e1d1dba7bbe21bb8843761ff4b50d8b3e72c7391be36fd63216d76cca313b1084ee10e3e77081a7348a9fcc9ee6cfde5dca19e8d2ac639613d8d85456feaf7e30dc2c88b8ac4c452cf9b66e764a83d57c6d5d0086d2ea918b1d62bff8680a63133b1a84fdf986b2f652e963713f7838c5e03684bf5650356c0350d613c3ef6150cc8cadb1b006875b656974f3031fb952b3216e552ea77cafa171e501e0755c8981bf1e3f0b993410e52f59bc02309d46611dfcdfe709704d242dcaf45a15db347c9e3051018860b16c2ee94ae8e1d72b4ebc5cef2cb818ac5ac848cb62d4905c00acdc58a69bb51156f1d714ca1c24a5690c68d0b16030c84245c9efc04893eab56e8b83fd4d572be2ce401e82fd7c7b76f63ec270063200b423c30b8de00c56844639cc9a9c233f305a47bafb24dac4a154747873366ee86e3cd822ad0d78724f430035234539c18b613d570284cf0c075d59b82043d27c4ad17fa1ba5de42a4b66c2788d7d71598751aab38dcd0b52b07206ea2396dd734a81d20ee6bdefc3f80329003f723ab96783b2f1277da5c7be36f1214eebe46371518515ad35610fabef6616ce9a4ff7b60b43e1b51091e7f0e27df3ab54aa07768d8ad19f4470ed606c727ec686e0bc9bd3be2c09118acd91cac701817b476348e2bf48ef680db6df8aac03fe9a6742b209c7157707e7a60f010ed1ccfc121206e6189abfe9ff974c29cbcd5bce39e310479840c8e8159c3a752b317f1d39ed0d763c7a3142f882f4d44e8ad87714bf69a8b794c1939785a1473b9c5533efb0014e8966c72b1cf7c31e12fa963ac4de5db9fa8e53d1a12ed8abec4827ab09a34e702611fb3812ec19c1c907e9ebcc25e25ac624bf359c66e18472a5d853af8830e41bebfeae41f973a459777bdacb58030720c8cec51bb9ddd0e5c573d5961381cbdaa190a5be71f436ef9d6d9418de19efc7cf9982a1de5cbc7638f160256d5a65f3bbec2823cd0275d0778a6e4b0ce0d9feba49d81a5123f51bc8cefbe2e40d61f7721b6a62575a4f7c770808d6accccde5b258a8bab0d84defcaab7b3a08b4a70bb78ac38179552d401a6af10d073160a21adb4d3050a53909b2d6cc0b6e10db4be256942c823a7ac63cc9dfce960be6c1255c187e373f51b36b32f1236f77a2641a7961ffa8227d9fd2381a4536b1d8635382fbd086043beed46ac6f3071417a9cac6e7cc668d642fd9957ec6fc718e8ea91f77a399d25884390e1bec8059a5665414cb9c10bd2b410d320b92efe278af1700c962f34de81cccbdeab33994eb29cdc647475afcedf6091aada72174bf12ed366fa1b5df4dff0fe1400053bf8991822d8dbcfd351f24f3a662c9bccf05197178f78ae44f0960040e67d1958eb2e8e578399c12644cf55b4af9a55a77b0531eefc132108e4b60bb62ec7c580e51d382e7c9a866a03e54be64fb62e0040888c0c81cbb825bc320fb7f14f88394cc32416f4c2a90bd27b7c049b778a741cf074503e161ce4d017c57b811331788bb2fb08d59cf4dc1db55a2059a33d5794eb7db2251080eb9315f6cce5a2c5c2cca73234d72831cafdff93aa2a4ba035eac5862b2dc8406dba8a59ef6df6bc472bdf8cfec07faa86e10d36cb022db4629114a37f7bc513d57e8c7a63121cb943e7bdf76322db1360160e2b30772b910f39f798d9f77661ff6e9362da41450e591aad11e15594bcb77a855d8fbbd75f2be85be40b7c9f4ae71b7c50d5755fafa90daf1182fcae0fe889870dbded9cfe49caf8ba7ba93f379f34a027930d11d37164261f3c49e4326576dd8de5f7bca9637d6217d15999805131677461e9a68cd45f7b474f8fbe9cdf83c4aab59ca11e96d93868c1979ad4e85d8e076cc3cab7609393122af6638bc0dc97884508ece0fd56e7d8869481aa78bb1a6011d3fa2f88c74f642aeb3da6d2bf95bca5ddb516dbcced54e607dc32855a982c006be12caee9a9ebf06df6ebe71a1e56f7eb57567ab43d354d85a4f29fa218c165de39242f88d3bb399e76473baf7caffb086587d7ca1cf626212a3c561f0354d89fa89cd289d6a30655bdde38426b2cb9c7b10d2742043e095c8f31e140be163f4d83dcf9824d9c31c43daa1c9c2b50718ea35dd634ff1f1d182be2ee6a5653eb6921354dfc66d41eef1fef067e9532d26d80291e6392fa85376541274467dca1e5fdf8a2fc9585f0ac286dd24481a1db8e84727d26f793d6c73d028c7683049033b5fa0ac4678fec5b59c119b8b342b70718713366c5820e3e186b6f77e74eb70dce6cc61b8f1654201aebae5d0701afc801fa7011545ce6f5a3626304cf4dadf466ee629ff10448a9b1e80501d79cc878f555489f5ef92a0689dbbbffdf99d70b1ccfe22daf460aea7a801055fd381b091b90b81b0685e14a1e61db50a549949ecd28537efc50cd4e53f53956b3ae7f2440dd86981001d1ce962b99c29c5a99b084f83907ce03fe88071513ef7689186c02e56e0d25cc18f6d81329a8178f628d48e644942b6342f92c8cf9fc9686ca16fa306f449440cc95511f5d99e07074187cd943cb7574501af31dbbaca1f697794428e0fde1a1018ff610884f9557173a3d2e7f2c37798f84d7268c148341f12c31fec5027fe2392b93f8f6bae04650c9da8ad5598501ccf2707de24d04cd4574b631e92832616feea16c1d15d268ea5555d659eb58a3eba59283e627ae84e94e13fcc79a08b29be37e9a459309435f922f55e8dbb188f08d924ab7538825a1c3eb1a26c90535da8b95f25a2bb60f0b1538a458078030701ff0f021710c4a2749b4a8f541d3e258aa81d950d182b3196050eec72f84016fc7ba7e46b7189346f006feac773c1c89a27ba6b82bb1db685290316e41c95e6b8e3e13c3a5571297c8151fb0618b52846c3582abfd516e2672b3cdba45e79b968a748961c9c69a382525a31b470a7ed0df4cd55d7ac2e0441a553eaa2e9a12653f3913adb4a007e6ba9814627f4c5492bb67c591e3676fab13627ffb2cd79dd2581a99768becb2b4d0f2f9ed68530b38313497c14a29a6b2436c582e7ead220d985c73b19fb7adf76ec7d2fd517f2f6a29a81ef96a2c3fb89f491dc12e2af40df5a49752f8d6c14a780463bcad5dbfc708f901c19fa13f326f30b235b5df5a56f5774350432d65d70d0fa8b5ac636626148254f4f0beb93f8d371648e6451c8b099286da276e4b2b0eb5998e2529ae08f9a3767d2550f09e63c0e82c5cbd460603238cfcb563cce583e2484d74c7aba889f0196368efecb065f1699eacb159a1d7616ed85fabd09366503a66cb46b96a2cb50d4cfd235f4abc1d5faae94b0807d7f45fc4d304db4d4600c44cd0fbb2083e5262bbc44403942ea1dda98ee28e4dbe4760c2276a3286a543d1c38f6ca3322477783357fc60cb30aa35c463dca3252c4eef446341c01ff76c4c560f1faeb204a9e4c346f6cee8349d47fe35ca0eb4415034337cab1e6ce99d0e1f40116320a0ed9a51333f278a2502dabc42af29b23786dc4ec56ce7b3e9a119da68164f48f861955923ac17bb2ce469940e4f4f0bb897687ba375a7085289ffb15098e1ff09a3d71ae36bcdde5b649d743fae193c9a435ac9064bf2b48a7ee6b2329298d29cf660b8b2c46fe21e283a50cda538ca997a128b70b31635650de7aa718f0a0323b0b1405b13c430e355176aeaccb68024aafcc565916a5051bbcad6e606d4ab837ead8a75af6c2ddd786e05152e66414651150813d7dbcbaa4e523e34e067fa8340f35d139690a43973fe16ab2a032da6aed941f9f23486f1d3c67dcfe2ad837201ab6a074485db7535177af02285edeb175699634ddc898149ffc64b8a5cc91b07e1189bec5731ce69993af6dde4bb3a3a64263ee6f3f77c1ef043104de85be6cf4826776b1f2a1f41cf98878b24e8a46b123511d1a38683ffe1ba133db978b4d790d2a8e32d4652704a2edb44a6d6a3a1f6d0f0a4b546e3bf204bd2ff7521359b04fa6a457e62e43cb39b928ce88d4ae047a3e5189c7cf1c7dde6b433cb4c4ced6f034929f3a36d7c55cdf08d1b1495aa8ad9aea73fd2e67ce33c9399d4af249a2822165530ce103ae726932d0cd7cf107a62ee4294f01026c6e3cdc1d7f03160b57ef7ff8741bd13ecfff08d823e5cf1195208e42af6f473d9c95d64942fe3b4fad665593df0a4507eb0c8d7e98477d1c67f6ee391ccdb3982e775a32bc3404ed31bdd66e20b2b5ef28ea9d9d81b107cc90982cd72fc75a02c28a699100833b26dbb229eb123a2b2e3531fb47314aad614ab67388a17976c97dfb7363d2991892f592be0bad823cbfe168422f1fbc9e90a0d7ec64f17e4608f8a403f6447c33df3290f182eda48bd7b62fafcb2ada811eaca6752f96703fd171cb2e1d5e1efe0396a50fdd3c9605b5beb35033f83e3b4691378f132462d6d2da666d28d25b86dc46e447c859b3684f123ebacd56ef27e642e6d0909bb4cf7ec19b82c00a8ce2fc82d275d24b2184a769388058b716b44eb25320e35ed4ea4be5d8ffa91a5ef0e317566cc150d4b0cddc49614e5b9dadf7a5f68cfa98eab6e2665b69d836d03255c3c2eda106f454a3f9816dce572155657e6f2b9328d597e9d266f10d45b5c04dadca01272ac7074b7d752aac7b7b60cf466ae5725a2f76830b236cd37e51656401bf0ed13004daee788023d242940e82392a6086a3b21239249a0e1eb0d02ab01a6f9d5f81e807d9a856824fb9f812864310f0210abf938008cb0e258987cf0386135867c19a8d3959fa7d7c97a4c01154b3bf38357c842166f29ef7cf45a738712f6a63784b6789b09ea0da831c6ae3eb513f9c2685a56cfc42260ce0b0af779ce74eb6beef800937ea6a1ba4a8815d3ad45c4da1679f5312ac75351d85fda47344e25b1a269a472afebaa0f274f79e7df1ca59efb8a2f48705d6bc30954020190b4999ebac89394ba92c275537d7e874a7fc3ca20950b2d0c59edcc17d2cad54fe67afaefa1457d8db4f14f314c7557e2c1ca09671f493e153ce7d9ab6cb1e359bfeb47c9f27518f98a1f51afb7ddd5aefe82baee39cf955d2c2d016478140300f88913959a13b23b2278fcfc8acbb483746cd26dbfada6411f792d2e52efe386d0c126b25ddc8c204024f7026f919ca099c09e138540b34dd5e5005b047b5a412cf5cca723c6589b911bea45dd658106d845be1ce54503db484f546c6fb9d84ecd41d40a26d6b9cac1d40d761df4c1e0206d526fec0f1c45607b82a92ac28023ab198e3b72d5e1672d07d7358dc9edc025816bdf0f964ad88179cfc79414e82b5ca240d57f7c52331d33dab688b8316f9abe54eab1b5ac4de7926b438245abafa8a376e26b0c9fb512e55f375bbeef075d1b6749945fa30c8845973e3f7eeabdafd6d85473fd0ed42921a0b38be6104b296979f33719dace960d8c55d4141904880ff1ff387867ab39119f16bbd0faf6ba2b176c13383a214cf7d358"})
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x76, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:54:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
recvmmsg$unix(r2, &(0x7f0000001840)=[{{&(0x7f0000000040), 0x6e, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/94, 0x5e}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000000140)=""/249, 0xf9}, {&(0x7f0000000240)=""/30, 0x1e}], 0x4, &(0x7f0000001440)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0x138}}, {{&(0x7f0000001580), 0x6e, &(0x7f0000001700)=[{&(0x7f0000001600)=""/83, 0x53}, {&(0x7f0000001680)=""/85, 0x55}], 0x2, &(0x7f0000001740)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}}], 0x2, 0x0, 0x0)
ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f00000018c0)=0x1)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
r4 = eventfd2(0x2, 0x1)
write$binfmt_aout(r4, &(0x7f0000001940)={{0x0, 0xfd}, "3cfd2d5d86fb7546d1a127f703ccd9c7e6236fc326", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa35)
syz_open_dev$sg(&(0x7f0000001900), 0x5, 0x501400)

13:54:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xfffffff, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 42)

[ 1091.348187] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1091.348187]    program syz-executor.2 not setting count and/or reply_len properly
13:54:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x540b, &(0x7f0000000040))

13:54:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
socketpair(0x1d, 0x3, 0xd604, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1091.370676] FAULT_INJECTION: forcing a failure.
[ 1091.370676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1091.372420] CPU: 1 UID: 0 PID: 8664 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1091.372450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1091.372464] Call Trace:
[ 1091.372472]  <TASK>
[ 1091.372481]  dump_stack_lvl+0xfa/0x120
[ 1091.372527]  should_fail_ex+0x4d7/0x5e0
[ 1091.372568]  _copy_from_iter+0x1dc/0x15b0
[ 1091.372608]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1091.372640]  ? __pfx__copy_from_iter+0x10/0x10
[ 1091.372679]  ? find_held_lock+0x2b/0x80
[ 1091.372711]  ? __create_object+0x59/0x80
[ 1091.372737]  ? lock_release+0xc8/0x290
[ 1091.372762]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1091.372805]  copy_page_from_iter+0xe3/0x180
[ 1091.372849]  bio_copy_from_iter+0x108/0x270
[ 1091.372889]  blk_rq_map_user_iov+0xc07/0x1180
[ 1091.372931]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1091.372964]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1091.372997]  ? find_held_lock+0x2b/0x80
[ 1091.373027]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1091.373055]  ? lock_release+0xc8/0x290
[ 1091.373075]  ? import_ubuf+0x1be/0x220
[ 1091.373114]  blk_rq_map_user_io+0x1cf/0x200
[ 1091.373146]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1091.373176]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1091.373218]  ? irq_work_queue+0x9c/0x100
[ 1091.373246]  ? __asan_memset+0x24/0x50
[ 1091.373287]  sg_common_write.constprop.0+0xd75/0x1710
[ 1091.373327]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1091.373362]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1091.373395]  ? ___ratelimit+0x465/0xa10
[ 1091.373440]  sg_write.part.0+0x6a2/0xb50
[ 1091.373468]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1091.373500]  ? perf_trace_lock+0xb5/0x5d0
[ 1091.373529]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1091.373559]  ? lock_acquire+0x15e/0x2f0
[ 1091.373583]  ? perf_trace_lock+0xb5/0x5d0
[ 1091.373604]  ? find_held_lock+0x2b/0x80
[ 1091.373635]  ? get_pid_task+0xfd/0x250
[ 1091.373675]  ? perf_trace_lock+0xb5/0x5d0
[ 1091.373700]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1091.373723]  ? avc_policy_seqno+0x9/0x20
[ 1091.373753]  ? selinux_file_permission+0x99/0x600
[ 1091.373786]  sg_write+0x86/0xe0
[ 1091.373811]  vfs_write+0x2b7/0x1150
[ 1091.373844]  ? __pfx_sg_write+0x10/0x10
[ 1091.373868]  ? lock_acquire+0x15e/0x2f0
[ 1091.373890]  ? __fget_files+0x34/0x3b0
[ 1091.373922]  ? __pfx_vfs_write+0x10/0x10
[ 1091.373955]  ? __fget_files+0x203/0x3b0
[ 1091.373987]  ? lock_release+0xc8/0x290
[ 1091.374016]  ? __fget_files+0x20d/0x3b0
[ 1091.374061]  ksys_write+0x121/0x240
[ 1091.374095]  ? __pfx_ksys_write+0x10/0x10
[ 1091.374142]  do_syscall_64+0xbf/0x360
[ 1091.374168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1091.374191] RIP: 0033:0x7fbb63381b19
[ 1091.374209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1091.374230] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1091.374252] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1091.374267] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1091.374281] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1091.374294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1091.374308] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1091.374344]  </TASK>
13:54:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400"/288], 0x120)
r3 = openat(r2, &(0x7f0000000040)='./file0\x00', 0x64cb40, 0x0)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
pidfd_getfd(r3, r0, 0x0)

13:54:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xf5ffffff, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x540c, &(0x7f0000000040))

13:54:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x64010100}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:54:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 43)

13:54:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:54:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 91)

13:54:06 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x79, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffe, 0x90000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x0, 0x0, 0x7, 0x2, 0x0, 0x20, 0x0, 0x4, 0x0, 0xffffffffffffffff}, 0x0, 0x200000000, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x1)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

13:54:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xf6ffffff, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1091.765936] FAULT_INJECTION: forcing a failure.
[ 1091.765936] name failslab, interval 1, probability 0, space 0, times 0
[ 1091.768163] CPU: 1 UID: 0 PID: 8703 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1091.768195] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1091.768209] Call Trace:
[ 1091.768216]  <TASK>
[ 1091.768225]  dump_stack_lvl+0xfa/0x120
[ 1091.768272]  should_fail_ex+0x4d7/0x5e0
[ 1091.768312]  ? anon_vma_fork+0xe6/0x630
[ 1091.768349]  should_failslab+0xc2/0x120
[ 1091.768388]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1091.768434]  anon_vma_fork+0xe6/0x630
[ 1091.768464]  ? vm_area_dup+0x3e7/0x6f0
[ 1091.768490]  dup_mmap+0x1207/0x1d10
[ 1091.768537]  ? __pfx_dup_mmap+0x10/0x10
[ 1091.768586]  ? lock_is_held_type+0x9e/0x120
[ 1091.768632]  copy_process+0x6faf/0x73e0
[ 1091.768656]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1091.768701]  ? __pfx_copy_process+0x10/0x10
[ 1091.768724]  ? __might_fault+0xe0/0x190
[ 1091.768756]  ? _copy_from_user+0x5b/0xd0
[ 1091.768802]  kernel_clone+0xea/0x7f0
[ 1091.768823]  ? get_pid_task+0xfd/0x250
[ 1091.768862]  ? __pfx_kernel_clone+0x10/0x10
[ 1091.768882]  ? perf_trace_lock+0xb5/0x5d0
[ 1091.768917]  ? find_held_lock+0x2b/0x80
[ 1091.768949]  ? ksys_write+0x121/0x240
[ 1091.768984]  ? lock_is_held_type+0x9e/0x120
[ 1091.769026]  __do_sys_clone3+0x1f5/0x280
[ 1091.769048]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1091.769094]  ? __fget_files+0x20d/0x3b0
[ 1091.769139]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1091.769179]  ? ksys_write+0x1a3/0x240
[ 1091.769214]  ? __pfx_ksys_write+0x10/0x10
[ 1091.769263]  do_syscall_64+0xbf/0x360
[ 1091.769289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1091.769312] RIP: 0033:0x7f7b289bfb19
[ 1091.769331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1091.769353] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1091.769375] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1091.769390] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1091.769404] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1091.769417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1091.769431] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1091.769469]  </TASK>
[ 1091.817884] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1091.817884]    program syz-executor.2 not setting count and/or reply_len properly
[ 1091.822950] FAULT_INJECTION: forcing a failure.
[ 1091.822950] name failslab, interval 1, probability 0, space 0, times 0
[ 1091.824848] CPU: 1 UID: 0 PID: 8709 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1091.824884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1091.824900] Call Trace:
[ 1091.824909]  <TASK>
[ 1091.824919]  dump_stack_lvl+0xfa/0x120
[ 1091.824972]  should_fail_ex+0x4d7/0x5e0
[ 1091.825017]  ? blk_rq_map_user_iov+0x1fd/0x1180
[ 1091.825051]  should_failslab+0xc2/0x120
[ 1091.825096]  __kmalloc_noprof+0xb4/0x4b0
[ 1091.825150]  blk_rq_map_user_iov+0x1fd/0x1180
[ 1091.825215]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1091.825254]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1091.825294]  ? find_held_lock+0x2b/0x80
[ 1091.825339]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1091.825372]  ? lock_release+0xc8/0x290
[ 1091.825395]  ? import_ubuf+0x1be/0x220
[ 1091.825442]  blk_rq_map_user_io+0x1cf/0x200
[ 1091.825480]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1091.825514]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1091.825564]  ? irq_work_queue+0x9c/0x100
[ 1091.825597]  ? __asan_memset+0x24/0x50
[ 1091.825642]  sg_common_write.constprop.0+0xd75/0x1710
[ 1091.825690]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1091.825723]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1091.825761]  ? ___ratelimit+0x465/0xa10
[ 1091.825827]  sg_write.part.0+0x6a2/0xb50
[ 1091.825865]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1091.825902]  ? perf_trace_lock+0xb5/0x5d0
[ 1091.825937]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1091.825972]  ? lock_acquire+0x15e/0x2f0
[ 1091.825999]  ? perf_trace_lock+0xb5/0x5d0
[ 1091.826024]  ? find_held_lock+0x2b/0x80
[ 1091.826060]  ? get_pid_task+0xfd/0x250
[ 1091.826105]  ? perf_trace_lock+0xb5/0x5d0
[ 1091.826135]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1091.826163]  ? avc_policy_seqno+0x9/0x20
[ 1091.826197]  ? selinux_file_permission+0x99/0x600
[ 1091.826236]  sg_write+0x86/0xe0
[ 1091.826266]  vfs_write+0x2b7/0x1150
[ 1091.826304]  ? __pfx_sg_write+0x10/0x10
[ 1091.826333]  ? lock_acquire+0x15e/0x2f0
[ 1091.826358]  ? __fget_files+0x34/0x3b0
[ 1091.826396]  ? __pfx_vfs_write+0x10/0x10
[ 1091.826435]  ? __fget_files+0x203/0x3b0
[ 1091.826472]  ? lock_release+0xc8/0x290
[ 1091.826505]  ? __fget_files+0x20d/0x3b0
[ 1091.826573]  ksys_write+0x121/0x240
[ 1091.826613]  ? __pfx_ksys_write+0x10/0x10
[ 1091.826668]  do_syscall_64+0xbf/0x360
[ 1091.826697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1091.826723] RIP: 0033:0x7fbb63381b19
[ 1091.826743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1091.826768] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1091.826793] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1091.826813] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1091.826836] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1091.826859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1091.826875] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1091.826918]  </TASK>
13:54:15 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 92)

13:54:15 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xfdfdffff, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:15 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x23210000)

13:54:15 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x10001}}, './file0\x00'})
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
sendto$inet(r2, &(0x7f0000000100)="04d235b31038a33ff0b924cad8a39ba858e4c33a1c973220d4e53005f05d640a677c71a50f98d1dc5cc7b82c793f602bdbb8c04f78964dd19cc9d5f4457815d3eaf7612ab429", 0x46, 0x200508c4, &(0x7f0000000180)={0x2, 0x4e22, @remote}, 0x10)
getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000040)={@multicast2, @remote}, &(0x7f00000000c0)=0xc)

13:54:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x46001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:54:15 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x540d, &(0x7f0000000040))

13:54:15 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
sendfile(r0, r1, &(0x7f0000000040)=0x7, 0x7)
truncate(&(0x7f0000000080)='./file0\x00', 0x4)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)

13:54:15 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 44)

[ 1100.474901] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1100.474901]    program syz-executor.2 not setting count and/or reply_len properly
13:54:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 93)

13:54:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x3f000000)

13:54:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 45)

13:54:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x540e, &(0x7f0000000040))

13:54:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)=ANY=[], 0x14f)

13:54:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x282, 0xb0)
sendto$inet(r1, &(0x7f00000000c0)="5816a2b44ba1a935338ff3ccd98fba07180ff54d9f80545df1a49d775be2a0b120a47fecddc2d9842675a12fb7c8ae032b75f679606f287362d6a46a63f996c4c17e4c1b82761be8c2a90f7d0995b7afe8b0e54fc7fc0fde50475c970719d516f690ced09a89b061819c7f88735b28c5e866036af38b75deba245eace30b84faf44db8df7e5c1208706c6f10dcb47fbb6dc291da7823eb67018296e77445fb", 0x9f, 0x40, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:54:25 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
dup3(r1, r0, 0x80000)
statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/123)

13:54:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xfffffdfd, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1109.976802] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1109.976802]    program syz-executor.2 not setting count and/or reply_len properly
[ 1109.981847] FAULT_INJECTION: forcing a failure.
[ 1109.981847] name failslab, interval 1, probability 0, space 0, times 0
[ 1109.982820] CPU: 1 UID: 0 PID: 8759 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1109.982837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1109.982846] Call Trace:
[ 1109.982850]  <TASK>
[ 1109.982855]  dump_stack_lvl+0xfa/0x120
[ 1109.982884]  should_fail_ex+0x4d7/0x5e0
[ 1109.982905]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1109.982933]  ? bio_kmalloc+0x3e/0x70
[ 1109.982953]  should_failslab+0xc2/0x120
[ 1109.982975]  __kmalloc_noprof+0xb4/0x4b0
[ 1109.982993]  ? trace_kmalloc+0x1f/0xb0
[ 1109.983005]  ? __kmalloc_noprof+0x215/0x4b0
[ 1109.983025]  bio_kmalloc+0x3e/0x70
[ 1109.983045]  blk_rq_map_user_iov+0x390/0x1180
[ 1109.983070]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1109.983088]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1109.983108]  ? find_held_lock+0x2b/0x80
[ 1109.983125]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1109.983142]  ? lock_release+0xc8/0x290
[ 1109.983153]  ? import_ubuf+0x1be/0x220
[ 1109.983175]  blk_rq_map_user_io+0x1cf/0x200
[ 1109.983194]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1109.983209]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1109.983233]  ? irq_work_queue+0x9c/0x100
[ 1109.983249]  ? __asan_memset+0x24/0x50
[ 1109.983271]  sg_common_write.constprop.0+0xd75/0x1710
[ 1109.983292]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1109.983307]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1109.983329]  ? ___ratelimit+0x465/0xa10
[ 1109.983354]  sg_write.part.0+0x6a2/0xb50
[ 1109.983370]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1109.983387]  ? perf_trace_lock+0xb5/0x5d0
[ 1109.983403]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1109.983419]  ? lock_acquire+0x15e/0x2f0
[ 1109.983432]  ? perf_trace_lock+0xb5/0x5d0
[ 1109.983443]  ? find_held_lock+0x2b/0x80
[ 1109.983460]  ? get_pid_task+0xfd/0x250
[ 1109.983482]  ? perf_trace_lock+0xb5/0x5d0
[ 1109.983496]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1109.983509]  ? avc_policy_seqno+0x9/0x20
[ 1109.983526]  ? selinux_file_permission+0x99/0x600
[ 1109.983545]  sg_write+0x86/0xe0
[ 1109.983559]  vfs_write+0x2b7/0x1150
[ 1109.983578]  ? __pfx_sg_write+0x10/0x10
[ 1109.983592]  ? lock_acquire+0x15e/0x2f0
[ 1109.983604]  ? __fget_files+0x34/0x3b0
[ 1109.983622]  ? __pfx_vfs_write+0x10/0x10
[ 1109.983640]  ? __fget_files+0x203/0x3b0
[ 1109.983657]  ? lock_release+0xc8/0x290
[ 1109.983672]  ? __fget_files+0x20d/0x3b0
[ 1109.983697]  ksys_write+0x121/0x240
[ 1109.983715]  ? __pfx_ksys_write+0x10/0x10
[ 1109.983741]  do_syscall_64+0xbf/0x360
[ 1109.983756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.983769] RIP: 0033:0x7fbb63381b19
[ 1109.983779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1109.983790] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1109.983803] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1109.983811] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1109.983819] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1109.983827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1109.983834] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1109.983854]  </TASK>
13:54:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:54:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xffffff0f, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 94)

13:54:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x540f, &(0x7f0000000040))

13:54:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x40000000)

13:54:25 executing program 3:
perf_event_open(&(0x7f0000000340)={0x7, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[ 1110.233950] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1110.233950]    program syz-executor.2 not setting count and/or reply_len properly
13:54:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_script(r1, &(0x7f0000000440)={'#! ', './file0', [{0x20, '(^{'}, {0x20, '\\%&^{'}, {0x20, '/dev/ptmx\x00'}, {}, {}], 0xa, "ddd686e41d05849c06e19524834483f8d491bdecf084e7b1c5155af7b5dea255643422d8eae6d57cdad6bbccee5ff6762ea16e28b9a198500a92cbbf064f7e18f06bf3fde1834aebbe7a04bca51e3912a3e07c2d515e51bf8b881439f511e53f55e34d048933825ac24c74d522211db48b9a2e1864a8de73635aa77fbdaf3b82d8bd3b5ab4890ebc1e8b561b6102f4b66e78b2c13e9055b5089190bcbb78948542c44cdd5b1abe86809aee456dd2222150924292c66bc262af5c8fab207877840d33e1c39f384eaffd9fb2cbf070a993dc8b0da479d1bf775e4115e7e94f444b04a39eac445d7efc2bd9a58f56ec51f61f2cb46d367009358c6b8f164a8d69e0f89c19b57e429c92b4de5f6a8792660deaee4b93cbb80e86937e6fb61ea457d7ed5db799ef799786b98d755bfda9c04b187399a99e2e1c295b444b74ea2bec691a92e08e80d419db35fe66b80cf10f15051f233d70e73921f7b74c0380d252e40cb094f905bdc7dc35e104d3ea2669634775753049064aa03b103baf43bd11f6778f0387b62711c23a86b4c82e13630fedf91014725955b72525efcf0835a3d2230688230bdca9f87f6984ee6b073cd1543a7c6657b5cfda2b1dfc0a6e27751e3ec1a4f38877c4083a51a9db97d42e277cf90bbf86cdc84c08b091b98e67e6553f3226a70f0ac788637e5bf4dd03eb3098feca32efcb7e8e090507e3f276e2b2c78fd200868a0a144d8ef7cd7e45df55129cd2c1abf8c07a1d6027d8ebbf6f55505836a42d75e98e19c4da5fc240e163f3ff52066b096b5a5e87df4bf2a01d60194ccb540b845447521febbe2b9942feae715e77802c88aa53bead1687b436ecec8b034143f48440038cdbcf4804ca2675ca9d847ded6f8df28fd9b9b18d7cce98694d5f161f822477f6dc290e39344098e5b7bc284e781b550546ba17ac2c537be1f6f297bc4413312ae194ed424747b3a033da815c9c348193a27aff514692b5a13e0699d91091279ff21f2b8cdb01b96cd9089c67eb2862e2d1678bd35706e4b854c0499489e6d85ecbf2bc821d55cef1f4653765bfcf1af33a166c71892df4e4dc264cad51fe28f84b75b5159733440921996c48edb970dd3a1845f5c9ed89f46071f9faa7be19d02b174895534ce15dfdaf76edec47d02facc3ae068ce60792ac9663e90597340317353744963c8dceb902c414bae1b2e136354b95793a9bc727ddba1cbe3d88b32835a9edc121db371fcef9517b17be7343f974a0dbb7842d638cfd1473281a68ead66271d895413113eb8e3348de69c26bc754fba34ed378733790422aad1abcbd52ac27c231739f1f66d9d1de3cca7e2d62673f2654f8479939984938d11685678da069b48e082bd1880de47a4ba1624e35dc3c835391bcf39030ae2925af16aaff7aeee345fff5ccc6199e4caf0cc72ed4286055415b5715ff41e15e3e399fe1a51ea943dd68714a33db1b887c1b2402b99c2b34d5f5e8fda9103151280b1ab8d1ed741d46e795b4e63fc247b06fab89ba7f2fea927f07040db93d7550c62b2389c79a3724e5d2c49c62e1770f9c3ce709ac1af65dcb60ce408dcf290870aaaeb47a2aea8cd76d89d3d57b96dc9db08c13f51843117a11dc4d44e2e094dc99d2053a5604cfb7d634ce96696fd1b0f9b3dc767fd2f2e10d861e70e37a9afd5480976097f951c031f0f36419ec7e6bc7d34507e314aebd76e0625a5e11e2c9a64e766631669c1f96cb172707d62b60ef3e191a1d374df7568ae8a78f09f1427e8b5d6f107c1b3949791cdfa8ca7f2bf5d1c2aba6425f26f6e764825eb27ed9ee5c1c1670a809e28f31975cdd15dfd2db19e1f6643cf87ea677e40decadaf1c0e432d46782ded42cef19a10fb5ab30adc8144a5447b01ff3b55fd7bc8a91f0f3a9e463d9d85b884736d3c73790d9044004290fb50c82b09c1f81149b4e09f07e7b29c1f434d3b67edf93a897b8899e5aac3f4aa4418738137de83cd7d3ab0acc9c7d5a84864256f77c0533a302ab0c3895c810cc73d0b61646d97b89c00a4d5c72feb210dbc60c09b104b332bc52d7b3489cb2cd9d29419e70eab102357753193fd7c33c804efe6dd45d9b3d676d0550ca0c21642e9ebc98222c92b9a2ff1934ac6a18bf3b2787e0a42191bf06e72b4ad45e058125e4f94ad810a5e0955e43ce9487de96ed8b5ff455cc135609b7dfc0750c35b3dc4a0507cc9cae195af2c653969ba4aabf34424502f84c887374e126a441f6ac9ccbfaa365f21483a2109cab5dbfc3289897af7cc016f9bc777b5e73d0ec6a793dee10f9a72ae1dd1b8462f26a6613a3f2d309d53f5d42cd231fcc409a14fc85319422365970a6bdaa394b49e7cb068c78aff08351e1e45152da95b3683460593dbe42d74847a90af81f0dce713231b44eb22dd2500cf792fab9de0bcd0dc05176b88c18edc9d1a5c3335d82ae904f61766aa02a2bbe426a7fff525bda7f29576da7e00c32a89bc936a52692712da191a11a1c2fe51b9329b6cdfea47273d215ee593860429b2fc968a6bc63445a67852641e8184a1e5244b87c1ac0f2e4f61fe1c952cdfa7b71f474264234b7db7f5c2d9e3371c93f0d1b7c00f1ca45284d782f8ea9aaf38d614d1797acd9dc8b330e7e5050823523ec913ba4dfe9c7887a274e8af70de3084ce4e4551a3435925364f9cc1714131ce8c33b18a2248079dc57637acd7143702c0da814d0a0836e8c7f6405c1114ffa706c68eae7035e221f5e3c98a3b5e329ae6ee343de3fa7dc1e38b4c5f579ab0f7f39e40c5f11f770e74e470f5e4d6364a845acfb2859359f0205352d375bac96618a3f618df9b1e94480e8be7e2e12589616057acbeec93503bfa9c49f6c11664bae7442edbc6a91fa25626720630960955333f42a71a32484bddbea52f964f5cddc2c406a0500072804be77d069030b1097bc0b955aa8c611766ed037371b95a8d95179870c40d93fadfaea36659e5be8b01a85459e245dd7789fb77f5dcc854c682432d28127e21c68e3779b28a2eb1481ff7f637471a62f57b2ae7f5cd9f65e569cb4258f407b562fbf0ec3d3b0c12643b5f16c38b035249b9bb5cfd0699008af82893b84e27a0b194b5eb92713548e228cf59644b3115ab7e5ec0563ccdce615ea41b7af2c02454c26c5cf9ca49cec9ace56feb9880b14da1150d48d9ab631cb55693bc26e22243399676380cc53540bc37aab65b4c865bd30e941c00ff6b9e8e0ab3e3423398e316dec9bd7a3ca7143bd82016eeeac4638e79049807000f3800d020ff78f6385fb6667f340b346ab910f79c308954f689e6f5e920c17456580870e577fc9c21d8f2e5eec79dfb76eef8e880c0829f26ae0b8170a1b7121859f7e1939b8020663b5c1d817c1f8fc5eb51ee0a626db9f7732aadb8fe537052fcd0e1a40666967b60121156c79c85bfad28cdef8dd5acfd783cdf2709d02bddca244a7bba160fdad442a4550b36ddaed20372f631800258879799be0fe5b0ff5b9c75cef6dcd3d48a932ecf9f86c19c1ca7af485fd417f773f083de9d2b99d5017b3607b8f3364628854eec2280dc6c3d9e02619bf20eaa188496a88b38b4cbfbcf6aa7e0997d416a255d49f24f9ae65ad2cceead600317232f7535646e722f465400ca3f8efd5ea9d3835edace52846a08b355b35868168cb289dc3afe714c0daf29d7374f1d9c0514cdd7ca464ad5b7b0b52ed20a4dd71c753bdbb0dd01b55d3227c44769a2417dd47e87a038c0684b993988aecdc96b44fa024c17cb7c6d87af588e5a62df39425aa8b3492e0579cebc89364e92c8aee14e1684c880f71355c4c03eb39b68a6dd26e04680ee8fb7df7378a45e00f38763cfb99932d38aa43116319b09b0a2c8e6be104c483d97f81e5392ad15103ec84fb47b249c3feca605e8ea073d678a7af363dcc119a93efd116191fa93bb457fffe3e14bf3bb8166656632bbb0c393c03ecd6f281ac18196f3cb29cef311ae28c0c8e6b385c01dfc44ffed46e06e8457da908c6f00ad3c3cdc2bc4ec62bf3f4b00bee1cc3786326f39c19b6f7c957bab502329c2e8ff33b2084459e03384d5796f13a8ead8cab2e864c164987106a230edfa3ef956ec8515f136533db3312e05cff6d8168fa047f9691cb93800a4062921aa7937574b36357d7e4b8918ae58691f3744c874bd855d823ea20033eab4a1a0c63cdd21c3f7e50b3d4581c153c216b25e9682fd9307e8aec10713257e662fe3805135b9c19875f61f209308c2a715f294770f9fb89093c8fff79913ac8b9edb600a43c022fe99ced3d877dde96402b6d38ae591458708215cdc4c10a3961ac2a339ec81d06a536ad75c643bb21b1b57d78b7e0ecac0dd3369991fabc6e638bcef98863a475c3aa3f4474d1bf766f7475e6e299a99833eb712337ddf990568d04faa034c14f26f0d3c2237628b40932fe7cbb4fb9dca2f8273eb3979b0c5409fcd5c9b3972b00cba30af11f8741dc6606330a267c91ccb6af20092cbb090d7d95254b3e5e124b2011d726d9168bb92dcab86b435c99843e5a75683d8354b5d7ded0f0f0ebf933d0d376d740b80c2d016dca2ecbb2278551833018cea63943feb30e637babefc5382e849b5e1efe9ab29e6cd6901352f20254eae7bf5e8fbea709a47c03ea4315e505136452bdc5a6decf1e4d3c3b835535e8f118c134590412896190bd420fc677c9a003a4c042af9ea7b3d6cc00c749b6a9b736515dd7a02d96823d4bca5c2df30c616ae2fe98f36ed381335c526ed62238efc84b4a5715a5b241f88d3d896949f490cc6392518054cb29a9ebfce7a57d640f7d3fbf64c7e619f0fe6767c34befaab42de4b28d986098580e25b576ff50ba87790807ccbf856ecd2304fa405f8f72fde63520bfb9095ba1e8c3917505e739d8def030c140cb6056e6fb3697ca1873e878907aeaebb7126d7e7d9c0a7f8fe71cfde7aaeb1b0cb54d6f8d840386a8b6b71b4be19696336c34675d702b865703c214a5ae8180b55a31d25b5376bac9e70d8c62a4e511b22b563bc7ec302b49df2526930df7dfb3429cf0696bb9e4191a310d2dfd55c42a0be19179fdc09ab2883ad26b9b2330e7a3bb1f62e59826bbb8a2f7b28bdf36d965178c38c4c398bdf275f2a5abb886b97f77bd457c4c0bc35fc05d96e18a7282de50ab0ce5be1b7f07b951d69cf3fdba8859f1c6e2921e42f33a533851711a455ed1d1db0375a672793cbeda532609675a10bba29b89213e953f59287e7741256c5166dcad2e2bd0a2aacbdfc5874ccdf40bd6ba12c875e9b96d4ef7b43a043f382ba690d7e98fe157378013acdee4d88cdc1115a89cd6228ae83c85298741113fcf73dc2f40ca35c8cfe3c654ef042b68a762b57fcb4b982e2a9b2b3167bf4b7dc5752ef4d7a5054f4f3b0fb75abcf0831c4727b110010eb0a675de9f2b093d8d7158a280f10b6749230fb367314477286f5d3d59b2f8b9472388f15a25e5df448a4b22c5d79a7b96906246423a76408de11b668beab89dd156d8a06b529755d7cca3f8c8c181e4c4788181ffe5acfbf47f1ded1cac35d51f1b6e12194c82956e5f15f29e3c58c80a299ba110019eb0d79c1d9c373168a2d3e42fbd734684dcf88d6d1e1171bb5a1e5d7aa38f942cf37754eea456067810617f0e5e2155dc07f7ade7d391b835d9f9269d0e6c8c102e2036830e6413c92aa5752c3291453f7d309af1d69c97ed90ba03e04441e90cbfee62d47e1c8ec04d23aef504861de86fdd517b043a85b27570fd2adbfc72231f9254c0b"}, 0x1022)
r2 = dup2(r1, r0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0xa)
write$binfmt_aout(r2, &(0x7f0000001480)=ANY=[@ANYRESOCT=r0, @ANYBLOB="fe852df01a5e93ac7766b86cc18f42c156b33716be9b9811e035278c4cd145d0638a5d522a5c196d96f5896dc949d7a00e4a2b6eb5d5bcbb78ef00f704e8c13f6f3c8e407f6d510ae665cf820f5b71e7d67cb978323fcfbb751c101de83f5f78cdf8c1bb7500d1c5585429e6c3144b596f2e3f6ddf", @ANYRESOCT=r0, @ANYBLOB="7ce8aed0eecb61799b22e547ee149fd74a0bb8fccdd58e019fc7b5bc92772daeb300126d59ea98091818922f3073b53fc9196b9a8f7a6a72487c307f9d6a84b15e9e2c8261fa2acda9c25c1a68ee7c40fb8ed85e90bbda76ebe0ff186f9455a2436507dc1fb8ac4e8016af1ec177046eb03c853d4e26fcfef6b28c689db65f9fff454a5d2d95a2d450b1a7bf46c3df226fb541261c46271857fd9c345ab422f005461e", @ANYRESDEC=r2, @ANYRES32], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x2000)
write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac00"/288], 0x120)

13:54:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xfffffff5, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1110.291284] sg_write: data in/out 1818846731/4078 bytes for SCSI command 0x86-- guessing data in;
[ 1110.291284]    program syz-executor.0 not setting count and/or reply_len properly
[ 1110.445015] sg_write: data in/out 1818846731/4078 bytes for SCSI command 0x86-- guessing data in;
[ 1110.445015]    program syz-executor.0 not setting count and/or reply_len properly
13:54:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5410, &(0x7f0000000040))

13:54:34 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000001880)=ANY=[@ANYBLOB="a117f4fbc4d489b27454f0b7b4a677a5bf319e4ba129b9645c35fb67769232ffca608f382b95307f6d98f9aefdc011c6efc73cb0588a9fc03206d8a4caf5c986e78b28b9bf3d5d84042dcf96aad8ca38724676c7b35c1ea0c2883e8ad53fc9586777070ea7cabeb26548bd6aa76064efb9738b838afccb5af0e6e8127d0af7ca0a2874bf7866984d0a28cb280b68e77bdb19e9a004632483b9f664068053e5a562ac5a87f45858903a766b4cb1085496a8c332e28ae7540b45ede493e626d330a451aa602398c133501177c37d2a5d5676028c2b8b69f80f4fb9409999ecdbce122593dacd62f15d63b335f996e2b327e8309ab8f170b48aaaf77db791c85f99de07bd7fba2a9aaa89f1fddce81f8e2166804b740baaf062f9486633dd9ed52a2f46f4af8cfc1cfdeca07935b7fe5d172d73fbd10112e5ee4819cee00ca97a2dd00eaf0a2dcced85d880a723e1afa3579b711c2a454ee7cafbd3955c107d36fba5b68aba900b8bc8f54d484167ff41a887c7a52ce050599fc0fb9eb7da8e74a2eb17e5aef6c3cb09d77c8371a3fb931a0a21e8c8bd44ea5150b1e52fd85bbcfee3c38bdca486999e339f201c071e40d2f4ca37e72ade68c97aee669142380974e3a301684610b1305e050e056215b5aa28918c48d22adad08965a04daf5ff83082f0a07607972a2a7eab4103f8b5182316efc249701213968ddff26c54c00e443400d43c6864285967719486099b17f9a128464e53d3d660fdfc74ad938344c087e71d787e5bb20d5af8c15eeca9803e259e5bf206c1f2b50db933f2ad5c3f44805cd68ab618a4f8336bfec782c5b9c12ca12acc1bac326e3b83924d6e36eb446f8f6de0fecf005c1eec8b49038722f62c44012be4496fe7fdf1b4bfd399fe0c0916ffd1c110d0c738baa99c77ec54646a27c83e389584fd0fb0204e666c827ba633daa7061bc9ef7f1f478f07a2942e44598a3e38c2265b27722af65cd076a84afbd9deb2e991ce1137590ef1a628c2e76f278c65116aa11647178c0f59e0c0d29c5105af6a77e4f9558eacb597dad3496c90a4d92b1be421e3b1c256de5b7bd07076b7a1c8a24e0df92ca475a957b60767e25e23bc706d474b047aadddccbc4b4c8969e71507267175c0f1d7f1d9bbc31413a9e2766b02c79b925a4ac7779364b8782854f81e556842b2c9d5618327751b15c8fb6ba24ff0b0228f8fe25e97c9ea20e4f6b556bb60385f7b6cfd5752c5ba03798bef31faa4852068e8d8b1513d20f48e2800475b8776276cbe31b12c7f05e801e4a6ff18e0069ab646f11924731a31f60b261a5c7db6d302fd0ac41decc25e1ff6eee5c4c2147c570c3e9d3ae5cf141a49c38a1ca970b392f69e79fe6ff028b92f0c8852c9b0ee349c664813dacd1e1d50301b421e99b8bb88a374ebe1bb650f4a9abcc796de8466087295be96d548352b72ca4e844100b8e197b14f460758a0960a911d3c738a6edd7e1d3b5a09d0296fd5eccf73555167906387f44ed8955b93c1e6908c12c36f50d0215cac6b8a1b410ca0eaad089e8b1063eb8d822701e93b678eac345baf068ae3a6b82849587d2d23c40ac085362c2aa7db00c00f3874b8cd1653b7d4e5f3feb0bedf39e33382d53dfc8bf366e30c126917d7ef9813fb4f1ab55415bb69d4c9fd763288568f9e1a899f3284dfce1d7bffb346c59de64ca23d9556df10044238e84e33ad5aa35deff74a04b04e5e80df2e35c97ee7fbf864b9ab880d5e30872bf5aa82156fc1e9caffd3c00d734d6620f0cbb33aa20c57b3d42e2af33fe81f280a1e1a1ebc636b2a13893ce7de6d8c089ca0da18211381f751cef1c0ae385d89573ffb4b1fe60b8a27d8a35496817c14054105ab8196363bd97703178ae261c170235a909fdd45c60ba6dfe61abf79072ba36bc83d0964465cf0c1ce5fcbf5696bdfbbfef9dea3b2deb59ba5610025b0e19aae200ba87c399e910b56c500e409f663274c49791f89bff488c977c5bde4d76c81f34d8c15f8413fc42785c12ed389fc7b9068c168f36e6f1e97c7853e354c25eb4e9e1e8b0abdd890e2a76e5effd9977d30e682dd02f8f8f58e3f8b703f903a13eeb1d32e4c20f1ef89d0b64659908073ea727523f8ab1533ff34caeeb8dd212987fd70a590c918b4c7a829935839153ecd6c98177ecd30ace1c741e529ec280bdc7ddc595910d84c5164367acaa6d685a92c3c5d44826e776274402efb0256afeb74d91618127aa25443cb1de25d181bd3c99fe667561c959dcf466a04355c0515f6ae27df83d33dbd6a81c7eb9de93a40117234d610ab7403cf18ac8d1abb25c3579a74ae44fbf20f30cfdda3cd1cf4b7f1341751266d0461a72c914791eab2ffe2a50de17050819b8ce7168d063418e67e68cd22982cedcdc510d192bf177fa39252fccf821ba47947ce0f22db054d35a61b4baecec7981519d39905dbd9588c695a3aab184cafc974328a21fe6f74f72233a86c48ace4556dddc9b07068700bfd6ec53eae002aee680993eb2f0faa80179c8a2e2ffc9c9395c5a4920b80dbdcb4b83a54132310bce5097acd7820d66580dacb50a415889aafe415a9006f546ca524a016ef0a7cd692fb6c23a5856b1eac5da316ecd28715a1a9eb0ead1053bedf2152ba95810fd485ef6e75234f7bc17861d83a69bfba1b2bf689648b77015c54926a86a5026b233b2ca103cc160744aa63249c86e7508990ace3e3e5d3c7764d276ff1c929848f4408ed026aeb7b51dc276b18884f369c5a05ee413171fc55efe2af29125afa4c98bb793d717b1678813605da851ec106796c7ef0bc892658de2255e93fda1d5d16fddd8f690326a10688e3fa9fa015278f3117618d7f63c283382beaac0dd369179bb152acecf8d9cd656133adcc98f173a73fe0101b5d489ea3a64806c0de4302f3c57d2988b0c15e91bb334d08b24f4856490a088c0f8738af26eb42939f5951f63da629735ac7e2c81d4c2b2209b1a080b44945cf0d688f52ed6c2ea0992f3e34012524ecdebf57f79f20eb4162d6166a195a9e2e2cf89dd2bbe912b5101f52a5c12f3a11212e98b2d7ecf41d64e0636927a35a7c017b1dc07b3617283c9454ae8f40fc01a69115348ec60e5ec754d5ae0d235e700171ff0407efebc50da11d22f08b2b6bb20dc723b9c0d4875dc965444894f9963f6e13f6e449d5782df1d557104c0db141178cf6747b57433cc589a7446f7a1b020847136a534a203ba20ea5be1d95a565e12a515ac41699da9979e82e706a2b8f8a2bc935e44f5246e0c082ca1be65e510464ea51750f9fd5f7179bf8a1578215191b993cd37ffdd22682d277477a7c8331bbe11c6f9726e90c361aa6ae0e997f5836a706cc4d561172ba346be359f04f25051a811d68cb342ff5e2c70da5ffc99278924cb244fbfe48e09138917b7494add2682360fe9b50c003674fc19f8f7ec65339c9c7f670f3f6dbcf8ccd29c59aaed9c0d768099e3edd3d40bc3d514fbf86b268ee24471e334c4443243072d9317ad3d83f71aea6e13997a7867c032dc807a032aa5ec340aa99f6064815aa00dbe9d137926b312602be9eb83af520d4278f3efce83da5dcd280cd77a9af5bf66cdf2fb22cf2a381bd96a7fde7f08f92fb55c4da7a6d1e11e67354f3269feb80a411c030a4bb021058c04d3e7386a50cb63026b9d490502dfcebf5f52a62a47d231ca2ff93dc7495246158993405c7dd3e0769e7cbc87c6b9000a8e76d539b07734cbd97dbb498e547841af9147cffb738eec8ab6288dd470f3622bb60f19655c1282433c599bbf64b469e299c401e8afccd5cf85465f49df5a1b6410e7834fa57608f7085f5eaff2193778f19d29d362e2a01c72d0609a3ce7c113f65e029300f167d5188da65aaf44ab75d9ec35f9fd1ce4d8fc15227bfc533df58d7c18e255b60b9771e9e7c27200e031daaa291ab7cf9aa4d6ea9946dba566c2df937f6c7653dc3cdc2f69c6c30a82fda9a071f5c686ce337a117b8b122dab99889125c41a0c3797e9a4ff47cda4cb79d871f352aefb807a47a7a342f022e175d8b8037e72343269b352cd48cf285933964a57da7856a2f0c53defdb037330617b6caab2dbf6958c3abe26257040ae9d658d77f2b929f15f37c2a07dfc50707e415fada50bb9dd919217227b33f27d21b5cb773ac6fddc1610745968d1dcd19167116bda1bcb7ae7867ec8cdea92cbc5df01d12b3528d08953dd24bfb71dcc8e37373c2ed5b334482e596d13dd2c45fd94d0be0f3c387a8ca04ccd664f3d5dbefef1a37f34ca33770efc0ed777fc99b2e1a76510cebae9a823e140f6f1efcde90ebd4672c5a55ba81b57848d24af896296b4b87b64d18a5b2f10915d0b975ec530b0de051d73b4522a850be99eab9813f158c3f244840f523dd5d909f15d053ffb231201114c0f09a0faba036eea0e75253ab555f76623f0fd8db08a70cbffd3ce9bf9be986b51d5cfff75fba47df31ee07455ca64afe49bea6e789828443d331caf349ca59fd0f754458243c52d0baae7e3a609f13467b6aba079180e256aeaa719f239f341cfd7d013597c811dd553d7bdbbbee75674d1c39f4fca9259e7a41e4571dde521429b18b2485ff0f25e34ad6b892808cd6dc5f732afbdc23dfa70ac2dde174f57fc0cae361a11be7bb6e63bfc321aa92ff77300da434c1a89b8bd6e45de318360ba9a64f70a96d7a1f207728143103958cf862880a95565b1ce787bf1c164f5c37fc0a957b96cdcb6a2d8d56b4091a71d28b176aacb11f24cb0775cf0f84cdc9125801a3b19a8502b713c25985b1ae19eefda243dd9c0abe0e5f43a3195a8d5acee0894a72bb9c3a2f01067547394f3b9a9743081c03566aedbf74b8a882940078ba006387fc6afc02de232546ce9581f6852fab6f47dc43f74a34e3ae3c8eb670d2fca2a12ad4a77d8cda7ffd91a9326d81a2faa9bb01f81e31333a2c13eef58c1e17c766b46501e94a5ca33b5c27c8286c0130b6b7251503a10e51b57e9a8870ebd73ac3e698b53d001931761c084711dc783d90d07fdc49c2b3f94de1efc4a8708eeeae60eb6f21037863c2070fd494fbc7b902c23675105cf2c324860dcb78006b247665c99bdd017e59fdefdbae358507ea883f1e76956efa63bba7dff661c1a54e5ef8555794bac762478f4d68f72dcf52b09d491f85f628d1c8a4ad8ca9dad20a7037f2c43fc4d78c7664522384392c1100c0d341ed200b1b4501ae3b8fa5a52359f33f9b8d960f3251933c16408d464087d03c5f20df3bb3c55c9ee881a8b74fbc8308ccdd07f6d4199cdd7509c47d5101188c13b65667e2260a51a66e56413ee42f711f541e2893f573f31fe49463746ee939a9d51a144fed05b625d89eb05954f309f5d0b22049b15491e103daa6decb44c9ef63e771b855165025448edeadd458e25c32863e8eb43c565611c4a983ea58868aea62e7cf80a15923fe4587ec3f02d25c595a32ab56a412e4a8d873951f5289a842e8c45b3a71e45a6f0069688ca327d9e4f92ebe856539de6d91cf4a821fa1f0e36b9e244660c559129e7c40fb1d18683ffd1e3c02cb393a840b62dc9fc7930facc683f4a2c5c08a208ecfa8a7cd8c3d6f7a77bf25607281c6a61051d579180aa202651fb61e5c4e6e4131f8db0cd2f473e239c16474758de623ec94ecc741172b21ab0f2fa6f7ab56930ef00c9d53bc14bdcbaf1b7646ec3eb25f5e423b9a5edec8d6d1158a736bdae5f7eb70d8e63c87f8405a1d8287acab08491fa13036013f0495ce863f0b02b3ff7d47099fec"], 0x2e)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fd\x00')
write$binfmt_aout(r3, &(0x7f0000000300)={{0x108, 0x6, 0x80, 0x2ad, 0x310, 0x8, 0x32, 0x4}, "87c25f1c2c4848dd9db69645b0a4307c3f375b2a2c900d17a4a2af73b8a4ddc69c09520a4f99084a3e91d419abc5537382b0b69a253166819d2d0950071df8ff79f8b8cbe269fb6f14fd5635f5990fcc937977a540e7692e638fe4", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x57b)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)={{0x0, 0x0, 0xff, 0x0, 0x1}, "e0db894052e6672d8763c85b172e6d38085e68e8a2ffe85eb78174ccefed751ae81e2f0ee04169191e8d0e8da4ac87c8ba7989b7a51b3d1bc856d7d3b7b8396e69b8543e884cc667d4250a9552527cd23dc92646c91975127c92fb990d46bc2566794876f8c4f5aaf9908589356312a957a2c24a8ad23ad072d1f96c7b3225cb16e507ec19a44b2450fa7aa6bb51d525aaed3be4bf489b489920f423022fbc976bb9649a276d19262c02683c81a749318a8de0cf7318e43894abcfbde0cfc0bdae9e0d892c23714632d66c44cc2adf337f10e61bd846d3124325ea2eb28a87c311405bf2448843433a5087cbe52ea89a41c9e74fbec9ab35e65eacba1b091ee7ce7d7463e5ffffffff3de4ad8e148a90018c8faa6d77ce4400"/304}, 0x150)

13:54:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xfffffff6, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 95)

13:54:34 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000040)=0x1402, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000000)=0x7, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:54:34 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1, 0x1, 0x3, 0x40, 0x0, 0x8001, 0x60, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x6, 0x4, @perf_bp={&(0x7f0000000040), 0x10}, 0x0, 0x5, 0x2c9, 0x5, 0x10001, 0x1, 0x2, 0x0, 0x80000000, 0x0, 0x6}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x0)

13:54:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x50020000)

13:54:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 46)

13:54:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5412, &(0x7f0000000040))

[ 1119.706896] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1119.706896]    program syz-executor.2 not setting count and/or reply_len properly
13:54:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 47)

[ 1119.711051] FAULT_INJECTION: forcing a failure.
[ 1119.711051] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.711984] CPU: 1 UID: 0 PID: 8815 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1119.712002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.712011] Call Trace:
[ 1119.712016]  <TASK>
13:54:34 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r1, 0xb341daa0822653b3, 0x0, 0x0, {0x15}}, 0x14}}, 0x0)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r1, 0x10, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xa28eba0777fc0315}, 0x488c4)
r2 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r2, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r2, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1119.712021]  dump_stack_lvl+0xfa/0x120
[ 1119.712052]  should_fail_ex+0x4d7/0x5e0
[ 1119.712078]  _copy_from_iter+0x1dc/0x15b0
[ 1119.712102]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1119.712122]  ? __pfx__copy_from_iter+0x10/0x10
[ 1119.712145]  ? find_held_lock+0x2b/0x80
[ 1119.712164]  ? __create_object+0x59/0x80
[ 1119.712180]  ? lock_release+0xc8/0x290
[ 1119.712195]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1119.712224]  copy_page_from_iter+0xe3/0x180
[ 1119.712250]  bio_copy_from_iter+0x108/0x270
[ 1119.712276]  blk_rq_map_user_iov+0xc07/0x1180
[ 1119.712301]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1119.712320]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1119.712343]  ? find_held_lock+0x2b/0x80
[ 1119.712361]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1119.712378]  ? lock_release+0xc8/0x290
[ 1119.712390]  ? import_ubuf+0x1be/0x220
[ 1119.712414]  blk_rq_map_user_io+0x1cf/0x200
[ 1119.712434]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1119.712451]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1119.712481]  ? irq_work_queue+0x9c/0x100
[ 1119.712499]  ? __asan_memset+0x24/0x50
[ 1119.712523]  sg_common_write.constprop.0+0xd75/0x1710
[ 1119.712547]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1119.712563]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1119.712583]  ? ___ratelimit+0x465/0xa10
[ 1119.712610]  sg_write.part.0+0x6a2/0xb50
[ 1119.712627]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1119.712645]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.712662]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1119.712680]  ? lock_acquire+0x15e/0x2f0
[ 1119.712694]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.712706]  ? find_held_lock+0x2b/0x80
[ 1119.712725]  ? get_pid_task+0xfd/0x250
[ 1119.712749]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.712764]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1119.712778]  ? avc_policy_seqno+0x9/0x20
[ 1119.712796]  ? selinux_file_permission+0x99/0x600
[ 1119.712816]  sg_write+0x86/0xe0
[ 1119.712831]  vfs_write+0x2b7/0x1150
[ 1119.712851]  ? __pfx_sg_write+0x10/0x10
[ 1119.712865]  ? lock_acquire+0x15e/0x2f0
[ 1119.712879]  ? __fget_files+0x34/0x3b0
[ 1119.712898]  ? __pfx_vfs_write+0x10/0x10
[ 1119.712918]  ? __fget_files+0x203/0x3b0
[ 1119.712936]  ? lock_release+0xc8/0x290
[ 1119.712953]  ? __fget_files+0x20d/0x3b0
[ 1119.712979]  ksys_write+0x121/0x240
[ 1119.712999]  ? __pfx_ksys_write+0x10/0x10
[ 1119.713027]  do_syscall_64+0xbf/0x360
[ 1119.713042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.713056] RIP: 0033:0x7fbb63381b19
[ 1119.713066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.713080] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1119.713093] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1119.713102] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1119.713110] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.713119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1119.713127] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1119.713148]  </TASK>
13:54:34 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SG_GET_ACCESS_COUNT(r3, 0x2289, &(0x7f0000000040))
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[ 1119.790636] FAULT_INJECTION: forcing a failure.
[ 1119.790636] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1119.790713] CPU: 1 UID: 0 PID: 8830 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1119.790730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.790738] Call Trace:
[ 1119.790742]  <TASK>
[ 1119.790748]  dump_stack_lvl+0xfa/0x120
[ 1119.790775]  should_fail_ex+0x4d7/0x5e0
[ 1119.790799]  should_fail_alloc_page+0xe0/0x110
[ 1119.790834]  prepare_alloc_pages+0x1af/0x500
[ 1119.790853]  __alloc_frozen_pages_noprof+0x17f/0x1f10
13:54:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x54020000)

13:54:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 48)

13:54:34 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000000)={'ip_vti0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x7807, 0x0, 0x4, 0x9, {{0x2c, 0x4, 0x3, 0x0, 0xb0, 0x64, 0x0, 0x1f, 0x2f, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x18}, {[@timestamp={0x44, 0x28, 0x53, 0x0, 0x5, [0x1, 0x1, 0x81, 0x7, 0xc000000, 0x401, 0x81, 0x1ff, 0x4a]}, @timestamp_addr={0x44, 0x24, 0x5b, 0x1, 0x7, [{@dev={0xac, 0x14, 0x14, 0x1b}, 0xffffffff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1f}, {@private=0xa010101, 0x8}, {@dev={0xac, 0x14, 0x14, 0x38}, 0x1000}]}, @timestamp_prespec={0x44, 0x2c, 0x35, 0x3, 0x5, [{@rand_addr=0x64010101}, {@multicast2, 0x4}, {@local, 0x3}, {@multicast2, 0xfffffffa}, {@multicast2, 0x6}]}, @rr={0x7, 0x23, 0xc, [@local, @local, @multicast2, @multicast2, @multicast1, @broadcast, @dev={0xac, 0x14, 0x14, 0x21}, @remote]}]}}}}})
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1119.790872]  ? __is_insn_slot_addr+0x136/0x290
[ 1119.790891]  ? lock_release+0xc8/0x290
[ 1119.790909]  ? __is_insn_slot_addr+0x140/0x290
[ 1119.790930]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1119.790947]  ? perf_trace_lock_acquire+0xc9/0x700
13:54:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 96)

[ 1119.790962]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1119.790981]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1119.791000]  ? perf_trace_lock_acquire+0xc9/0x700
13:54:34 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0xcc0}}, './file1\x00'})
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x3, 0x8e, 0x2, 0x3, 0x0, 0x4dd6, 0x2000, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x101, 0x7, @perf_config_ext={0xb4, 0x6}, 0x5800, 0xda3, 0x9, 0x7, 0x9, 0x2, 0xff, 0x0, 0xc8b, 0x0, 0x4c26}, 0x0, 0xffffffffffffffff, r2, 0x8)

[ 1119.791013]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1119.791029]  ? policy_nodemask+0xeb/0x4e0
[ 1119.791047]  alloc_pages_mpol+0xed/0x340
[ 1119.791063]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1119.791077]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1119.791098]  alloc_pages_noprof+0xa1/0x380
[ 1119.791115]  __pud_alloc+0x3f/0x7c0
[ 1119.791135]  copy_page_range+0x2f34/0x4ac0
[ 1119.791154]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1119.791181]  ? lock_is_held_type+0x9e/0x120
[ 1119.791208]  ? __pfx_copy_page_range+0x10/0x10
[ 1119.791225]  ? mas_destroy+0x5ce/0x9c0
[ 1119.791246]  ? mas_store+0x17b/0x540
[ 1119.791261]  ? __pfx_mas_store+0x10/0x10
[ 1119.791274]  ? lock_release+0xc8/0x290
[ 1119.791296]  ? lock_is_held_type+0x9e/0x120
[ 1119.791318]  dup_mmap+0xd2f/0x1d10
[ 1119.791348]  ? __pfx_dup_mmap+0x10/0x10
[ 1119.791374]  ? lock_is_held_type+0x9e/0x120
[ 1119.791398]  copy_process+0x6faf/0x73e0
[ 1119.791412]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1119.791435]  ? __pfx_copy_process+0x10/0x10
[ 1119.791447]  ? __might_fault+0xe0/0x190
[ 1119.791464]  ? _copy_from_user+0x5b/0xd0
[ 1119.791490]  kernel_clone+0xea/0x7f0
[ 1119.791501]  ? get_pid_task+0xfd/0x250
[ 1119.791523]  ? __pfx_kernel_clone+0x10/0x10
[ 1119.791533]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.791552]  ? find_held_lock+0x2b/0x80
[ 1119.791569]  ? ksys_write+0x121/0x240
[ 1119.791590]  ? lock_is_held_type+0x9e/0x120
[ 1119.791612]  __do_sys_clone3+0x1f5/0x280
[ 1119.791624]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1119.791648]  ? __fget_files+0x20d/0x3b0
[ 1119.791673]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1119.791696]  ? ksys_write+0x1a3/0x240
[ 1119.791715]  ? __pfx_ksys_write+0x10/0x10
[ 1119.791741]  do_syscall_64+0xbf/0x360
[ 1119.791755]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.791768] RIP: 0033:0x7f7b289bfb19
[ 1119.791778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
13:54:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0xffffffff, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1119.791790] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1119.791803] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1119.791811] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1119.791819] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
13:54:35 executing program 0:
r0 = eventfd2(0x5, 0x1)
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000040)=0x5c)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r3 = dup2(r2, r1)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c85dc27d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000"/288], 0x120)

13:54:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x54030000)

[ 1119.791826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1119.791834] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1119.791854]  </TASK>
[ 1119.904782] FAULT_INJECTION: forcing a failure.
[ 1119.904782] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1119.904811] CPU: 0 UID: 0 PID: 8840 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
13:54:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 97)

[ 1119.904832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.904841] Call Trace:
[ 1119.904846]  <TASK>
[ 1119.904852]  dump_stack_lvl+0xfa/0x120
[ 1119.904882]  should_fail_ex+0x4d7/0x5e0
[ 1119.904907]  should_fail_alloc_page+0xe0/0x110
[ 1119.904933]  prepare_alloc_pages+0x1af/0x500
[ 1119.904953]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[ 1119.904975]  ? lock_release+0xc8/0x290
[ 1119.904993]  ? __is_insn_slot_addr+0x140/0x290
[ 1119.905015]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1119.905033]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1119.905049]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1119.905066]  ? look_up_lock_class+0x56/0x150
[ 1119.905090]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1119.905108]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1119.905126]  ? policy_nodemask+0xeb/0x4e0
[ 1119.905146]  alloc_pages_mpol+0xed/0x340
[ 1119.905163]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1119.905180]  ? find_held_lock+0x2b/0x80
13:54:35 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 49)

[ 1119.905201]  ? __pud_alloc+0x571/0x7c0
[ 1119.905221]  alloc_pages_noprof+0xa1/0x380
[ 1119.905241]  __pmd_alloc+0x3b/0x980
[ 1119.905260]  copy_page_range+0x2ec2/0x4ac0
[ 1119.905279]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1119.905306]  ? lock_is_held_type+0x9e/0x120
[ 1119.905333]  ? __pfx_copy_page_range+0x10/0x10
[ 1119.905350]  ? mas_destroy+0x5ce/0x9c0
[ 1119.905371]  ? mas_store+0x17b/0x540
[ 1119.905391]  ? __pfx_mas_store+0x10/0x10
[ 1119.905404]  ? lock_release+0xc8/0x290
13:54:35 executing program 3:
r0 = getpid()
pidfd_open(r0, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x8}, r0, 0x400000000000000, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[ 1119.905427]  ? lock_is_held_type+0x9e/0x120
[ 1119.905451]  dup_mmap+0xd2f/0x1d10
[ 1119.905477]  ? __pfx_dup_mmap+0x10/0x10
[ 1119.905505]  ? lock_is_held_type+0x9e/0x120
[ 1119.905532]  copy_process+0x6faf/0x73e0
[ 1119.905546]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1119.905571]  ? __pfx_copy_process+0x10/0x10
[ 1119.905584]  ? __might_fault+0xe0/0x190
[ 1119.905601]  ? _copy_from_user+0x5b/0xd0
[ 1119.905627]  kernel_clone+0xea/0x7f0
[ 1119.905638]  ? get_pid_task+0xfd/0x250
[ 1119.905662]  ? __pfx_kernel_clone+0x10/0x10
[ 1119.905673]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.905692]  ? find_held_lock+0x2b/0x80
[ 1119.905709]  ? ksys_write+0x121/0x240
[ 1119.905729]  ? lock_is_held_type+0x9e/0x120
[ 1119.905753]  __do_sys_clone3+0x1f5/0x280
[ 1119.905765]  ? __pfx___do_sys_clone3+0x10/0x10
13:54:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="03ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1119.905790]  ? __fget_files+0x20d/0x3b0
[ 1119.905820]  ? fput+0x6a/0x100
[ 1119.905836]  ? ksys_write+0x1a3/0x240
[ 1119.905864]  ? __pfx_ksys_write+0x10/0x10
[ 1119.905888]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1119.905919]  do_syscall_64+0xbf/0x360
[ 1119.905936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.905954] RIP: 0033:0x7f7b289bfb19
[ 1119.905965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.905982] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1119.905995] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1119.906004] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1119.906013] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.906022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1119.906033] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1119.906061]  </TASK>
[ 1119.936878] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1119.936878]    program syz-executor.2 not setting count and/or reply_len properly
[ 1119.937831] FAULT_INJECTION: forcing a failure.
[ 1119.937831] name failslab, interval 1, probability 0, space 0, times 0
[ 1119.937853] CPU: 1 UID: 0 PID: 8849 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1119.937869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.937877] Call Trace:
[ 1119.937881]  <TASK>
[ 1119.937886]  dump_stack_lvl+0xfa/0x120
[ 1119.937915]  should_fail_ex+0x4d7/0x5e0
[ 1119.937939]  ? blk_rq_map_user_iov+0x1fd/0x1180
[ 1119.937956]  should_failslab+0xc2/0x120
[ 1119.937979]  __kmalloc_noprof+0xb4/0x4b0
[ 1119.938002]  blk_rq_map_user_iov+0x1fd/0x1180
[ 1119.938025]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1119.938047]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1119.938067]  ? find_held_lock+0x2b/0x80
[ 1119.938084]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1119.938101]  ? lock_release+0xc8/0x290
[ 1119.938112]  ? import_ubuf+0x1be/0x220
[ 1119.938136]  blk_rq_map_user_io+0x1cf/0x200
[ 1119.938154]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1119.938170]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1119.938194]  ? irq_work_queue+0x9c/0x100
[ 1119.938210]  ? __asan_memset+0x24/0x50
[ 1119.938232]  sg_common_write.constprop.0+0xd75/0x1710
[ 1119.938253]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1119.938269]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1119.938287]  ? ___ratelimit+0x465/0xa10
[ 1119.938312]  sg_write.part.0+0x6a2/0xb50
[ 1119.938332]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1119.938349]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.938365]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1119.938381]  ? lock_acquire+0x15e/0x2f0
[ 1119.938394]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.938405]  ? find_held_lock+0x2b/0x80
[ 1119.938422]  ? get_pid_task+0xfd/0x250
[ 1119.938444]  ? perf_trace_lock+0xb5/0x5d0
[ 1119.938458]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1119.938471]  ? avc_policy_seqno+0x9/0x20
[ 1119.938488]  ? selinux_file_permission+0x99/0x600
[ 1119.938508]  sg_write+0x86/0xe0
[ 1119.938521]  vfs_write+0x2b7/0x1150
[ 1119.938540]  ? __pfx_sg_write+0x10/0x10
[ 1119.938553]  ? lock_acquire+0x15e/0x2f0
[ 1119.938565]  ? __fget_files+0x34/0x3b0
[ 1119.938584]  ? __pfx_vfs_write+0x10/0x10
[ 1119.938602]  ? __fget_files+0x203/0x3b0
[ 1119.938620]  ? lock_release+0xc8/0x290
[ 1119.938635]  ? __fget_files+0x20d/0x3b0
[ 1119.938660]  ksys_write+0x121/0x240
[ 1119.938678]  ? __pfx_ksys_write+0x10/0x10
[ 1119.938704]  do_syscall_64+0xbf/0x360
[ 1119.938718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.938731] RIP: 0033:0x7fbb63381b19
[ 1119.938741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.938753] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1119.938766] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1119.938774] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1119.938782] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.938789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1119.938797] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1119.938827]  </TASK>
[ 1120.073417] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1120.073417]    program syz-executor.2 not setting count and/or reply_len properly
[ 1120.115085] FAULT_INJECTION: forcing a failure.
[ 1120.115085] name failslab, interval 1, probability 0, space 0, times 0
[ 1120.115111] CPU: 0 UID: 0 PID: 8868 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1120.115128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1120.115136] Call Trace:
[ 1120.115141]  <TASK>
[ 1120.115146]  dump_stack_lvl+0xfa/0x120
[ 1120.115179]  should_fail_ex+0x4d7/0x5e0
[ 1120.115204]  ? __pmd_alloc+0x98/0x980
[ 1120.115220]  should_failslab+0xc2/0x120
[ 1120.115243]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1120.115269]  __pmd_alloc+0x98/0x980
[ 1120.115288]  copy_page_range+0x2ec2/0x4ac0
[ 1120.115307]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1120.115339]  ? lock_is_held_type+0x9e/0x120
[ 1120.115366]  ? __pfx_copy_page_range+0x10/0x10
[ 1120.115383]  ? mas_destroy+0x5ce/0x9c0
[ 1120.115404]  ? mas_store+0x17b/0x540
[ 1120.115420]  ? __pfx_mas_store+0x10/0x10
[ 1120.115433]  ? lock_release+0xc8/0x290
[ 1120.115455]  ? lock_is_held_type+0x9e/0x120
[ 1120.115477]  dup_mmap+0xd2f/0x1d10
[ 1120.115503]  ? __pfx_dup_mmap+0x10/0x10
[ 1120.115530]  ? lock_is_held_type+0x9e/0x120
[ 1120.115554]  copy_process+0x6faf/0x73e0
[ 1120.115568]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1120.115591]  ? __pfx_copy_process+0x10/0x10
[ 1120.115603]  ? __might_fault+0xe0/0x190
[ 1120.115620]  ? _copy_from_user+0x5b/0xd0
[ 1120.115646]  kernel_clone+0xea/0x7f0
[ 1120.115657]  ? get_pid_task+0xfd/0x250
[ 1120.115679]  ? __pfx_kernel_clone+0x10/0x10
[ 1120.115690]  ? perf_trace_lock+0xb5/0x5d0
[ 1120.115708]  ? find_held_lock+0x2b/0x80
[ 1120.115726]  ? ksys_write+0x121/0x240
[ 1120.115746]  ? lock_is_held_type+0x9e/0x120
[ 1120.115768]  __do_sys_clone3+0x1f5/0x280
[ 1120.115781]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1120.115805]  ? __fget_files+0x20d/0x3b0
[ 1120.115830]  ? fput+0x6a/0x100
[ 1120.115843]  ? ksys_write+0x1a3/0x240
[ 1120.115862]  ? __pfx_ksys_write+0x10/0x10
[ 1120.115883]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1120.115909]  do_syscall_64+0xbf/0x360
[ 1120.115924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1120.115937] RIP: 0033:0x7f7b289bfb19
[ 1120.115947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1120.115959] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1120.115971] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1120.115979] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1120.115987] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1120.115994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1120.116002] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1120.116022]  </TASK>
13:54:44 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000002000"/288], 0x120)

13:54:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x80040000)

13:54:44 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 98)

13:54:44 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
write$binfmt_elf32(r0, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x5, 0x40, 0x9, 0x1, 0x3, 0x6, 0x1ff, 0x1be, 0x38, 0x146, 0x8, 0x2c8, 0x20, 0x2, 0x7, 0x7b, 0x5}, [{0x2, 0x8000, 0x8001, 0x2, 0xf01a, 0x2, 0x8, 0x81}, {0x3, 0x2, 0x5bf, 0x1, 0x1, 0x6, 0x3, 0x20000}], "1e9960070fc76e79b5a627e3d376bb59e3621f09e8c0a049643f3056a6b4e05f4cd2a1926a3fe204264af6d0015bf90cdb45c5ec79b05bccf4aca4aa2bc27deb15d49543cbdca280ddbb6230fe4bdff700a818719f27ace98471dd35c02b25ded4a9c210cb8a7e7b5151ef72087b01c4020416379cc712086e65201e09a52e3531e444a5b8b359b6cdeb24c010917d63dcfaa63f312b03cd621a4749940451cf9bc4294e6dbe9a5c61a10f18c6aa62535a0432536c767851e4c682ff10d67dca10190458489dd91536adde75030dcef3f00e2a83767db8742f3831c5da3cb69a67919cf8c33da4e0b204d137f3ce884c0e690a7154c6df9346748b90f8edcfb1356aa3dddc22e3db162a98878cf19c15172353b8a76032539f57aa050f0e79593a093806c966a8034468beb4fc4bd774ffb2ceabd4f68ae82241ad49e800e38a90d5dd8f5b50d87387277ff3d1ce918bb734632a3de247e5e25e65e460079ee860b44c70a3efd75be97ba1bdac1e8282b2b410b0079e9e5be36bb8fe0a6d84b3b9e7ac82a8c168b71669dc446d52bbbb1e776f9a0d89e430e8f0ff0cd515d53aabea45ba6b9514e4dd0c703f2e8f1e40e694e19fc403f71f34fbe39e13047627b636ccf1f0aee837840102cbd8cc4f27946f89b3c15db80887ff76ef3457b2ba6c6c0d95fd082c741ae97d41ecadb452b340cb874a3bbfaefad339d210908513ccea0b0e1df6e4368703713de8b39e081cf8c7b16772051cb3fbe9a5c73fdbe2de7c783fcc62b04247aa89fa22861843656514f9bc219941e388979bf09cf46b4735d5b3a7ec44c72f5c0e61ff48739b82c34c0baa58b460e90d3e1f04444daf24173c73f1ab5bfd8b0a42395a1c61814b7fbe353144393b9a19d247728d7dcf5454477aefeaa2c5a6d93cb95a037a5ff87fd32532038d5c63bb130706eb3ed18fb4bb3b76b00ac1ec4a21fe57b40cd6e2c35ce4e2177e9956bb42306a546df3eaa9a5ac2a427f4971236deb1915c9782bcc6d68b903b6579da41f0b700602810bd91542661a1385f3acc08780b1ba8fb513ab3fc100d58e8f613211453d7c4f16dc8e3945e498214f0aec007d72e4e018ff3e78859647c8fc0a038213657eae2121500f4e41873bc99171ecb29633ccf109ffefbd84d6df7b786f6336d82080d4025ed73660024c46b5c08b6a79e903d451a72a7a877f8b3cbaed064fcefaa80525a0282d8d33cb8b8195cb11a15964d377d0e3d324fefb55360f5148d4759b8a8386879cda477da459cdcf9349017c8122ff1b7179d2c506542225ba3d8d0a35d60f2e760a771484e3aee5d69877f505f3def81dbe96ec1f522e8205f69d6d8b2f34ffd3ba736715f778ee4eecd620a8fa59ad4bc89e62b52a2277589ec88360d84e152921bacdc079e98d5d2bc220f97b7422cb4a4bfb76f3b9959c56ec657aface17d4d5e4b39bffa161a1647d63e4f87c533d3d04cc1c32a80004f4999a16e4f12e266dcdcccafed5dc4e638d131dabd4126d06490f3b4080a5446551a038fe9efcf8e9f9f1c9f8ba5b10eb2ad4c0a089a813f60efc208087d01cf08cb6eee05fc4215ebe078eaef8d5baedd716a1ccd6089b32a9e6c774275c0aec8337e04cb79c45836646a5de3031d86017da019e7c42a9351c2a063bf5be6b88b549b257d6a708b640012114b5226d2dd80fcd82e1b9872b6b6122c303b32923479c0d4266d0a379bc21f6618b899e6778e8ed496466430df60d81e73eeb7cccbb2b74ef744897ee8d443cf1e37c7bd2fdc10234fd8119b77e1d88d481f0799bfc51d5b4b6ebd3d50b374697f21149a82dce29d6deb12f536e3a6fdd300bb50f57670c89a5a696bc8675f0891dc215cd6dc567834daa31ddc46b71e90946e350e598ed33ed3b2c808c3dbcfbc70157fff406b3e43e5ffcce788853fc0a00988d3a41b14fd9cf8cab175e070d80054200d0a4b52c58e45a6926ba1292300c3b399cf937f2dc2549236e73783861d9f33eb87440df3b74201c63e2bf15426709f9e0ecdd5f76b3a3ab8262dfc6c75f37548b8a9a5982502e88417cbc0f1b05f167d6de356daa0f47bbf6f7e2b78e145483871b13dd253af5a175115806b3d45d1302036b73d100408b8a9a664eb6d2347d493d4e740be6c269b394995f179eba09dc32971263748c91cc020136ba5788f0910244b3acd4a969c22b8a7519f807e715b8fe5ed6b26ba2bb8431e7cc7ff78c3000616636f06e341f3b9f12017660de50cd9db69977ccecab85e45b776771a571de146155b986787c02317591645743646e0181fb1235e1821388f45eab6416f11e392da2160c90783490af0d85f9dc9ae789a65b7f522836f1b9e76e7e6fc84cbaa40c04492b9332a9b4f8dda63e44def173dfdc345d190d2dda7971535234cea18c660789a9b2a8a3e26796e350c40a7a6afa1ea4aeed8fd02bb5e5d6f2c97e77ab0b754642f1a2be6b0a149901d8bb6867cb7a6bbe5ce81bf089378c3475ee04a2e7b67b365db690d65b0d225aeac6fb94251b149c036bd5a84e8284cb9318aab479cceb9ff7f2eec604e9e47bd08c9f44ab84504d668bb98d15feb85f7fcf020263c51abf61af3c6b70d3484cb3b8a5efd6afcedefc795b2d838f7d495da053029b37b32e4a0a3359654bf0036ef64692cb4c298f92b0c39a2386db0c84128e45e0332a66a41bf1f1b9ff13bbbc7efda8ded338d2920569bdae71235266a1016ad6518d5d1693a7dac32d51cf54613aed914830cab8d0efa47bf935a5334a92d5b13fd902d6a2612ae57909e18d7580f066359435c010afb0636cd9e32069c0a6c3df780ed5a8a2625bc1210f8ec2b6698730bf69b0651af6cde307d7b94cfc48a33f9a87223ea73033f141851561cb64189b5927b9bf95579dbb4577e574615517754a9cdd8028e5c45474eca2714d185f8913a696efd5a654183e6803eba07d6ae579f1c277e4bf41ea5ccc62833b76d46405a54afc168a224207c695f00719fbbc7138929012bb44214a8626903765650fc344fa4d0b6a14bdd3e095713bfa3f9ff69251be3a38b41c8ec2223c10ed1b939ecc21284cd9be39f7a0ebbce064decf426cf2cea57cbf24d101a3333fb7044d1d79089b7703512a9ff74133769b424acea946bb026536e051780aa14c14d0c475ba84ea2a558890dd20d2abaead927c4125aef5a15fbde866b57d07f267024231a144c66189d1d931ea5c4866c26dd05c529c5a1912d473224bb6aac0dc24d79db4954f1920a187447554b6ee326ba1440ccf5da2fdee800b098160df5c73bb23372cadabddca9a463d6b191c598da5cc0548545adfbaed1916236b536bf7d5a3d5dadd686df7cd1ed1ba6625222c4f9a635bdbd27298459cf28d91852c340f5974a36739613ec9eddd9fd044b13150aebb37e9130f54f838a46d35b6e77f8fed5d1e0b4b50376d7b0e91253f73b23552ff7c5d94bcac0685aa5990acb713acad3ee64dfb280b3c6e2fa2f735dbefb77b68833bf5dd4e422e0eee87c641e86cda61590a5526ec11edd58b98e62c47fb2a19d575dbe4549c4b9a9ed0548d81cb4fd42b17b34fd0e13bcc577f72c8b88f9f4834eca024b722a9864b9635f80b9e9a14238bfe950c091855964880721bfeda7357f679fe9aab68d1ead4a6546700d6051c7f0d056ac7642c724207a23becc9f8dfce10069febaad5ff2183a38a4d0f7c6a624a28c3c2c5d36320b3f6aa925dc614810e9b5f3853343386ca3dbe86765422f132702eddbc8267eee69ca17eac36f4cc4cfdb5b2b58f4fede8a43a45f645aa0d8f682892603c8f0db220cdf881afd402cb8c3a9439de91cc9c13d7b8db9dfc93e8b7ffb4cd1a9a60a9a77484e440cef8093f4955c294bfd95c9beab3fc76b68fa50a9a2222c37f298205e0defe2c1f93430a427ad310129b8602c0e5c84b42224f991d4c3c37567f34325cc33741a2d0937274a2e3de0097377716d609a7e4aceff24f571aebb9c2327843d947e1d025f134755d8222f7e35c513690b85e5d824b028f78cb3a7d998239d0a92584fabddecbedd07de23464a909e56d8d0ebe4058e1e0d0d5071e65e3f174e79fabd683751e9be50e7b7e24fcd8ce4847f2152da2af22a3aea7ea21b936df029246b1c4ef20f03ae63ee2464a5a58c5b6d8e49fa91798fcef20a96b467649064a3f9905ed4a5541a984a7e379aaf670ce5b8d3d70c35a5865f444b6efc962721b3778ce0680fc9ba65aab208cddb7cdf988a8075a470837336164048b8eeb996e335fca9ef902d3c690f835110195cd3b1d376be37a77be896436510f383713e544a9d6dffba0a2f695c7033647df0a021e8f9df89fafe2d285d53672262e923f8de3da893d357d6508737f031ae41d3ba0eb254bdd4662320dbbdd0fa34c61aa8ed43966a09eda126a0bd1270404207e509cad0dafac289dd461a72d619985b5c2fa5f650f048957219e535eee8f0efcc237d5188128b43ba4c3fe9618d6a8bb9ee98f2b3c5b8b75997c91752136b607afc5bfc959e854675980e9e9864722bd95a7f4a5490242d1ee412c0fd1c35883b4a1e32db00c1b150ca45bd9233d5336e2dc9bd8cffbae8d987b0ff4ad50d9c73d29ab3e345eb81e0d4992bd2e5c6304ed54f50510f9bec6824e4ca8c6d3e2de1940ef32c68c630f569dab56defa167d101f03f81e0eb19c1a31d264e7f013b0e1d8918edeaf6ebd90f670abaaccc44ad11798dd42f47277915f32d25dd92b08f51c88e424605741e432f585e4f9e3495b342e308e57197245a941dfcf8914adecb023d283ecda1169ea3f0483c73c6121202f2081528f079e6b991e4338a22c9a6ee952b4671e7511e3d0cca1c8d7efcce8280a8ddeaad63287204fcca98f0718203591bab427c6f232feca46ca5c3b026ca48ab72a65369bbe29f3cff3d5307cd6ffd6861ad84aef54251e84b863045a371602c8961a969330a133a86c84464c0f7f4bfb73aa5677ba3446d3b0e21f780218cc2f6f45f7005494ed15f3123ce88dfe0c9d0ce8df6fee95c3f2cd1e22771f2d39880835e7b73916554c4fc8720b4e8fc6527774a5e1d1209bc75a0b4b28b0de128a7a56c969b1824e6278c54df2d871e0e67928d4db96eac1bdf6485e68c0ba82e6f726e8391a43f61ab2350081c618a9a84ce17ea896b97917e36e5956c3901f7326e370d96c2087e48eca5af1bf19cecf642415dcd4ddbf4dd5772f0f74f7278732cc26e890e7ebb1bf0478dbf2330550f011b8921097c49c2e541ddb5187d63095c692d1c45a02cf6649acd7af795337dfc8399843ec8b8c54a9972bdc3c0fda1071fae843b214ae92b4263c2f50982a7dd1bf5a92c7ba0a5027232fdc3bbba686e843d2092f557d89b792e537cb72b484d69e77e93e1b3538b1a8e3dd33480fe0ded7219cfe66864b50d2c35b4cde45a31d418c12133a939f86ab4fa7265fc200040d20f1c5ceeba0214974d4ee137043986413fc6eb1aac67cb3a2e8de81daa540aa23283eb095a0d5629f57f3810e4a077d86e47021f13130462084be36b859e8fbaf7bfba06a2b935032e8516ecee1e474664917cb53a9d99b718a9c5cc341dbb6740fa63b9978de6d4c98581b87df73b058dd15cbe495095fad0a22c15d6a625661d4f0674db0db41ceff240bc30aa72f7c11c9deca0bc86acd07cffba6c7e666a531622fc42e814406152ff076f88582deb91054dc8582810e643add76d55304467be193639a574043646ef56fce4ddb76d1d37520d9c4b9fe89c2829d19bb725ca1dd0d", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x1978)

13:54:44 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 50)

13:54:44 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="08ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:44 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5413, &(0x7f0000000040))

13:54:44 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f00000005c0)={0x3b, @local, 0x4e24, 0x3, 'wrr\x00', 0x2e, 0x0, 0x5e}, 0x2c)
getdents64(0xffffffffffffffff, &(0x7f00000000c0)=""/245, 0xf5)
recvmmsg(r0, &(0x7f0000000500)=[{{&(0x7f0000000000)=@nfc, 0x80, &(0x7f0000000540)=[{&(0x7f00000001c0)=""/7, 0x7}, {&(0x7f0000000280)=""/252, 0xfc}, {&(0x7f0000000380)=""/121, 0x79}, {&(0x7f0000000400)=""/111, 0x6f}], 0x4, &(0x7f0000000480)=""/74, 0x4a}, 0x1}], 0x1, 0x40000002, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
clock_gettime(0x0, &(0x7f0000002bc0)={<r3=>0x0, <r4=>0x0})
recvmmsg(0xffffffffffffffff, &(0x7f0000002b80)=[{{&(0x7f0000000600)=@ieee802154, 0x80, &(0x7f0000002a00)=[{&(0x7f0000000680)=""/108, 0x6c}, {&(0x7f0000000700)=""/145, 0x91}, {&(0x7f00000007c0)=""/56, 0x38}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000002c40)=""/47, 0x2f}, {&(0x7f0000001840)=""/26, 0x1a}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000002880)=""/245, 0x146}, {&(0x7f0000002c80)=""/92, 0x5c}], 0x9, &(0x7f0000002ac0)=""/177, 0xb1}, 0x80007}], 0x1, 0x62, &(0x7f0000002c00)={r3, r4+60000000})
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
copy_file_range(r5, &(0x7f0000000200)=0x5, r1, &(0x7f0000000580)=0x2, 0x80000000, 0x0)

13:54:44 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5414, &(0x7f0000000040))

13:54:44 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
fcntl$setstatus(r0, 0x4, 0x4800)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)

[ 1129.764883] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1129.764883]    program syz-executor.2 not setting count and/or reply_len properly
[ 1129.777678] FAULT_INJECTION: forcing a failure.
[ 1129.777678] name failslab, interval 1, probability 0, space 0, times 0
[ 1129.778649] CPU: 1 UID: 0 PID: 8893 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1129.778666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1129.778674] Call Trace:
[ 1129.778679]  <TASK>
[ 1129.778684]  dump_stack_lvl+0xfa/0x120
[ 1129.778714]  should_fail_ex+0x4d7/0x5e0
[ 1129.778736]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1129.778764]  ? bio_kmalloc+0x3e/0x70
[ 1129.778785]  should_failslab+0xc2/0x120
[ 1129.778807]  __kmalloc_noprof+0xb4/0x4b0
[ 1129.778825]  ? trace_kmalloc+0x1f/0xb0
[ 1129.778837]  ? __kmalloc_noprof+0x215/0x4b0
[ 1129.778857]  bio_kmalloc+0x3e/0x70
[ 1129.778877]  blk_rq_map_user_iov+0x390/0x1180
[ 1129.778903]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1129.778929]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1129.778949]  ? find_held_lock+0x2b/0x80
[ 1129.778967]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1129.778983]  ? lock_release+0xc8/0x290
[ 1129.778995]  ? import_ubuf+0x1be/0x220
[ 1129.779018]  blk_rq_map_user_io+0x1cf/0x200
[ 1129.779036]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1129.779052]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1129.779076]  ? irq_work_queue+0x9c/0x100
[ 1129.779093]  ? __asan_memset+0x24/0x50
[ 1129.779114]  sg_common_write.constprop.0+0xd75/0x1710
[ 1129.779136]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1129.779151]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1129.779170]  ? ___ratelimit+0x465/0xa10
[ 1129.779195]  sg_write.part.0+0x6a2/0xb50
[ 1129.779211]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1129.779228]  ? perf_trace_lock+0xb5/0x5d0
[ 1129.779244]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1129.779260]  ? lock_acquire+0x15e/0x2f0
[ 1129.779273]  ? perf_trace_lock+0xb5/0x5d0
[ 1129.779284]  ? find_held_lock+0x2b/0x80
[ 1129.779301]  ? get_pid_task+0xfd/0x250
[ 1129.779328]  ? perf_trace_lock+0xb5/0x5d0
[ 1129.779342]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1129.779355]  ? avc_policy_seqno+0x9/0x20
[ 1129.779372]  ? selinux_file_permission+0x99/0x600
[ 1129.779392]  sg_write+0x86/0xe0
[ 1129.779405]  vfs_write+0x2b7/0x1150
[ 1129.779424]  ? __pfx_sg_write+0x10/0x10
[ 1129.779438]  ? lock_acquire+0x15e/0x2f0
[ 1129.779450]  ? __fget_files+0x34/0x3b0
[ 1129.779469]  ? __pfx_vfs_write+0x10/0x10
[ 1129.779487]  ? __fget_files+0x203/0x3b0
[ 1129.779504]  ? lock_release+0xc8/0x290
[ 1129.779520]  ? __fget_files+0x20d/0x3b0
[ 1129.779545]  ksys_write+0x121/0x240
[ 1129.779563]  ? __pfx_ksys_write+0x10/0x10
[ 1129.779589]  do_syscall_64+0xbf/0x360
[ 1129.779603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.779617] RIP: 0033:0x7fbb63381b19
[ 1129.779627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1129.779640] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1129.779652] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1129.779660] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1129.779669] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1129.779677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1129.779684] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1129.779704]  </TASK>
13:54:44 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 51)

13:54:44 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="0aae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1129.918161] FAULT_INJECTION: forcing a failure.
[ 1129.918161] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1129.919313] CPU: 1 UID: 0 PID: 8911 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1129.919335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1129.919344] Call Trace:
[ 1129.919350]  <TASK>
[ 1129.919355]  dump_stack_lvl+0xfa/0x120
[ 1129.919385]  should_fail_ex+0x4d7/0x5e0
[ 1129.919411]  should_fail_alloc_page+0xe0/0x110
[ 1129.919438]  prepare_alloc_pages+0x1af/0x500
[ 1129.919452]  ? find_held_lock+0x2b/0x80
[ 1129.919476]  __alloc_frozen_pages_noprof+0x17f/0x1f10
[ 1129.919498]  ? __is_insn_slot_addr+0x140/0x290
[ 1129.919522]  ? kernel_text_address+0x5b/0xc0
[ 1129.919539]  ? __kernel_text_address+0xd/0x40
[ 1129.919552]  ? unwind_get_return_address+0x59/0xa0
[ 1129.919574]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1129.919592]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1129.919613]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1129.919633]  ? perf_trace_lock+0xb5/0x5d0
[ 1129.919649]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1129.919663]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1129.919680]  ? policy_nodemask+0xeb/0x4e0
[ 1129.919701]  alloc_pages_mpol+0xed/0x340
[ 1129.919721]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1129.919740]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1129.919759]  alloc_pages_noprof+0xa1/0x380
[ 1129.919777]  pte_alloc_one+0x1e/0x360
[ 1129.919797]  __pte_alloc+0x6c/0x360
[ 1129.919814]  ? __pfx___pte_alloc+0x10/0x10
[ 1129.919829]  ? _raw_spin_unlock+0x1e/0x40
[ 1129.919848]  ? __pmd_alloc+0x3f9/0x980
[ 1129.919868]  copy_page_range+0x2a68/0x4ac0
[ 1129.919912]  ? __pfx_copy_page_range+0x10/0x10
[ 1129.919929]  ? mas_destroy+0x5ce/0x9c0
[ 1129.919952]  ? mas_store+0x17b/0x540
[ 1129.919968]  ? __pfx_mas_store+0x10/0x10
[ 1129.919983]  ? lock_release+0xc8/0x290
[ 1129.920006]  ? lock_is_held_type+0x9e/0x120
[ 1129.920031]  dup_mmap+0xd2f/0x1d10
[ 1129.920059]  ? __pfx_dup_mmap+0x10/0x10
[ 1129.920087]  ? lock_is_held_type+0x9e/0x120
[ 1129.920112]  copy_process+0x6faf/0x73e0
[ 1129.920126]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1129.920150]  ? __pfx_copy_process+0x10/0x10
[ 1129.920163]  ? __might_fault+0xe0/0x190
[ 1129.920181]  ? _copy_from_user+0x5b/0xd0
[ 1129.920208]  kernel_clone+0xea/0x7f0
[ 1129.920220]  ? get_pid_task+0xfd/0x250
[ 1129.920243]  ? __pfx_kernel_clone+0x10/0x10
[ 1129.920254]  ? perf_trace_lock+0xb5/0x5d0
[ 1129.920274]  ? find_held_lock+0x2b/0x80
[ 1129.920292]  ? ksys_write+0x121/0x240
[ 1129.920314]  ? lock_is_held_type+0x9e/0x120
[ 1129.920338]  __do_sys_clone3+0x1f5/0x280
[ 1129.920350]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1129.920376]  ? __fget_files+0x20d/0x3b0
[ 1129.920402]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1129.920427]  ? ksys_write+0x1a3/0x240
[ 1129.920447]  ? __pfx_ksys_write+0x10/0x10
[ 1129.920474]  do_syscall_64+0xbf/0x360
[ 1129.920490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.920504] RIP: 0033:0x7f7b289bfb19
[ 1129.920514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1129.920526] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1129.920539] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1129.920548] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1129.920556] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1129.920564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1129.920572] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1129.920593]  </TASK>
13:54:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="0bae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x807f0000)

13:54:55 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5415, &(0x7f0000000040))

13:54:55 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 99)

13:54:55 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 52)

13:54:55 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:54:55 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612)

13:54:55 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = openat(r2, &(0x7f0000000040)='./file0\x00', 0x4002, 0x11b)
ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000080)={0x9, 0x2fc, 0x1, 0x12, 0x1b, "bb3db3e363a13f3fa5214b121fc43c65b4b89f"})

[ 1140.660570] sg_write: data in/out 728/4 bytes for SCSI command 0x0-- guessing data in;
[ 1140.660570]    program syz-executor.0 not setting count and/or reply_len properly
[ 1140.731570] FAULT_INJECTION: forcing a failure.
[ 1140.731570] name failslab, interval 1, probability 0, space 0, times 0
[ 1140.733388] CPU: 1 UID: 0 PID: 8938 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1140.733418] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1140.733431] Call Trace:
[ 1140.733438]  <TASK>
[ 1140.733447]  dump_stack_lvl+0xfa/0x120
[ 1140.733493]  should_fail_ex+0x4d7/0x5e0
[ 1140.733534]  ? ptlock_alloc+0x21/0x70
[ 1140.733567]  should_failslab+0xc2/0x120
[ 1140.733606]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1140.733637]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1140.733674]  ptlock_alloc+0x21/0x70
[ 1140.733708]  pte_alloc_one+0x86/0x360
[ 1140.733743]  __pte_alloc+0x6c/0x360
[ 1140.733768]  ? __pfx___pte_alloc+0x10/0x10
[ 1140.733795]  ? _raw_spin_unlock+0x1e/0x40
[ 1140.733826]  ? __pmd_alloc+0x3f9/0x980
[ 1140.733860]  copy_page_range+0x2a68/0x4ac0
[ 1140.733938]  ? __pfx_copy_page_range+0x10/0x10
[ 1140.733969]  ? mas_destroy+0x5ce/0x9c0
[ 1140.734007]  ? mas_store+0x17b/0x540
[ 1140.734036]  ? __pfx_mas_store+0x10/0x10
[ 1140.734060]  ? lock_release+0xc8/0x290
[ 1140.734101]  ? lock_is_held_type+0x9e/0x120
[ 1140.734143]  dup_mmap+0xd2f/0x1d10
[ 1140.734190]  ? __pfx_dup_mmap+0x10/0x10
[ 1140.734238]  ? lock_is_held_type+0x9e/0x120
[ 1140.734282]  copy_process+0x6faf/0x73e0
[ 1140.734304]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1140.734355]  ? __pfx_copy_process+0x10/0x10
[ 1140.734377]  ? __might_fault+0xe0/0x190
[ 1140.734408]  ? _copy_from_user+0x5b/0xd0
[ 1140.734453]  kernel_clone+0xea/0x7f0
[ 1140.734473]  ? get_pid_task+0xfd/0x250
[ 1140.734513]  ? __pfx_kernel_clone+0x10/0x10
[ 1140.734532]  ? perf_trace_lock+0xb5/0x5d0
[ 1140.734567]  ? find_held_lock+0x2b/0x80
[ 1140.734598]  ? ksys_write+0x121/0x240
[ 1140.734633]  ? lock_is_held_type+0x9e/0x120
[ 1140.734674]  __do_sys_clone3+0x1f5/0x280
[ 1140.734696]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1140.734742]  ? __fget_files+0x20d/0x3b0
[ 1140.734786]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1140.734828]  ? ksys_write+0x1a3/0x240
[ 1140.734861]  ? __pfx_ksys_write+0x10/0x10
[ 1140.734910]  do_syscall_64+0xbf/0x360
[ 1140.734935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1140.734959] RIP: 0033:0x7f7b289bfb19
[ 1140.734976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1140.734998] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1140.735020] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1140.735050] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1140.735064] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1140.735077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1140.735091] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1140.735129]  </TASK>
13:54:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x9f0a0000)

13:54:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="12ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:54:55 executing program 7:
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="00000000000000002e2f66696c653000d622cef49a6666cc237ffd01ddbb13730a10bde4806a06b316831ac249cb9ec066d3754d3d5586b14f7353cf04e4ff80b57bee3cd580ae72f12d907e8e7cf1109730dd825fb4e8526ff602f894cf9f93102cff53bcca6fecb7e9b0720a0825f9fd769791b94684e2cc50cf1c112275995469eedbb885de0aefe4bf99975685f01029b899bf82cbc7ba01db8cdf4977000000000000"])
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000340)='sessionid\x00')
io_submit(0x0, 0x3, &(0x7f00000003c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x8, 0x7, 0xffffffffffffffff, &(0x7f00000000c0)="dfccd3b7673f0a97ed0708239e317c991a944ae4a80f27a4e819a427c2de524dbc1bc45caa76b4393afbab36b3d54dd5ba1f9572c50a223ecbd4671ce3d5e2ee3b9edb9a84039dd0f22c639c6b3935725ee10dc35550dfdad6ed5d7ea413244599b811083cb952e315fbf77f8a9b6a4128d76cb0ce5a952e", 0x78, 0xdfb, 0x0, 0x6, r0}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, &(0x7f0000000180)="c62431029189812c54936185d537e15751a52e25599950902d708f79e1813d426f7b3a3c9554b044220cc9a14394dedd3fe6672b931233cef4e43a28c923f18856ed5d3b96135d328156756734b9cba3464ccc55efcf509beb671bfce8046829e54e9b95917014c099cfeb030728104b744f2b3c7c8d9b962b5ae40b610a7fab6a4ee3ef07ed59", 0x87, 0x3, 0x0, 0x1}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x6, 0x2, r1, &(0x7f00000002c0)="a4d7685e0e91468648fd993715dccc143f0a73182bebd8b370d70c5eccf828c4bac5ba27dad44dc33c62d14489ae469aa4feb3bb58401d29cef95638172355540c5d4a1d95f3ffd1042b4b2bcfd540547d3256953cc2e9b9a228bc92d3319b", 0x5f, 0x3, 0x0, 0x0, r2}])
r3 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r3, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r3, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000000000))

[ 1140.814950] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1140.814950]    program syz-executor.2 not setting count and/or reply_len properly
13:54:55 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5416, &(0x7f0000000040))

13:54:55 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:54:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xbc020000)

13:54:55 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120) (fail_nth: 100)

13:54:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="15ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1141.030157] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1141.030157]    program syz-executor.2 not setting count and/or reply_len properly
[ 1141.041754] FAULT_INJECTION: forcing a failure.
[ 1141.041754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1141.043478] CPU: 1 UID: 0 PID: 8968 Comm: syz-executor.2 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1141.043508] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1141.043521] Call Trace:
[ 1141.043529]  <TASK>
[ 1141.043538]  dump_stack_lvl+0xfa/0x120
[ 1141.043584]  should_fail_ex+0x4d7/0x5e0
[ 1141.043625]  _copy_from_iter+0x1dc/0x15b0
[ 1141.043665]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1141.043698]  ? __pfx__copy_from_iter+0x10/0x10
[ 1141.043737]  ? find_held_lock+0x2b/0x80
[ 1141.043769]  ? __create_object+0x59/0x80
[ 1141.043795]  ? lock_release+0xc8/0x290
[ 1141.043820]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1141.043864]  copy_page_from_iter+0xe3/0x180
[ 1141.043908]  bio_copy_from_iter+0x108/0x270
[ 1141.043949]  blk_rq_map_user_iov+0xc07/0x1180
[ 1141.043992]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1141.044026]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1141.044058]  ? find_held_lock+0x2b/0x80
[ 1141.044090]  ? sg_common_write.constprop.0+0xc36/0x1710
[ 1141.044117]  ? lock_release+0xc8/0x290
[ 1141.044137]  ? import_ubuf+0x1be/0x220
[ 1141.044177]  blk_rq_map_user_io+0x1cf/0x200
[ 1141.044210]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1141.044239]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1141.044282]  ? irq_work_queue+0x9c/0x100
[ 1141.044311]  ? __asan_memset+0x24/0x50
[ 1141.044360]  sg_common_write.constprop.0+0xd75/0x1710
[ 1141.044400]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[ 1141.044428]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 1141.044462]  ? ___ratelimit+0x465/0xa10
[ 1141.044507]  sg_write.part.0+0x6a2/0xb50
[ 1141.044536]  ? __pfx_sg_write.part.0+0x10/0x10
[ 1141.044568]  ? perf_trace_lock+0xb5/0x5d0
[ 1141.044598]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1141.044628]  ? lock_acquire+0x15e/0x2f0
[ 1141.044652]  ? perf_trace_lock+0xb5/0x5d0
[ 1141.044673]  ? find_held_lock+0x2b/0x80
[ 1141.044704]  ? get_pid_task+0xfd/0x250
[ 1141.044744]  ? perf_trace_lock+0xb5/0x5d0
[ 1141.044769]  ? perf_trace_lock_acquire+0xc9/0x700
[ 1141.044794]  ? avc_policy_seqno+0x9/0x20
[ 1141.044823]  ? selinux_file_permission+0x99/0x600
[ 1141.044857]  sg_write+0x86/0xe0
[ 1141.044883]  vfs_write+0x2b7/0x1150
[ 1141.044915]  ? __pfx_sg_write+0x10/0x10
[ 1141.044941]  ? lock_acquire+0x15e/0x2f0
[ 1141.044963]  ? __fget_files+0x34/0x3b0
[ 1141.044995]  ? __pfx_vfs_write+0x10/0x10
[ 1141.045029]  ? __fget_files+0x203/0x3b0
[ 1141.045061]  ? lock_release+0xc8/0x290
[ 1141.045089]  ? __fget_files+0x20d/0x3b0
[ 1141.045135]  ksys_write+0x121/0x240
[ 1141.045169]  ? __pfx_ksys_write+0x10/0x10
[ 1141.045217]  do_syscall_64+0xbf/0x360
[ 1141.045243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1141.045266] RIP: 0033:0x7fbb63381b19
[ 1141.045284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1141.045306] RSP: 002b:00007fbb608f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1141.045328] RAX: ffffffffffffffda RBX: 00007fbb63494f60 RCX: 00007fbb63381b19
[ 1141.045343] RDX: 0000000000000120 RSI: 0000000020000300 RDI: 0000000000000004
[ 1141.045357] RBP: 00007fbb608f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1141.045370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[ 1141.045383] R13: 00007ffdd8f6230f R14: 00007fbb608f7300 R15: 0000000000022000
[ 1141.045419]  </TASK>
13:55:04 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 53)

13:55:04 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:04 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="1aae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:04 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5418, &(0x7f0000000040))

13:55:04 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:04 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f00000000c0)={0x8, {{0x2, 0x4e24, @multicast2}}}, 0x88)

13:55:04 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf0020000)

13:55:04 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000040))
r2 = dup2(r0, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001840)={&(0x7f0000001800)={0x38, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="e1f360b24e39"}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000001680)={0x0, 0xfffffffffffffffd, 0x1, 0x94, @scatter={0x7, 0x0, &(0x7f0000000240)=[{&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000000080)=""/74, 0x4a}, {&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f0000000140)=""/42, 0x2a}, {&(0x7f0000000180)=""/4, 0x4}, {&(0x7f00000001c0)=""/125, 0x7d}, {&(0x7f0000001440)=""/247, 0xf7}]}, &(0x7f0000001540)="f4", &(0x7f0000001580)=""/143, 0x4, 0x10003, 0x1, &(0x7f0000001640)})
write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff00"/288], 0x120)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = openat(r3, &(0x7f0000001740)='./file0\x00', 0x408400, 0x80)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r5, 0x8982, &(0x7f0000001780))
ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000001700)={0x0, 0x1, 0x87, 0xfffffffffffffffe})

[ 1149.769454] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1149.769454]    program syz-executor.2 not setting count and/or reply_len properly
13:55:13 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:13 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:13 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 54)

13:55:13 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000006180)=[{{&(0x7f0000000000), 0x6e, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/126, 0x7e}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000000140)=""/95, 0x5f}], 0x3, &(0x7f0000000200)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000001280)=@abs, 0x6e, &(0x7f0000002380)=[{&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000002300)=""/97, 0x61}], 0x2, &(0x7f00000023c0)}}, {{&(0x7f0000002400), 0x6e, &(0x7f0000002540)=[{&(0x7f0000002480)=""/163, 0xa3}], 0x1, &(0x7f0000002580)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [<r1=>0xffffffffffffffff, 0xffffffffffffffff, <r2=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f00000025c0), 0x6e, &(0x7f0000004b80)=[{&(0x7f0000002640)=""/243, 0xf3}, {&(0x7f0000002740)=""/4096, 0x1000}, {&(0x7f0000003740)=""/226, 0xe2}, {&(0x7f0000003840)=""/112, 0x70}, {&(0x7f00000038c0)=""/130, 0x82}, {&(0x7f0000003980)=""/215, 0xd7}, {&(0x7f0000003a80)=""/236, 0xec}, {&(0x7f0000003b80)=""/4096, 0x1000}, {&(0x7f0000005180)=""/4096, 0x1000}], 0x9, &(0x7f0000004c40)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x108}}, {{&(0x7f0000004d80), 0x6e, &(0x7f0000005080)=[{&(0x7f0000004e00)=""/255, 0xff}, {&(0x7f0000004f00)=""/139, 0x8b}, {&(0x7f0000004fc0)=""/88, 0x58}, {&(0x7f0000005040)=""/59, 0x3b}], 0x4}}], 0x5, 0x10020, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
splice(r3, &(0x7f00000050c0)=0x6, r4, &(0x7f0000005100)=0x7, 0x9, 0xc)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f00000023c0)={{0x1, 0x1, 0x18, <r5=>r2, {0x1, 0x7f}}, './file0\x00'})
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0xc)

13:55:13 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x541b, &(0x7f0000000040))

13:55:13 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf4000000)

13:55:13 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="1bae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:13 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x4283, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r4, 0x40309439, &(0x7f0000000040)={0x1, 0x1, 0x19})
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000018c0)={0x77, 0x4, 0x259300, "1e36e991ce627d90511caf99321cade469cf5671fb4987351cd72ed16eb3cd8031da92bb431b88eef3b2c9093636fe576db38a3a4a65f5c7ac7fd785689564584691df71390afe564ead415b763c5ba92a19d7b38b4a8d0ce3b9fa087347b3e8d2d50cfc254dbb85d4d5c054a3636c6417a9133b7733d1"})
ioctl$SG_IO(r2, 0x2285, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001800)=[{&(0x7f0000000080)=""/14, 0xe}, {&(0x7f00000000c0)=""/41, 0x29}, {&(0x7f0000000100)=""/196, 0xc4}, {&(0x7f0000001980)=""/165, 0xa5}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/59, 0x3b}, {&(0x7f0000001440)=""/134, 0x86}, {&(0x7f0000001500)=""/254, 0xfe}, {&(0x7f0000001a40)=""/252, 0xfc}, {&(0x7f0000001700)=""/239, 0xef}], 0xa)
write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076407b0000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400"/288], 0x120)

[ 1158.885609] FAULT_INJECTION: forcing a failure.
[ 1158.885609] name failslab, interval 1, probability 0, space 0, times 0
[ 1158.886753] CPU: 1 UID: 0 PID: 9009 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1158.886771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1158.886780] Call Trace:
[ 1158.886784]  <TASK>
[ 1158.886789]  dump_stack_lvl+0xfa/0x120
[ 1158.886818]  should_fail_ex+0x4d7/0x5e0
[ 1158.886842]  ? vm_area_dup+0x25/0x6f0
[ 1158.886855]  should_failslab+0xc2/0x120
[ 1158.886878]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1158.886897]  ? dup_mmap+0x5d3/0x1d10
[ 1158.886914]  ? lock_release+0xc8/0x290
[ 1158.886931]  vm_area_dup+0x25/0x6f0
[ 1158.886945]  dup_mmap+0x80d/0x1d10
[ 1158.886971]  ? __pfx_dup_mmap+0x10/0x10
[ 1158.886999]  ? lock_is_held_type+0x9e/0x120
[ 1158.887026]  copy_process+0x6faf/0x73e0
[ 1158.887039]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1158.887065]  ? __pfx_copy_process+0x10/0x10
[ 1158.887078]  ? __might_fault+0xe0/0x190
[ 1158.887096]  ? _copy_from_user+0x5b/0xd0
[ 1158.887122]  kernel_clone+0xea/0x7f0
[ 1158.887134]  ? get_pid_task+0xfd/0x250
[ 1158.887157]  ? __pfx_kernel_clone+0x10/0x10
[ 1158.887168]  ? perf_trace_lock+0xb5/0x5d0
[ 1158.887188]  ? find_held_lock+0x2b/0x80
[ 1158.887206]  ? ksys_write+0x121/0x240
[ 1158.887239]  ? lock_is_held_type+0x9e/0x120
[ 1158.887263]  __do_sys_clone3+0x1f5/0x280
[ 1158.887275]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1158.887302]  ? __fget_files+0x20d/0x3b0
[ 1158.887336]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 1158.887360]  ? ksys_write+0x1a3/0x240
[ 1158.887380]  ? __pfx_ksys_write+0x10/0x10
[ 1158.887407]  do_syscall_64+0xbf/0x360
[ 1158.887422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1158.887436] RIP: 0033:0x7f7b289bfb19
[ 1158.887446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1158.887460] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1158.887473] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1158.887481] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1158.887489] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1158.887497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1158.887505] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1158.887526]  </TASK>
[ 1158.914908] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1158.914908]    program syz-executor.2 not setting count and/or reply_len properly
13:55:14 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x541c, &(0x7f0000000040))

13:55:14 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 55)

13:55:14 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x541d, &(0x7f0000000040))

13:55:14 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:14 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="1dae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:14 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b5792a83273b1a92000000000000002aaa377e00000000000000000000000000002cf6db3ac670ea87c3bc85c4be1b4f734541f289391e54f7c375bd362d0c6524319c6185a14b389e079ac63e27ec17c43119b98c96dd5fe562393d154591794b247bf9f2e53c20d90836da46e1b47442079525dfce60e5ae2d9029646f8972d95713fce2a8d98998c71aa944c07eaedecfde05f358242e14910ecb7f58e98d1859fbf09f098aac489c6ee59a"], 0x120)

13:55:14 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf5000000)

13:55:14 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x2, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:14 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x541e, &(0x7f0000000040))

13:55:14 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:14 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 56)

[ 1159.280460] FAULT_INJECTION: forcing a failure.
[ 1159.280460] name failslab, interval 1, probability 0, space 0, times 0
[ 1159.281466] CPU: 1 UID: 0 PID: 9051 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1159.281485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1159.281493] Call Trace:
[ 1159.281498]  <TASK>
[ 1159.281503]  dump_stack_lvl+0xfa/0x120
[ 1159.281533]  should_fail_ex+0x4d7/0x5e0
[ 1159.281557]  ? vm_area_dup+0x25/0x6f0
[ 1159.281569]  should_failslab+0xc2/0x120
[ 1159.281593]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1159.281612]  ? dup_mmap+0x5d3/0x1d10
[ 1159.281628]  ? lock_release+0xc8/0x290
[ 1159.281646]  vm_area_dup+0x25/0x6f0
[ 1159.281660]  dup_mmap+0x80d/0x1d10
[ 1159.281686]  ? __pfx_dup_mmap+0x10/0x10
[ 1159.281714]  ? lock_is_held_type+0x9e/0x120
[ 1159.281740]  copy_process+0x6faf/0x73e0
[ 1159.281754]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1159.281780]  ? __pfx_copy_process+0x10/0x10
[ 1159.281792]  ? __might_fault+0xe0/0x190
[ 1159.281810]  ? _copy_from_user+0x5b/0xd0
[ 1159.281836]  kernel_clone+0xea/0x7f0
[ 1159.281848]  ? get_pid_task+0xfd/0x250
[ 1159.281871]  ? __pfx_kernel_clone+0x10/0x10
[ 1159.281882]  ? perf_trace_lock+0xb5/0x5d0
[ 1159.281902]  ? find_held_lock+0x2b/0x80
[ 1159.281920]  ? ksys_write+0x121/0x240
[ 1159.281941]  ? lock_is_held_type+0x9e/0x120
[ 1159.281965]  __do_sys_clone3+0x1f5/0x280
[ 1159.281978]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1159.282003]  ? __fget_files+0x20d/0x3b0
[ 1159.282029]  ? fput+0x6a/0x100
[ 1159.282042]  ? ksys_write+0x1a3/0x240
[ 1159.282063]  ? __pfx_ksys_write+0x10/0x10
[ 1159.282085]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1159.282112]  do_syscall_64+0xbf/0x360
[ 1159.282127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1159.282141] RIP: 0033:0x7f7b289bfb19
[ 1159.282151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1159.282164] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1159.282177] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1159.282186] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1159.282194] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1159.282202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1159.282211] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1159.282233]  </TASK>
[ 1159.323166] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1159.323166]    program syz-executor.2 not setting count and/or reply_len properly
[ 1159.376457] raw_sendmsg: syz-executor.7 forgot to set AF_INET. Fix it!
13:55:14 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendmsg(r0, &(0x7f00000015c0)={&(0x7f0000000000)=@can, 0x80, &(0x7f0000001500)=[{&(0x7f00000000c0)="6230fa6688eb7c65fc196fea3b476b3c42477e6e2f386f4bc45af5b6dae8cca94069f8feb9a8c9e5ef504b3d2865c3a41cb5293b20ed81aef2d65f61d57857ed11ea0c3e04f27f813b720bcedccc2b8bea336eea2f03a2e73b732e40d3e8e36788ce466c42f5a49d4f8d138bf7877f2c754611884835a18e2109227aaf71a30aa662ce9f85010718340563130c0ed3b41fe87bf7628daee7fe96a31c034f95f3bb741bf7bc3fb0fca284274602231c25b8883c098dd0b03a9d76e5", 0xbb}, {&(0x7f0000000180)="30fac92f8c3e5063906e4d07a53c5bc18654b50892cce51754938eaeab8db592b14bc2129311", 0x26}, {&(0x7f00000001c0)="366d6cd1898e8a4495c4fd8f348d2a103d308fec8930009e2fd1b4d1c48e739af9e9fd6c845af10d25840b0744495870d5483664127d8d6abd38c39517547ee5ddf3d22db1217bc892a0ea686df0c53787", 0x51}, {&(0x7f0000000280)="34e7418cd827b00bcfdb11e4a71c34ba76eab5e8a8a17257b3ba174365431886380585", 0x23}, {&(0x7f00000002c0)="7c633037af3fdd2cb86fe34fe0a87213ae29c25a84a6cd7bc0c510a5b44e733e77557691af236c2b1df633dfc51b5baaa630471ea1e0f5f0c9fa66b509c2b1d0f5b4c46efae2d4c3ab02a6358d8d9c935f0e9a06bc4a44e33b0ceebaa57ec22830721e661cbf9f0952f0c768e906212263300f9a4a224029f70b8d959a05cfb7d6c644fcd9cbaf6ee099247b5166e754a346b241ad", 0x95}, {&(0x7f0000000380)="10117b747811c6a645bad95b0d1cd7062e1767d7f7f19bce1760abee", 0x1c}, {&(0x7f00000003c0)="5ebfe1607908220f5d5780ac17ef79f01336667ad8af313de15848ded04c2a88e5d4081cbae7131597c47d5deac5598dcd3872c0351e98d67103941426aaa6a8362eba18d71b704ad89cd9df9e367c3f7eb303c27f71c1b81a", 0x59}, {&(0x7f0000000440)="68a7fb0338216e4acc1b8ae9db0cade26b2469961dc6fded7668596b2967b37563135d15428b7fcbab36b22d46b7e5353a9e221c68fc97d633e095ace43fdfe3c810e21e48f1ecd68f18f5156bdacc518fab5999d1f6c703753ad1f3093ab8bb5407abe0a82ccd9f390cf4ac83f003b511a26256458d0b189b694f25b832ce28d2aac0ca4512fc9d731044225b6f9a03f2f1", 0x92}, {&(0x7f0000000500)="4456139f919dc94ee34e47aa0b47b94eec86458e07f2bbca5b55b00e7f0c016104fc3d22ff5cd718ef2465c46c83089ebfc41c0d8afbf34f756aea45218398f4b65e97a7ff7dd71327f90a88fa02891db9c2a3c0d44d6a8b43c72288c1a490a5a2b31509e440f556e0e022380e0cc576e3c6814fe92efa7baf2b3e114d84eed665d290c594ae2ad3447a9ea8a2ac48cd40fbe42e0241801c34378e8748bb7a4afd01698194df549f9d6a9f4d7d036634ee349d5ca8b32a28476f179308ee0ed6b8d53bb6378a09c4949c27d63678d45997076cb8c3ad0f6b5eb14a6a7873d7fe9e5fac6554679f53b4372257f197531f40f3c0225d1a201a6df73d22b47f837548b8312b01add8826a09a1bf3d368d007d3311b81e53c6fac101b5636aaa510b3eb3ef2f9429141ffb6aeffb31bf36f96d9291d828cf13aede33203e8f1bf2e838e4406d73724f979528ab97680ea0a80532d30fb8c5231dcd005417a4d208b73421999bb26f1c81eceeb6c03b1a035087032d1d2cf49d4dd68cf712b2ff20fcdc5e9e3181261053c48efb8a3bd66ac3df828d78d9aa45ef50a16463012f798140003103c7d9b383b0495e382ef0f1a90515d885f2deb8f0797d09d6cabd821a38b0b30e1d61cd3e12d9d8be8f0b26304502a157402166167277074b40cd969b57847ed4112fd6771ed4155dc88eb6627d6a0be21781ad5638ea71c07a0d004fb71726a1b80afe5ffa50bf4e05d2c775611e474a201718b34ebc994c19d60784c881a84b89115c00b37c56bd0f4b527dd9deecfb2441ac0422b07b915e8705c304862efb284d87457c0606caff5a6104e5d55851b195cebe31991a9d402d80e4ff19d264ad8214066c14aa605f5e20f53e7aafa18d6d3a77d69cfd35cd3d7c074cc4252c79030c8d713c516496ba9edfc0f86b292c757685bdaed31c0ed4cb202277298df5b1bd6ce95b2a5f668b4d3343e3c105513165f64bd2d11fdcbe96945d1a1fbdc5e83498d19cb518e28f3366e0b9009d3c17dc7d6951eb26437de28c03d5c736056bf4aa901020aaf7899ad6973bb38115924b0baead5b5d1842d8b363e7eb9fc26c214bc1d737eec4e142ee845573cf54e23245cf11e4c73c13a9804a9cd57fd52adcad4f7592d0c5ee309e8c343a6cf8997dbbb2fde7ce30e649f1dd85434163c394613c44086c29b1a745b7c5a88b154868f53cba29ba4983d0a9bc160159fe8a1738c8d35857d3ce2efe1710d2f0b8737cd6082278140ab16a5fa82da944cba28c35e2c6982ef50436e999de9d4efc8db1ebc0917be17f88a3d6c40065de9b7b0c0cad69453c2aae7dd053f587e15219ce8a6d3e72cf316f428154dd7f74756db351e401930d3adf0f1e988a374bb163350b25c9ae6718028b0fc47fea81c44d6aa10b65dc26fdad41c10e914da1e04b5b454cf57422da710adbd7c93f7b5ac815fb540ce5894d0aecddc93c6dde7d7a5c9bc9cbad01ac46fb7a9f386391312221451fa8d073d36343ef82ecf415a13b404e2557c0d39d5b8987230a094b9bcf109b8fc75aaf5ce748c75be8685bc3111acc4bad04827a29015f5dde66609613a86245fc082f8d11f832c704612170163e66f5611f722eda52f680c05c5c0215742f525fdf875f5d2e433d9529ce8577a7afe65d58f6b6fac83a6fc7d9c59b83d22ef2c65c7a3be08c88ac1c5117746a3a3ea5c8068669ab927cea255a346367203b9f179ed22d526481fb037f0ce2b0e58aeee237614ab6e75be3beb7b14fbef0a648762d4522b6e24c072fa817f73ad2284fdf81eafac8cd6338371e43529eb744a07754daad27a44ebe98ce90acc0be60cd262cc248e49f49f8e9f933c6b2132d377fe48f91dfaddb34a0d5a0a90da08b960acf13f1b5ef46c44a23f98195e6d15f4502b85c383221c3d78b1edee6dbbf48eb2473f2359babaf47872ac7e55cdba4839cc864bc1885b4d1aeba43c85978742ac44442379243cf9c84364c4cc38ddb8732e5605f79df2bba2d55f57fd0262c392e106da94f0bc980d78c911ad9e3f3efca82a85d407fff1853ef0e03790fe81c81a6fd0b8a499fad7550a28ca20211fe20da5498a9aa8dbc1512a8df3d295d172ca98398b10dafa5474aaf6fe6c75086102c6581a0813a800cb33e01aab138c357accdc58da64d6c0e449303468092951bac9877992158c019705d2128258213468649f0a8f82b3e0d44fe6011a362613466a2570237d32f35ab96fbbe38f6e6e6fc921cee715a1f219aed14afacf07331ccc03277fdd712eb0444ddda33c7d468dc29671309ea0252e6e7f3e230cb2e74727edf1264e81c2505a4248026a75184480f5f36b8be1762dfdd650d7921449d97a786261430c3b225718c9be8e59c5bcf41e9e79ce93406c824051b60ee87e98bf7b571aaf431dc9a9dabe72491f87244acaabc9d5e6579e903b766bf0bf04b0fb8f63d514d00cfe666e0f2976431704fb4a78f296be91918271c0f8f883d9f8c07b2dbeea2d973cdc2561ecc25a97dc6262dbb0f491446a737112f9c78943e938d594e39c39f8383aecd41ec49981c85582bf48346b2f47cd87d5dc73c21e573d8ae72a4fbaa4beff4e3eaff8699c27e1d89b3e5f58ae1846a87a206af242b09b27569f5a1033619d4c03cff8b725d2c948e95b035f5563ea2fc217baa1cae1503cdb5d2a2b993ffa6a654af56f8f1bd571d280a4ee14febb7b751b8a58be11628bd3b6b5893b80bed7df0a484f0578f4d97cdeb5f53bc34bb585efb2ee754b707730bab737553e4af00c4644b12fbdcc0926120f17b5ca480fa878ba72ec1d601c530716f0c20bdb25d30dae9cf358d474a390ceed2371b322a6dcd1f9616d0ae2e86bae4983f0e97f8433bc9b74d0d3556bea56f7a6505e79b3912bcf02c252467adbb289c0355abb02018b8fa3a3c9f17a2eee738ef250f51cf53ea6972711e01d682405cc59c5c15a7badf69ca690c8abb214943f4fa5edaab3b8696c62700bd0bee66013e1f851439dbc907d0f8cf3f1cb662af48c91c1b40ce94a71ff6a42dafee704e66b35fcb21a48ef0a2f806acc5e010affd915fb84ab7118a5e93145955fc3a838de6e775f0489e8b877433162e968a7a2da5209c29e017b5bc17c1c494a4fe4a570111968b25cf96c47d1f1b7df5aec65c3ad891309092c08579bbd3f7493d178100c801202fdc2c77d135377eee89d1ebfe22c0d6511e8767dd146e5e69d0a1f8a8a8ce1253697a6557ba96ca70efea616314b25831c3b34245c3a600b2d64c1503b1cebfcb0a2e35d9cfe1050b21a186070c126f2c09040af232dc69f0efb61f550502e934845bb92718ad2b416c5975ecb96ba52ff87ff6d21be7785efabd11b6507da7d0e5035ded55bbcd5402aca97531b5b1b16f079a5e521d79df55e533f7975e078a67b02c772298b1f6a164cb3f31bc925ec673647ba77850c18a5b9ff17549b8d050d3097c1dc83f4b871c08f76d8a7ca06cc9953ae99c0ccf99c09302655c9cb55275e151a55674c99a5488fafd331135417eacc74bd4ed1fae41c503e12c418688847ddc97e4de452b8d0339b81ab9c5babe429f8e71a2d68241ddd97b12655a417616b474e159bebd8cd5b40107ca413bbe326dcbc5413ee643cf1064d916a444be9003d725c7f22e32f095fe385a67f9cc05369eff527417425e39643cec58fc3e92513d6be958c326d2517f73d008ca9a2b68559f6810d9ab670ce4fca76ee7458c2b28da8ce8d860c2f9528a8f63c0112882540277f5f10601552552cd6aacaa433976f50c6018440b424867b1f2f4da224a79f91bf15366012754d87772c790dc700562999a057f55fdcc20853e6617fb093928b6a54dc53c8e0ba66545a73dc2647a05526e7fe28ab01ea62b305c726c857e5545e4180107e8c51fd79f26e477b27310b4fdcfacd325bb2be35211e7189235ede119c9b973eaafa9625751423276b6bc072d51afe6fd76a5f27d10fe8dd87909855708148ee74a8c2c99d8ff3b528848baef04427ea7a29469a964c9384cd6cf6e0509af33b8961f673793709d3a6d1ceddc46034080f93b8e0be0641ca6c09cd5b9f9bbcf7b2092c6398330f2e5fe201057fa3a0f7cbe3d2e6b22298a50d2298c6334ed6474c812569a92f5eaf8635a0e9897770d0e67947ed66eb69d7616dfe5fb17379a1144319b354dad013af8a53a874bc852bb93f9086ff1be63f8587ec094571636a67b73f16a42c40450c5077cb851f73b6d44bc58d54d429c1482f3e5a854b2d9220e253193e188e98f1e2f4be649e34039a4587d9e138a5f1e2ac4d23f586e9e486e74fb34261b64355a75386835d2b0e1752b49cf21e67c1c12c28ca1eee5b24c5a125a45f2f250332eedd320ac910f8b1a5bc26e1884c6862676676931c9455fd4e41af22de1a5cf30b4159a920de9ecd24fe522f5d6102cab10f36f1d24dcbc935e95d081f6189087195a9246cf6fd082ead402f8b69ebdab3f5ef69aca4b7355d5e17229b22d62759a1cbb96248362ac22794f66972c89f7b6ce25dbf6b0714b54ed7b150008dae20038a922e9891a84143a65d0781557da60b51432b2d437b73b68efb47ee98bd2e56799f41a1088310ad7b27c6b4659533dfd6dbf534c60bf12260480917c12098e54fded60f52289c018256d03d3628839219e4c4b0b95111bca452ff0fb6581c45ed8bfae6c6a69f4b2624c21259d5e101a852e7260bc88da71f10de44bf62265310b837896d0f38643b6b75f77cf8874d2eb22b479d4abf2fbe8528f363a97db73361504ef018ab8372cda4573dbbc11cedf5306f7989635a73664284cc6e9b33e451f0422536185dba6ce0fce91990d7163a7d4b7ba5caf84ac0134082705662f63391871ee07be7e453b62fe0331e49f266bcadd198214590dc004d299a5e59214291b77aaadd95fcddf31a6c877b7ba3164f165a9ac4b4ebe96c25e1377ebb8b04f412f9374e6a68b193fcebcb55f489b87588ed89a87a46aa86663aab361d594e5cc61b4f53ee995bb1e0793f2ef8a6b348771395324f565d26f3ecb07c2c06c679e069e8e198bbc0392e953e34258b6eff554e7de5a5ef5275072eaa5dbc96c7c69dfa579e0b0be34a9f8cdea070e85bd5c9ba5f6241a253fa1ee96fed45a1ccf62ed1e2c28900e73b2ae61ff6a1acca5b44d5d7586ed5d473e7bce50f57a04b104e76dc3df04c91de1445f8975542c2ad2507c65bccbce981e42fd7f6c2e1df4b660d1161f1d9c31c8bb2f9d6dcf612d7f7845d221b1ac27e1312fb8477e313354b6af6867374ee3d1307eaa9955af3906d70a0842a9e1c4f8c22ee2d14a0101d4c1e793814d4775347f0953d6e2537a9ab484695558d03d46a14356d11adfc00abb3bfa13d60b01d4ef5b618187b08b963eac08e3b9fe95c4f9e9942a98ac55bda1f64e8e8ac6dee8c6192cbdd7f31f3cd6bed9f7093f3bed1dbb384adb4dd1ff7d85f2b60dda606da9c627a24988bfc9ca9fb7a0e53050b0bc025c3e04fbe6b37e24650e498728130476d02073a668daf7fe3af76ebfff6e172f255e42d97a111eb75228e8397f6cdcdade6b7aa97612c06f4734d111ad69d866c4ba81d7a5c0a24403a872832d10edcb71525850d16e8a0bc41107702c6802520a11a4e5651c8002fe094e8cf29bbdee418626d2372aec4ce5109e9c7730971931e8de74b45b593890e4e977f0938a5c3b5434f1d5b88e1e96182d4f7b7d5b857083391b6cec89bb43e89b94323c4ad327f6f786a99e233d5053209710d46e9540f396b0", 0x1000}], 0x9}, 0x40000)

13:55:14 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x541e, &(0x7f0000000040))

13:55:14 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:14 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 57)

[ 1159.402118] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1159.402118]    program syz-executor.2 not setting count and/or reply_len properly
13:55:25 executing program 7:
request_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000180)='\x00', 0xfffffffffffffff8)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
unlinkat(r0, &(0x7f00000000c0)='./file0\x00', 0x200)
r1 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r1, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r1, &(0x7f0000005140), 0x0, 0x0, 0x0)

13:55:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="25ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:25 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x3, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5421, &(0x7f0000000040))

13:55:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf8000000)

13:55:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 58)

13:55:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000040)={0xd0, 0x10001, 0xffff7fbf, 0x4, 0x60, "2c8eb85bbb00", 0x2, 0x9})
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r3 = dup2(r2, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r2, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[ 1170.076780] FAULT_INJECTION: forcing a failure.
[ 1170.076780] name failslab, interval 1, probability 0, space 0, times 0
[ 1170.078149] CPU: 1 UID: 0 PID: 9082 Comm: syz-executor.1 Not tainted 6.16.0-next-20250804 #1 PREEMPT(voluntary) 
[ 1170.078175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1170.078186] Call Trace:
[ 1170.078194]  <TASK>
[ 1170.078201]  dump_stack_lvl+0xfa/0x120
[ 1170.078242]  should_fail_ex+0x4d7/0x5e0
[ 1170.078276]  ? vm_area_dup+0x25/0x6f0
[ 1170.078294]  should_failslab+0xc2/0x120
[ 1170.078332]  kmem_cache_alloc_noprof+0x5f/0x3d0
[ 1170.078369]  vm_area_dup+0x25/0x6f0
[ 1170.078388]  dup_mmap+0x80d/0x1d10
[ 1170.078426]  ? __pfx_dup_mmap+0x10/0x10
[ 1170.078465]  ? lock_is_held_type+0x9e/0x120
[ 1170.078503]  copy_process+0x6faf/0x73e0
[ 1170.078522]  ? __pfx_perf_trace_lock+0x10/0x10
[ 1170.078559]  ? __pfx_copy_process+0x10/0x10
[ 1170.078577]  ? __might_fault+0xe0/0x190
[ 1170.078602]  ? _copy_from_user+0x5b/0xd0
[ 1170.078641]  kernel_clone+0xea/0x7f0
[ 1170.078658]  ? get_pid_task+0xfd/0x250
[ 1170.078691]  ? __pfx_kernel_clone+0x10/0x10
[ 1170.078707]  ? perf_trace_lock+0xb5/0x5d0
[ 1170.078735]  ? find_held_lock+0x2b/0x80
[ 1170.078761]  ? ksys_write+0x121/0x240
[ 1170.078791]  ? lock_is_held_type+0x9e/0x120
[ 1170.078824]  __do_sys_clone3+0x1f5/0x280
[ 1170.078843]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1170.078879]  ? __fget_files+0x20d/0x3b0
[ 1170.078915]  ? fput+0x6a/0x100
[ 1170.078935]  ? ksys_write+0x1a3/0x240
[ 1170.078963]  ? __pfx_ksys_write+0x10/0x10
[ 1170.078995]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1170.079034]  do_syscall_64+0xbf/0x360
[ 1170.079055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.079074] RIP: 0033:0x7f7b289bfb19
[ 1170.079088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1170.079107] RSP: 002b:00007f7b25f35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1170.079125] RAX: ffffffffffffffda RBX: 00007f7b28ad2f60 RCX: 00007f7b289bfb19
[ 1170.079138] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200003c0
[ 1170.079149] RBP: 00007f7b25f351d0 R08: 0000000000000000 R09: 0000000000000000
[ 1170.079161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1170.079173] R13: 00007ffe9215ee2f R14: 00007f7b25f35300 R15: 0000000000022000
[ 1170.079202]  </TASK>
[ 1170.081512] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1170.081512]    program syz-executor.2 not setting count and/or reply_len properly
13:55:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5422, &(0x7f0000000040))

13:55:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x1c9, 0xfffffffc}, "", ['\x00']}, 0x120)

13:55:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0, 0x32}}], 0x1, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000046c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)=""/147, 0x93}, {&(0x7f0000000180)=""/151, 0x97}, {&(0x7f0000000000)=""/85, 0x55}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/88, 0x58}, {&(0x7f0000000340)}, {&(0x7f0000000380)=""/222, 0xde}, {&(0x7f0000000480)=""/100, 0x64}], 0x8, &(0x7f0000000580)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000001580)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001600)=""/159, 0x9f}, {&(0x7f00000016c0)=""/242, 0xf2}, {&(0x7f00000017c0)=""/193, 0xc1}, {&(0x7f00000018c0)=""/191, 0xbf}, {&(0x7f0000001980)=""/234, 0xea}, {&(0x7f0000001a80)=""/106, 0x6a}, {&(0x7f0000001b00)=""/234, 0xea}, {&(0x7f0000001c00)=""/218, 0xda}, {&(0x7f0000001d00)=""/18, 0x12}, {&(0x7f0000001d40)=""/34, 0x22}], 0xa, &(0x7f0000001e40)=""/1, 0x1}, 0x101}, {{&(0x7f0000001e80)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001f00)=""/116, 0x74}], 0x1, &(0x7f0000001fc0)=""/216, 0xd8}, 0x5}, {{0x0, 0x0, &(0x7f0000002280)=[{&(0x7f00000020c0)=""/81, 0x51}, {&(0x7f0000002140)=""/244, 0xf4}, {&(0x7f0000002240)}], 0x3, &(0x7f00000022c0)=""/4096, 0x1000}, 0x2}, {{0x0, 0x0, &(0x7f0000004340)=[{&(0x7f00000032c0)=""/4096, 0x1000}, {&(0x7f00000042c0)=""/51, 0x33}, {&(0x7f0000004300)=""/14, 0xe}], 0x3, &(0x7f0000004380)=""/180, 0xb4}, 0x9}, {{&(0x7f0000004440)=@alg, 0x80, &(0x7f0000004680)=[{&(0x7f00000044c0)=""/152, 0x98}, {&(0x7f0000004580)=""/72, 0x48}, {&(0x7f0000004600)=""/37, 0x25}, {&(0x7f0000004640)=""/15, 0xf}], 0x4}, 0x8}], 0x6, 0x10000, &(0x7f0000004840)={0x77359400})

13:55:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 59)

[ 1170.201770] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1170.201770]    program syz-executor.2 not setting count and/or reply_len properly
13:55:35 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 60)

13:55:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xfbffffff)

13:55:35 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:35 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:35 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xf)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
write$binfmt_aout(r3, &(0x7f0000000540)={{0xf}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa20)

13:55:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x4, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5423, &(0x7f0000000040))

13:55:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="28ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1180.206158] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1180.206158]    program syz-executor.2 not setting count and/or reply_len properly
13:55:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="2aae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5424, &(0x7f0000000040))

[ 1180.257875] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1180.257875]    program syz-executor.2 not setting count and/or reply_len properly
13:55:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xfeffffff)

13:55:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x5, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="2bae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:35 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0xc1, &(0x7f0000000040)={0x2, 0x200, @remote}, 0x10)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000280)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, {0x1, @multicast}, 0x38, {0x2, 0x4e25, @broadcast}, 'lo\x00'})
ioctl$int_in(r0, 0x5421, &(0x7f0000000300)=0x1000000406)
pipe(&(0x7f0000000200))
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000000c0)={0x7ff, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/sockstat6\x00')
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x745080, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
poll(&(0x7f0000000080)=[{r2, 0x1001}, {0xffffffffffffffff, 0x8}, {r0, 0x1}, {r1, 0x9014}, {r3, 0x420}, {r3, 0x8400}], 0x2000000000000156, 0x8c)
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x10, 0x103)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)

[ 1180.430130] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1180.430130]    program syz-executor.2 not setting count and/or reply_len properly
13:55:46 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:46 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
bind$inet(r0, &(0x7f0000001e80)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
bind$inet(r0, &(0x7f0000003500)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x210000, 0x0)
recvmmsg(r1, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/174, 0xae}, {&(0x7f0000000180)=""/174, 0xae}], 0x2}, 0x81}, {{&(0x7f0000000280)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000300)=""/235, 0xeb}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/216, 0xd8}, {&(0x7f0000000540)=""/2, 0x2}, {&(0x7f0000000580)=""/132, 0x84}, {&(0x7f0000000640)=""/104, 0x68}, {&(0x7f00000006c0)=""/228, 0xe4}, {&(0x7f00000007c0)=""/149, 0x95}], 0x8, &(0x7f0000000900)=""/221, 0xdd}, 0x1}, {{&(0x7f0000000a00)=@caif, 0x80, &(0x7f0000003040)=[{&(0x7f0000000a80)=""/116, 0x74}, {&(0x7f0000000b00)=""/157, 0x9d}, {&(0x7f0000000bc0)=""/235, 0xeb}, {&(0x7f0000000cc0)=""/237, 0xed}, {&(0x7f0000000dc0)=""/141, 0x8d}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000001e80)}, {&(0x7f0000001ec0)=""/104, 0x68}, {&(0x7f0000001f40)=""/195, 0xc3}, {&(0x7f0000002040)=""/4096, 0x1000}], 0xa, &(0x7f0000003100)=""/50, 0x32}, 0x7}, {{&(0x7f0000003140)=@qipcrtr, 0x80, &(0x7f00000046c0)=[{&(0x7f00000031c0)=""/243, 0xf3}, {&(0x7f00000032c0)=""/70, 0x46}, {&(0x7f0000003340)=""/15, 0xf}, {&(0x7f0000003380)=""/221, 0xdd}, {&(0x7f0000003480)=""/127, 0x7f}, {&(0x7f0000003500)}, {&(0x7f0000003540)=""/4096, 0x1000}, {&(0x7f0000004540)=""/128, 0x80}, {&(0x7f00000045c0)=""/215, 0xd7}], 0x9, &(0x7f0000004780)=""/56, 0x38}, 0x5}], 0x4, 0x1104, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:46 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x6, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:46 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffff7804)

13:55:46 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5425, &(0x7f0000000040))

13:55:46 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000080))
write$binfmt_aout(r2, &(0x7f0000000040)=ANY=[@ANYRES64=r3, @ANYRES64, @ANYRES32], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x12)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r6, 0x4c80, 0x0)
ppoll(&(0x7f0000000300)=[{0xffffffffffffffff, 0x20}, {0xffffffffffffffff, 0x9}, {0xffffffffffffffff, 0x28}, {0xffffffffffffffff, 0x80}, {r4, 0x20}, {r0, 0x648c}, {r5, 0x4012}, {r6, 0x20}, {r2, 0x4d}], 0x9, &(0x7f0000000380)={0x77359400}, &(0x7f00000003c0)={[0xd4]}, 0x8)
write$binfmt_aout(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e10000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007aa2ac44e0e12146f66e026e82ec8686a1a63968ad817ccc795827a94e4a"], 0x120)

13:55:46 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="2fae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:46 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 61)

[ 1191.072679] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1191.072679]    program syz-executor.2 not setting count and/or reply_len properly
[ 1191.136073] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1191.136073]    program syz-executor.2 not setting count and/or reply_len properly
13:55:46 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:46 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5427, &(0x7f0000000040))

13:55:46 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = socket(0x1d, 0x4, 0x0)
sendto$inet(r1, &(0x7f0000000000)="7c1349ecef754838362398414866de311ae9183d485949cbf9563350d1bd0ecc", 0x20, 0x24000001, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:46 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffff780a)

13:55:46 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="35ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:46 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x7, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:46 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1191.399201] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1191.399201]    program syz-executor.2 not setting count and/or reply_len properly
13:55:46 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5428, &(0x7f0000000040))

13:55:46 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 62)

[ 1191.450435] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1191.450435]    program syz-executor.2 not setting count and/or reply_len properly
13:55:55 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 63)

13:55:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffffff7f)

13:55:55 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5429, &(0x7f0000000040))

13:55:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="55ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:55:55 executing program 3:
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:55 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x8, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:55 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000180)=ANY=[@ANYBLOB="379a7a110100800018000000", @ANYRES32=<r3=>0xffffffffffffffff, @ANYBLOB="03000000000000002e2f66696c653000"])
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x80101, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f0000000280)={{0x1, 0x1, 0x18, r4, {0x3ad7d2ec}}, './file0\x00'})
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000100)={0x0, 'batadv_slave_1\x00', 0x2}, 0x18)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = socket(0x5, 0x800, 0x9)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f00000001c0)={'mangle\x00', 0x3, [{}, {}, {}, {}, {}]}, 0xffffffffffffff6f)
getpeername$inet(r6, &(0x7f0000000040)={0x2, 0x0, @private}, &(0x7f00000000c0)=0x10)
setsockopt$IP_VS_SO_SET_EDIT(r5, 0x0, 0x483, &(0x7f0000000000)={0x2e, @remote, 0x4e21, 0x3, 'nq\x00', 0x10, 0x9d, 0x11}, 0x2c)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
fdatasync(0xffffffffffffffff)

13:55:55 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000001580)=[{&(0x7f00000000c0)=""/171, 0xab}, {&(0x7f0000000180)=""/145, 0x91}, {&(0x7f0000000240)=""/20, 0x14}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/127, 0x7f}, {&(0x7f00000014c0)=""/152, 0x98}], 0x6}, 0x10160)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:55:55 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5437, &(0x7f0000000040))

13:55:55 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5441, &(0x7f0000000040))

[ 1200.761935] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1200.761935]    program syz-executor.2 not setting count and/or reply_len properly
13:55:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xfffffffb)

13:55:55 executing program 3:
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:55:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="5aae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1200.908053] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1200.908053]    program syz-executor.2 not setting count and/or reply_len properly
13:55:56 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$TCGETA(r2, 0x5405, &(0x7f0000000040))
recvmsg$unix(r2, &(0x7f00000016c0)={&(0x7f0000000080)=@abs, 0x6e, &(0x7f0000001600)=[{&(0x7f0000000100)=""/234, 0xea}, {&(0x7f0000000200)=""/112, 0x70}, {&(0x7f0000000440)=""/173, 0xad}, {&(0x7f0000000280)=""/34, 0x22}, {&(0x7f0000000500)=""/85, 0x55}, {&(0x7f0000000580)=""/85, 0x55}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x7, &(0x7f0000001680)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}, 0x939b2ae2349d27d9)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:55:56 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5450, &(0x7f0000000040))

13:55:56 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58) (fail_nth: 64)

13:55:56 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x10, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:55:56 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1201.216624] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1201.216624]    program syz-executor.2 not setting count and/or reply_len properly
13:56:06 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xfffffffe)

13:56:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x2, 0x0, 0x0, 0x0})

13:56:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5451, &(0x7f0000000040))

13:56:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000040)=0x1)

13:56:06 executing program 3:
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = dup3(r0, r0, 0x0)
sendto$inet(r1, &(0x7f0000000000)="37d7fb1bebf1b65d27f1d17a70da54929fc042aec0ee172664d01ac2516211efd21f043c385d464f42f85cf8de63827c8da51cd98e520dec905acb147466aeb3ee132ce57e9c58169444a48b90be96e5918d469eb3250b8066134c8cc501ebed", 0x60, 0x40, &(0x7f00000000c0)={0x2, 0x4e22, @loopback}, 0x10)
setsockopt$inet_int(r1, 0x0, 0x18, &(0x7f0000000100)=0x8, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x300, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

[ 1210.991409] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1210.991409]    program syz-executor.2 not setting count and/or reply_len properly
13:56:06 executing program 3:
r0 = socket$inet(0x2, 0x0, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5452, &(0x7f0000000040))

13:56:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x500, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$SG_SCSI_RESET(0xffffffffffffffff, 0x2284, 0x0)

13:56:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x20180, 0x0)
fcntl$setsig(r3, 0xa, 0x22)

13:56:06 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xc0ff7f0000)

[ 1211.220495] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1211.220495]    program syz-executor.2 not setting count and/or reply_len properly
13:56:06 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x6, 0x0, 0x0, 0x0})

13:56:06 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x545d, &(0x7f0000000040))

13:56:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x600, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:06 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x6, 0x9, 0x0, 0x6, 0x3, 0x3, 0x9, 0x2f, 0x40, 0x271, 0x13, 0x4, 0x38, 0x2, 0x63fd, 0x5, 0x200}, [{0x4, 0xffff0000, 0x8, 0x1, 0xea3, 0x13, 0x7, 0xffffffff}, {0x2, 0x40, 0x9538, 0x401, 0x1, 0x5, 0xfff, 0x8e}], "b40c109cfa20662e08ef7329d203bc9d21410769ac864e528c0be73f13dcf06d1cf7f67b33771c2a278f16b95e6d67510a064d72d8faab9f6e59498313f5aa2c17621861b759d1e34beab3cca57075f35efa17d89a9606af76db566cf58310792072b4dac02093741ac2c3f9c7bd7f04a50b710a66dc8d6c9cd096df8c4c5ce47530217cd2eb838e51e2bb9803e7bc4bab6c61d22bdcc577ad417fc0863afabecd8555d5823baeb127be09f8b732188d9f83ffeffd89c42ccf135c4824400d74ff0209f961be4c1e399ecf7d35c4a1fa88b2472c8be3c4d7"}, 0x188)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000001900)={0x7, &(0x7f0000001800)=[{0x4, 0xdc, &(0x7f0000000440)="66101fa353d8be789ec4b178c2646662ad3fd614dd6f7ce8864d404a4076e4da813472d15fd1b073b9ffae943143876b0c33523e365c4cc08b721047cdc98e5afea3c7bb1ce1dde8a0e4777f73d314e651100d356988770ea9aa03ba8afc6fc122fb2b57dbd050723c885cb9060c5e18d746f800a3b926fc2796a14653fc906df14e9741066642092e1b6b918c6b861b17d8c3aee806f2662cc0be280d19af756f4e730c0e6277d81e2fbff83018a8c93f9fb29062393972753a845d61d88424ce49b6eeda9f1366208e4e04cbfc97d759b2fd78ca0837b8d9993004", 0x0, 0x1}, {0x4b7, 0x6, &(0x7f0000000000)="f3452bd48d99", 0x0, 0x1}, {0x1, 0xcf, &(0x7f0000000540)="6b2245a989195492f465659b00a3b49d92bfac87a8319322da760c3388bb8c98305dc6532378d946d127c6925dfcc2b7c578455331af6b793eb50163821bb7c3ecafaa3a26f248d57c3f23ff112402ac9fe9786e52932023232b7ae178469b69082965983b36f00fe241ade5ce005b8023b226877ea97260b6c1d913cd0cb566bf7167286ceefcc41d3d188da2ef13401ab1623745e62ad17320b53af85e2d5297a5bf9a9da2fb952459a3a04c87d609315c90637820033b18b85891b7f9695eafb165123f81498556e11cc991ee6b"}, {0x0, 0x8b, &(0x7f00000000c0)="d0d360c84f8d4067a699dc302f9ff35ea78a1b1a03cf974c4b00b79e6cfac8cacf3d24a947180136883432001251da98f42bc671661ad285903618bf4c21b193bdec64a3e2827e5ddea5d8217ff80703f75f3736adea0f6ee3d6bbef0a2e86532ea1de5672d4034438b654c514fadd1b2a4f5de9103bd0b85264c670405b647990796aace124f3f1d496e4", 0x0, 0x1}, {0x5, 0xa2, &(0x7f0000000640)="cd20f616ce250e7eb0ca4e3ac6533e9f62bd8a4d7f887aa5c27836a257843c2ce6c3905d7a10afdcd35d629cc1fa22e65d3d96b16539b1b07c05939d45b4bc20803a4193dbd29a9e4edefbba26697e21e673fd4886d5e4cbc93dd6ee6a5077bd0edd87bafc8579f2b15a06fb4bc4ae4aa7ae668f74d9339912007ae0f079a1190f17b48d01cce3cc5964d1f1a9375fb22046ed70c6c462a697d7a6c0e2096e400dcc", 0x1, 0x1}, {0x9, 0x1000, &(0x7f0000000700)="113acf7d5357c819a03ef8cd66d346a519ddd4dea2523d71e0895f77bf49eac9001adebb1fa6ed321fa356a437892c1588d148ca493e6ff9e60265cdc41eb800c614f4f9f6383c0012de7446ce68e1ca6c361ba6a83bb7c75811c4c03f7422352a1cb8cd939e54d1e279bab305093f02e4d842106c3824dfe96a7f77d4c45f2cf8e7930919f9284b25f182c0e4259dc7d584311b6d621648b83c83ac27f669064f3a9d13fe84c126cc886d1add2b5734b380b2af45464cf3352bd2b3888d904ab1cc9bfa1736db2af74131ccbfe463849f0d93e20c7ef334b0a2767614d245b95c9f8b973229732fd184d52cc1efb843d73f56cf7576c7b9d759f04539eb8b0a9eba9ce17c0bd692bd2ad1e80f212bda0e55fa5a4d26b890682e7e6073ffaf76d5b9d133852c6d5874af20acc3bf018836fae3a98b5dca967937a48c2c6bbc2c27d9abe0be7505e16000d4ea5efa36774ce8c588b7e29de0e2955cd22573400349653e1e9e0773ed74422033a4152f123f58a30cfc357daa43b67dffecbc5d0517dfb65d3abc950ef0243a37ca398ad06c534b0d999363d52c4ae474957b0a1757e3fc100ce197af3331a9d008cac389fc6609c3227c358b75064fc1597c8e14bf01ff3b29eb08c42ad78357efb47353db0e47abaaf309398d94032befa641a11b5173cd93bcfaf9c74de82b3235537ffbef7a5e31d077522a8cab3fabe3d62c4120c52cb3413f0590c6c341bcf6f9689259b7225b6fbd3099b976969659c8da419ecad38ee739b90b491ef8028c0fc72b62bb9d175186d1296558580b75e04776a7c0a70b32f5a23d391aadfb6d78885d3fd775aabd44f24f129e6c97917148b21b6618e07ffb3d1edb62c3a56b185ae01e43e070db785376d4bae07c8ede2f2d1e14c2b3e9679c4e995ab48918d1e6d660a9009caab57b1055f2fe55823951e4604d4246d69376b3a191b2dd7645764e7289a54cc3a8f0c1f8f2e8452bffeea6b5349d61774e17052fba54ca997f72ec01116c734ecbf12fa94f571b4ee06c3b6f1761a4d23e2f2b1055e8518c6e17254c6ce030aa05b3354bfa10219c3ca3ba980379e2f2f744db97a7886a02188aacf3cf0b720035753062794bce4d41aa352d54ce58379ab472ca86357bfadd68e7d480d652811be95c81bf33cb47466b66b6f9edc78a805756ff921a47c3b9b887cd76361ed3ebccfb2e7f549886771743fa205480804f011d20fbad8ec26c809ead76b33f990f646c9d3cd6c355e2ee14b152c80cde33ed0297807d9f7e17152a10c89f207d80e1d4f226871f4545f9bf82406875a18b157ce54050f98cfa863aa9e90424e3b6760b1073b7251e7a8fdb8c9127acbfb11c32e22b96fe743e3f4749c130d2de2192ce822ea610289e9652a35f4c28085cbc1669e01991a61e4dbf867cb0f407a86b7a0f85ea635ba4c5fa225d79c1c85a39e4df1c03dbe5263809c35c26f5187d6c4b2a580005f916d88bab2ef9f77bc55f4cb3ba680042a11cb87dd8fec16170274875f675dbbd9bf8b95aa214934d7ae33744adf2691fc6415ae0142bbe3eddaae4013e3efd1deffad84cf92a785dd87b93be6f3c4a92ee0971fa1c7bc33db1e9bb93b69107569cad1e6981049a78521aad8b953e62d21c0d51cf4f691a93b05d535bef8bf37fc58dbcebb8d4d11520be1beea021f498cda23897f7eb25b993da281b52d8e26bd5aca2a0c1c9842021d4526dd419233e785aad1f6c0203251327f0edc2a824dca46b5e5b0c741a3a7a702c2936b7bfe10e75f6fca3fbf6de846d120968369ccbf702ae0dc9c387887d5c0c0bc26261a9d2f23884c7a93c6ab81b31d7c8622fdbd4cced3d60bd9d442f839b057e2399846c03d99c18a247c26df4089c0bd6b6e1aedc8cd0de7cd100919b379d5d470149d4c145263bd2be9800b02f3155ce8ea5c280da5e59f71eb583b8428b8aa94016a79beea8586b2aadd209de0c0a3e898c3c2436c5c874b25df223b341c8318be4be84829f3fd386b661af9c6dbf6086a93d82c34bbd16f49beb065ce676374fac374c5a3222d6a7bde21bec9a4339a86bb0109d59eb786b75bbb0fb23c8e09a4feb73591853006293858d728e44976e052d8d0c00e878e0361316bf706b61263cf1cf7c27fa2cf29a1c4f6252b056fd04dacef73764189c81f40152525962c2965131ac9711eda63dfe886d80c3e880db38ae7ec9ac7369ee86ebfd5d6dc6d66d1b1b16af6d339bbed6fd05caac8e4c371bbea639e940aaa47e835ee9b69d7cd52e6e630981d383796b0babbc88c0a3a50fcfe3a39ffd9a19d2e5904c3430b4b4decc4436844f0f9c22cee29b8b8fa256ee32471da14fe6f00c1fbc99740b812aa9f5a10ec38ad623853a98aab6a4ef27dd78df24b3d320009999f4495f287f4cea9863d8767c55d146cf089b2473543ea71099535d9a33803975da5cd68dcb9775210ab9d5afb61d5e7643b2b4d03637fc0adcda1dee79b5ae331807cda7698b137e5d5c69020c90946671affc5ee1ebcaaeba34fbcc421258383d0374a4efcaa71265ef2289d1305c1c1ca52b3ccd9742f3d26e61960ec71251f64199e727f936e6cdeacbaf997d1576d8c00592a37bd979762324876e162f02263c826b6f5bad12ba4a35df1f2f12918cc71f526873d8dd7b2ccc085b01d678176d1fea6975984754aa4cdc67523503bc58ae640b8881cc09a5f421933f1fbdd460be24140e5ac7cf5fbfe91253e515bbc86f2bed300735c57f8b958a68bfbdd8f6f2b8eec3e8239e1af6726c20b1c8ca4918edce42cdc5f6bccf9532d88a885a92446489fcda95b8f1bf884706891881e59a601a07bbace6d32e880da84012b70ce440b4f4bc7eaa1cada3a4db644ba0d7685350a70ed7c91a735d9df797f14ce7e64b0a193824e1dd0aa289242e45d2803c1d109fda446c51688efe8de1583fe585c58bb90b9c0c256ec42a945584df3bd808ec548642e6b563abe6ac93d5e744222cce954a55a0714f17228a659255d7927f6f4a29a4491e62d261133065e3e629e2e9b9a584748d1a72455a8a43f8da569fc6a2241610001eb6caee3d3361291f84d126a4987b77d890e0693d248880ef0b5c30cd0101b8a06a8e91d744ff7165eb011b9e6b3e46530f0ff6736b7961b7955dfd93ccc63e18918c3e054115ff79cda2ad0e12fc7a0cdf3154a76c23e522e7bb772f22b25941a678542546b1f6f01c8bc3fd5cbbaa5d05ab92e3d9bc6eb0d367926d9ba35eefcea43e7458950000e8a03b3f71af4097c82fe3c69f8c715b3a8ab12ad1783e773e22c39a08a2a90e07b486c1e5fe41001eab5d03250bf4b5bcfd87c4e7762914e879d8c76e8cade2429300d2e49f50b86f3c7a130584e3a20318984305899c3d91297bc2a395ca7c814a165d8f946ca83402be2f4d0a0e23f7792bad77f2d623293a58ab808492c27d98fc88f100dcafb833e06516f367bbc200aaa01bbba0ff46a60f6b64600beb5f660942884b3698bf99a022640b1ec4cd5ed9f81a970a4fae10e56f8ad9994c210bf644e776131b80e4c142c19ac3638455247918b7f09b9f1e50127bcde20a37f5163ffe81714353fa5d6ae10e2021dd4c92f8c2dc4640e86d6b4fbcd0af269e9750b60bb69ad15cef56073ea2adeecf2a6e00352d7fd5c9a1b96c2031d1d5e5376547e2c338c6bf45abdb1bed3c0a280f7032a8b82cc90ec7ec70bb31ef346ab1ba066e0424cdb8c3de246845f40032eaa2d79cff12ad5666d36b5fed6a2fad1d50bd24e2943ec7b658c09524d2e78d21245bc9e1fcfaa7c1e3166f328fd4aeb184c7b99d619a4ebe8fdc8bbb5d9aafd11f3f6fa764889565c7b54c5a15938a574a00418c0bb722d10ca1c13bf38a5ba990ae8ca7ae08f9d3ca05064b3500ad87045d6da8b27d95099a2867652f3812c32f0c55e895c9e66e22f4a3ebb94834abfabcf58f90807c095c759afbbded6767c31741b722dcd1e5d2a16953740b22f9eafe37092f554fdee0d6c91e8744839c2a1c7c4acf2b5d9af4971c3d1b7a917c3980fdb03a5e061d48268f0654b8915d6687f93c04de3e146af28c12de5995eb0ccced52163175a0abc62d29e1c39cfd1e55a9cdf3f271f73737b96946dda16d291386dd96dadd392c72f7d148a5ba5f472236635ad3618a5060633f33da9c13e20a590ae21ba605c5082163e84bd236766c3ee3b149132686fe68389da02eafa403debf5fd3c41078cc3a30fd19ab239b5089ddca9ce19d94b0368bb775d472072042f94fe20bb802180f156e2d7ad9357b5043ccdcb7edb41badf927acd10e4c210d31984dfdc7d339e80ba77c48df4b1577958fd6278b75c0d6a6e71c5471aa4b63774fe176720736ad8817426afcf205964158de66344e6baf626aa8507ae0129390664f101fddb631dfa1a0d0b5f55138ed4bd97d572fc4f472118baea79c64096b8057d99c7e4b00ac34bca528e4cfa93393fe9ee0f06796dc4f805aedb3290c439e50e1c7fe76d9675715080f6e5f4105b35f7c97a64da4c8a62edc1fa62ae56e291a180d666c4e9f495ce90c458ac386d3f0e29375813a119852fc8c3ce57062b06a0cf24bee445d38d08ad0864102f06db53a987bd8b9a460aa36fce1c0321e1c9253395e29d508724496f9cdd0013ff4f7a4efce714a9fea1ddfffa1ee18b2dd1a9a47ca3fd70a94d67df14ebbc871b92eb2c47d2093fd9e31d393df8da1824cb1a8342c36fbc93042c6e52036f2118049b440770e82e388c5c96e5a60ae48beede7005db5d1de9b7c6c7f8636fb29594cbd321381a2eb27d64cca71eae1c86ec8e2d9cccabfb26079f371bfde1c2b47513dab3ee89e75b756b690261bd8d989e2dc7fb6b9851e21d31c850a3074dc6ffbebd65f1ab4f4e2e99241906b0f7b64ba7cc5be3553f981388b42a79f66e94d682e82fff27e2df9df48f6d933ddd9b849918d59a3aa1cd4354f1ae2e6b264552261442905588a3ad93db4e30d1f98cb4aef660a73a902491a097e1e17238df17d1da49ac16809e30e58780427dbe35a9afc6af8f0d433ebbc53556bdfd2cafbf1412045337775aac28622f52c7a28457e3e2b91b75190164a556fe3696a6c1f2d4f3ce463c1b33f05b4cd05633042f38b01b7588723f110039effeaaaa47a2476da9c1c0aaff98a6c8bb8a0936893775714916bfb8c496770b597dfe97f719f95535799a270a7ceb4ea9dbc22556c0cbdc344e2eb70b6b72153a895bc5d30b7f0172aeb661cefc7714dfd989ec0da2b7f1ac88d91fa5595b29e8793c8595b54e111ab89b3a865852fdf28a7b00ae6412604adce009eb2ea9e072dc6826770d7562981f5f07ff99d2f220344ef2a50b437ea5fbb026cb0a042e9ab132513d2f848e195b3af3c5030263ab0a803854da70a8a8310e961b265cc1b9e03c7adafd33c2d72eb32016d85e8498f3adc42823508e38d0f8990b04535920c63f71de8de7f16ba034a5cb13b4d463630168886fe7367ad66ba6c34f8d5ff829e06a22439987ad028a3270d0eef0340ed025c8295bfbda4dbf31443d0085dd974690521c12a1c91b2fff92b7a3b039525816ccc2247ca808e956ca1e9959a0bd4af33d6b5c1fe3b5264cef97c8190ad0944051c1e9ff074e0bc44b76c33f0d43493c71a27e9b22e4a2f7c212be17d10727590c72337badd76496508de78a09e06c4db52387ed143956d755609a02e2e489e5cf052b4d6e03b7a0fa0cdb9b52d33b9cb994c9f0e497a6ff74f993284791723a0778c740da0cb07a8bd88bc69e1500eec"}, {0x5, 0xe0, &(0x7f0000001700)="a065f864ca8715954ed6a2d5032b76ed4097a4964d0c926714cb8a83e9761a8390e932cee5212dac4da5cc45cb644d53a47a041b17016fcec34f43504e03a979eafcbe350373c0fdd712ca61456e1fbfcd5873d7df03d85369bf06562b5206ef914aa00055ad4903900f75cfaae7ff8fed8bf97183aee34f48aba79e629f6e04f12761b77856c37655dffc1b807a58adbe2a92f83b0d7e90b6cf24f7ec91679c273e713b7b1d2ad678e392e1795df9f1e62f5d778f5480e6f034bdc9155dc05c30e80ffcc3b42e05242c785c49c4eba6cf14e069dfc146576ad6111ab74dcbf3", 0x1}]})
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000040)={'wg2\x00', <r2=>0x0})
ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f00000001c0)={0x0, @llc={0x1a, 0x3, 0x8, 0x5b, 0x93, 0x9, @local}, @rc={0x1f, @none, 0x6}, @xdp={0x2c, 0x4, r2, 0x29}, 0x1, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_team\x00', 0xfffffffffffff559, 0x200, 0x5})

13:56:06 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x7f000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[ 1211.516202] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1211.516202]    program syz-executor.2 not setting count and/or reply_len properly
[ 1211.549717] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1211.549717]    program syz-executor.2 not setting count and/or reply_len properly
13:56:16 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5460, &(0x7f0000000040))

13:56:16 executing program 3:
r0 = socket$inet(0x2, 0x0, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:16 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = syz_open_dev$vcsu(&(0x7f0000000000), 0x5, 0x10d603)
sendto$inet(r1, &(0x7f0000000040)="c5d9481aa0", 0xfffffe5c, 0x40000, &(0x7f00000000c0)={0x2, 0x4e21, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:16 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000002, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r2 = dup2(r1, r0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r3=>r0}, './file0\x00'})
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0xd28, 0xfffffffb, 0x99, 0x80000001, 0x0, 0xffffffffffffffff})
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r6, 0x4c80, 0x0)
sendmsg$netlink(r2, &(0x7f00000065c0)={&(0x7f0000000100)=@kern={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000006340)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="bc0200003c0020002abd7000fbdbdf2508007400", @ANYRES32, @ANYBLOB="6d07e4f18526c442a83979bfcc54741d05949b68919690df9c29a0a01398bf867a1bfdb7c56c4563939482633db92099ada07b2155359fb9f011fb28dcd72d8f22c410b6435db583dd5bb27fc0130d698721dd4ad0ea407d68f68b10a084036f5d3550ad19ee0a3935acdc414fa20dbd3bfcd59a2b0c9717932454c1162561ef8cf1ff2b5698e16caea77ee6da20a3ddef48583f69ec1c9f944f4db8b212bb3764dbc209e19b7493c53eaad8a91fd780d3c7a8b22c4d47e53ca35524852c0b03347426c4e8516edddac7b55104eaf8bc81b4612264af3922f001c215fa900b0defe24b1df6f99bfe5e47c5dcd9826856abc6b2b92c320e3fa1f98806e3678bb8e8a2f3a883ddc71266ff8797c4d48c908974fa9e2415eec43f5f35fd70a26fa0c250176b9e52204936122eff186b90109c2b61fdde3f52d755950bc6b7b1970419703e42fe8f076766dd063bd1ebabffacf6ac3d69ea0ed1a9b211997c38eeb54d3399a46ecc5a1ee2f93712a2389ab14256228ce637dc82756cfad776d5a72ad57d8f08db14f7ffc92d029ac18e1641f8277a9b410212a2c8ddb4c733fc940ae3f03c4d52d791faa14fe5eca52816622910605497f358e24f58b53e3ce9a9e8a1a63d8f82b32d4651c821e621c4b48bfc67382594fa34d0e311c94c5f2bbac9c12de89efa1dc6e747501fd8425fc927965958bbf6a26bb56be7295b0a54c05685551b7f8b02821a01190a0dd56f223c478b5898bb835af48f8a6d74a6d41c6d97c94621d725846c21b53c22fe58fecc46d0a1fe97254afc129cbc1e5e1fabfcd66f8faedb41d773894f7121552fc825544a10a057c607255fc8044091a9251d3c1d0513ae71bd4ad01ff654eb6d13a01a008580d2978bc146d748d8aa52432866989ab7e019db458bb800000349aff38bc812bb19a9f89eb36861"], 0x2bc}, {&(0x7f0000006600)={0x36d4, 0x32, 0x200, 0x70bd2d, 0x25dfdbfc, "", [@typed={0x8, 0x5b, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x29}}, @generic="100c0dcb66545ec42949828895f18ccf7ad237f266e909d5684c7abd26a782bbe3e417ec3872476ecb45c07776325e1e8878fa36a1073bc2f970a3102e8d1d358d31d2bec1901a22520ee9bf6d52b0113ece970b84559087cb0837d1b68f941097873ff4519acaa41767db70a7b252bd636fd78b51ba3b776818b4bea9632c72f265c9d80c8f37ba4998371b9b93b6e93dfedfb6bf13e17b7d3b111f142cea926f0dc08ac034ea151a3160f4eeb0c2f5d7b1d6f411e96317dbe30e8f5be94742d7d7dc", @nested={0x3ee, 0x64, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @pid}, @generic="51a14d12e0a666677304932b459167411ee1032e47ad8d19", @generic="edd5f3b127a3001a34cda523d830c7aa54da51053446019561d7cc125f3c5c24886384b6272fb33be06663eec9a3134daad2450e284c8c0a3ac7ad94192db46e48c77019a074308aeeef40c26c3214afe2ea192e39f6e625145623f1c9900564795d9ef951d545837826c525feb8fee0b4e9d9e7091ce8f4225f0e0a4626129a7c196dc398e1d71057f6f31a37d8aa7c377fc8d4ec15541a9052041b920f2a1e235de3d3fb2456dd289d5461958b35e227b56e66be5606058b14b156aaf1004d7e1336d182f0e758f2c6b625e603e539b9632c07a5dbc56a534cc085b47c3efe44fc8c356898742382b9d5ed5f9b9521d34511b394", @generic="4f73bd298619ccb0e4045b64fecddf27db771f58df5dc7a48e878dd3ca02e88cd3a45398ad1940cbf403cdddce47011a3f5a75807bc0f593b5bb473cb306753ac264d59fdfba96bd2dd0be41634543f735527451f99744e23723718412e0932bbb499a6eef54f8d8c0eff7e5948d55ab4f5ed8ab86ba1cd4de4c9491603ade1aecc5a0834ca63abac39900c6207b6356bf6720858079853023f413a464a01d9909c79a0448c5f6e00a", @generic="957d2f766d9f3cc489e5c03b5cf2f4ef5751b5dea831d4251725204679aff563b75920ab1df3ef22fd5d43bdb0eeebc1223d2c5fc00a7a75ce4a2f572b1e2d051434137fb3eb84dc214733273b42db42f47c7af0a0bdcaf4018c862790e1059b73c9a346c381d3b11737dbc18895da4f76e830f702bf86afb4c9a5097b65644344ea4694f692", @typed={0xc, 0x11, 0x0, 0x0, @u64=0xfffffffffffffff9}, @generic="e5b8fb3c5f8d5454881a69ca3c13e34ec203bf3700604449723fe3df8ef0368c31b82ad5982713fbc7f9606c739eb6ff4cb212f42c2b9622b7821c7138e8e3dfa5376202bcc01475be814fb369265ff3e58c09a72912ac859e1d6cfb39b335e7cdf8930eb418952a0c884a8a06375d74d8ca24978b7c7ca344cd909005548e493a99fbec45c49cd52d056e57d2de1505d42f5396fe7f9f4d430b2bfd3648", @typed={0x8, 0x5f, 0x0, 0x0, @fd=r1}, @generic="f3191b694fa4d2b80716ec4b6656851f15d7674b59a38ef41e6080366eadddfe47c4f27ace2f5a74d77ea217845ad5be675d405d4023bdb9e46db299025f6ca86d091f095599e0b7180526b6e29df851b4afe18bf8456117a75d61d99e712bcaafd018befea4fcd7925155df9432c65e2335cd406c24ea5f3bbeecb7db1ab945fe9f9a10a0ce6c4cf91a8cde81f34f80efc2732db16212f79cecf8dd7795607e9eb6c3364e382256ef9324bc1c21b64b4a0a6e56a4bbf092bef5d0f7171ff169182095acc1e55522b8795b2f3534c7c1092c18d227f2a3a63c17c0706227862d8c4d80a3b7c1f3a5f1a37819cfc96e3019b77ae3"]}, @nested={0x1091, 0x6, 0x0, 0x1, [@generic="30619c970d01315b90182917bee073cad2755f39df8156818a7c85fe647d5e4ca81e5d8ab433cb32858793f47f76179183fa3408d6ccbc37dc01f4c094a2725e1cea2c424b391950208026a76ca67d30f4e01e3d7e7a86ed033e7836e847099877d620dd7f19894c69d6a84bf2c218139bf51a8b8b65182ef117015d4881efcde2dbc210413e475e231b21b3e3e0982fcf9e4d3eb4f95f28766fbd14b99da06bf1e99173d15956144742326d0e66d74235bd8fe4ecb5b61c46bcc8f02f626aa2ec21bb9b02714f460a268920ec0bfe4a88757872f65d9e7c0d1d3ed01dd65e8938a4a11eba0545ed3c99c274a0e360142ef8865ec8f80d2a7f7e99b1a903679310f56fda8c6a1268a392343ad7880eb65c9aae017b62a913606a111e5cdbcab9403a14074ddf38810b630986d0b117b18b5f065840f6006ac8a19b6d390216879c8f7c5d4d846b9835d6814efcebd73bde36e0a6163dd5d46b5ae841ad96acfbb5165c6eabdad689694604b67e99a9071a5ea55c41dbb83b81d60ac0c2a3b98c1d03e88185717229e482fc71f87104308893e11b4ebd1f9b18db46ba27f60354145bbb302ac77c2384e6f499107844e2660ec7e079c865d1c0f5f672a5d635942a8ca7119677420a085110d2931e4029eed33486fbfe0472ff389ad0b4a7453b543ca4a6f7690136fad6962e1ae2d8309ee5610a1f57766068827f1e80484b28e834cb34993d351e417d3e97c85620c76e4f52b3aa39ca2ceb6f737b823d90009179c71501838dff78b87881ce0ba491ac9f4f9d1bac59b3cd06bb84668d0bb778bee46ecc04dd20401f18a05edb66c00763f1e9dcee083143207137016f66079c7bcdeda8479965ec9571a62220617e70144f3bf0015b6006ef456833dde6522677e8598f0d0d3dc314ca8a36d9343d86510bbf4d42a94e2ad84290136acf211bb4d62c54680e3f1b3e83b261a427f83532993aabb0b57f62fc1ddde01a11bbb986ec46fa0215cfa76841e935beead18a45183276aea5332209ae595482ec2205b0e376c4435c278e20ec7db14cd715daa17a599f579278a5b8eb50cbba4dc9192f593364766cbda29bf08e84588b81e57819b7e9505a7cdb0a6e6df933f80de92aeb5425f97fd553748f60878088187509ebbe739fff9a1db68896572c94dc364ebe09a26099964d907b5c67c6a13ab0ff1cac67da2e5c9edad1c2a4c56f76b5773d7d53ef56acc4785a48bf0f25c2a14b7c4850515bf9d0feb3ce82eddaa1b9851c9c1b298267c41075151a4a8e71b12dd028509077d5de5e81038d4d60d1cc03ae5943b9dadf24ab273f7beaa6ae57fb5bed6a2a3c799a048030490da0dc0f92a04514813a1ec666b29b768a222b195ee32e21b23e96a5b229048cee4a07d573c69ea3e9d789b61e7aa7ca58b374b6e7cb3234e4de7403d5db1374b4a1eb7095d2a4201b7a175f9a51fcc8109cb3d8e110d2fcca472db3980d9664baedb50e8c8aaf2e2c5b62cdecdc018c395ce7e01eb0e6522a6c7e0ded454307ccbbdc541aafe22874d6f971b4e5a3782f5c33c29859de6119c10219cdaefca5b3ee8a6f7b34b6ea9cf970dadc719a18c48dddc6072be8b61e1b411b37f4dd86500fb63b69617dcbdd51d3b1497f81d9267f86410822384875dc506e7f94dba326020730959b9c2d2db0b8f5f7ffdfdff40d6834bdec8b474ceb1eff95e228aee1f1432a25e803340390290e0baba350aa8c10f15ece914670e2410e0ccfe6795cdc48a302b8723b2fef01aa6f3d60ddc12cd159e13214e04c370262f8af8e129a79ce298d14209b4224fab386873cb89badd61e0ad07d55d59bdc137c773216d9cb553ac4280ad4119aef96f58142544f8c77fb27bf005dd45f7e6c7c453084785c6297c494752aae51fb9ffa6af690dee1957dce734f39baed7cb15c04b15ec6f976621bccbe54ced6639d095b33553034d40288331e064519d47b48496bcd11d27608b15c50e236f36eb6ab977b5e0e6985c02627d41dcb786f8a3adfd7ae6e02b5d5ff12c599e20b2ae0e9dcfca24560b3074c4203775c8a4f92c6b9a3a54e6ac3e0723a407a9ef8af965adea237d4a4938fa66e39558ffc6027c2d92d902a4b45950efbe9bac9d7a6518321e93008ce8d75732b0802b205ce5f2c73cbae3e92f8d4083a75cdba2c5cad89372a78b949d1c9847a7e4ad8bcbefe33b6d14a5878bc69be4fe5ff8ff46143c618eebc3805e4b41df24abc13a73fa1c0f90e319f5761eac2c562ea355e159de723108937ec134963f7c859082354d07b0edeab31ca522b5072946bb4d24c160359cdc1fb79d15873edc8899bfc8afcaba0c0ed42e643608c37614a62a7e6c1574ad6a52af8b395b898ae7a4eb4015bfcef9e481aeabd9f70094f49f4c4ea2370de58060ba1c54e2fdd74de5ae424f78ee681af91cfd02f3b022da070cc652b0361d267322c31cb0b5bf15e95e014e78a3864f2478bdffcf0243917a663aea9a743b3530fb18c4eb846445e96194526e65fc40f330ffe2311105836b36afac65e0c53bfbca7c7b6c19382c2b9d92cf28fb2e60c6afc73f6b288af82da01cbcaa9d7067cd769691b374f9655e2d1026d12ac914b9881a8e76d902e79ac1452afdf21d7cf5d70b0421dd6a5af2137c00e4c7535aa030616a15e84920b7e03d7db58b8c6795908e85dfccec76a0691e6c98e366fa78c51b496807dc2da238a927f7eedf50f7abae16a1f8d9536aae014630788ce4e028c9077292ec25dcc4954fbc6f27f7d29b0688c12c0420a3670764728213d1e008104e01bed3142b5bd822e52c13bb1e465d259625a0972b94448ad756e2ee33aa934e2275c3d27510397c07e0596725bcc4b0624c442048f15ede9897ef12156c5878c617de0276ac1fa2f03e2020a70e6174b661487b4c102fdc18001b1a22a7f873af0010e21bb686f86d032eabab1fe8c1a64ebdd3f7f3b298da4d66731c71cfe7816210a5f2d8922868ffcdd991926f61c127592e07e7b737e23aacf15625645b97d93a460db7de54a4577eeeef4d4cf9b1cddcf6ac73c020b912a021ff21571a7ace1ce575e68d5ace17cf3a8ac7105d189cb3ad581632c53788c1f9467dba5a32f8277cb94c07dfb861712063b15d6f36ef287cb81211acf09a59eb0477cdcb8ffa72bf7dc83877aa0f5e33898d1da77cee477cd3f3fba2dce13af7e9827c65f91c4a46c1a9f069ff84b1358dbed3eed7ad6d78cdb535f93af1d4eb15d196cbc0f740d36c979395dc7e285fdc21b14b669d55b3a0c8eb88816849193d94115524e93b4f781262e00235269e3ce5b4a9396e15fa402cf50fabf3524314591fa7c3e9e0384a22ee5d0d1572a76e3546bb6bf5b80a17973b008e6540b10a91849072c6aac464b7942d28b76698bbd2a0c074dff555e39076f75fd2b8459eb67cb8223cc5faa6c9206abe298a6d9885b30a8f74237b02861d6e75972c78c2955587361b744e6ead3120b74505b7d05181ec27ad532990355ceca71bcc2150c51b7347801fd05cf58fc7387d01ff7b92fd9d887c7113288c24c15b1109d70894c685af491be9a58d1bf381bc3232a387992e6ed26fa4f4d2e030d28c69a15e56b64681b3d34a4d5304e25862e9a7761c5a67f7c527e43a640c0627f0400857fc6fc2fa49b1811f88ebd0b4a523675f9ac9a77ad58056d3cc9d4a46f5135a38d033d72f0d308b1a8998fce0056a880fe91971f4081a3929a8f176e4fc378813b6ae0cc349f83ea6273a3b3eae85e7cf7c063af1cb41f6d49493bc2d43c19930b4565fd095b2010c7a98e40a7e7e635577781306e010bdfe59520ab8249c96ef687d447c901a264394be866e4370ce0b220716be9f498c3625e5236b64366bdd34bd19b551f350e17e8a014415fabb6eadbecd411476bc542d1648e9d8af0110d2ad686b9551f709a5d6f2d91a4b84ae18f1ef1252e6640fd852538c43a588a05dd1dc26965f28e0fcb2a89243bccd52bbb5fd35ba309b6c6f0ff58ca25dfe2f43d7ea526a7495bc62dba6158623d9957593eca131c685750b2bc8c1efad0cf9dbf0b2b3b52c4200d4269ccef82aa1191cbf1b849c75fe404072d3fec4e07059a6a4da7934eb76d0cd4edde51d4c03b9c4f214aa18fd98f791afcb9387c7b38bd0d13b143d0aca19477495e143d20e7ee56d8fbdf68ff22e017a34e76cc182cc652f4c0ce7186ad0dcb66f102adbfacc2623e93a349a21bd8ea54cebaef48b6f8fc289ed5953ae43da430ddad1fcf23e8e0521e9baa7d6f16875e9d40c6b8971db55e10a071f2d857497c46264364796c3dd3cdc9f10647d27145c9a05930e29f3a0280a86a155114109099881fb75da224a097979cfef5e4dd959b46e650d826e3f0d7d459a9d80fc2638729e91d9811ce15056c37dad21e12426c71f5d2c6e6bfb4325bd2b6c02910ead750412409482fa6f95236a1114e114f92928a988f7cf5340cf57d6c3515532db36d87c668ca40e9caf912915dadcd366de3525a3f02987fc6e5baa1d21e3626460b6ff175e45885c009493ee86a681bb8b049e1adeb2cc8c9cfe81aa8bc6fe5a4a41e4d16bd5d7134417204203d243ab5b47b2efb17a32e73322634048f7b9d3fb7196c3f765cac4453f503832d7966041ac6b3da684ddd5b7abbbb4418a5c7058526fb0f0f9fe5cd11ab51d76d77f4ff8ff0b15b0141859cce6b554093bad72900ad39e20211a5ec74402e78af664747ddeedd8ba874bff5b7cdaa15dd84f2d7fbf29c3ab413b7021f401eeba97351001219fa2ac3e854cf5a8ba8742f8d40d4102a3fb45604b1d961c212b4464e48af12a8cc2ae766f20f5e44c5b0dc799b74cd5f5fc34bdcc98fb0fe34322615acf8d94d69bba649e61072436d588b682e8ecf20ebb298406392e24d12f184dac34440db3e8f35f083c112ce694c2bd4340b3b5a5b7279dce412912ecd1eafe9afd2f2ab24e7810b050482f8df11f52b038b8974b7cb4b38edd0030cb5ad1e8b34d5bb32512a4d8a0def15ff9697fb76d77b423aaea2304148bdc47ade9b5bbcf33ed29e52c1620360b43e97585fa2d369f7ad4f9d74bd40d428e670872d2ae8899119486332df2bb07b81af246b1de044f466ac11c56bfb935aa0343cc19d3c22329db489baf0132357741118763426b977437693676896b61dc061d37ae57557e02d410cdfef59855944771326c4d6e8d0cec9056f4e87fe89ac5c39a98e7214e15a1e3885a63cb39ee959d743f5899dd5e1f6e67b89bb4e53484c158c6bcdd49f84a2e7d2724c73be65980e3b016fb1138664e587bedbe9d6f7b4dfb75d7b66c795d3ead868ade8da8ffd64e272dc9d1c59b914ef286bd5fe1714568cde2b98e7dde4b4b963cafed38ba4ded3e445d13f45ada83682d24a173854e801ff172f88c523e799cff90a17a5df229b0b4160975c1fb5101fd338a22643b89683dd881d72db4bb417ecb3064f1b7516a9c82740ab8588da8f8b6f0470853351e484e45ebb1a867a1349570d165b7855666541a85899c49959d5e03403c6e986ee29264968f5d294a9ed33858916a16734bd9e578e67240ff19545fa9a72f0c38d0c1ec5beac55aee30e7db5575672172e814910d3f758ec985e3fd3df084480b64689afefdc20a964de8ba9dff0c1451aaca1e5c9c3573ed72326d481774c548a4a1ec4bb528eccedb0eb471abc64bc31f8ef3426f59736b4313d98d9c32f8af71ed5776ac274ba380e7b4842856de1f50dba6808c9964df9c75de0209d9563aea889121b833cdd270693", @typed={0x8, 0x11, 0x0, 0x0, @pid}, @generic="ba1352438107361b25d8bb9b0554aec18768129229a796ed05bdb61304c994a1dd9ee373fdb0d6649c7a8404071c2fc8bcff279969bcb7bc5b061c87f5f6d41159a31446aa5b269cba891fcc5c258c595720d39805698fd47d161af51044cc4fbe4fb8a0f19a033aa210c7a9bfde0da3d1008472d072c1aa76681de99418105351b3e7c45d", @generic]}, @typed={0x2d, 0x27, 0x0, 0x0, @binary="7a89964bdfbd430f7c91fcad87c349790e6c291c2a02d4621a3685a17ce75cd261ff1d1325eb224a97"}, @nested={0x2133, 0x57, 0x0, 0x1, [@typed={0xc, 0x6, 0x0, 0x0, @u64=0x1f}, @typed={0x8, 0x8c, 0x0, 0x0, @pid}, @generic="07d126a4340dbf1698ce486c24c025851bdffbfdd624ab095191876e7dd14a1d4c25494f201ad03409567ee02e70346d7b1057715a74e83d7163dad874cefc5bba718e8df0ab3b1b7a2b7af4187d7345866cf307b69a551924a01c8e69b92de772748b6a470d6b6e220d0c748735f03e2ca3a9c14f19d8c0425a13753c7447ee9870f0a4bf4fc624057c92ad71bae3160ae77711f1f264db49f7a69665f874819ed5a54ddedce5bee2cf6283d51e5086f36356338fa55e372a602cc8be2e4f4ab10b616231c9122565ec73aaaaaf8392f7e85e6e519d1d611a3d16eb78b085d5b43d62a770b097b0212d3f20c885b0eb90332f191c6eea30c6af4ea02fd3af01984cccd8fe8148b235c1d76e2a411631de40a99615fde749583174623bf5710e78d46256e35ba1db4e162fb65a98026efeef3e4ab1c41d1399dc0072031fdec3328fb994d266d23abbf42159c8ba16203b629d1866aa2540dbb64a8605665297e0ce7cfba5fa9ebdd677dc9b55b5f9eb00216db8b3ced95234ec04f292555883b0a849e5b8e22fa57276d035e4449cfc34593162c2512eb102ca6ed38503a22d077b293fb4b8d7b2b903e6805d158d699012cf87724655cd7a20bc4a8401ede7b9de3b8b3f31c81f5c18421d21f52da18c17e426632d5cfa2904f75b6f780b9a9e49bbcbb56d1385117db29e536868ccb41564e61af0b5066a3d635328ecc9f0b4a86de973e6156b8a45f45270fc75d11e7ff93544291c6038e278ea7efeb29aeaec93e075074408ee5029fd1c858eab2c325196c03b6b417e1b9d70dc0714cd5532d66bf9432d6e7bed0a3d48f0b3449dce2d8273ba2f73a1d0687b828d801ef16107d22525c0bd0f23226f462bec6e77dccc53205103f04e5ee65a6ca0d3451149718dd38402e3a9b2cd3362c6c3d394071aa459a020a0084d4e4504e0a0576ec2e6210efe6ca9dc7cbf8651f948289afa82e0da0ad2fb53d5924f398bfc00dd1c7c1794ddb577da86954480743f1a8b639f8aa417f10b7a6f8e7f9269e4c6117cbba47629516177bcb26915538e1581165aadbe1a485d7cb8141896c8e907a2596343c3ffaf97d5cdc039727872bc540adcfd8ed21e40cbb60db281c04727dd7fe22afe574e824dac8c239a0191aa83495ae57e92695f46043ba1ada25a42e98fdac24757ec8d6fbd3b65f68cf3a501854bf2dae374f41ec98e3a11f8f24b906aa72b03bc6c6434783e92bd98bf5f5e9bf81dcf0c6f18ef83855e64b8396442d932b0afc12c52077e1541f26e0fd1344f932252f0979cbfaa24d052418af5634d9bec0a2cdbdb952aa617ff1b01dbb90cda4dcc333f47602703c5eca49129f717f628da79c7a8733070e8043377fd224ad430e56e30e964df782799d8f7f0c2d548586dd4bc64824aa573c42e65182043df7ef5a4da542ce58f386cb7819590aa550e6695cd01606239712d24317a1972e1d58918cd29b89218453b5f602c9a90961b2f57f27a590ed42fa8af61d33ec2a545585b5178864407fc9ba59b2ff33f14105291187bddf8a28f0a166f0f574d75f5b2fc5e57cad2116351bf7da74e6f6ebfd9f04ffe39121cfe3786ca10cb8a9fec54201ca547ad63bc916f33a94bf27b6d2514155d691980a2e4f36366979470f3eb1a03aa6da4eef148073c65040bbb8d667f5f1389cae76dc1058628c490d00fa73aa07cabfea528a48039f33dc1de00728df14e6b829649f1d8120806c46a1679de691607598adc88d779884693d8a8b5e851d99c3112dbee5cac8cf8dc79a2f88d75c5b1d18fa9536486d4da0765ed7d624eb7d0ec6be131b5e01b90138a3019389021d7f3b273fc2a240e96968976b23e8fa7af4ed698b97b79ec903a1b3b3321626ceae88d66998c767350fa661b6fa9bdc83438ad1d4f29bb1d454eedd32b9bef9433f1103957f31d1169bb9039f5619433248b0c83dcc47cd2b12b6cfc91f7311bb547c49ebe7eada790aeb59e43a3a26a51d4d0fdbe2319b6f2a6d8f9ff8e735b61a5bb2e453e354cf67256b74bd8a87268a809e47d3cad3deb50fd9671da747ddd1705f865b35117936bbbd4cb139fd5f5ea9162c164df988e36deae0de2a6e0d1f1e1fb022b3c55e2397419d8a63171941c9a7d4b98a9add8dab62a984d841183c001651d78520fd994c984cfd4690aef58e88fc455403fe0b5543121bca9aeded4b25885c3dfd832873b65a9e0e0035147dbb6a6732746596bc76fe4e228f48728757071b16b3bc1d893880ff085e5b78f5b5195ffa497b72f785bc04afde9aec47119d5d0bf4cc89b5c5368f99d50f76d623e5d886d37834a901a51c28a4dc63cd047e33df1176248469b5483728a298a776d4e2051eb6a35f30df9951c29ae58d16ba359530df507b72b8b170950530434c545b44e8d9a6b6709b4a92f73457a0c5ba4fbe3fcac590fd787c0d9ae8ffa163c7e30c41da1325810f4e8b8e68259a622d1f40d2a8b0aa303c322400ff95294c5ee6692d4ea522c6034db519f15830de38487fdadb893681caaf8600edb6b2ec26ba3a0169faaa370be6f50150894808d0ffe487e01bfb6c7bf120a1531751da33098cbe59c9d9db54313f6e85ddb24638e1ffc6eda32137d5735bcc425990464cd1d3d64183a7b8b1684b637b64739afb61bd37f9e1c1df6bd0f01ced619a6a2cfb6ec505f52cb768bf91a7443aae05f68819704ce0cc04359e16a3a9b9cd58ac25c2981527d837abcb6f05c72b7f010f9c494a1e5d05162b7b65e51625b7620955e77995be3dae2c67aac3d41643d8cb862c6b7482ba45c6a48dd53fe51fde92020ce95271856a1ceb8db8ff65498d5ba2cd754cb56d19cb497520aba52576446ebab00d16303a392367ea2b5b480d90423b3884640097738dc4eba481f688b1f32c5e8fdb629d9f71e753e25e0639476bcba33825b7e6e845e4546ff99f742f1ef96d7b4e06ec3a965f3dc06127020ce6deeae1e11b6765c75848b04f8586ffb37cdd449905caccadb46408527fe21dc1f2d17f8e1bf4a5f808fa5909ed6fe04f65bb334f24e3eb267bee0a288712c65ae8f1ed79ab874566cfd6cbb1e6187d390c8f16f967ba42581d5f163110d463b2e98eb59e506926b429ca7ecce0986109d5b4bd15e2c12acb5a00c16d3754cf155ab3f35b83643db63caa4aaa4a29a15269a4901d845f61ff596a38fcf99e026113730dd6eb4aa24414205196dc1e6f50c18418abf64cb31d0c000638bbefabe99f9a008888e8fbb9b87d2a6ea79c58e52b14df4ad4abd20674f9334547a0c87032e71420d8eb09ad0cc05383c1de2c43ada5c66db6c73563d44c79fa6bcc936ff1922e158e331e6ea75ec2e9ad85e876041d8004b71eb51ad14990e12dbddf7f9e58668b1ad07a42be922abb3ea69c57d36ccc19b527dbab095973a112ce6fc4d745c73eaba0d51bd7cef55c02ca2c431942bbc754ffc874d545a47e082efa7cffea2238313d3dae246fb8b6775da647892b125d5701d17217a52ee267dbfa2e31cfa68ef54e922ae837625bc754402dea50a92002ec13cf6d70e4f8b030b1cac2a6956c11b9fd88930314065595c3d509289ae61e87161149db5bc0a7ebbab89aefd12db211b829022225cd9ac545936335484e36a550968d8c936e47632285409f979980ab506febb4ee5323e9a2d5598558a99ae5d69765fc25ad011d70f9b8ea5b33877200aa947ff1af60b02b5e100ea85e5fc7668648c2aa1af74dc823ae987190ac2a9c89f685cb8769efb0fbce2e33d918ba4251a690f030f47602680b1b928400ad6dbfff7953132531ed59325293ce1ae6473449a8302c5e1fa0fb2dfb33c73ebab710bd85852a0507e2774a448338030deae2122cb22898952fa918f8b92e520d09da6c70af1c42482b5fd9751edb62d0751e08e26ff97e9dbf391fd7da44a75842d3962932cb012d69ce59e9affd2664120ad7b93434dac948ad63bec6eb5f453b4fdbc8a84c6908e5807d57f5c3eeeced0229c38f5d1259ea90475680dba2646b9d40d836dd97f8b58c39d0ad2bf8f29ab9ca14b1d7e1364ab658676c33f44d29eac7b79301bb707e427dd18651703a8f1caa9aa8bd8f1ca9cae8209731474b711ef3633141b75022e3388dd3563c8e31118339cb1338225fe3d2e24f0cb422675f21fa14b20f20b9b01dc189494b3611320c7973cedfb891eeeb506812013944ee831c81dda24685b508ae0fead5e3d5985a5e66b2e7e47770cfb0cfae087d40a9843ce7f0df34ecf305e5127e563da81333e021b1dab21cf2a5a0a3ca7c47fc5cdd0e3e72b39ad0d87bdb9f3f446fdd28194aa74aea0b9a69a88c11d13a5412366a906fbb928100d1d8761c1dfd20b752f50aab00185327275013d6eb128107c5499c2f56b16287c4f0e07683b7b633c91e25c0e70e59b38832cf4ccee5e67b3dbcee2b077da50b53eef35d7acb1a6e73c613883afd763919225eff48632853814ec0684382d4b00cf0306ecde6a7e20eab86d178b4d9d56372c01763f18cee2cc6618cfefcdb07a9793b8be9e28ab9cd5b57a725df802a729a78f500bb5bd0a5b20e18e47f0b06b1fd93beb7d967bf9da12d37891b7a6a244d8a4eac15727ddc2e25d5c09298d035aef399e8585adef73a747dec76d1ace81e9879131bb3eda79c86f346e3c80b4f45397ecea0b37c45f51d3a8c8264960ed3af92cdea0b809aadae74ac42dc72e4ae2bb424df153624632cc90840b22a29da81a46e2b06fb23c39416fd4833b3009c7eef49cb979f10a7b9959de460aba7accb352dec0a89d9e240f0d21478181d61e2bc6332f7f152e6e112f5c0c6527f02a5eeacb0065a4a3c6e5fe143e306a6611812ee35503a8d54ce2d7aad6d64f753710c0132423522e6e25469616a660f441ffc00569c36b83188497e2537915010d57f80271c757184ee5952964dc2985420ca653b4a688b406abba7f128d5eed284d506035a86a2f0d27eeed93e5d92a220d07b3a5693f105f9391df2e28cb327edf04e0abfa9f0f15f367d1d2081bab997e1c4593cf5fa110055d2ff85a6f6afbd4b8ff7f591ff6286eaecc31829aebcd39a78b1cfa3eae914515c90ba5d32a56dc9cc922fbeba615b1d983d3db5201efcfffa9bc32a2f03e555f1af553658a140395b91c7e47c2ee62c4938c54917733bfa898dc922a324898beaddaee1c09983b3e6c7453e6be3469ca576d1982af51ec3dbcd77594f44e77e78446b0a56ca4803256f4d2574297424deed253265e7da04b3b7661b4358a7c962c324f2a8ce90eed1f6c1c9f3965c8fb723309b80436e503a9a95903b951d2956d8df56e4e753792d9d9edba75ba8ae3e7ca125c62f4142bbade5593229d25b23c8bea1c062c984d20818736a5292e825f8fa9bf5fea3d7e2d8c48cf5589875060d37a32c23ae989d1039d2a7f839e4d4edf637949a5e7524e7a783432c9a0006573d4c7728fb8faffb2fabc200cee4f3f570fffc363f5622176126f93edf479479da25c3c898001bbe897ab6b6072c49b9aaa48b92201eea1f0e0de9895972bebdced41cc71609e4851e53d0419935ceb740938ffc5da8930c0d69a188ac4eed67910b72bca98ceee2c89b2ce35bd4c6bbf77ba6d5a981cebcfe5ddd3dbf12094f88ccdf312cf7f0be414ffd945989ddeadb32648b8af411c9e824a0d4b952507d85af9e26220b0040e4dfcca9f50e6d39df75c80d0a31ae8dd82c207579234babe1a889472b42750de30830148e3bbc8e3ebdf5e05ed9db6e4ed0a4e29c110d6d9a5abccb6e2", @generic="e4601e3b1fb1b53cfdff74cee13d3e788c52302b3d1e5fdb3e51a296f54787f7e5a84259b88d944a4dfee980976b9f68f10a1cb49dce7d6722417ea368d50e1b1621848655c54b50b94df5baa5c6948a4839bb71bda2bdf60914448eda006dfb10d6060643635c6d76d80f0518ebbb438f94ce4a2e5c689148338fdb61a4ac2cac7db0ca6448c2b1cc12a6fbc9428b20cf79f02495d742bf2501cf71f051396a16a8cb35a084ade88a0301b3ba685b9e0e464872034578ccc9bdbe84f71cb67084417f7716ed93215b094bcfa0dd877aa3414b4187d42d844363000002f90eba35c45a49a480070ee5790535bdf09eb193660e7ddf", @generic="0e78c86df20c0ad283267017253344df91a9e1b2ba8be949f89eb2f0d08c3eaaab4b75ab61bb162b33010cbb0f25e97138a145b6c1b025dd8a0845670bf5187e67532b81cdb7ed269e97344a37fd5e2726822cbb22966256eb6baa0cd7b599c6827b88de4477c931b4c7bc5abe0c82207052ba2be0297be62f43a0a607a8d73034e868c700189db5ffb0a0bc996eb377900c96853e831bbe9c3f6aa443abe6650d099b27fc852a22cc3bd963e83172ec08df23d05f91421948af3d62618b609a2a5675615102b940db135fdbcfefba8105c883990e27dc8c0b9dcb4366ec67a3d886d4e49d8e09112c7277088df294a43eb0be991deec9f49708a04b6a387994dcd88bd4b4c9d5b2b06daba61bbdbea23e563178ae0fab8c1c9072063c2d0b9ed9740c0263be9a3646c33d02d7a42936072c1b18c6499898ee3b589ef0cae404facc13fade118f56608c512923d4d9045dc559181e839bda31ecc0f55b0dd603d2f3380ffb128b47b70aa7c9bd8cf296c6f7496a1b82f05583e5f3fa791de7c17212e8af736820618e729d59349bf3242f1d680033a0818fc01c643e8a17d5d6b90eb0ff5b4c9f32e020c5c0698ffb9fb302c340ed900f735c87ac9705a5277b004c6dfed1cd8c53f04eb581c6bef9d673395c8e4c0d4548d5a95d8e38388003b595a4e53ebb548809bb67308c299e33b57f819e2629afd88a1d960ce0cfb2b9a60d21aeea5658e09c623e40d017210398de8b453c1068e3f8f8e0afec938a875ffddb289464802fcd9b0889f4cf4e66a82543acdfea383e789104c5d604286c99072d1e12d503cd5d4985fd1ff7d9c97dff02d1eb7cc222bd6f09303911ede77d26324c2529551e01a204e6299fed67adb4a6f29ae55b84e56afb7756fc379ee13ba3aa2532ae235790a00220628f1f62b7c9aa609845ab69d3daa94f4d195a785b9f35b720c61f26f4669c3ce83efc58e5cad295bda38b9e8a2c9d7602567e1a3be108b8b7c2c43b18e26aa487c697ceba784e274cb3bc9791f5bc2a9def2dbfdb005da6eac245f97566f6fcecb0110f4b1ae368597af0c7745fabdb728eab3d50a67d23514c7b1464807f3d52bbba98cadd81402d70a08fdac59fcc30b24b5a0d3fdd48f55143f758d4af9fa7159050e397e95070f18bcc99df6f755b7327ed7c09e13be9fc65b0f09991b86ba8671c58a04a0cdbc99bd6fd95f036988cb6a108d3b69bc02f7390691625eef7b32b3eae9ee15cd0b671af73a94013343ec7dbb9b609b1351ba147236cd21b7f323ecafd536af3becb9d5fb02f91cd04668aec75b2a7bcf0efa537bafdfd7d28527720d174beb953faf80ce7eac2a912ec11f091f4c6e420045b954554ea2968991c7663a5fd8ba80d45aa2e135b888b4839aab76aebb647ae422f34ea29571dc11e4b28db33fd277982615eb4f10dd2c26920bf4a7530078c5a118d34c93ad71241ae0091940e32c4a803c0fc862465cebc0706c8af4ecd8161ee445b8b5dc5072584b79b8cea8e3e26ed54e60ce820aaca25f5c8d5a4a4f9fb4634c96b98138f28a66f1a2f0aeac2868246fc79616a254e743e078ba164bb66fd143e6508589c24942c4e10c703a4286c701802b9787f132819d73246dc00830db8fd9d10629be7ec1e6596f4e97394334be843d644eccc45f71b653ff78c28e7e4ae4e88a6cde489ee469d247f12ac1541eb360f6a0fcf9d521e99e70e72fc9b10cd1362977999c596838fab3fa4eac590bcaae660077b57190ecb2f3acc65d64b3133be18abaaf17361cb84fbf3171609dd397671783a7aeb5e9354c447a077c8faf0d94ccf1b4fea92e033d3922ae53e2baacc90562c7d8f09494bd0f7ffc1e62ba00eebfd9c777f54effc028a18f2e30186294cf3c70185144177acd3389c534be3f89831ba1640d8302f1e95c16fa5dfa5de26bfcc794dec3e805666d6eb03c53acc1d25bd1852c047b912044a41c3b30a96baa3f631d409960618469b804020b8aace08d0f6bf0227a33767cc1ded2773f983898964f500a180f04f2484ccdda0ae7eab0924e6422841099262257cd5e4e7145c6fed5da5e15d53f2a3152b66d92ec3964d7e3c347a6a9d8022704551e048a05e55527c9f34c5c7e1eb0d3263d82a199ed178ab830289fad82b1505dcfe3725a29720a31a1dbb73a12ad213075b62c8e9980beea917e74fbd5387618ba403c65ec0ac43b07600382f286f3929541365adcc90238c94f25916a12dd441b42c5624a753e26b0a37aa45b94ddd0d59a3eb6b3ff0ddb91169f12f3596514459b6bb01517a61b60838bb78a74fa46f1a7df0686dcd0be1fa7045ff6a97e889eaa09ad92cc4e0010f153b73f38f9d4f10d09edf28aecc60f425443e34f0674d08d854982ec5bf95a7cc9d33ae00e759c08688ac30f87f240a8c4277d16a81463e0bd3cd20472b71e48cfc70907663e2dd3c8339f19b3b6d6ce5027c5e132e2e1f51aed6bf66566e7a566a218dda6de26143e4884b73b813941e395b1436f675391c16e5e4c99411c3fa1523bf10c35465a505092c8667413f9dce1fb66cbd4a17c6719886ea29889025594b58645475ed3c7c5f24572fd35bb6a522f5b92ce40fb51ae004e69feebccfbebeeced5f0700cdd801161bb5aeef052ac25bc32a1783cb1c25e52a4e700ed6b091a6fe90411ea685d6513c0c41e9dccbe55ee57a4f3baad31de5fdd6552dcb6844c050c28997d69d3751ac18d0fd119f5366d79123785dc465e0aec30ed8a0f97ddb873b4b46a00a0fae6e9ef0c4c5615ea254e08d37e64655257de5bda561f21962d530bb135b3091e57307732bf69147b1542a6e7897e07a6ac5a5d274852b9dfd9f33e6d8ed5a7ecd7e697d12b2be373f7b02e0dbe5cc6dec40735993846e5ddfe1149724b8c81f0acb0cbd52cc8c78493ce5a83b7a0174f6892c499f938f7134e2d29779da5cbf17c21fa4f22ea67bbb9db635bd8e9bd1b2a0f6649922979030271c050f2954ec59b069a178b7a7e9d3f2c95d3f25706f22b935d36a62a755946fca86794cb4b431d4d465575d93041808893544e404468395ec8241210cf455980ece62a0589fad08896b4786e10a72959277b5eefb458a34182307a85658a144e4eac764c80355bd68d577c9d02e132ccc950101a25c890f25a7287f3e09ae46c3fa0a284eb322305fe02eea605db04b5e1b5bad355d55c6751688666a84d64ea33b3e1776092837269af7b8c45f8d64ed3bbf2d8688448c14104ab0e56d3726d4c2676491fd656b657ee6d6fb3fc8602852a2f785e867353cf0494f3c1deead1ec2e5beb3f31032f7982ea10fee846210f2e827b11b266d3199fb5c4f345628801778a216e6456ab48b83d27eacc7269c5522250e38b6eec12c9b8eda67f997462e03442f9cf689fa757038815dc152b9e24cebe43b9f5b5c648bb1a8eb686c7d7671c144289db2684838e74401ad827c1e847d805c854cf7463b0545cdf7d19d92448df011603fe20729326ab21ccc5b67b6e389ae2ea42e76ab285a772ca46eeb3b87d8f39895510e84f4659cee2896fea5dd4534b1f9858dab962f20ad73d4f6f1f9e4870a6e96732827bad05c67721b98027c57b7eb46fe3bf0359fe7c9af33dbca3c35f7e27cd8d5ab0e87c117b30ca9adb9b67b4b280bdfd9ef5e15f81c3baed3896b5b6fa968e7db96ed71191b9759c5381eb8b5056b1e593f0c8eb849e8e043a57f9a8feb444bb9938eaf59085cfc450f0326b9c4470ff12f5d8edbbdc00eea451903c2ab14f9280623a4df3f81a904b8262622d29908ffaab63f94e932bca9abfcfebeff4e93312d63891ea23b040c93f6c99417016bd0777428c9878c47d86ada0defee6ffde3ef19bfc12fdcb8b4fd12ca96124c6ad088ff21e752d5b46a97bb82020a86d33e2c737fb5d9b3d03fcd5b888518933090e8bb34fdf7f89ffd7df33c3a65cd148ca1a1b63fea8ae5ed3e6fbb22919e1b7f805b14405239806106d2151fc0bec80b1f49cbb45eb1347d26c5451c89a55814b5bdce8512be34f861dce7da2b57f64036a0a9731478e9e431de31d18531ce51606d3c14545aaed0cf6156de4ffd24e2b9cc717bf3091567cce90baea035f43127cbb5831c70c08d42756e8c38aa1e0a31f7bdb62e60b893d2ac4f40b3f5643546f5d0c2a1253f5cf8c8581dbb003b17ee2f195087d2596ec4d2693058faabe266838c09361add1bf2d8617d1f9bd4e97d3f9bc51fa9b1561020c8cf1c8afdd74ae9b005f03221e751f49cc50b8285eb2e4a51dbc99ec199a63716de6795387b2a94dffd2c4a7414676a0ef0cd517a7491953db11b7b76205a03403481a1d2595a987353d22e18d6fe9eaf9e2abbd185319c2770a7081d090f347744956be622824ced39a099380d70bf5a962b0d99beb1a3e56484b79c7a2c12d66d67d6ed2561e3137e6a0671ce6b3c4dc844ae588822bcd5af30ec5d2b28864d9cdd8bed5a81a19621aecfd4529cc4cb888776e103b9e8e3698fc61d7a44bdc0979717830e6946f0daf2dd3441ff2e1bf8a89ad0fa23b70eec5afbea787bb07e5e88d95a7a247ce763386716ffed5f625474a4b43f7115dd9566335fed1e199225c52e8c03460c1b59852d93f76f14e373e315b204fbeec8f0879937da0d77166e5f13822fa26dde3b0d86486d95a4f5152dfac765dfb3b382383156080b30fe26f23821f1e9ba5fc43d6353e0fa67f22fa47e84c172195aa22f8be216e9c935c2eb948b5985538379465b73b5c5923781cb68aa12960202c6ec70d90668f84472295b9d8279e6a0dc5d23b4196e694d3b3a7b638ec71723fd0850f3b03e275edf675f2ed9e436fc27e8b04d63fe3ea60d5ba5960da34c56f4d2e34cfb17e1e1552ddf8a96c0876ef527c4be7f572c98ebee8d58baae12ba0552dcc1652031ffa12977ec306860cc624608ccbadad18fce5badbb144695f8db6c4ecee2e9f90e028a69d5db0a2799f90527c1a2628da5cad0e339befb04c34ab93dc166a4be559768474bf8f9ccb16a15c6f62fa36694d16f9a2b715fbbbd660d67f40c3fffd44e10d8dd2de96bbdea9c164c48e06cae1dc1c6219f31857f7f6defb96401c2360fb9a256cfaa231f4ad55072340a858f40447080baa3d62e4c1807f41aecdb709f1703e4d4a775ff2e106085417077e912c4a3d02f17b697bc58d3430e1cae9ecedd0dd5bd273a6af62b2126f24fedc6899a38e55f750ba7a43006ba5d9875823b7941c819599185f68e0bf0bdba72770c63c79d3c39a6ecf2acc43feb912d9900c2dcb2b99dc190250bc4ab2da16ef9445082000eed3d0ffd4ea334f540276d6c5949073cb5ddb6a6aa41a16ba6b58195786b6d8ec4ee9029bf22a2066023253ce254f1a205ecdeb527ee7fc095c0b7fe3238426eb007b80b66003f71e021c41daac9144fed461ff6ce2467e16ca15449f2c4174f43c600241dfc036b617391734c4eca68ab4cde05ad00e72979e53619246ca652bd7314a6e30d2a80ab20f3ee53c7a0222782123cd260748abfe2f19d9adf68c4885bf7385f676890716f9ddc4ae595bae9777ad51facb43e750fdd424d61cf48d781dd99810e370fbc84afb11d26926ab3f985ed00a4bb7fefd0f64da424545e1b5c577166671159b6ffe5a06801491722da834a1661ddad55df69d47c256b79d0c1be9975ff74e954004d61a37e5be445e965f8ad9c073233e735c912f056ab890bd2898af63cb84c880aaf7503012e1632e4b8ed7ea1f932f80f14ca3a0e9fb4bff13092e9549ff19562", @generic="69aace7d69fe1432ba19426ff01fcb66dd5be5e5218b459c0650db7aa3de", @typed={0x8, 0x36, 0x0, 0x0, @uid=0xee01}]}, @nested={0x4, 0x818, 0x0, 0x1, [@generic]}, @typed={0xc, 0x76, 0x0, 0x0, @u64=0x5}]}, 0x36d4}, {&(0x7f0000000700)={0x20c, 0x17, 0x200, 0x70bd27, 0x25dfdbff, "", [@nested={0x1fa, 0x3e, 0x0, 0x1, [@typed={0x8, 0x62, 0x0, 0x0, @u32=0x6}, @typed={0xc, 0x2a, 0x0, 0x0, @u64=0x1f}, @generic="a85b5f6f0e5089f8fcd41a8a68d2eca982d09f11a944393061cdba97db1e5a6ffa5bf3ae46e152e293b43bb7eaba9cf2c3d61a89e89a89ded1f0ec8e96fe68f99fa8b623ae0ada09b03c0e0261947bb4f72ac4946d77133f3bd40225917c2c693327cbf9d1f17cf4ac6145e5fdf43d16f50debd9b263752c57e8de7ab8a24828fb41b0db4a68d2a393389c8ccbcde607ad055d101b492055641007057e28ede5ff881e4320b6482712b24b24be86c22ffc4b9fccaed7a3de15a7d67a432a", @typed={0x14, 0x8a, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @typed={0x8, 0x2d, 0x0, 0x0, @pid}, @typed={0x3b, 0x80, 0x0, 0x0, @binary="c643038bf6eeed809dafc01574ed62883a18bbc3c008b9531d19ff697f7e8b4cfd09edb94d8057cc52eacf3b7c1bf16d7c5c8fd9f31ad8"}, @typed={0x8, 0x73, 0x0, 0x0, @u32=0xcc}, @generic="70becd258344883f1afc4c0ab36aa6ba718dcf26d6a346975c7d6b4c959d112b731aed8ec1c1dd53eb3a97a45465f32e45da4a525e7a3d7268cf26f2b007251394f4b66d503efe768662c4945711d9afc9ad3e0bf09b089a6c85c2792fd997d360bb0f77000bfbb910dc8b11c459ff8f3cfbb83ecdf8fe0e5e8e9b99ab5570ae22d76c0c58702fa1f123efd0f19232da596f45f746e30b61ecd8485af1d8aed9731ce3911b33", @typed={0x8, 0x43, 0x0, 0x0, @uid}, @generic="584d3bf25adabf1390a076f75cf6c56d1fde5afd6926"]}]}, 0x20c}, {&(0x7f0000002d80)={0x2224, 0x3b, 0x100, 0x70bd25, 0x25dfdbff, "", [@nested={0x23, 0x17, 0x0, 0x1, [@generic="f797330d5bc5e7dcd1a47bb6a7da622191ad8042cc404e", @typed={0x8, 0x3e, 0x0, 0x0, @pid}]}, @typed={0x1004, 0x4c, 0x0, 0x0, @binary="af3d2dd736b54230b61118fbf1ea5eb93341a0a9b6b1125037eb5817d527b3682b145dcaaa0a89fde35c2e54ebc397f4c29feea274c1e06c1d0812bb4e7381fa0a7dc79d61a0967f85793b7ecc1fc914a03384cf2f55909888999128d01a9fd82a06b0e045c02d3b3340fa0d79ee45ef6335731014ce83f9624349dfad5451cb5b0e3e97fd53557228a50908b9a936a022f81cad336b95615535b3c2d781c8daefab00250a99f6ef2dfc868043e7060f8f4a5ecfe3d4904f492312062584c8436fba3ba16cba927601c918ca7d84995e86246ebc863c2067fe0ee3f169248a4f714922b7a270f4bdd0700d6a60e3b8f998368b0dca78d79ee1073e672a34fba69d3150983456095cf860e1651405b23fcac04432565fa3272f3f305c1ba83286cbe58dc4673d73414d838b25c5accb927ed2ebd80ed5b7d41ad3078cf21860661b099dcb59b8cc894672e5efde1400484a22ad3101f2f1ae914208ce56798c9e46b351f2721801932223d1576cd4a696c617874d9005d5a22996c9342535b206f81d89912913370277ed8f46e99a0d9e4cb3da9181cc8ed28d1913856548822abafb3fac64bb3d2d465f6fe9be7f326293043dd55f028ba29d758252275215f9a159c0375d1e8f7838b9c215cef8e302687c4ebc0a356167e0f7d97dc7ec45c4bf9c7cbbf77897fa26129f836760818115df6901119fd91a28c6cb5ae791a2126bd98361351f2252fac47db75565f379d33c3c76aff660a8b02d70eeeb335001ab61b6042653298a3f27d6636a766d1a629d8a097b0f17d663de300c6892ed193f11e3c16784ba7e62a6b4d3b5f522591a277126eead03270e9b6aa180c97ab08577fae4e64322a8bfa93df9b8b532c0e0e65d07a48469397f7b3aa67f1f3cd1aa24e231581a02b9fe57ebb4f8bd2a75a5e7c0fd520980540a89a9deba6a95181c13503b32184c144bc897dfa52e5d235d3fca6f02f454c6c7d88840045e585d6944e582958d3ebee29882fb416c42782f146ad505e017f1bb81996f6a1fc33e10a6134c0f5fa7890cea009226fe8c68bcdc49b0278cdaec30dad477052f3a712c1505739a088e0717ae460f42eda1325dc9a86736c56e6b750ccaa33b1ea963340fdea831426d6172c8f8ed738491d7251a1d3c4146ba289822184087f4c6df6385542c796fcce846704991f0208b8550cb1eae3a3f239c86a00ede07b09cbf8b6bc0a57df709fb88f0017fa633094571caaa50438a6b51e7ef0559a1eb3bfea56daac54517c5b6bc0ba000534ab2baa396fcf00710ef1d8d06e3ddcc5923457e42b319b61f93c7c6f07988f2bab2df3bc944512d23c7dd565497ee5831cca3d6ae313d88038876e9982ff414aaf41e75f09276876b2f6755abcda831f3723b96b8a693e83de28fde4bc8820a78be10f1ea3895199e3234a3207065dba9284764fc88ae6b64ba214ba0c392f63792ce7669eb657625aa2c7c99016e6257e7428c1e000585c53ea7253722989b1e2111df83cbe8dd92a94e594c46bfdab8485173a1d515b5d841e13a38a680a00976dbbfcc8666cb538af5af12cb31229233f75fd42d53cd5c911d6004586444fb2a70fcc7e1709cdea0ba29f8dfecb2f734b4a727cfd1a36c14aa78be536fd00f059e9c307626d45dee2995ed1708924164f2cb87586475c28f52c341da98d3eeb23e6df069a1c7b947a2623191fa516d6b385735ad2b954fcc8787944d4fa38bf1ac8933b6d5c1f23d08f1233faf14507b9f425722eb918a252ebf4060c5665b68182256b6f89d6991ec19882982ec9f90da2442266aae65b27efc3bff159338cc85872e6b8aa2c02b81f9d3e0c8f04e95fc125bec81f2b4e48dc4ff9543daa5d01757f6f306e59cb7fa29bea78cb85f5d31b7f3cfda48841cb63859df6dbd6721042dbd51fca18fc471bb0eafabb0db7aa2f1c53f216f5a5aa2a4f6220e1fc3c491c0073b64193cc8072a2aa79383ed5e5e7fda6f12b20a3f138321e6527143ce59cec56310175e94adcd90ffdb6496ef6923f15cf096a1453599de7e07291ec7b4bde93592a3985e15f2d120e1496fae3ea92d96e799d1b5cf9363b0382d5ab3dc030286f0b600a1b4778dedef3bdf8a971a34f8fbed87a8f913922392f9c60b1f353f4829fc80a7b235a21e2d1e8aa1e75bd6706c18313058dd92101c3d9e7fcca46893538e754309d2932a584760dba334b86bf48e2b36141a29c8f473e46d0aeca5d273ec221c3a3991a7c7364de066cffd89dc43c82c9645f140b104766f4f1cf089e8797ab8bfd6a9bfba16e5af8500b66bbd615bb010117fa0a6e342a9f00cdc2ab5461986d73ba6648565060550afc10dc02957e3ee3e4cc242b2a4fe3ee14ac24da55b589960c9e1c10bb99442fba4da18e9593fcee574109fe4da72ae35aa5828432096f447650fa09a5d152688ea3d02ef35b6be194b3664dd73e0aa058a9e32c53a8cdec77250632f610f5a03d2d32a5dcaab1973cafdbeff407d27c8905acd58dcb03de62b9bb6d35eb9d6a68da3beeb8bd26bf30f3bf11cd1c80ed7c47738265fd392896e8d6289a8d7d702529428a35afdca9e20e3cee3390d65d6ea8e2de6cb34283759d8dc45ef83b0620e9063fe1250db7a99570d229f6503bc86f62745d5b5451e6e742d5095519391425a374d2bf8b5fbd6be53f3e36b36b46c410e7d8cddaae4f24790f5793fbc4cf85d1c6a2ba74ad6d1e93f2a361d5d47a3c7f35de1510cace6d97aa110d5b632b0250bd1c11291f23f379f282cbec2ff4da17ca8adcafadc951fc17a5e7d637375cbc7829ec23beb6a732e645feed62dc34f573fb73ce0e8c0deb9513cd25f84759d503d054e0f00aec5c1a6febbde1f67e3eb88f27879aa72a56154eeaaa1182480f06e9e114a1c6433c5d49a1276c0dc20475749a0c53d13f18560ca0f723c6eac1009db2e66f63aa7babd3c85dad988434a29440f74578c101ead6dd12799cfe67cb48fc548ba5becd1a3510eb9efab388de4a6c4857e98c67697c387c0d92df30e58752d92d82e8bb1ccd062f5fc2596e8ad9035cb49252e06b3ce869fef1f61d03ab4a1f7d3ace7bb7562832b621e6c4a3e8665e0dc7e98208c0b9ced5ad07f0bbb897797feed97def11160f2a6bb989e868a81e83ab2fa4e85d8b1bf786b0a03d759bedc797d3b0304244e8a3f9d2b12e10876fee14fefd9356aaf9d973a8479af22a57b2dab03915d4f7ab3a947c242ac959eaed9e26fd07b3b40b783fa80cc44c7c15eedbb128a3cc79ddf4c714cc411059359af2c05cd22eac19b61fedf0f7c0d07ba107378cef8407515fddaa0714b96baf6d9479dd71ccd9788adadb2a015d55d823f544a0f5f2b9599b8f39c3f5865ccac735611bf2f5c27b54693692318b611b894ba8ae34860d25f855165196d2b08b7016591145aa3a76448914e3a43aa5bd4eb2cf3123fc1345d8a7e4d489c6edcd951ab892caaf813e53af2826b5c8f62e079338bbbc0f20f597450f8c5e070ce9506731be87443a4f13501f2e6ca7f407cbef905ed31f00f652cba798890b503a2cec10d317c43e09b829dba953d88534cd0ca8f1a0f53c7f7405f2de15a012f52610626a5a23305ad64ce539404be2791ee108198fc3afd3f042576287a0fc29df30d7c8de8ba2a10551738cf63d4407ec3235b692c10c0ee5fb0551ec7b9eef07bef2dc90acaa0fa8a9a2ade7699a5bba49e0944d5d8abb7f090983b938d4f08f5e5b69ffe09cdadbd38e40bdd69afe811a71be65a42d3e89267dac06db97c4fcc863febad57d20ecd31626ff59b92fff1a8204e51df7d80ed8bdb787e521fb260fb4ba07f10e8cd2d71fb02d761b697343d7d2d7db9b10390728066112114e07940aa237f47b3e986675e503b0e03a6c49125e7b8d639a117cbe9a077ff4a89a1edffb9bcb890fe858d8ab43d31add64eb57c8293006e42b9efe7f81ca36830ca69eb1b25ac4121c7c06be96ad1982e40f9e417b60226ac68fc6dd91f85a76143e85e0670adf976aa0f284e8138eb3c1b2f1180b137446aae802919d7d9d321ceb3fc90d4dcae5829e32904416d341b9b7f818a19857e49414dddd77314477f9d136f848015902fb1705ddc0254eb3cc3076ff3669ce9191f0afdf51071c35f1416753dd01bde35e6717657ce75748cc34454382c236dcfe86ea3ad05af926c478f7f3c1be8682b2d9f2cf14ddcd55f07ab0babcc15a9a1c0cab05367a30d2aee46fdad8aa56ff896fa96981c23d9a99a0323f28351a6393aec80cb7c44c5040b55a67f8b603b813265052d4bd2d436b694ff3f7af0161b7dd2d526221a0afe81d8e2277ba7e5a9353c5a44877e83e1645624ab0e3506b572bf864c5a38679fa15ce1585b5af45bad5be337585f01665b49d690f77f1325302498b80384dabafd28608ec392d3c707681667a22b26a3ec5dcd0ce49bd3efb857c4840670c09621c22423be1f32e21894e1e1969aa635901fab6bbe7e5494542898d7ecc5f2df4a3f9458ad90ac3f3057da60ca50f086836f80a24e910a3de53c8f3d10bc65ef7cf00e5f03cc1df769134c1946ab6b360b50d45415c79f58bbc6dbbf7f9ce4ca44be4a0ab599c267daa5d58ebd178c1ed2092c57f05d8e016071bb03519973a52fdaeed14a5660736b9d5b76670f44b7ad2ba3f75f08e1280d0edd847f6a85343101357f5063be448c78d4ad87d9b13f3bff0560e02daa761cb5a26c659c5ffc220e7aa3f3c11e8d1cd010c25a5ddf2b30c6439a2f94fb0b2697fb5a37a3e9a3535b029349887e98b3bad8d5eab05b29707aabf48e32d48cb7ef61320a0a5bf10cd879f3b825bd9bb023402f559e9e018f05d9da25e4cb9bdf856e01663dfce91eee251c19b7f4ffa47d761a10d8010d0e5bbf4590f2fa5bbf5a71b13a9d72be3a8000547efde934210f41d0ab45d7016ffd7b27e581165e4547eac02e8e2a084a7ad45469a5f651c819a3dd136bd9a7d1b4b1b1a69eb2e272d79ae5ff8177a0354747fd73ce927472d6c98979c62536ea84121af4b72548e10e4a6026fa7b8b472c68bedfc7330fc839ff2b6155c98de03dad0194f9047f0e3dcc3b5095039f8638ac90054f254171b24ebf903f46faff4500fef599fa59799d9c8c062061eb81d645cefa6a152e702cc4462c0bd99f38539a7c8460a3fb6b88e1fbeff5afdd0252a1279b74db0ac81234e8b18eecbf4731838728bfda2f5b376f9a68bc3d3f5d715e3535194078f6c2bdc66068a45732f57f1d9c2ddd25243c367a9fea92fe366fea82d763ba02c4d6c213dd60415f1c078ce4f052eca18be69347416bdcf8c39321394617642ff32728815bd4c4ba28f6e693d2be3a4a7961f08fa3064a24e7660c5f4153dee3394c386436ef07fa10b6e9958e7e0c78b10214d945deb6a226f8e415e611af8f5c2e28910b913086dc1b817e857f20efd5a3f97ec8461f0e4b2b47629a5761de24e4cb8a53ddb4d6a9b2909cee935185b22cb6a05803e576d4ee164a54550d65f6d413049b4bd80e1724cea5d7db93223c4eb144b1b2400ba16dd2eadf42a42f743f3568d4a135eadc08b2825445ebf7c06b7e9985108a0ecdc2d47748474cf7ff6bf9caf847e86e05a00b8dc931256610f11cf46a490cf7b33488c8a51ac590e0fc12202bfa140278e26378b5acf071f22509cd1d38514e3795fb4509adee9dc5cc15e9e6df6c6bfe9d6e471e12b343b561288fbe57bee2a94e12004bc7bedec8f07c0167a4135980a6ac9d523cae9d3eabfe7202a8ae427a110b689278b22e"}, @typed={0x8, 0x3d, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0xfd, 0x79, 0x0, 0x1, [@generic="0878810deaa2eef1c2fddced004d39d4b6becacb0bca7eea1df0b0046b8108c35c7cb52f667e3acffae6080b017a9eef74413439fe16d61f3b80e3ae6d0bea5c5c3c7913997b3f20484e6f66e4e4c1b36c407b86fed841bb238898b8d27a875caa0e2a0fd9cb0a8a53cec1ca1043a1c6949cf800ea593369454b6f06f8df5f9593d43749ff43e9444b4db10c2848163019c1f80216dad716551a09ffed90b7b983260eba5b09f8997fbb1c2404e4dc4ad435677da6241fc9dc5dd2a3615e8ba906722889f862aff1d7286baf2d28ede21bfe6a1bebfaa349c96a2984000c3f737401bfdbd34307ca49", @typed={0x8, 0x75, 0x0, 0x0, @pid}, @typed={0x8, 0x86, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @nested={0x10e1, 0x83, 0x0, 0x1, [@typed={0x8, 0x35, 0x0, 0x0, @pid}, @generic="3d9d4f39d23679d6186bff49efe5ff531c1366153c710a0da407e16091e662b6b4cf520dec9dba3435b16742a40a702d6460c9ec2e456d372bf00aabda66c8197cd88b887c17d004c6ab92c578c4a102cabda36ecf7b359a8a4c0319d029c7910ed56c15b5ccba5eeb00dc0902e5c83c9ef9aae283e1a1725efed4c51815e6259ca7e2f91173fcdf323e7e338faba31d1d69242e4e63ce1c9cdcfb70db719d4f450baceac5bcfa2f38e9f943037fbea7777a2c6f527367d8462f56ae3078c0df0e2d722a2a199154264903f3cf5b2f1b4ccc57ba84052f3dceb58c6f24fb5cea72300a5a1f57dcd97d41bb7e9fd5c5823e29ee6e6957d746e701208b186016a8df9689f1624da3df079e8242c263cefd7d56f39924a2a062c7935e67115857bdcedcf31b95aeb0c16ee98cacc305813940d362d13da8f1904b4e62fc2f5f225b0c4b406259ca81fdc77841c8fe199eaeea3ea2dec23f6ed585829d8a0a3cee29e8a49bc502f43c1bab98792fbca8f8cba895a33f956ddc0bc043dbce888a747595900970fb791019cdc09747d5416f47eca399763f054b475085d8206bee2acb796bcbdab6a474fc05b96e968cd4a1fd1ed38cbf2bf7691070e6fa5db6b13fe641708d4c537ccf9d0e9a92de68bfc53876a8fbba7f6ce3cd0590c0c2fc90fc4ba425f63c0bf722eda8abc5267ac012f7ac79998304a912e7545d272138eb5c637aa66c8245b7d95655721a2f795e6de79405e081897c2b6a0621bae772162cd55a6aec06da1b65e55bf33674c389797ff045c343cebb6c9bca164d0dfaa0c4f3865acbccef451d7552c72fd6d02a42d228ae092ffc929275dad7518869da43dc4c397874153c16864085cb8d6f098f0b3c4fbad8370d01e1238df80b161e5fac9afaa38fdd4fa112bd278680d9f8b8d9d55f7d37b669b13b09d76b72ae9d5beb1f772b158e100a11f3e24a51e50cf0f4881cda9a56eb3eff4808d33fbf5366afd38ae9418ce65555114ceffd437feedddfec53102ef5ef2d9be25fabf44fe462df59a20d2e7c4c160c84c3506e9fad1ab5c95345a0da14bec9a31ba197180f570358645e3ffed94bd14da02ba1f692d4dda615bef6ad901f86ab214ba73a3e7c1507300a9b1bd152b309158943a13278a2b124710b0a59349be8635a701f74ebaffb9fe29aab94e9dd8595ede3c023021d74c93523c78c047673534736e6d32169b2a06c7ca0719a145d1a14ec38d7c13340d29d16b59edd1a9eecdce5c7c75ee8306a5087e8cf6fcaaf39bc1197589f80fdcbe137cee0ec602023b6e0fb53c42416c1d602376778b44ba0698b4c4c452ac256ee55fce58f94916c558dd436d99924e2dd8e9207ea97c1378fe8b81f0e4477ca7faf69f21599ed1b7887b7f4836ee85d4e8a3e0ebcee332a34ed6397d00579cfe21379c39c9be4a42f3e986b268681a30ae914d61978383aa87638162e2b8f189055a90f4a32ccab57dce0ddd4446bf2683ac54b9eba198a8a0a6d72b52411c2af777fe8d6e274cc11193fedd79e98ed30682ef702df600edd1b82172065487ea38cad93e84604a7cdd83f249da889f70eecfc1ee17691a2cda6a4ce67274a3429e8a80a78bccf448c2a180d312c2046adb97c9bf9d15113b0655f46b7a3ab73380bf383998618bd345cd58bdefa4cc9bb27544432b38ff6f4e022ce7c732e45be6895ad414f06d30944cf29997fa3366b2a6c8325145f1edc5e1ddf732854fd19ea90732b7790cd4eae4764ba09e806a7ce507baf3d1f6df5704090cae2eb2013b83b7a189359a5d8d2484eb648308f5df21d8bb77fe635893c2f8df443601cfaf627141e214b77f9fcdce7eab915d1a476aaff219721c9eed6cabebcc0977b215e29f3e7811ac47ed9efcf520ec61ef02cc395f45aa6c43bb1c65aa3a0f2dd8d0a7cedc1a6fb01a6f62ada1a79caa7bea265f86435e63048c36b130144be47edbc7d1ca48c97dc4a07e420e36f5754cf44bafabe82d158882e5d91b0e2519152b812b036e134ac83cfda4af6b3438e0ee49fdc601e1b05a0f580d7a853c381ed82b359bba507d72ddbb444382f139ac15eda2fc29e691abf411b905dd952404d21c94a9ec4013c04a4267bc7a392a48401b9ff3edab14cdee506e6e5b7d4ca3d76ae3cdcd061d54ef0c404b5e0a4c2224b1fb42e6334c331251f8e79789e1fe55ad7ad1f48ec3bc35d73082719263daa8cfd12ace059db5fb11beb2c618394800d68c0980eb39951a6ca4e2ca51ee6065f6ce6e11aab4fb1e170bfd4cbdda8326af06031d9ffd603d31dede02444fcc7a2e09565f9e0a377de0c5905aa915afd68b2b02a30e13e0d28a13f586d372782b3071cd7be1621e7b7799944f53107cc4f2d91dc334fe371c71b343049d081fa80af158f97f012c705e6fbb03f31e71abb77872365c5e8dde0191e80314bd26eeaa194d04c48d47dd1aa1b6c82633c83696953ec91e3f545d84f4dbd7d20fff9c9bdc31befd7b1a163ebdd1f7316cbaf788553865698e5a9b470e5e0318090f192bae1f06cc755b670bf4078e425622ab8f8600334373e07004eb80d1caf0a4951defdc27f66c89ae03de6307c1640283b0028893cada789a616d5f415672a63d08918fdb87ca80a9137953118c5319e41d9857a3abf8422fa302708055b3a9a4ff6a7df180e88133361113141413ef2eeb6ffb7b170da9f54c6f7121b7b35d1a767d3474cfad014d7e75d00f0e85885aca6ee9df18295fbd686cba80a1421348fe422ec83f88a953822bfd422275e8b766d70bb8b989608f2df01747ae7f08a80b4dbbd0a950eac49f41b623e79398eeb074521682993db62f18e8bc3d733813d6328d5bee96b24a36a00300e0e72b80c79f3a5509b5b817caee191630125af4f55e571a25c38db2a8b1838a3b26e13a4ec7587f743f4316ab5f7708b7ee7c005e8bbff6d4ff7802391ac925f5cfc2c139b7cc2c3bb6a6cc05c048ac3209b42e23a3f033a898c8d908dfc8cc9dfa5a0120d65e85e8eca99ce96ed75d5dae87cbef508e8aefef0a94188aaa0a624409572fd16efcb53d2e6863b882a577eebcbf00063df118cd08cba3ff35895b0fc433968ffe2fbe64b76df2613021ed6eeb7f2928709494034766b965b9785b3468c24ef15fbeb59fb5db22603e4191eee006c0cd36a9b2e1075154be5ab05d5e4583c30df0c9e48a2374d894c889966fcec9607de04388a114a55fc3683bccba382afce405b24a15b333fd79a49018f09f36721098b9562636067775e21c34b1be026d6784a378a3919f4480c4a84752058b439bcc2d0cbc1c6db862179d4c802502a58d44ce26395cfd0714e29b25f56c5e9d6b76c9a755dce589e7c78a18ed013c735c1969c203340fd756d2d0d59d1375af4fdd1b0b4453b580f0ed19b3705a0751ef93d20ec06f1f8fa95c64fb16e917370bf955694eeb2236d6c044197a726cc198a9f8db91676a28f3308c0bf13cdcd5265b75ea3f0ddad74572bc850753091770cc2c8cd622ea7929e60f2c04e9682cbcf2d0a746c2fbfc45744255811ddb76bc484db75cd653c0c5d01273ba68cbf0f782b076e5c7a1eab893d71f1eba99285a5d086cd85e7d120a44197deff3367d1bac353af379455ffacbc705f1b7f60d8dc94242c6b554069ebd908b3d59c94029482e04537830d10ab4bc4bd040b5ffa5b24eb63a724b76911e45108493fb4522e92364d873839d0a25c382517623fdd7c0708f5f7d97c392fdf7ac63d2068ada663f2d5fb5dcc16ae11df7b6c7524d07cf515a4e5b0f0507f9a4f82f80b88311e668c176c2982a48cf4234cdd812def338251c001ae0f28f82f25dcd989610b1cc5291946a6039e1cfce8656026da323bc445293dbe749ae92d06b0cc3326995fbbc1b977a4b6513345843255c09398ba9a81dc5af36a47eeafc3112302dd1a4ad611ab0188a42f65f3b1237fdff4bff1731153e53ba031aea81360a9dd3b1a8eee10ba44f17e2cb82af4dd6a23237dcda61d4f0de9ba58e3c5db5e5f878c344377c234a281a02514f1aeec0c12cc730f33ca837c850c5a9844b1c1a99b133efe94aefcaefc20eeecceb0f48bf90ef4ae53349280c70fd319a3ec41197f834868126a6b565e51db5bf22a96a764f6e0f7ddee2ceef0a6d9613286ffd321afe0924cc1d66ac03611ca546252d323635d7e00ca22e73c9bd1ce3f537911c658e55bcdf8ae8e594d8ba199bdf6f0a1be23a2b9e55d5a431b71cc2956b99dba1ad703eb798b6496cd836c85650b5142521fd680a7c7aa709e4c1782f6f2c4c831522e112e708f7e60d74c2f466a38f01b68bad78f2822a418d83825b2c5f04c325a775017013093aff85d76f889903a5548dd57bc73e9eb841c8daaeb4273eceff2abd81a8a7fccad119d081dec3b17f351b81eed909ade8dfe263b2d5478cb21459f16a126fd9b3196970a369d6a3c20b80e856134e4801dc52f83acb027f2cbc9b802026b26d6c6bc908a0208c17a585fdc8c3ed5c096c73cb463a600323b668b63d82326affb00512425ef8b0b331b0b057eaf68fb222a48f61b5cac91877592efb44e515a210c3d2d06656bdb50a3d5ec63c3ef880b927c6b1b60fb16594e6586948ee1ba275ac982aba4c32fc18b97cc198f5e3b54e64d1dbc075e16da737086639714f12d152a403bced474f2b864d57fd12f1e9fa65806720c20f399fc382de3f1d5ce264334d5208a12ebcb7f6d1ebd7954c0a52e99266427c5bcb6d3b4049e113417a03db76211dd41030684aa8c2cb5747de9149cc0601941ee19313d27cac9ee193e0ef3f1d75fad346c8b13b9b16987629ecddf3eaa6adf7ba657afa61f40a62562acd5ef236116d44a6f986fd5520f55e12fa9826be8628f4dae9bd79fc1e15661bbdc2e634fb212feaf75be2d5ba0acbb559996d6e799271e711a9fb47b5e651b101717a710e7a59f7c24e52347cf186af526e11a477eea5e990ce756ce194ed9e6ee6f95b1075f0d39464374c07cd26100bbfc09ab78e4dfa11de38df0fa1f7266b1a17f0edb817a37f17150857f518cfee36a94b4e09bcdd71431cd2e60896c2a47f2c468fcc1b2bd9ef113404c19ea970f5d2bd928cd06a283589848deeb8d289a1f8b6f78080fd6aa35ac65bca4b6ec553a5804a10a3459b2bbbb9d45f3dec060cc07ca51310a81eb15b6f2eb9331174618a49d50f966c70263d0b29a1a12972a563734fb1ad0ee340763922991a97f397fdb66d502c33d1a70895fd1db03f3ccb19f582479839f66b9c4305bbfe45fe2185bb7c87e34444f8c6053593bdd52eca4cd7451d548d6809f01e85fde82e13f9bc35738da70683426e88f6ea5de2685b0e42208f842be7698262c8faf16169b511696e343c6989c1e669b7078d3b224e1eb95b6ab00eaa79b93f6eb1d49bb5cccfe2c9f63f70c27a6bfa1e0a05eca2ce9cfff8f313fa2c377f4bdb76c1be8956252bf7e550f1743327ff5fb7373b41abb01ee09e9589d6f9ce8f68333d1db465627e986537b7f5c0dcdc057e9bae12d90092d7893c2982e328debbce49937c7d2d827beeb2d42afcf078cc112d665ec67a3b6881b78d4e6bfdd25723f48abbd8e7efdf0b2ee85f3d31897aac9cf61e14b5d1c69dc876eca4725feddbbef9fb42ccbe1473eabc1c63183b3499acdd750ba7709ec350947fd00f6e7b6f708bd91970eaceff72df77d9fdfa70ec28b57d163fcd92c824909d80a78f7e44fd587a9f19946b256a6de9516590783f06bf345fea1c8a9e2f23c56ca7a06472ccd6d49fac8", @generic="1d1a895b16f15b062d60d203dce5d13fdf1bf24bed8eb94b9584ab47314eeaeecb4b891a460e0c905209582b14591f8b8f555ab8f3fbc75c732fb0236679d3e88b7681fd8ce316f599837cc664026a018a6df0ac934c12e4e89d4bc144e9c8456ad6c9fc60ed74280fe1298b3bd5e970a8cc33c31053a5aca9e6c21840cb848fbefb2d7e07bb100068e3cb48fef605008898bb9f39d43c61b5249b3a4ffe269d353a2985e46bf1bb7b506bbbf71c1351c096d77d236f467bb114f0f457c80253fc0cabceb39002c88f3313c8cb09c7c0e662fee032"]}]}, 0x2224}, {&(0x7f0000005080)={0x12c0, 0x21, 0x509, 0x70bd25, 0x25dfdbfe, "", [@nested={0x1186, 0x71, 0x0, 0x1, [@typed={0xd, 0x4, 0x0, 0x0, @str='/dev/sg#\x00'}, @generic="1a358f693a462cac41e3af47d5bd22a7ee5b6ec2f79ce6242c74c15363739b0f98109cb81d25d3d2331214f377005fb0f64f7af20465610eb213b04e74ec70ae14871bc1d41b07e72e4ebeb918599011a5447c4bb92bf988ecfeb2b80bc61960c3a2c4074ab5dd2d2d9715748aefe2dbae39", @generic="4a817fe4a6885f90bdf742e2b4a467c892e835636db671a04f8af2432344e3b60841936f66de09e5811de09e7b93abe0e37b27e2cb89f325d04b744cc191c6bcbbb546d9351778ddd20819241034c832ad635e8aac9f5f4705c386f7ce052a90fc6bf6bc3e1b0d904e943fa00883aaa29f51252342bf9ed4ca4ae10f5120c35e1187fb283c", @generic="395a35b9d0f86e8797094b801fbbd2beac09201b0bced61c90ec0a41573cb6cac52915ececfc376bd98f227af6eec89b8f41085893d92074f242ed5c8e29054f7e2dc082fa2c60c444457d00fd013e08bf81f55a5bb969abc2e652714994ccc5a9ac9a69d058d66a45ba4ee3a4f1ae80683a4811e7083eda324153ae2b24f98b80886658749ef49d86d5ee70913ad47274a6958ea4f98e300dfdbfff5fcda4e6c95e6c1bce5e19cd27b10dc7327632af912b04a3b6bc5f306fa1775460d2450426382e3f95c088ccbc444d01786febb53e882cb45e6033efd0e39e870f910b50028114f2b3c6223ee2bc02cd39618b540c00a82f94604bacf69b5dd1f2f550a09c5a7df5d81d2a8a1ff7e9fa096fa16b0a7b1f0c659aca4a77576ec5e18905a5a6efab5a64558c975186faa29b9ef17d321577218da2667f4900d1ec3115c10abf0dfb196e02f37b789ee0a6e7d29fd52d669bbc1755412006ec59bfdbd85d72a0319c2beac5f3afd86f273520906a8ae8509af6d8934f73516ae7c3a4f855221b77d259ad9f2663ae057466c21e9bf9ea307fb6d366a35afe95870220dfaec0e323ba1ca966cda937f52c0dbd19e5fe77da03b098191845c6b09d0c79eb82f9c8f2efa667be06150d9dcf0e6ad55d34e702e66831c746d24d3c29f389d8ffa9ac806be059c628c6d805460b3e81325adbf4c43737977d2a7f762c68ac43460d72ec9e24c340402f281d7e285be61b20eb11a63f879edae53f66d01f11824c7373239f30412ecd78aed5e11a6541d00a692de77a5f8ee68903484338bea92f401272b580a4384506d06e2413abcfe98c54a11d4d393161040274c71d3f1a25d930621f6bb586dcd92a526d787aad970a7cc14da8f9c1e1849ce2b07f72d75b30b3fe3d87f310fe290274e4deb16d93e46323d06633ce1418a69b62038fc86e1927abb379e2332be79f7c9584045fe76d42d87d16d512118f8f896675a28adf8eab1143d4096e845eff159342fd286bea331003d6afa5993957614bfa336360ddbd4e5a5b062564cda73cadba2d5e4a744f410f0fd9e7f635c39704a6d9e267fbb9471092955164a4db8c3d5fdfdef2d838769055e12370b0d09f72dffba0eb415919503c00106b962a8c67498efd378afba0d8fe90741d9d5b4d5cf1ab7092d28b7d209a4081ccc84505167c9a4afd3b40bba14ae0f0e43ba12d401609fb6f86e6d297f56b63bc80fbec6fd08ce0852f55506f85067fd1543198184f0280533df9271bb1fd8658330b96854c1e64558e452b20cb2a598f472ad46015f3737753f25f3d3f6826498db786424ad52f9e9b7fc268cbce245332d4f83b705c61d1889fde0468dbc9c2e9feb7bf87060c14c8df46071c6759e1d5c8e7d8383b534a8662066ab176d509473eccc70e19ce5d4b0e3c042dc2a97f63622f3ecd99dc1e2d970a5eb875a7902d2befa5c2bfbfe1ded5bdf8a9acae962b547998b74a61d7baca281df814e7387d4d9faeddb458d5d2443f81810446e3b8d35380f1218ea6e40b668131c4b83af6a3a2589b73ddcb6dc750b45732bdab4c3f726ec2c0e1576f28dfdf658a211f0d5920569bfc241b5a978d111e944549fbe6cc0c8153d853f953f580b0b3d3f8802913b37e91d28abc6ae0a17a40e4105b7b4ecf44f54ea46700fbabc4036f6060b64ee80be5dc00cbf510ad7771c92b4c027ea48164fa08cefd9f2e1e51abfe7e844171b61ef36c4d49ed86fe29bd4d5eccaf37325e623cc8c61dcdfa2c6683e449acc58aa5cf38aeaa336c9d808beeafe3a0cf56d687e784f7c2b5e661ed911fdff7b4422c814a6106152034cb873720b79264474c9e4e8cf019920217300c9640e8bb96dfb54c0bcbcefecc9ead208fdf999ae141153692209f9b88a769138bf5800dae4f6c02f6251a765b18bbeefe8da748327edad984b5d8e24aa8976287d87cd14ea1b2b990e5b935c088fad2efaccbff513ce7667474e7c9112effdc74884e159a7e8a634e992cf31025d17053cd86045fef23a516398a7be2fc0dac556191cb698ff28ae522a2458bb5e8aa028ef765f1065463e69d8c0519db2d4a2639714f3061e92a5d1e6c24359e23ff2f179d91733671316575659e848481f058f552fc5696b3f082f3e7e8f754bcadadb9a9c2b9fd1c222b0ee772d4c4ca18a53626eaa58675226747608d840bb51f65181b6810a4fe09ea3f0a7dfcfd8d7136d877196b5461662ed3f835f95bf906d47d1920f6e92a3caf11368075a1a7f55f5ba6a7b3af9e6145cf25cc5d3227cc75ba344ea78a6e999a0084d3eb02a9e819ed336a07f15fb9ae42ae818ef83fc2b60071331cb0786d84b802b149a8c0781f8f5aa9b4aa11baaab4f669cd5711b8afc7083f3729256e6fb51a5db8c860c713f52621773dba906d66eee2ad9fa859ecc8d0548b4be762b3c40107d0add4f50422e493611522affa74afab9a5e252830f345f3a209b5e27e529e1dd70896a32842ca1b2246c12d9c4616dfdf6894dd6ca6c497f1a43b1bf17d9eaceb67b51c64fba1b5a896fde8183bbc5fe39eef161a23dba84fa08e432006767edf2f0933a4a789d18704104c53d7c608a6b94bec3de50faa78cd91292d4ba0f3625fdede508143a3c5c522d9e6e27dd300009057d9002bfd7e3b97235807840b2e4bc346ac6d6e777b28d4cfa0af21b89e7339c9a0ab527bb7a640ecaac7d4b099bf05d5039fbc0813d2fc833852b7cf50f7c95058b8293beac9e1a3db49507e11366b9cae30d5b78fa32c1c94892b757673b75e55bb3e589f52163f454549398b45023032689a1ef53e0477486cfac28fcb7fc4a2cf2136cf497c9723e23ec0da9a3b99b17f09e0722c6c047baa46af42a979ea70af47290b45ebd86726c2f8dcec15ea3ffe722e26e42e203d93c32a61d412b7aa5c6093bcfcf9e486a441d53a10e8164f8c720b0a38caeb628d2aab1d032f394a4238fd08f83576c2b8764b8d28aaa3e190e265412cbe141c143398481e0d8b97fa44fca0e2e84de7ce545297ca18358e00ebd083f35eff6ab9950917e36a295fc8d67f1b7932be0fab2d1db62be46fa118c5becf180d6ebfa2fcce0b92c6d9531cbfb2f23d0eac956fd22c70f8ed28abfe60ddeb892b26720016adb13903e057e27e7c41fd3dc61c185c17771f5cd14c8926464afe0cc482f4c7d832ca08b930a39bb6ce6eab88304a1e446a4f449e53fc79d6e1e004264c1a4b0b18ec53ea61b9bf4009979bdcb99608fe78a2718de097d0bf67c6d6593e56097098844601b30f52fd790d46e2e53f9a93d735c916d98eefc2a9dfacf3583550db345f391909947f1415bf1b493e01aa02b3b3a6587c155e5b43c926d1bdd89855b32206164aa627d30a7c47af91bbc11f00fd3a728739afec929eca0088a32d38f087e1335969a83a7012377e06e138753921170fd0e8995d832cc68596d6b4d4d701172255b1c23e8b61413bb960955e2dea71165b96c085781416f58f1242d32c014fc729d6fcde1883ac832ef70c44f87580b04dc559f9a516cdde763dd1fa8ab1e9fd7c9f04dded8aebb68c56a46098379f0b58ecabaf88cbf2e4dbe81a6f3b34a09c577d3863a0c284df709c995d428389011b36714ee435b33065e40b7f712f01c7491eef6f127d051c9e888f94b59bb478694d2e483b7e858e4ee001295f56f96be6fbc5be0c2577cfd696f62a766ff9ea981375f24182c397f484b0ecac2d9e1707c33f69a12fa18df87fd17442c90d4514bcd54eb8389d844255e622f412b4e4cee8cc6ce98c8251a5c9796848d89d30c0cb75b3733bfe990b308c5578685a615109e6a255b9a3883d0c2141fd81a4f9b23716036a4a755e50edf9dd7d3b7609119f9360676061fec3e365da9e4536ddc714a780d17682173dc3012428639edf7824447573d8d5dd89a35b87266f208b15425dd4f5faf8ab598924b0f35e11f228179f9dec97778753ae148b67295c4c9bb75b24edcbe9f6e0864a4a964664e0e399b3b24c21fcd049c2fc839fce004d506f643a6e1e4287106561c25ebd54e51c0504fcb6e707b6d96d246c79a3f54d685fd1a69e104cc3ea22a20f16c95a5aa457537e89dd5e7d2dfc82288f1dba7eaed883a62f7788e0e402ef6af988cac05567ba4f5cff1b83c4dde9bd57be288d73bdab764b957fdb87f5a5adc882f2a6c540e08a728e843c9ab53340081ec0d677af642a6b7b8b6061d562d5640398efa0da0b2180b2f9071a110df9dab7aefd42c18c26ff3161eaa2f11c55617f798f46704f179208f588f875383a4540736ec81281c8a23a5e6bb33d7832883e91763cd880e9363735b20beee8529a64756d89e89c18b2038c069a9681418cb6f08623979673a7994e17eeedcb43bf16f6b2a53c9259c91aff720d1abd863488cb7ded544c52c45ad5cedeb4c6f9fafec8acd2c8b48cc7a8cbe39ef3dc5fa0193f4dcaa1c3716922f0bc60837fe5939fca759015a638b43d0dc461397cf45890e5039c9e479524359327687396a405ae01340e83aff6cde18d6963c5074814502a0e88387bb79bc26556727e201b1dc16d8aba3a32220d362678c14aa2e06da736c89ab619065a0c0984df334aa49e7149acac7528c35a1d373c5c0033010b8f9c7ce60f2d75b2828306b41c5a652efeb0395bbc23c25291a201b985cab1a39fa2c478aeb4d68145c29c78d57f75b42d3844ad53dbeb33ab96869f05cc658e106d860d1d490479130250eaff702087c294b89aca1867ea2ab18bdbf011f4a75ef56ed6eab206319ef7891668a1e3f65514e1c04a29424cbd052e570364b9580bf1f1c47266a1243f301e91b37e4389fd66da0525c5b03c5319d043abcd152bf77fae0e43c8f359b00e56865ebc1bc359de357301d8b6b466bda38dc936f56259941e3a127f66ddd59767d7873181ec0a9e926d5adf1ac7e8864f78158d37e4781b11e20db9bcff6bb35375437331fe2725e4a01d5c497de3eced86ce9d432d69329e1367c485c275a0fb1a46be8bbf341c0f3a9185780a325d0afc59c922e720a5757a3c469651d7cd3cb7edc5d3cf64761974ddd91f520da62471daaae4794c1cd81eb9745c9d2db3b097acffa71c3c0eb04799434836dafea4420755d29f0052db28e9e1ab70e0b3a900142a56341acdbd8157b25440900aabc78e9b2a2287cb50b940335f7a826f111d3f55ff1dcd797bd9618a18a5b146cab413f40afa798389729b996d498b6b08bd0fee8d2c22a925eba19d920d59231b7144e5f0a48ed6cb8ac0539d1189349b5853c330f42a0666e6ef9f470fa9b8355bb4e7d19b2b57683430cb493cb7a4e6d2f7fb20d6afedac2788466dfa0c2f158cf138cbc2e32bc283e8b3807e100a55611d73a3f22f9e4021c35d926650df04c0218fd3dce942a548b548213b6f88d0881c74e7e354ab5fb0ad5e53cc77508e8759cd327a062c11cf8ee3332c5c928557bc7e4956c2f9c94e477cce79d56a10b1cbad0a36b9b8f4bf750ef5cab9e1b2c19c6c84d1503aae974cab343c12e16d2ecbc5cdf6d6df456c352e3499032c828147044f575acc79a4952c670b10080e16eaa4e30f8b5486982265032ca70131ca25337ccd8e311d538a028498fb1746f8ce0495eb22917f0f9da7cf3005e339841227db46b86f9716b402a05a16b88c9fbd0c1b3ce51ccad84d91c3873fc849e8daf870cf01065d8efae1089c5688e892a00d2618565efcf0f07ba01e0863b673480cfb24a0189ec45b9f67e63bb4971f9713d5fc864dd853a0293b67fdb8b68b", @generic="dd7a7cb0ff28d01009c2be00e61653595fff668d6d69695dbf7fcbc5d2fa8bcb5a9feacc2e2cd7601619491854f500acb388600d3013cc3f431ad084566f566c3f53c9f38645ee192828c3de0b8abe54a577c5b5eadee2fd0c094e995af49e95316cef53224555804240279e5c2c2b7d9c7433ea3319f1ca95bec1"]}, @typed={0x8, 0x6f, 0x0, 0x0, @uid}, @generic="3573644ca4185b232438afb8e012d7c2f2e85f3bb0aac8203d4a62120929d84a137c23c927d5cbf4bc2ae9b560f52c62653674ce0a", @generic="e5f2e9528a78f828672b93075e45f8802d3a49c17c499e8d8289fa4224d4fa5839b18afb6ca25e18f9b0f11bd70debe3c8070003ed34c8f2e839e52033146b72c43ea735e2b0e1cb710dc7aea991f8e1362a094dab8e16b3d7646aef9557b60bc64daf85626eb5e1ac5571216faa36c898f2db51c981d08ea63390221e91a6e542325681f911a9ce672988b0f84cfb8072a2a950d776624831ae745c98d5f22826189b5e7dbfe2067881dcd4c57f5adb75813f953e8132afe76a9fffce726b6820c87ad813fb112ed13554bfdd0de0a5a4ca23b7ce01a6b369718546b9", @nested={0x9, 0x48, 0x0, 0x1, [@generic="f68ceb8bbd"]}]}, 0x12c0}], 0x5, &(0x7f00000063c0)=ANY=[@ANYBLOB="bf83a2391ac0ef9a0000000001000002", @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r4, @ANYRESOCT=r3, @ANYRES64], 0x30, 0x8000}, 0x4000000)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:56:16 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x8, 0x0, 0x0, 0x0})

13:56:16 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x700, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:16 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffffffff000)

13:56:16 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5600, &(0x7f0000000040))

[ 1221.510154] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1221.510154]    program syz-executor.2 not setting count and/or reply_len properly
13:56:25 executing program 7:
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0xe85, 0xffff, 0x100, 0x9, 0x1, "6dad2daccbfd1ac9006a4ba127c82428d229a3"})
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, &(0x7f0000000000)="8f4a24d770c9b6bb58f8a5b5cb5dbb06dafd8816ecfe601fea6950844180a62000a61095ddd97077064eb1e793ec282abfdc88a1faea8464ceff5b6e7db42f54e9509d170193d486d882d160fa6dbde9688ecd2d1c2301f31e95779ede65be097727f7", 0x63, 0x4, &(0x7f00000000c0)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x9, 0x0, 0x0, 0x0})

13:56:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='attr/prev\x00')
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:56:25 executing program 3:
r0 = socket$inet(0x2, 0x0, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7f8000000000)

13:56:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x1fa7, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5601, &(0x7f0000000040))

13:56:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000003, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5603, &(0x7f0000000040))

[ 1230.614157] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1230.614157]    program syz-executor.2 not setting count and/or reply_len properly
13:56:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xd, 0x0, 0x0, 0x0})

13:56:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000004, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[ 1230.668634] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1230.668634]    program syz-executor.2 not setting count and/or reply_len properly
13:56:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5605, &(0x7f0000000040))

13:56:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000000c0)="e905464b8110281f532ea2021a0716618eb82da0c892cfaaca7a910de760c34f489fd1fd4fc5146e7a2e4a0da22bc854756a6a53dadc04d5d7508cb85eeabe3b1631ac3376c3c97d772eccf1b77bfbd6db6d32972f782cf742effe1b949d2264fa8c6edcfbbb2e8362ffc71b55e6efdf5d50345b33cef793568709d27ff75ce9c189433b28d2e7dd411e7401951abc67fc7dd0ec3a14bcebc8470555bc296f7f2c1fed2ce3a8eaebb3caf8e70a0d0b544879a55e47785d08be0095dd54f3fd78b4e53c9350e9a1ab2eb6a131fd801ed507a30ea714ed1f", 0xd7, 0x800, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10)
ioctl$AUTOFS_IOC_PROTOVER(0xffffffffffffffff, 0x80049363, &(0x7f0000000000))
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e21, @remote}, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e24, @empty}, 0x200, 0x0, 0x0, 0x0, 0x3f, &(0x7f00000001c0)='veth0_to_hsr\x00', 0x3, 0x1, 0x40})

13:56:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7fffc0000000)

13:56:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000005, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0xa71f, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5606, &(0x7f0000000040))

13:56:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x600, 0x0, 0x0, 0x0})

13:56:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
[ 1230.939622] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1230.939622]    program syz-executor.2 not setting count and/or reply_len properly
sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000004b00)={0x469c, 0xd, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x467c, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_ELEM_EXPR={0x4}]}, {0x1360, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x126c, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe1, 0x1, "5617dd3c582b1d4938d99ae370a4ebd0a192ee176b94757856ae41ab4b139cb23baf2e3631bd6b9d44e4938dfaa2dc022f41b4559d2b8551ae7602622e722cc041073ac68463e2f124766206ccf8aca458f74776808af87e7021add503ac304cf7685fc9354d8f8399412f8012a83e1d3965743dd3874094c1770f8d94dcd2bfccf9e5f054875662863867cef85a383c0d98547a01dd51686227e5e1e2783fbc63ba1ff97c15bb28c435813b32d6a0d290f7b5b634b430d1f407bc567ba787393d976afeffc8cb325a71f7ee0031c5092eaa88690dd97f90afc9255bb0"}, @NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VALUE={0x5e, 0x1, "d8c4c29f522c2c87ec6a8c8d9595a8786a5db3116a0cd04d2036eca400d6bb49fbfc1eceabaa0ca41a1b54ee8a260628bfe5285f1a0cf4f44bd0526620a7adafd72e296b6a67d7163abdd94f3af41ffc589c1220d54da5a9c6cf"}, @NFTA_DATA_VALUE={0x1004, 0x1, "b0d6fcdfb23823e320e4e73cfd4bad6aafd0d2c8c280281376150072e91966ee49e2843a07926e7e892fa0e2cebd85168251edd3cd67aa962e4958824629be8828e71172fd3872c9b16b15c81f5dae7990194c21a1f4dde0f0d6ce57fd6574692b389295d08df16bd3c8c4c260e847e90e0da017ec4e9f61dc936081988943acd83be815eb8c2b20a8e179bc0897908653d1c355fb4a27e761ce55be18b606704c6cca19dd3b7157a868225762430848c3ba3a554f36e6ad0474eff2c200bc960ce15cad4f94d9fadccadd6ef0dee77eda832dda6da4f592af1c9fd466ed10859d54de34e0a30300122bc10ce0ee251a52a4e74f2e627fc58cad5c5eb2e70fbf60b1652d571f333a85a325c009caf402f6fa0fd67a95a8c8cff185792b15b742df2726810a6ecc3caf2950afa11f4a2459e72668ce958d105b8b5fe296235ab19cd30063d52f961dc3ef8b5fbc0cae226a1a0b88d404056a7656c30c0f95de38710e896ece76f88a103dcd37b6c69bc2f9aed2d4c551a09aa9f1012a369ebbcf29a2cf172679e27c339c60596788deca023bc2207cba858659e5ee121182986ed7bc34ea3adc2ca0271e310fdd12321c2c7431ff9a196d48f77bf91a0d1877bc7995af4211a5b18e343db2865cc1ff84613e3ccda53e940abfe5f987f65aebc1fd6b33f6ffc955fd74c13aab49d5230c5db6fe1eeabc5296c6ba2b7e227f48fddf1444397b5ae96b30193bf1f45b5f791d13c3d03a286d537172472697c514f0ff14c9ba81873ac3e323df10a0323d77270787418dfe62170c028f71564ecf2252835290d0a6abc7ce34da99d7b620b34daef4d5b17bd95cec6c1b19fc94e45ef967f9bec0f8e8264f5d93c158bd008d0944d74ceff7896f9f10b0b7501db5e4a47de9da6733d02ac94ad3d0e7bcb53e2016759c7fd11011c68b1ea783251006b214adc059ef8337f26ead0d6fbffc298724ddd5df18bd1d76f6752e75527b5d55bf0a028d8c844110bb3d5a02540285ca19ac9b90b1068e2294bf4a0fa06ed8c04954285ad15e3cec39a2011f87e03e93c1c12e4127b1b6cbc97f52614f456f7928cfdc5a5c13faffe9128dc22bc70bb8196a93706207eedf1f0bfef2b0f16c5a79c113641322491e4ee038047f43ef742cef365f7719eadf83f846fdb1b7dacc063b67e490ff7543cd0e6f5f7c6921c639d380f2506b38752a938d80e6768164b3db4bf5e4b65fff122d25e4f096db58093d745369c0b718d4d6bfd61000dfb42fc6e2babb333898f0c051d69a410fcbcae6b76ff4442cb5282c6af3426d5112207a4bcc16efd30051ebdab331487a20bd9c82c45e5afa8eb67bbda34df86e371192ac4cd8a3cd5b442d2cf51014740c2793cf532e272e3312e574f8be232c289a31d315732e392a83ee26d2ee6b7113826ad1e2e057b822da4bb383b8f5b7fbc7acfc0b6ec7d9d4fdd95d64936b72e4aa276af5c7a50b75f8031fa63ae840a1675b7b3822f13c2b91a668bff23552aa96476751f81ee12f17d6d792f040415ba823ee00b4748eac192e411b21bd1591ca2526233627c52f6f4c31efa77a48360a734fdadcbb9c52b01c87e8e05f939528831673623828d14739c4eaf8e196ef21c4bffb8e2ca3dbf7e477f1138728e73b7153e01dd23f3a276116a0a6bd94921e5bb75e1bbc126090c2032114f5bbff06f62bc7a572dc401b6be76e988f41e11a7c5c7aad85a9572277d47ba3db02b20f5e81a3d54743de0bfb7e4aaaf5b8f2f502fb032458f07806e2cd30adfd44439d37b0a52584f4c5492a714ce3f41d85c042c3c066184a26d0e8ba7380e17ddbd89d8b14c88c3ecf4a2c4fafe0f0c031efacb5f77a08b6c6b3520674a9c0b35a4e02ec2d3eb113d1ebdbb6092ecaf59cffbfa238b0350a1bd118f65e722ed3021cd66416b26b3f582b6c90916191363d60a77f83373126af42fc0f5cb6b33262a09ee4b1e2ca9bbb5eae0e38d94cba0d563ce72995ac5676b1803e432ee855c3de58233614780c27d33ee128a8ee532e23a356e4e092160d4997c19309c883ce659f4d07c953313cf41e43ea97955a6edb51eb107d0572ef6d414fd70573e84b1f8ecfc63a649d7d2ee14ee47b838f3279f1183dd70edf339e5cd2198bb9c183d8ad71ef47500e19a571d6109efe0f65bde903c695f98546b024dea3955d14db224207221a60a600a28d8c086bee198f6e84e963b895e782fd77215fc455fde8c5be00e31ea83bc8ac274bc598d5e84d8b2117605c78dc96c011aea4749fdd7806d0a183906857e566849cae542a299bae18e2d3de8b403c3189d124fcd376e165ca9d472842a71fb261a34945f75499be1cd606a31ff62c62c76e006d2cf75155bd8ddf4877db6d4d89122e846f43fde6cd59d7aaa3242656155a03e6bd7f1e5449c78c0ba5c285597a86680d52ff8e41b4792ac265a6e2597c07234a2b2a83f2f1c44e48a5d6b928322b48b99c630a0fde895ef3de409562a5d2616ca36acba3ccd2351017490795b5fd78d6204cdfdf900b8cab59b09edba992eb065afe155be9b0a939713aa1b297927633d63f2e577fbdb4a7c3b7c977770930e36da128edf028bfabfb74f27d7bc1cc547d48f2eac0c2243c0f2142ab7958f9c2dc1886843cc73de5503d25c0325e919891259ebbc990079bda8f27ce21f71c8fd20602383a2daa5f1c5b8a698039b215bd05658e1ac1174fdf095b72b9d54d09f851a29cab4a15b8b6f1e10819d09ccb63c9f610f8f63e155292ac8643e7855d57725fd44be40b43eafb5093e6a6bb941cfae0c6d4cdfebe3255048268d73d1c3fb59f2c26665cf55e21049168b4e16f043881bfd91b5afa9e1c883a667559300f5f426332159ed7ff0514d344cd7b50c0d28e6ff9b1b2c82624929e564807415aeeb27e2c97d5e0dd96a5bd1e93298061c9d96647f92daeab60a7e2016f98ea1b215fbd2745f7194441e5aac55c84b3739f1a1a052dffcd8a2f124f50954d86160121a05cb009744a28c6b3828af7f7d141d66f88025c376a97ed499ed5f3efad6d47e1c2ebab6742da32b55a2a630aa8617487229ee540479f58028ae0fd0712a6ca248efee0bf8ba7b582be7e6d22f145dcc4b30ba68e944db1f3b7bd443ca8dbcfc7b27b86a66c38f93123f23cb087f22177b61ec29783272dda640ba38f0afe60ab631bf6416652086626b21c3470d973bc032d097ceb8a84cb0069220d67568d3f4db963d1d60c6a114c94f9c9730c450fbc0abf41fc265b292d47b339d0de27d73686bd588aac7e0d24bf555a40e82f67f8575a3b86c0f021c442de54abe4bbca2b9542d3856588d90d4a28344e26313e468538d55ad9a48a7c27c8281e3f43e7ec3b3d161792c5c74cc96b6dd2f5e0b1ace95c6325e90470466d9051f6e79dc01f323ccd710b4985dc1508ca2fdcc4c69e77926f1e0b52a9be8b0dd1acd14e64afe149e1b4391dd4c456357b5005918be6b33aefe1cd532fdab7404a3b77ca188cf1f0f7cbba0ee3514956d66146969958b917613594061b2940810eb6892b5ba5607edff20e90ae14172061956f8c7a6d7b6ad54bc1c5c13c73bb148613751f0618e5c06dcd939d9b9c3485d65d6785358bceb6648393aef9d2f1513bd2e191f3c84daa3c4db942d0e9dbd033b0a4fba53545f0ad8e2ee7e461db950fe01556ce554cb85c8b5258d6a5b2e38d2ca495e58690e1f00d9fef4f677a379390896453e45c38db6eace858f77889fbacae3c989f03643ba9301b10530ac55b84740d4882ca3afacaa6230470eef11acf4de4ba4de0e82e19ee4bf4740024ec8e99eb0c9590d7b104b61705433f8171c6eb5492afafd410c7896d6911dc4b7c71a6ed3cef278417a781d6bad1af128c12e7531be8295b8eb903adb844380443a927598503205a3b684961458d4b2a702b114efa8ba1c57f4b101a8e111f330760941b794d3bf67d00448340a996ad5a63d7292aada7790d1ec04a5be0d9dc61a6241901bc323bee5eb4b6a0358278445c4a97afb65fd1d169271e4d7478e6ce945b08169b77ab43b6f4549900964c6e839d1883d8d13843e05652c1f8b319391b6bf14f495866ee5a1eec834930ee44d99f456e1326595e3798da2f0b3048672284e4c356f88d10b9b755db66ad4bae8bec6d64a3bd50faeaec6a65e2c599d6d59a797afc21654db6f3fc951da94e4a1dcddf71446bebb0558f323fce6b5ec0b4add88fd0c6c667d68fd536d57faf415c2252d798534d6d1c18c7434a23a5f929d2068558b69b67d83ee0c3c10e68e0086fc5d018723f668e1107ed535ef7fbbe8fc030446c55fe9c1fd571c48d6f3899eb7aceb33c1cc4d1301e3a80f4d125257b631a1ba472331c021193b1b73a23f83f7dd2181d68cff579def6224439026fb8f0f82e9651df61173b356ed50d555b0ec8838170c26d087730c755151c5fe3a2a43168983f05d67ef1eff67e8977a1a1a07d1effbce9810818bf759a6bc1266b930ebcbd62a6177969c30bdc64f90c1d2a1a0846a61c3ea09bb7b6fbbd2cc3e1bac2b15b1adc4c42c20f17c552c57a6b80000bde1173eda5436310543dded48120c4ce7d475a5d3de72ab757660b6ff146789334017097f19f29419adb34b6696bd4a1d24d18143f1c38323c3d75470e8c546540e4b455233354c3e5faf67af37c5b61ef24441ca6174b2cd4d0bde7132270df197d1d870a89e64e1009e0df87286af63854c445a7eaf0ea9380e40c78974c4476322c37c9ba56ccb6fbe34b51c480f37359d01957be6b414cb46413bdb27b9af3159cf07ca64d54a2dd6de9768716be77eec3b18cb7da5d02707f370ccd51d8e2a65dc621d9d2c8d3df309cbba25daf59ee1a9e38a94d41eedec80cbe1b496d8d8eccce35c7dd3cf1aaf8551534c591b4895c11933a9c4e026a40c9dc659294e99efb329e04bac331ff6d306cbac95872cc6b92d9298c94ff99167e1af034ea27db7ef2376df35b00bf888f54b49c702144ba27edcd06d78c49662023cd0e92f2cd37047ea5fefdcb13130fc1898975cb8d9ba852b950fe113018c35965c0c74c9f79d34fe5e6b68a95856bbfa3f236a68053ac5d415e66fd516502315ec0bd44a670dc0deb35138f8daab613fdef03dfde0b6b178c7c65349603531121ddf333d9e7e2204411ca394873f4d4edf7e7f0f2b2bcc5ed6adac3db765964453b53da3bbff3d0c738cf2f2795fb9b27e8f54b16c25fd8b58b8902f6d770198dbb7b1729e4947c2fcb927bf04e80fcb749dfbe6df0e4096b36b24a4706071e98b536532192d3425a8fb16a624ee36d0ece2ad3ef7579248dfa384da8a00ed1e9d8c9155c4e73aa989f2700c0bf811128adf14dcdf3f85cfb78cfc0f9cca6ba6ebce3163d835bc3a4830194b80c48dae57f69acce197ac68ebdc44f908d7e8fc19567863f7b41ebb5caa53bf00499e41e333e0ea6fdb7bb7a9d3e1d950476b2383626371718454b8682f9413207cf6e06ff930a5cbab0f8451d715104d4b94367632fe794342f9e6c4f62602b10f7cf6c83cc1777f68df96b70e69af62f861644cd10650d79bc46ac3c7ae4a4bafd81ce3c74a79f8166dec0b1cc5013340e93e76c5f28774e8c1a2e824185e642293599812ed4e8423b52e8701846df040c3277513cf55b5d6c8a57bfd88fb8317d8f34572d2416d31e8b1db89222ea995ab0bee6b1d131b59652f656cd187d445bb12e9931b830fa861df8da8d06c8cc7e9d5b953a80199c28bf39386a7ab94ee1da80ff716d724e16965ff2866cd482e9"}, @NFTA_DATA_VALUE={0xab, 0x1, "00b87e8051eec3bdc1fa3959190734f2d1556b774ac93f516e1f8a18085b198c993524afd69efea625582a4fa8576bf23f0512525d0f42a8522b9d7c98f16042603955f742e88464149643cddd2fbd833c86e9ef6a619278ef6a5c9033cf6c914b4573e022fb7c1f62ef29087b7490b8b9d7fda5123acc4aa7ec5b428b801a187b8e5113d44059fbca470c82eb4b3e34e366189694b6d88839534a128db508bcca637f64b2a960"}, @NFTA_DATA_VALUE={0x63, 0x1, "412ea718225af53283b4061295c2cb873269e30aa4e5c4ece7bab7e6348298b432c893908d4cdd8058c4f0ed5ee96ca9b15b9cc477b5e88a567e5548c935e63a54a870fea593f6ec82b181c16d7990b65292ff46917025115de8bab7eff77c"}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_KEY_END={0x50, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x15, 0x1, "232e6382667bed0a9f4a8afed37f47370a"}, @NFTA_DATA_VALUE={0x34, 0x1, "9d7f9697ca4ce0c7e732bf95ee4e02aa9553f2c84ff12d111ce644c07abc26c812bb927912e3a457d835646e38c4283b"}]}, @NFTA_SET_ELEM_USERDATA={0x94, 0x6, 0x1, 0x0, "ce4176694807bf111f409181961427602fb38ba8fd055e809e546cd41915f25bd596dcd5c974d46f8525452db50eaf6fb2d2e0726381d268f8f4e2e98009bfcedea42dfe4ac4cff04b4da0903fea1dc83ac54fa8645ece977016276e049463fe3f2fd1eb4ae96496903cfbeec6791ceef8ddaa161fabbcce1f063f061922f86b9b7e999dd717602600d03582617b4186"}]}, {0x24c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x22c, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe6, 0x1, "fe50a1d1bedb69661ed2ae28b83448811568aede2d697e0d14731b9c47d21cdbbf7ec17d43db5e5e088374c898a512577c71dadc728b70c535442f6807fa50e6ab2760c658a031e405e4629c1cc0c74a399f9a8b84efecc0333ba71a007e503a0d1cfd71df69573f8d30a0867dd3f7c0b79ced91ebe7ce109e6cb695af1de6b6dac164cfb89ba5caad0f57bc8fe1fdbeffb6928b4d36d83c0f1e6b16580a8a59c3f8db8d9f70561df84c713dca8b6dd253dd99f39d4a367843bea5f1ecc76c037f69f3983cca7d097f6204e1d13d61ce5a60d6ef7e5a484c7a9cfd39d7e938c536d2"}, @NFTA_DATA_VALUE={0x91, 0x1, "7c38415085f78f795964348520a33b6400577b12d0618a095b5ca5a1c851d7c828387e2fd683824e77c11c280328bf740a04969a1073ec2eb697006310f5fd0f9a61519cf50cc2093aa9eb6a2f9e7723d5be6bfe1e16fb5b20b25715311afc6e6bc93a1bebb97b115325b81719eb9f7875760a74fa047a7e3a301b32d8dc6d0ce57ab460b997e21dcdf12e20a0"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x5}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_SET_ELEM_EXPIRATION={0xc}, @NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}]}, {0x100, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x8e00000000000000}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xfffffffffffffff9}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x8000}, @NFTA_SET_ELEM_KEY={0xd8, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x5, 0x1, "16"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}]}, {0x17b4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xe08}, @NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_KEY_END={0xbc, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x76, 0x1, "8433fc103176d809e35e973f2f2c65638dea76dbe6b072e11e3037a1c1808c6ac6b13a34ed1c0dd05d60c6e643cec1348fcd747033e71161aae321799f2bd8a02ca7cc4ce7b9cb3eb6a0218da65aa9721010d19784a4dac03052478955fca7b46731ae6c3f61b7352a242d3ca6b548b5cd59"}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x22, 0x1, "fa9eb2f65dc2e1beaf3594713c27e74c1f3f986684e3d19d0c08f4dfad4b"}]}, @NFTA_SET_ELEM_KEY_END={0x12ac, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0xcd, 0x1, "8816da1bb91b2df4650609b185258a85aba51dd9ef8b566f44572c21f56cc6c5c84ccbc46c1306cf48e65f79301248cab622e82103efa81694f4fa1660530e35ab5873f6b8c064eec74b7cd5c1856f86ea31e1105b8442e411de46ea1392f3b1d8d08c17fd0a5d291d5e305782ce0fde3d22b099a3655199e6b1e2dbb1dd088f27fda57dc652b5dbd8c757d8f637ec1c484131867174e182ccaa570bee7da926be24526cdd5b6919c45ad13fe165def17ea157effad976cfb2bc54cc5d0896bb9746190fade18dd94b"}, @NFTA_DATA_VALUE={0x1004, 0x1, "411ad00cdf600de2674cc25cac9719feb7833d15e13a0d76ee8059bdad11dcea4a6624ef77ae8a00043f9584cca4a44c324c75dbc5aaf354cb1d5749b575819d803d2bb1688a2b172c955a4739f5580a6de5fae238b4350eae496fee6259079c42f35ba8c22c6e4ac701d7be8e6ef17ebd6c21b06fbd5b5764e478c5040892f90741d6e36e83693bad3bfd96628f3e5e4963c54d747fb5d4460a63c97d8391730ce6fb94088e7ec84fbb3ee997f1f45342da4e532772ac49b03125e10e40156bf20503e456f0a771e6137a88d76560fd9e567c2f4d9342d14249b2ed25cc230c769a2f57397d3f054c3a3ef9fd18819186beca8910ba398f17f13f62ae75cf19a68c2fcbbdea6e11e021d40a1d83c6a972f087106d9795370795886812f54ce6581578f791e43cd99498c86a3345056905c07a5f6d95a829b3fb9d57668b53dae0a3889dc312c932ec31a23a1a5381899260ea773862293b8a4e0b0df4685942ebac64fc7669c1968e758e63c1b57cd147d07512bcd0ae5c2100a9dca0325eb765b249bc5a27318e2c2d98d64a6eb35b821e1bf29c8ab05da0b444af1c871ac40aef809e3d00d624199d3685bee94a563c59b1c0011b954e10351bb81aaa39bf0965c36f56161ac2dda42b3b41624f4a164b79f99c1754953931904f495dd4e7e8cf378d8ad2d626e320909c01b8c0d5e54626475444db6823ab6a957bcc275fcea86f632c760bd375c8d31b148c7e5f41a432ad91109f4aeaa779ad00546fe3f2b4210d82e1781804b1ec94578f9e72a57c68e5d5ec4d559def6a084b9824f6e7a717695a460c77db6f4f69b46f210e7227bd984ba4a0a37ea1527e4d5c93c3a4626ccad7454590874caab8a40e6610c629c1463784e0af16e7323c749d9fc7386cc0ecc146d1b29cb7857681457e9003da8d0f664e7bfdac84764d4ccc0b3498add0847dc7a2dcf2fbfc7ea5759288a905d2b952730f856e898c99dec5858d4a970173ed6f655c50e8f4a9260c28f72c2a15322cb16d7fa755693044d35b568ced2ee77d055202d136c8f2df88bc1e4bad1dac0c40a71c3147ea0d20922bccbbe1da2ed6d30c2a2462950286701f6a3a1dfb96d6d9bfbc049aa9e25c29f771644488889d3981865d6430501261520d396ee36fa1c4b3bb61b79f12617b9c140dd5d3a16314f19a90dce86720cd2aaab5b230282393d623681bd2fddf8488c89ba2f27a82b9b680c553ac6f02140606b42c72d9616d7d4c2610b5bdaef1f5be263e20522a735d7548df5266827906a487b2cb2d81696f84ad390fec01d4205f348c7851213080682f4fbf91a1cd569d94832508e6a6032c2bfe08f1e6feb87d340e02482214099dfafded4d4e5b97cc5dbfaabd449bcb875df9c594dc84c38da975e7705a5e409aac402cb49ef72fde75a8dfcb722d63f3b616e6e579f94dc60dcc4b5aade365c1ba67cca9f66ae967266ca1db4a6b211d603f1aafacc02f29cffe8d52adf09c9c6130d6eb45ab730ebcdd3e249ff1cfbbb8edb47aaee7493add71fb6d4277eb96dbf154a0ca2150815a341c28e53e7c1546fb716433482df95325165d9f2f664ceb3c36e68a5ee4ca6ccd4f838a2203a1283e00adc471f7f8bad53af4bbda8682fd13a40d4c4d649b3b8f24f53f78c8fb64b2e79effa770ed4b9f1b26748de14af4fca2c45c22e39386f125c3f6c1d4ff0a81ce0ced3591fa00014efd4d2b378b79d6b7acff4c0f7ea7f65539cc03c41f842d3961ebed22d0381dab6b03154d673fe26f46da5a15c76837854ebed65bed1f238e7880aa2cc78b452d5c93140a56eeb2948b5a0c81f7cce0859ecdbc68d34b4700ab6f7cf833ff27e08f4bb0c7710654e941bbd5b85c53e531ba041b6f43f2ca601bbea00200fbeac5bb2af1f3a0f280df93026a0594e7fa1e08aeea941cdec6ff7532f5ee0b623562f2fcf268a177dbfdf8d452b368164ebcec365eec6be7951f930f81cf490ef556ecbd0ca86105598f130f167f31679d45dbb96e95e8399c250588e96171700e318709301258d74d19086b295226a07cc83fb94bb04a66c7fa8248e5eb7e35786ca87dac429952b7f1d020f43b452773dbb06acb785d9b2e93659ef40b36bdc7497fac2a780cffd694bcdbf192aa82044b2dd5739afba04ecf711bfab94a54e188a67f3f3f8a3ddeb42f46d748c04bb14d140296403554f6a47a891289b606ce28a8b2d75a62d138954e06074955f2a9e5242a1738246bcbe9c5c67f6261d23b558b1844b51c841f7fff13ed7e77a9dab638e88de4aab7d866598c503113603355cbeb13ab4f84aa6ff6e01c5d14770410ad5d1d10c9e0918ba9b9037c8266a3a069dcd2fb4d9bbe80643e838f8b274c19f6de8cc7604ebad33efb58515da2630b8753a40571da8e3cef27d86abca58c3717c58646585449b14d519922a54cb6d9676f20979c869cad84e02daf584c84fcf6ca814e6bd85365b54218edf51b6168968af14d75703f3ce0b3028f46c5e1bd88f77525ddbee67493634cdfde4a9e2ac0bab6be8ff743122b93fe8e403c79a47e68533e490c0beba264d8d248c299ae9b3f3921ba0b0ca3a3c7999131ad5b07f5ab76f6de900b9a803c29d781739d14e83a787e7707db12c320dc47cb99578914627432d440129700a93fb50abcd636494cf3e3d35d4c63c0650e47fef3e6d1238853e7f6968456de72d84f5c3c58935b5d258f161dc9d3467e715fd068975ea4854c16ee18fcd93e0440848b76ec0743e7d12db9e12e4dd5a801ed3958c16bb971e7c0e338d9036fe515e3ccf1087f33092e27bd33514285a0040139f308a210c65b8b7e31a530bd06b076bd4da371b90373e254c4686674ccc1495493613d210520d986129545c4c914740055f668c7b909cdfd2ad8efe0bcb5737f5a13dee40b6b002456f2c65b117f7dc3b8a821212babed9100fedb0c979f1ef9bc9d491967b897bde89f724198d3cf4ff8f6dab3202482f6b524c77571ced45a86bfcbe95cd5731fc5d64c2dbeda269cac22fd0953a1ff6fb3f541ded7f20000bc0aea39e08d2838c901c7edd3efc54dcc1c8e84fae2b6b92e2cd35ce6bb2e4106217cbe729549fbe2068f99c6e1d3310bbd2376e93a699a0d97fbec2c83b82d652c24f0d0cc7ce4924787d926da144d6cad8c57cd1d37448ea7cfe38b432a5bd102b6dd511af7084fbffbfb891c8767dc94727fe2c2a8273cb20a6e40963b9d0a66994f45cbd4300e98a662cc1d1febb89fe890c50a92b3154e856c9c34d11a8c8d0d2e4eff622246db254079df5abf35347a4d04a20887c10477a788c0d7ca48b59feca27916c6e465b41e2484953a5b2433d40ab42d07fd247f254428199530b67ed228450141dc2ab72bc251ac1ff9b17f86a01a646b63d702e02c4c1b631551a1665c92ea0b7a9e97a5b6a93bc29a6aa62a72024734446ca58e86652072a9d41239fbf1c147c4c8ac1086bd3da1df1a0ab737f10c50d6f4cab0750dad6c8995d185eb1c0faaaca597a52ce18e75039c7671e3b49fd930f508ede86dd808333ed115abb514cec9e48642bbdaa066b3645d1302e13115d222057a6de9ecefff3a39f7cbf8b0c02316f00fafc421b18a12aa80217285b65e5b6e4f63ba5677ac23595a7885eeca8c18be6a828001c2230cc0175c75bc96738960c6457a184ec7d74441a89021392df1c17d57fe7e246db96ea36085cddb2e4bda80e06dd9299b984538f5e33b3f9d42e9493ab9286f8b997d37dcf6432b19cc0a74e036d00732d7958af1a13fbb5e2a33135faa10d30c3772cc124923eb0a56aa2f45d5a3f75fe4840de20abf30d3b7ae3e6155b419688388325e7ee7776b8b3e1edf5a18c461ab04668caa11d2272321898b9ca95a8f879e2526ea8bc39fed846f972ce24a80edd556fe0cec69dbf7e3dcddadbba525c2c3cbf8626f43fa9d406cfdea1ca6883023d0a94bdc141c62bccc5c401bf8ad22b123323592be581e021d9268f286deaf027a4d9d5717fee634942a7807c325397b2678afca7c725cfc49aeaddcd2c4d9e91132547e0c556e84e9e2cde2f5e33a56260351b75deb37600113929c888a0609b36e34b5dc73d5ada79eff5991c884280a438897508e23af867d0bd4b5fc99c8cb373e188a063f0d84533bf5063bac249a2df92801bfd5d1bbd437745888ab24154628100751be74cfb3db0ffe1b92b98ec10f12bc5553ddf2667beae5cfe756b1785fbfc4a123b6016f8b791175e031a581f11675aa2a034ed5a6ffbfab30edfbb711f6066237933b19d3ef7cb526174858464031d581866941fe1f647937fcbebdbaa9330ba6adc72a3b8bfcc092e75ac1b59cb308e61332d909ada48d7fa79d3f42df3f64f0c32fff21ddf5235420e62fed77870c06d41d0103803b02f64f26dc8c7d9460f89eb7244e14903622edebf26369502e5be9f2d3cfbce12f1c31221fb411db73dc4610c63444269b34872a26f3ea1437e1251061f57606b521dea190315224684c8e32077ecef8c1bdb02541f4d58c13670552fe6b8abddd80eecd2b4e3356f2805329ba525be212f74e849b14043f522b3f553c8d04aa9660cbae72fd4fafff3e9c17ac8feb767f4c1f32a7bb8ad991ac9797374093abe80b6b2246c1ac749fdd3e63f8e67a0bf71efcff45dafc005d0c66d910bcca4e613934f952187614e983bfe8bff61788e801695a3ca43114be4ac58c2142ffeda7c5f97305d388c4d62a709ece83633c2b2ca4ce87cb057e2ce85f5b5ce16c5de2f8aa1ff21b56537ff0e3b1cabca8a5fdc5c147884bcf7731a1659ca241f49cc05af29637cf7786b2eb274532eec76a03e13f6358b2736af976fad978b8bb22d59dafd5c87d0ae8fb6c754f8868b99c3f304857505badc48064963cdfe35093d1aacee379bf002afb9851e720e1606df734a7f21ee3ac1f8d538266bb56dbe6e91babbdb951f07814ffd2dd54951ecc2fbf6b0e360a4dddd3aec519238045e71047175671c04591189e30ebd32c46cf580da5991c6fc26c4a7199139b6d3f03b71b34432855e14ebed2db1ab41fbae6e11ac8f60964d5cc67c6762564aadbe66f3eb2e1b9fc69d338754c35189b5475cdd86a7b641b4832efda784645ce430e6c19275bdf7dd267b5c023782e4b5e2184fa410365324d2cd4055925b0ea2121ddf9847f01327fdb1ede688fd72d3eb52fa8b4b44cd382806dc51d004fe09255e9ab7e7fa537f1d75abda6f9fb55aede77f583dec23f0517efd089775209a4bb928e5725e3ceef0ebd1e1cbb8af37487b6bf96c146e30f2f85e48a24b7ddc2908a2857c6a630be20fbd463499b007c761b7046d1b0a46627593a1033d2cb9bd3ee0e60fc40892eb62a61e0cc98f27806a4c16c584a474d59f91df12e575dea244f46dbd0e750c5b4ec9d9a5465f64f52fa06a0cf582d943479fe2718a7b8ca5047adc83bf35814d40b03de23b54f215a338e715a9d44d5fa7fcf0d8375ac463c8039fbb03c1190e8102d3e712cbfd93a2d69196c36dc7e2f741c993334f899bf5bb8f4931bdc4736b093ee181bc77209234653c12332473d26e46b8ad2d71be67a281cb988d49858abdd64eb84b31dbe818e79064aabb61ec0ba1802da67b391d7221576fa19928407d2825334faafa18154d6e071b34620b023babefc7f9035e1a955cd91be69c21aad2abd137e47c672c98caf781a9bb896f6addb0256235214cb460e4fbb8d6194cf89989c8b67db043665b157ee4eae1ac09dc0afe8864ab173a4e6184a7148f14a05110fb8cbe1"}, @NFTA_DATA_VALUE={0x97, 0x1, "6f53076f0456ab41dd386da5c3592049a5a9334bdb7baec685f90fb2bbff454036e783d01d01a3fa3731a24be5e31be3d6ed98afbbe0b0bb7b9f4a26d2181ffe7ddb59aa40d9de6bc3915661ad41c2182a3d0250364e53eedf7bda24aefdf8f0a8aefc26b852c3f6aee247d5280dbe8d057fb372198425264ce9bfe5a381d5d00787332423aab9c7c189d7a9ea58841c126cde"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x5c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}, @NFTA_SET_ELEM_DATA={0x9c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x68, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}, @NFTA_SET_ELEM_DATA={0x394, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xfb, 0x1, "0a592eb5496ba3856a0721afe8f94fe676396ceab4ed23322cba6455bfeaf793dc9d87b3af8e3fca10e5410cbd5d0ea422e0d9da4fb4717bd751e2c84e403dcdfcc667ad2f88f678a8445951e65f15c6a933ea94a45739823a3698bb1f966035fac52a4a61d546bbf67a7acdc3efc2c62f8be805ce6cdc1c3aae259eaa6c2106ead7221120e7234c9e7a66b25096f4bc7a9cb12e1a109beeca0a7c39c01f1faa4ed838bada7c4aaae8ad662b625b50504f14ff80ef17a516a48c174ed8e4a2a5e28cf44884cfdced68da15f32d569c4ba9288120340aa0a64aab0cadf3f5d3b6de104112c2f64b73bb2d255850a132d7395f404ed7bfc7"}, @NFTA_DATA_VALUE={0xd, 0x1, "9f7da432009e7a1cb3"}, @NFTA_DATA_VALUE={0xaa, 0x1, "16fcfb858410d9e12762efc9abb6f0e0958c7b24b77ec19f0ed797ddfaee443bfeaa437bafef096697e2d68c039a1dcd25e2d7b8ec6747643b47e6afd0f3dd7cce22184fbd8a2b67c6e21be3b3dc0337e74401b6dae80a73cc52d1d6280e6709ac68c8469fedbba088507e786c2b15c2666df8101b02071a2216497e5c81a990fb06b5a14de7e3ef499c0fd7700fb770fa8681bee4f493deaa89cd8ac0135f86ea7dff4a1d02"}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VALUE={0x89, 0x1, "d00a68b60701d185c7b4e6f78caa131ddf412a76f2d2eab03b9b907aba06c19d1ba179eabd4f80a7a12e85037b783f9dce8995458a766941d4b1f8b3505566216e225b89035f46c24d180b9528a11df120360e84139b2b6c0d8b70967611a4260170fcdd382c14cb787efc7691dfae4a1674fc7f0e4dd1242fa86a5d42deb55ae05f2f33b0"}, @NFTA_DATA_VALUE={0xef, 0x1, "4074d26a6785ebd58cec31372a78f046d3be61ef85fe918c6327f4a4fba5e327a06a2fc71a8f5dae38d21f74121af1f4dd57cf949120cf3e4af7d138d3b167b49413773f15b71bc9619dd0104d2af2cf883836e30c07c059ce7e1c4ab2f910474da4366c4f121b4d6e69ffa2a0ffdabfc5e24fa18bff9b86ddab8be08ecb033aea0d24d06c244b711b069ef68e00636515129d4601e7e9bd643711f295fe13d44b5437516c85c807a44d18a0d1f6b52e06f2921d56415ba0e41e6f190e2361a540372031548948374eb759fc926c759a2cca3342c43bcc43bb77096ee14a1ecc83596c5c18e22e96552dd9"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, {0x1538, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x9a, 0x6, 0x1, 0x0, "f8cc7fecd5c862d13820ab94ed8d374d05541e297b7b5eb5f72cfe823859189fb5436213acbb1819e988913c931b5bf59223c8941f0048e1d1c72713fc43548b08ba341627637be7e49152e6cbe7d5f5b4e5bb3e300fd4d6f7b2bb02e2d9e8f8981fe8814517d8b24082dbb2e72a34aa34a7dc3302e1168d1fb473f4f744c09c6ad0c2fb49434eb5113cb201573471e853f23f266d17"}, @NFTA_SET_ELEM_USERDATA={0xbb, 0x6, 0x1, 0x0, "c810ca62580ab7805bbfa3a54f4526fd4ee3ec58a6025ef2ff3f5088dfc346536d27d6dd5022056642358e62b9aa7cdb98878a1b0977b95b1953a5ae80001a8adb3ac28dee74a3367b6146f2ef9f274fe39739e0161915c012f536906fb433a9c8ab6e85c8e26b21c0ef504de6b9e7528d27f786bcfa3d7cca0df5769db09ea70a7f6de6971bc81aa889c92fda26d568df7b37cefa96a291475d27ae330c317c7c08eec65c180e9d210c31800c49b76ee6bba44411064b"}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x8}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xd3e9}, @NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_EXPIRATION={0xc}, @NFTA_SET_ELEM_EXPIRATION={0xc}, @NFTA_SET_ELEM_DATA={0x13a8, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xa4, 0x1, "b226da4aa6437d2f7ba3a872901bcac86099680a4cfa4efc6ade37660d8c95d61627c7e8ca677dab606bed57a63e5d074a84331a4961e85c08bdc4cb4dcf0d06de4617df26ac6880c41ddf380bc3ca7a4781f8b8bd5027edbedb878f3fc100666c457f77b54890cecce0e330d0431a99d060001301cd901bb86a34a0614d0ec94e3222db2acdd592dfb04904aeaedd38f9be2e30d8b4d6e694539e9e28d3d1f8"}, @NFTA_DATA_VALUE={0x61, 0x1, "f258d0140038519feb313794a631551c4d5970e2c25f1f9468910a8ec9d13eb549e4dfb0fb6e54ea534385dddcee406854c9519d1091f3218adc218f408e1e6206be831cf12e6dbee5d5b82676e894dc0af8d95ec0eccd9be2e556d198"}, @NFTA_DATA_VALUE={0x1004, 0x1, "35978881e3a6dd8283ed015ea386d2bb835edd88b87f45af442abaf118e224f11fc3f3a53e9c69ad0dd983ebac4165a3f98bd5d9eb5535b98b070fcd308b1c063d64a1ff50b12393fdfb8ad31df0281c2feda1335407192f58beabba158599d612cdc6b5add9848d5535272e7e595b3024ea9bb02b02be3f20a527104fb17d735f6d9292618d5f522df6682e98f5ac6f2fd24f6af1e46c9bb369ab0c703b60029ecb58fa412676a667547d2c6397b4e5bf89a36ecd0131232634cd8138b3863a87fbd71f318a9e217a42fc7a0760b769a893669014daa3906b97c341cd904c4f0e974e0dbe2f7f52be40df3628e174a41b38ba491648ae05924d4b50745742c7d3f5637e14f9099389ddca93ab869a6a4c4da526a3efd85d8fcda570455f2b16cc8aaa9e0208d66692ce9f33784ef9c10263075d1c41cbb3971f7d33cae6eae22db27afca5283d463f7ef19f152b2d90c62a284794f1634a6d48a2ce514d6bccc4a17ebdfd1c67b297630aa50911ef770d79db534a83efac553dff8fab2abac61e7c91da0e324d43733bee88f8acba3a382aba619f676ba66a0d1c159718b9c94e67de12356b2bed936b27fb345ef93c8a2d0b1afaa892bc26de0ac6bc316495c9ef59e68966d1922439359b11536cf16e275d252efbd9d044556dca50993f68b2ac42156d4cd362bf9c6f7717b4259feeadbf22dfb716d3b560c83d2881b188a453895934477f43acc4a3679ecdc824893314f7e6a604975d5a1c7fdd8f654b65bba18f79e774b63a7d0e0ec40eb0c8275d7ecb29de2966a721ec013936d215b330d0c542f2faf2297fb4593ec3bf49a2198016df8b7f0fdf56ad6f4bb81b62274eab0bee7273e6376fa646542309ef2aa12a373c43cbacdd515523882d030f3b011e19efb431fd85d829acd010cdb451f4567d2f44ebd84b82081f1414b2f79fd9290b12c3fa69a2f5e13a05bf34e8b7f09a32194f9b84ab3e253c81cd340c0a51e3b8f37f36e7f24d0c89201762898065a085e948a6f2374b49854c8fc7cb5e01b9beb28d4e07c7ad8405bffc096f3b021633f9d9e786cc6aa9e0b378b7c36b46a70148555d7e28338d2cd5dd66701247c2565a666ba6777945dc1b2407501f6152468284c87eda59d524e094f90ddecc4bb5691d77e04dfdbfdc9e105dbe5f756b3dfba831e7a6875715e3aedbee4d6d79e60ef1f88c3f74d028b1808a933e0597940fe81e09eda9e958f5e62267afcc754ffac6d002b4dcdfeba58039d57ad5402c3f13a95e7a7c84cd7281ef0572425e3b5bbb67c81d020cf392bbf3fa67ccf1fca66d8a2a563d221d4a41a57821c721bdfc750d67b144c33288718cf98a36ae984f810132e8b6e42f4e70454285e5a42e3ce32b8b25f2dcb7b3dbde8006113faeb7368c192d25d4423107c9fff6196359251e34b814e4c21b1d79c658d719144c9f25c67bf2f366dd3fadb541f17660a2aadb12835d32fa4a5e397230606b2e4bbd2cf88fe0ad155730871676787c8681415b550cd4472425bd20fdabba20e1b8023d80367cbd75d691c4b04b6c1f974af4127ce7486fc4809695377f42d7c7ad2e8d35a450e3dc6ef57aa414c753fd7d3b14807b640a29c7e85b318823515cee366f7c0a80c2eaa3f955486133f9a16a0b6879517f677ebe044596a2354308a12e55ad9148d15c4ab752049614e7e2d087257d698104ac6ed666a4ccc7cdd30f2f705c44d6578b18559161b79ab46deadb1b2ddf833dd96c5c517f8043a4ff94e26ee0b1634e9eadc8818f30745c8f6ff2a30fd79c3644e856e3fe68d81f25751c1f87d6aef51ec7db52627d48724c2e9b3aa971b9182fe7aa74b9bf93d42f5421e0c304d16abc1b61c0c3f29501f01794631f2fda293262e6f7537577323a390f90621cba594ce422c68f38aed154db91eac44ca1259e294f48881b921321e09f5291a51ad59b9a5dfd0649c6042e22149934ac1e96bff792fdcac37519997f0204935ad5392e0a5be1690f546e06c60cae4fca083f9e89b45714a8d79e369c133c5020d8d77c616cdf33e410af2a169326e1ed0618f90eca41e6439bab7cf1b9a62e6b136b5da254f8ce54993c1cced600731121b54330988f67dc8cdbe1acfd8579a85b070b4bed4b56f2c3a2df5a4f4a36feb370423068bc7bf6fc655835dc7dce6614be538f2afb5c202ff9dd22eb2a87381b7127a739674becb3f60a9caf9d6d92289e477d57f0b73fa437026b374d6be9f6ae226ff64040c904d4b0a84e207c4c55ae6c6369aff6498eda8b6058434977007c756a5ee81e6752c21df4005866b63f0702ddd6048a7992f2b6cbbcb2d6eed7151ffad4d02d66b4f550eb4f0c29145933edef7fa9734340fc9bdbdb571068a1fa5fec2a598d2330362709038de5cc887d16304e64a281c86fe82baf8f2399909d5713f7a35e76bbd75d58a4c8cb32d0e286ef886e56ad979929b706392292753c3246fd8581f1a5f52b533d530af4d40c593c86e1f19ad52d45ec1577d6f80fdac60f9084ee8c35cc430db0fcdb7ecf10bafa826d5290dede36e05a5ae74f6ac02c2af5cfc824ed03090d92486e5e90a6897d399a1fe6a120e1e5b7dc7cf0cf010aa4ced771fae3a3cbe5d918fecf38945bebf08571b5269343a24c5df719829a97c3476717cf69b450a87fdf1af76c1f4451bcc06567d99ff1b82eaaca1fcf6feead5290c31d4dc147d7ac80b7a758943081ba97c3c267a50ce54e6e3c043e8c96d3e6d31eeb757b35aa6c3e74cbc2eedf81b3ba923bf48411b9f4c7d986f226a66678d6803494e950887d40343e6f2c37b510fded257be9fa71f2d875e9c88fda19ec5332cbc730192bbb9994f8cca4478e276694d560acbc37018d1e123472950d939a89c8390cca59296698afcf8c3c32efc468fe3b5fe3d63492eae197c81e853c68b1ee3b5ad0ef8689c5fabbc7638123c32361610ad1e00d06599013d3d7210da077abc182cddf6b3085d8f8da4df7f025ca349cc2fe1b301016b13f7bc5c4a76c7c6d1b7ec920201bc30bd8d629c1bea48847c947d63cd20718366894c77eb907ad185ee33ba0569c3cf2bd17ec469d09cf6854502d7e24176aae567b0326c2fb61c796174d5a05cbba91b3aaefff83dd1dadc601db8eeeb5b5754737583d69d221e5fe117811115a7e198df4047d6a024f13274ab50d3b532f0c548f260b863d63a11acbd5497e1bedce1db57e5ac2609673c7620cf483cc0235f22b9071e7b58ac40b87b5bfc5e65aa6904ba2e472361c523722377ae84dff284c279f33d64d3a24d699b8879effc4bbc41db7a7f4921648876511d728a81b3b37ed0d6006a4b5c8578c5d0f3318fa2e9c6d105d02fe3b4cd9076fe356412994b2bee9de7cdeb2ff01e0d0ae180c8fe5c2fa754832f9fc5a4c515f237a076b2ecc05001f9087c8764ad35569854165a8ddf1120018d8ee4e393fc9f27dd28c0bf3c8bbbb1e0e04b20b2035069622e6a243b266f4ac33b0875bd9ba9ab8fce53d2c4a6d37679bac866117a95b6d08ac22958c8814fecf39fa84efcaa7bcdb7a4e887ca2560d2e209cd46e22618df2fb88a08411e0a34900cb4727b124b7ba1f2b5ab389652de04c0ceefd0c7832f897c424d2ac432c79f17e491d40aa879e6c4ccc36b11bbaf26bb03c87abb4ba1d8c6f5484dcb030c473b50ed00aab6013e88d4a9f36a4fa265ddd78a090cd70bca0e8df7e7b35c79b79157514c45f9c512a2fa1327ba3f88cc77559a361994aeef1f921eef1d8a2e4ddee5fe4b6044002ee26aee07fb1b1e3e738b41c40e5ad400226f62f8624e3b4e929801cb3636fdfd2797cb4131fa09083b0d1071e342302aa85e641bfabe1e843a1750a3b6617add4261d08760d6129a1cc0624fadbb57b08bd14550c2cdbefe276ce37537c62863f15b65c0a421cabe897dec0902043f8cd386575c23f5fdc9674ed01ed4779f7a05103a4abd3db041196e39582b6ef724cd2d54ab20c424a8d120dca8bfb2de86ddffc7c0f16154d5ef090c12f510406b8fa41d0b41b1e090693fbf194e608ea2ae0fe7a9062ed94658e81e31988c64de20642c9f9f805919a253f8595149a73f2931370f062eb5260859c2bd38945f7f7ba7a4316edda14defe97911d4ae749173d20c021c826dd09b387176c550305bdb24366877343c72b6f9dc6f3698ec97b391304908cc8987d41b6de2be67b6a0d6ee68c12161edcdd5db740eb75764c975c44cf1f3b8a94e7448145b95372a69296209250a9075e83ed1d654874e220aad5c215759cb3a4652d4923a1d9bec82e1c07c95c231a0afa21d7a7b20df3d004c1002131e04e638ea19523088469609ae3036a9957078c8b6c709e2f3ab3d5b0781d43811aa7efd1ee29b725f904da0a026c84910ee54f48e3e05b69eb2d7f544176e327c1493ea6da021e5322d80373cb650f5a33acee60adb63207d143e6783db9cc2e26d9519e89234cfdc80c32371666c0b41cdcddd1a9a3ddd55b28b143c4f12b5fd0e046c51b864246d86773b96bc1fd70518c9a92178392c2cc68ec9208517a0a829aa1a4a4102e9464262fb15bb88e39582742aef2557a3dc838a699aea161300aa3e551360019da35646746b84b36a8c22067824729384afa5660cd41779f44028cee96380a5e4bf5b4e446a005483958519dcee64afc8710b89041abd11be9fdb39ebacb29f5dcd6109e55ea02c0cc12c9910404acd1891f313e86b7ec7a77fa80a85891916a79e4b6bc92c4ce296f5c098a669f267d34887f43efc15f76c7aeb9cde627a3707cade3fbb7bab63823869de0b393dcef65cd1a7955767010e33637bd85434238e9f7448fb94e876cd971716664ab53af472ab17912339376d7c96a3acd616bd22fd961e0ac8495a5467ddae6d9c10c1b284ec29254b7e6515f5ee6f22914fb9d1b89194bf2d5d14b730f1434c6e329a6432ed819c3c4cba8f125aa87c84b1d290483bf2f6013f2b84f0a1f82e4e8c71e63c17f7ba566796cfecf9f2a1a0a5f958d4eff131311a7fe1387c9b85e34fffec8dabe301e5aa496d401f0cede84c575e3037bc5ff2837e33107d990fb720c156a5223a7fa9aba22fc56a6b1d686496525fbc6c4d4a74a3d237e58049576f7d9df5c05609154d943c623016fb8afc3c856f250ae5ff68abb9ae1b8b3efbdce567d6f7de8bcb7dbe81971ea2c8249b6e574cf2db45c58e00967eac2c329f5e171739cccf408d6910986816142558d6378a84b05bb7c7eb82484bc19b31eadbdd4bd5c58b6212268bc6790bc80c1dbdf603e0152355eb9c741850b4c469fdf46026f5e709288aca200714c61b2bdea2f276e4f610f3029857fc4cd027b316b28f2842c3502f4523e51882f50e49d6b2b0df6ca3438e76763e9be8b6a31419e9c2261f63b921b658bb281ad296d5d6e639363ef0a6f8bd6e8deeefc439fc033ff033d1ba91474a08a67edd5ed2ac7fc8be64aceba696045d063e41dbe29f8ffbe935f7b5c93054b478f3fb06def3ca0d542cf94404c01979d129b17c0cf5602ac4bd90f839159301273b94d7f737f19b3ab2c8e0dd3d2bf77a7fae303ee312e1a3f05a50db46c49d35804e7921b54bb605b5629585fb9d6ff0066900bc7e27c0b9801288ef47cdbf57fd33e8a00dac11d3981a1571070d85b8b4205706f139ecb452e587aa7accfc9aa77bcc9d18ae2172ffab3ee29e010187b72e3b2c55e1199775220c97343c39f5c492e08d0dd9c3d57cce60de18789f785cf63162aa6aa86535cb95d89f0cdb8c348a47e93463c"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0xdd, 0x1, "720d57d2138f1aeea7ca4a5fcfd9b2cf328347d93357954be25f8e6fa4ad4a5a160868cb243b9e9e1c8dc45fa6a62d72148ce59e531c78904e54d582ba9114437b92de7be68b2e1dfd4f36086d8ce274fea194da757a933f3bcb6ae25cb786f6d75dec28924b943fb75b8aeab49219c5236700c477a544628a51d7eeeb06978f618bf279bea9179ba8ff8914c74cc075fd2c31f2b8ca833f145b0dd7ff8dd830943a80f2c76b538bccc6a8f6ff72199ffcd3250852c18942c257db45f2fce8241963e1267d9a71fab4259d2f04ef465e168be3d706860bc555"}, @NFTA_DATA_VALUE={0x12, 0x1, "3ecf95eb1d728d3fab161b0dcada"}, @NFTA_DATA_VALUE={0x4c, 0x1, "a0d981ae83f5234b39f7bad742a70614b57713d0e22fbcff3f5b67b8e109c3f1f53d3e9d11b9dc0331c633c3705a9db58877cf79f6421df1aad42f5fcc083f76c63a87cf018d27fd"}, @NFTA_DATA_VALUE={0x72, 0x1, "582ba5d25220b5acf769492244f8011968bda677727179ecb8b8964e3ef0c691bdcb8cda330ef3ba975e702da346c5a7444c28c8678e64d3f7a78c8251a5b5dce43657c724f11d710ee3311ffd7a50dde1ff719271544429b6d35cd43ff4bb58011b6321d30988e522107a20d2e6"}, @NFTA_DATA_VALUE={0xb1, 0x1, "28c7aab4252661cdff72802f089b08845e5a8b6a514c5720e77cbb62a363bbe89bd3f39c0c350e085f7a896487fbf775d1cb391ecf559c8b0b6286fb986775008abd395f0545eedbf2856005fde8a6b172f800a3be978efd97162071afd7f151b46a9cc93d9e86c953ec88441fed979fc492f9cb1765f3ff7ff70b15d830fbc5b3872572844b5a98842e2161ea2fc74d4f2d923c96f432a7b36988b5f26416833055a7b2f70091af7a1e6b0e71"}]}]}, {0x2cc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x11, 0x6, 0x1, 0x0, "234ad896fee46f7ff052490702"}, @NFTA_SET_ELEM_KEY_END={0xc4, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x6}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x2f, 0x1, "a6552a643cf7c17b8b2ee15315890007fc4460f59282332b053b683bb5bb577f04898be6bb308453d6548c"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x9d}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x20}, @NFTA_SET_ELEM_DATA={0x1cc, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x70, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x7fffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x47, 0x1, "d64bf8336893d2efe88cddb6cc32126d6755dc93f46136db90b2e2bb355b5ea162d4586e3b7c0a4cf70d7fd97d45b02879b6c4eca8ccddb2c03210786c7002872d184f"}, @NFTA_DATA_VALUE={0xcf, 0x1, "922b9a9ba17a1d8794379fe732f3c0735f36d90854be47c5af93b9446133c582f53d4e842d78d1f99b87ca82f702a5a5c7281041551e17503957a8fdcaaf2769c943d375c18acf338a99c2c61f0ca3d7257007a21dd3e70fbef060b64b2cf7747401f098168a0f1e6dc5e9e4a7b7fe585fb40e94b85f0876f62d453fbea3866e2a18eae6ac762d503c7c40fb77e24d16ce83039f67c067bcfa8f94efdbc3013801afe5f0a0461b98053ca2cc6f325b3b675db43f8741f0fb27c15683d845589e8c60619ea6f1cd0b239b26"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x469c}, 0x1, 0x0, 0x0, 0x4}, 0x5)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_mr_cache\x00')
sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x8}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x17}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x3}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)

[ 1230.990816] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1230.990816]    program syz-executor.2 not setting count and/or reply_len properly
[ 1230.998645] sg_write: data in/out 1834971205/4 bytes for SCSI command 0x0-- guessing data in;
[ 1230.998645]    program syz-executor.0 not setting count and/or reply_len properly
13:56:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7fffffe00000)

13:56:35 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, &(0x7f0000000000)="6b810d4510c3adedfdef9714452259cda1bdb0bf6341c9220e23b222c0f2113d8d79c653fee5ca73039bbde408a0f0a62a206f67f12c0d8fc1", 0x39, 0x800, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x38}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x2, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:35 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000006, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5607, &(0x7f0000000040))

13:56:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x900, 0x0, 0x0, 0x0})

13:56:35 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:35 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=<r3=>0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r5=>r4, {0x1}}, './file0\x00'})
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000000c0)={0x4c, 0x7dbc, 0x1, "54991cb3bf71074beace2e5731d18cf365f6272c8108137580922ec2d04cb7ce6e4537cbf4cc5e820d04a409e423cc3b6bc52ff857732784597284231f45e8d78926d126cea800bdbdf7a81a"})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1, {0x0, 0xee00}}, './file0\x00'})
getpid()
kcmp(0x0, r3, 0x4, r5, r4)
ioctl$SG_IO(r2, 0x2285, 0x0)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
r7 = ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82)
ioctl$LOOP_CTL_ADD(r6, 0x4c80, r7)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, r7)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[ 1240.051285] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1240.051285]    program syz-executor.2 not setting count and/or reply_len properly
[ 1240.085629] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1240.085629]    program syz-executor.2 not setting count and/or reply_len properly
13:56:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5608, &(0x7f0000000040))

13:56:35 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000007, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x3, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7fffffffdfff)

13:56:35 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x4040, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x2000}], 0x1, 0x10043, 0x0)

[ 1240.265602] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1240.265602]    program syz-executor.2 not setting count and/or reply_len properly
13:56:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5609, &(0x7f0000000040))

[ 1240.310258] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1240.310258]    program syz-executor.2 not setting count and/or reply_len properly
13:56:35 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
r3 = openat2(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)={0x20200, 0x0, 0x8}, 0x18)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f00000002c0))
ioctl$TIOCGICOUNT(r1, 0x545d, 0x0)
recvmmsg$unix(r3, &(0x7f0000005700)=[{{&(0x7f0000000340), 0x6e, &(0x7f0000000400)=[{&(0x7f00000003c0)=""/37, 0x25}], 0x1, &(0x7f00000036c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000003740), 0x6e, &(0x7f0000003bc0)=[{&(0x7f00000037c0)=""/69, 0x45}, {&(0x7f0000003440)=""/23, 0x17}, {&(0x7f0000003840)=""/75, 0x4b}, {&(0x7f00000038c0)=""/25, 0x19}, {&(0x7f0000003900)=""/144, 0x90}, {&(0x7f00000039c0)=""/97, 0x61}, {&(0x7f0000003a40)=""/117, 0x75}, {&(0x7f0000003ac0)=""/214, 0xd6}], 0x8, &(0x7f0000003c40)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000003c80), 0x6e, &(0x7f0000003d40)=[{&(0x7f0000003d00)=""/5, 0x5}], 0x1, &(0x7f0000003d80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [<r4=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}}, {{&(0x7f0000003e00)=@abs, 0x6e, &(0x7f0000005400)=[{&(0x7f0000003e80)=""/154, 0x9a}, {&(0x7f0000003f40)=""/159, 0x9f}, {&(0x7f0000004000)=""/133, 0x85}, {&(0x7f00000040c0)=""/171, 0xab}, {&(0x7f0000004180)=""/177, 0xb1}, {&(0x7f0000004240)=""/124, 0x7c}, {&(0x7f00000042c0)=""/110, 0x6e}, {&(0x7f0000004340)=""/175, 0xaf}, {&(0x7f0000004400)=""/4096, 0x1000}], 0x9, &(0x7f00000054c0)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000005500), 0x6e, &(0x7f0000005680)=[{&(0x7f0000005580)=""/192, 0xc0}, {&(0x7f0000005640)=""/48, 0x30}], 0x2, &(0x7f00000056c0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}], 0x5, 0x40010100, &(0x7f0000005840)={0x77359400})
ioctl$TCSETSF2(r4, 0x402c542d, &(0x7f0000005880)={0xffffffff, 0x2, 0x4, 0x3, 0x1, "c8d1258ae8921cb768951b22903a45f2a7c234", 0x30, 0x6})
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r6 = syz_io_uring_complete(0x0)
ioctl$SG_IO(r6, 0x2285, &(0x7f00000034c0)={0x53, 0xfffffffffffffffc, 0x1000, 0x1, @scatter={0x6, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/67, 0x43}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/215, 0xd7}, {&(0x7f00000001c0)}, {&(0x7f0000000200)}]}, &(0x7f0000002440)="4f7c01c5ac88491a916ce73ba4b3a92c187c8386d7eaccac9e793b90208fbff31d22486270741d005273d99e08a42bb10b637eee933c32fc21eec687193c93b665c14a43dd89d1f5aec92186c799e56f88f0e5a2ad8822224e4f263d5a001228a1dc0d03ef30903b6a3f3514ad4349e764d76a691835f0c786204fa6bc4a6714f8da8c20ba57799d270b48dc4baabdbbfa7bef7eec842a38d1aa178f9d92345aec417a871ba26916e30abb607da53699b993a2975299e525cf19e13a641af6cd8a43de961ffad7d2b22f5a7b385342c5e595a71b9f5f9ac758a212ac5f0f49482169f6e35b11b2d7066ee4d125f98f6355911cd3803fdb2b3333d1bac4cf91255c503bc3b814210ac95190b9492685ac8e95d7b8e99f80bb6763ca4663edbc6cbfd1b02d0644a0fa61613738dd4c96f24c946236aac986ab548487dcba92fcfa5735991d6cf925d277549d6aa95f312b0d4c9c833c964c1ac5d1010d61a377d149be26ff0f0d815a7a5377db765e82e3670b17f79cf0cc9e7a73fa567f6eec0141889342e01bab84669a6ae315becf08cb5dec310b05f24795376a82d619da05a86b2388cf13f0f1883b2fc0fd80989fd65a12649a218fe32546f92b7355d25aa8d3c2b6f871dbb5e8d883fe679821400b1d7f04c2a27432a126f0ecbc8c6faad48dbeceb38a23e76186e945bab6308cb047fd2fe92ab6337a837403741cfe4ef3f33a1021f72486c71abeb2722d8f112bfc448022f66f4d15bd1cfa2a23c324de669c3573cd3f1d4535cdbb6d4d8d74d2f179e533f45bfe9c4310b87ee0b6ea8366fd8993a7da2b4871563d1fcdeab522a48d4afe442938a1855a9e4c20ac80a70f12490c85b0de87ac0ca6c10bcf8f4ecd45fde9dbb91fd3b5e3976a3651a005b06d886bb9f11e11541102faab20f765bf77277f1217cd732c218420a87434c915a0c9bbdcfba011b7be311cbb8963f68d0ed110f2353f41ae7989c010a93a7ce35e02952b5df9235b5ba66fbc3d3632133cdbebe83961d6377f3f48cfac191b973e395b3b3f9b3dea023c9679476a26c30bab52dec3f491791587d7ef101cce2ace19d25340993e35e4f1a8aab6b8e2968a8caa071df4a0a95523cc68fa19550a92637af9c9217d6f38544e6ce8a9ba85813c940d9597bf57e22ccbb795aedec8d4d5f6e5cb626c801436b20d430b7b9f3a7ec96fd20e5e192c1a0db1f247055e67465e204ef389313ea3c5d1cd3b157fc7fce88d41184151f270937d778f61fefa4c418ad51b810beec1e301299e3468e61751f26445a39930cc95f6a5772dfedce320a4e48e221197cae351d382816698dd6008f6c07213c41fd5938dd2211c8d1dde914caf92b88af0e843f4104593dbfaf261cad86c1db1db155bbe7ebfc5551df6976da0fb411b94fe17d7777707c9493e4d83d5d3a76cd955717ef0d54a4cdabe43cf4c30c13913086f8fe777e18f683b623765e0376157477a055e8ba44c83fe85bd06cd24a7bcbbeda90537d40e5506ef2b6a476e5bf4e1be17bc36785434c7b8f5f71da99c9ce2fb4345f5dbf7beffad1845e5e0838852b05c37ffb5b05c76eef69a291dcb9e489cc31e444ade8a3dcd6e63b0a52c69c789f6aba1b2b43ac928ab864e0e0d60be21f24980dae32d409d88715e91c36ca199ebac0432f27abf2b1dacb7fad7509980abc81bbb48db2749dc86147cafe3eb8fd17b9193afa56311e67d6c7eb9862aa423dc9f661976f898b120657650f5263ae3fac1b21b47b4e380dc2c7d20ab863553233d36ecd4300e65e1cc1dc53b3c734ca08d17d085253aee958c91d98994ded4757ee31c5dcdf48210fbaa4bfa24b1a90bcbd6e32494995b5ac13cded11485b13771c87f386c38e7943e4c63f08c6707c59d750d6991468a69554aaaf26d28283e804123a6128bad87703330738cf3181270c4f4ca113f47577bc9d22b3308693ece8a425a6393e297437e41980742b61829d7ae598406efebd3e8fa7ad6af32b03122ee49485fbf6add303ad81753cfd01155b0da120bfff4f272c77679e5a5674c3fb0bbe9923a7cc6e415e4018cc8b0268301a7fb763c65b8522075b5b8cae7fa588f9832a42927ce5fef4c04a13484da99b25b01ceb3332b533733f64fd81862a7ca6d39182924755c49b5a22bad81221a190c79159c87f264e8a98d10f5cd0626f5308d1cfa60a851b0ae1c22b1f6910b01faef19a315c9859a343d18c2ee9ea6d1d6865e71c8787217f42cd30370fdc7e576d0dad8e3d559e0620763df7ecc67be4cb6151b5e11c1230063ec19fd89cc1ce1e9e2d7de48aa4739e31bda90f3ff2d2f2c49a5288fdc211aa63867f5e31a0d40e0209aafbbeb3bfc85b048edec372cb448af71365a2edddb38ed6c69288557b6013d57dd147acd1dd35a99c5ab0914af882b50e5d576fa1a27d51ca41dfc9b26a9df2c639a91825d80c4ab0cfb050e3e756ad9ed0be4bce7feab646c9aaf9259c0dd2a7836dbbfad6df6ebb55fbec7f3f8894011c4efbfd8cde2fcdd4a5522899957c5e11e4cade3364df4c93c6bf54156559bb104a248d3395f8c8660b6cb5842749967de62d8db5340fe505dab82f993a039098b197ac16e211283a1baed85b9073a9e46981e9e2a80f741a6ea9c158435bba5009a951dd554046d969dece486a5aaa8efeb4bb8df386197e0a529e9d66cf3d28894a46bea8d26a566d623c1c888a366646ead369f5770d8bd63537978c8b4d8fc1fdbc7648d75e562faa1befad319c68104214b04602cecaa4c2c6a41afc4c81045ee5910ec6c0a89a0d425efcf82cbafa8a22d229014eb2e5f57feba8c776fe2db298aa036dcd4e3a95f92456456add5055f9297315b958e89f8dbb9804808a871b4d6013dc7fd0a0f98d9fef87e33848c6539bd724a481dfa100b1bd3d48bc53431ae70fefe1b4c3e12f1b793bb53032517fd8b034786def04efdfc6b9c68c7ceafdc7d87c5d9ea0f0783c847d3655cc24d71114739752b6c27269ee32bb0fb904dc0c9d701195bc0f7152a21bdad09e843222eca210b938bce7a00810552faa09967db902ef3a2e1a018037a81bc5822c8e284ad7cc54b37adaa1f3a501bd97c62da09a3c76e9fa3d9245351ab8931dc81e32b440c424c214658d316312b88a50584371d5eb5b9c72e164c198d0d72577ed175eb7c6009b6d0016f94f812a8d1c248668985f7053ba0381f553c325a1ed8af3ae824c90c105da742b79bb0dcb3e19780049a841be53ffa18105d5d82758e87319b0372061ebf21054fde53aa7ea68c0fda176745b821baeb47366e1d4891b1731b0af9205a7d875c9180c738c00d16a8ef70e13671490fdb26e4d244867b1cd2693c2597b102ff0c095998541c9a1b540d2484ca4df6c07d63c54afda873840dbea03e8451014e6bc6d2c24f51bb7c81ba5182c15ee310ee9ae9e4b5d27ceca8d9e18b9f24db34b93d830cd6d3e4360496311d8039bd66b15ad997b4f71a8c5a01e46e583cb95e590ef6ac23c7fa57372fb1a2df3905cdfd7dbf2016d35de5bd99b43f5be2b1048240ec15a117c3695f9c90e2372d78988913fb5d80560761a0d662435b59b51900d42d385235e63c3db0cd86c3aecf587a5b7d1cb5fdfee5f8acf145d0475080aadcd96ea270ce9e749ea58d13db44aef0871a8dfb4cacc81d24c545c69cb7dc4662b7184a47d232e850f0eea37fecc2ecb23f56cc9752a4470485fe6a2e4c038f242e8c43f85d7c5a9a664735308b01f88b3ddd24ba56588e9e56417edb59119351ef8a7e2e57e4820cd9ed7c9743b9e1271ad6e8674e4780c8412f72105ce07c8a02b0b264aff9746eb2cc9ba6a8a47b8ca2dfce2444f57d3e0c5c8aa75f5b4adc0ad42702b8e4645c1a402e5051e47f17bcff9567e92822583b442eaeb3064f03d0b9c1af3b3876eb8d5721fbfab57e03fc443869f94716db61dc1ae4d798d3da2fd4d9e3311104684502e7357d096aac5d5f15d418118049f31aa70a07a26fab8606c1ba8236025662aa0dff5d9c9937e94bc621424489f0feae44e3dcb342e89ac35ebd951252a31bcb8167d5d7318295123622f70d1a0c19fcff01272e7a87621b09ad2fd2a9e289a0e4a9296513ec81b101d2808e175e0d6d66f4519050d6dee75cca476533a5059bfaa0964459cac00dd210e0caff8d06fa48fa1f9f4b62ee5296f57df737f0aa77a1bc1f3807605c47362d818262b1934a7d9ea6b5aed525f7fc69409803a2c2d7aa8068ddbf0f27077d9b86c5a2059a9f912f9ebdaa52da0b5151e36be373dafda311bea1a038e7858c3d9ce41257762c7cfd2fb3f20110d3171d9ffede47f9e215d74b88f2ac72e3ccf4708b13e9d69e3ea093d718605881260f2b504132ebd353add804202ecc9dda1fa03fd0b796bd8cbe03e0dc864d8a63898aa1e01ad335dbbc7c66c63e461a1a661f35e9b4e777253680d6ab5fbbe7481c5f34bee893ddaace59a28af7a417180893277e9a2759e7342ad341ec5b2322d070f42cbceb2048aaa242186b64da340893648af9ebcc38b27ddca711e30b54a542c91aef7ca97a34bc0b518ab8bbe9e89ac5fcbcef14a6eebfaf5c36eca04094aadb1cc9f9c87a089f9f40ecb249b253c2ce3659e441b30392fc2faf9aa636d47f08d27bf21636d5e980e4c529c2729f98643425a24c0d00f23a2ca3e999e93b371152c52311d324a1ab4095e1def75c121d3ceaa4838a74339565fc8099e584d9d4e72d2904ee8f8513efd45feee90f384da87c77198106b32808f0e88e4c1658162a5e0eb7b9877381e4d9ca86f45dd1a17d42f6ee19b2544f41f6121ffe4b78249d2eb7ceaca23feb8208bed0bc612ee07db1023be7b271c94e11fe66d29a3f967ee144345845d1c40b2b3821446514fae52b6b2f03255ee52bb22fc298c91ae508a5c56c330d89ae5f3c231a2e4cb25dd533ec7baaa1633692b4a5c26919bb43a7855cd3bed053d39bdde7ee72c022c13929365fbdcc98ef751fd40f13f9b9f6743cf4dfe14948ebc7efbc6db7169e7f95d8763a10557435e2d217bfb7f097cf54de9c44092d38f99b89eb20c76abe9ac2e60fa1b07ad95080658cde4838f515c0fec24e03f252f2a58d04fd346b4a7bd981cdbb348d4d3066c9e0b03fcc7b1cc182791a2b3fa85460ef7675cbe9fa6b6ea18b8ab4e93b6683f4ade2a3945bb0e976240cc5653b46fbb3d9df146ed78b0d74ccf56e3f7a574bdb8ae4e0e8b16f12698456e8c0b691f71aaed88572d9104d149ed1f35c25ae4a59b69cabcf07f415b86146ec808b252371cd4929b8ff049aef1deaa2b4e4340d1a246c378d8071456910974a0443ee2e37cbbecbfc4139ddcfdf4408e9a495c0f70109bee3b54f7e25497f095f0eb05bd9f90817a65e43f05f082d915e25effdaafb1112fadfb86f1182f06fcd60c6bf9b8d01a851b6948c43f34332c8dc952f87292bb47146da63bcae8aaa4f191a3d33af3e310b062c6fa53f755295ef81a13f333ad2b4741cf7cc9803901d0d31f58f8b5250d830af4163cf861a1d7ad4f84a8960b103fa4c3092b25eaf56957cfb65d3a53fb6b2979b8df9ae81f8faa1437c4dbe63ed42bfb83678bb85f453692cabc973f4193559eb8a82055c9ce8bf81e0a8fbefdd89046e5ccc585967de098815e0aaf97d7084370ca67bf940cfcd1b3691cb95a1dc9d3251bdc98de29f663dccebe1cd656efd2248a4f849bbcd91ff2d9d9e580a92c01a22043889daadafc0f819466fd2de9a7be9544da4684539638a9c92d1328c66e8b5cb3c", &(0x7f0000003440), 0x9, 0x0, 0x2, &(0x7f0000003480)})
r7 = dup2(r5, r0)
ioctl$SG_IO(r7, 0x2285, 0x0)
write$binfmt_aout(r5, &(0x7f0000003540)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001deff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8c96a71d95ebb9a81e4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009f56d06a9590552ef040d4f4343e8a8858ddea8d8b45316155de36a51cb6f9dbd32403363d889a715e188431bdd34cc72965ddcfda1d3eb9f2e487a0100ad681c4186f1ac49d224b9330c5c09406f"], 0x120)

13:56:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xd00, 0x0, 0x0, 0x0})

13:56:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x560a, &(0x7f0000000040))

13:56:35 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000000040)={'nat\x00', 0x0, 0x0, 0x0, [0x9, 0x3001, 0x2, 0x100000000, 0x8, 0x8000000005]}, &(0x7f00000000c0)=0x78)

13:56:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7fffffffe000)

13:56:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x4, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

[ 1240.479879] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1240.479879]    program syz-executor.2 not setting count and/or reply_len properly
[ 1240.532043] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1240.532043]    program syz-executor.2 not setting count and/or reply_len properly
13:56:43 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = dup2(r2, r1)
dup2(r2, r3)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r3, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x311}, "", ['\x00']}, 0x120)

13:56:43 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000008, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:43 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7fffffffefff)

13:56:43 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x5, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:43 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:43 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x560b, &(0x7f0000000040))

13:56:43 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xfdfd, 0x0, 0x0, 0x0})

13:56:43 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
sendto$inet(r1, 0x0, 0x0, 0x20000080, &(0x7f0000000080)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1248.632282] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1248.632282]    program syz-executor.2 not setting count and/or reply_len properly
13:56:53 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000009, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:53 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x80000, 0x0, 0x0, 0x0})

13:56:53 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x560c, &(0x7f0000000040))

13:56:53 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x7ffffffff000)

13:56:53 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:53 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000040))

13:56:53 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x6, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:53 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x4aa)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1258.879107] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1258.879107]    program syz-executor.2 not setting count and/or reply_len properly
13:56:53 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x560d, &(0x7f0000000040))

13:56:54 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x11023, 0x0)

[ 1258.934582] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1258.934582]    program syz-executor.2 not setting count and/or reply_len properly
13:56:54 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x8000000d, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:54 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xe0ffff7f0000)

13:56:54 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x560e, &(0x7f0000000040))

13:56:54 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000040))
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x1f)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r6, 0x4c80, 0x0)
poll(&(0x7f00000000c0)=[{r3, 0x200}, {r4, 0x8000}, {r5, 0x1025}, {r6, 0x8166}], 0x4, 0x6140)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:56:54 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x1000000, 0x0, 0x0, 0x0})

13:56:54 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xf, 0x0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:54 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x7, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:54 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x800000f4, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[ 1259.223020] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1259.223020]    program syz-executor.2 not setting count and/or reply_len properly
13:56:54 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:54 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_io_uring_complete(0x0)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@remote, @in6=@private2}}, {{@in6=@remote}, 0x0, @in=@local}}, &(0x7f0000000000)=0xe8)
recvmmsg(r1, &(0x7f0000001980)=[{{&(0x7f00000001c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000280)=""/211, 0xd3}], 0x1, &(0x7f0000000380)=""/110, 0x6e}, 0x3f}, {{&(0x7f0000000400)=@sco, 0x80, &(0x7f0000000640)=[{&(0x7f0000000480)=""/183, 0xb7}, {&(0x7f0000000540)=""/210, 0xd2}], 0x2, &(0x7f0000000680)=""/140, 0x8c}, 0x5}, {{&(0x7f0000000740)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000000a40)=[{&(0x7f00000007c0)=""/145, 0x91}, {&(0x7f0000000880)=""/248, 0xf8}, {&(0x7f0000000980)=""/135, 0x87}], 0x3, &(0x7f0000000a80)=""/152, 0x98}, 0xf74}, {{&(0x7f0000000b40)=@x25, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000bc0)=""/34, 0x22}, {&(0x7f0000000c00)=""/113, 0x71}, {&(0x7f0000000c80)=""/85, 0x55}, {&(0x7f0000000d00)=""/113, 0x71}], 0x4, &(0x7f0000000dc0)=""/183, 0xb7}, 0x2}, {{&(0x7f0000000e80)=@nfc, 0x80, &(0x7f0000001280)=[{&(0x7f0000000f00)=""/45, 0x2d}, {&(0x7f0000000f40)=""/194, 0xc2}, {&(0x7f0000001040)=""/75, 0x4b}, {&(0x7f00000010c0)=""/111, 0x6f}, {&(0x7f0000001140)=""/16, 0x10}, {&(0x7f0000001180)=""/220, 0xdc}], 0x6, &(0x7f0000001300)}, 0x7}, {{&(0x7f0000001340)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000001540)=[{&(0x7f00000013c0)=""/122, 0x7a}, {&(0x7f0000001440)=""/203, 0xcb}], 0x2, &(0x7f0000001580)=""/201, 0xc9}, 0x101}, {{&(0x7f0000001680)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000001840)=[{&(0x7f0000001700)=""/106, 0x6a}, {&(0x7f0000001780)=""/171, 0xab}], 0x2, &(0x7f0000001880)=""/238, 0xee}, 0x9}], 0x7, 0x10000, 0x0)

13:56:54 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000300, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:54 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x1000000000000)

[ 1259.302490] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1259.302490]    program syz-executor.2 not setting count and/or reply_len properly
13:56:54 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x2000000, 0x0, 0x0, 0x0})

13:56:54 executing program 7:
r0 = socket$inet(0x2, 0x2, 0x26)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = fcntl$dupfd(r1, 0x0, r1)
bind$bt_sco(r2, &(0x7f0000000240), 0x8)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
sendto$inet(r0, 0x0, 0x0, 0x5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x9b6, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000412)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:56:54 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000500, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:56:54 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x8, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:56:54 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000600, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[ 1259.571298] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1259.571298]    program syz-executor.2 not setting count and/or reply_len properly
[ 1259.600455] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1259.600455]    program syz-executor.2 not setting count and/or reply_len properly
13:57:03 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000700, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:03 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x560f, &(0x7f0000000040))

13:57:03 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x10, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:03 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5000000000000)

13:57:03 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x6000000, 0x0, 0x0, 0x0})

13:57:03 executing program 7:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200440d5}, 0x140)
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:03 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:03 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000000340))
write$binfmt_aout(r2, &(0x7f0000000040)=ANY=[], 0x2e)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000300))
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x231}, "0834ce704be5029bd4cb9b4e99e0b36b039ac3e317ebd2639fa46587813d0f00003c274f439eee93e4aa43f39d47200e96b458e15e8fe4fbc2fdc06eed112610331689c23342966430e491fda9305a17fec441c9964864a5856c7aafbcc1a82faee233db3848f74cb7ff02c920fc06db2afb6175b282f818a0776a0000003c348c861d0a002ae0c4f73df2a7ccead112cd899b8724a5a745092acca0ab7b8b3f78e06bf30688596177cd6ac6e0276c17cfa0bd0c7830f04e8b597837befa0cd64047cb3e3ae148c20dbe3b86d1180dba37f1ccb14647795389450ee2fb801c08c0ce038c43db940304b19d206fafaec9d4efb08db24d8fbd31a6a66b0e99316052bf0c73c7aef995fa729a0c8366cc04b14a1bb233269edb8c4e683fbb3bee84fc82d4bc7f3d30d4173a6649a6ae5a8849c6ed04955a6ee499343b1867f0077d85c9b76890d4a2", ['\x00']}, 0x267)

[ 1268.218205] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1268.218205]    program syz-executor.2 not setting count and/or reply_len properly
[ 1268.238125] sg_write: data in/out 525/569 bytes for SCSI command 0x4b-- guessing data in;
[ 1268.238125]    program syz-executor.0 not setting count and/or reply_len properly
13:57:03 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x200001000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000040), 0x551faf53, 0x189200)
r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

[ 1268.263851] sg_write: data in/out 525/569 bytes for SCSI command 0x4b-- guessing data in;
[ 1268.263851]    program syz-executor.0 not setting count and/or reply_len properly
13:57:15 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x40049409, &(0x7f0000000040))

13:57:15 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x1000000400)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:15 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x8000000000000)

13:57:15 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000900, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:15 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:15 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x25, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000400)={0x0, 0xfffffffffffffffd, 0xb8, 0xc3, @scatter={0x3, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/152, 0x98}, {&(0x7f0000000100)=""/47, 0x2f}, {&(0x7f0000000140)=""/165, 0xa5}]}, &(0x7f0000000300)="688a4947b05af3a8320d460ce250af03e8c670c0f3d6f68f8291867a2bf85b14a2ddfa68baaa2315cf1962d29f97be44f14a1bc67d18ec776752fd644f3aa4668d366dc7c1f4ddbe094e5bfd49a182a8dc5b8564a3d26b646a5ceb8daaad1eac67a74bc25e8122d140e36a20ac5e909eccf1840173e6292fe44665a287854c4b418325249860cdb7015e09a87c4b27ebca90ace30d4af578394bdf6a279b5e648080a57e9e1cc55e599779e22331ce0921c536603ce93c58", &(0x7f0000000240)=""/102, 0xfffeffff, 0x20, 0x2, &(0x7f00000003c0)})
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)

13:57:15 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x9000000, 0x0, 0x0, 0x0})

13:57:15 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x40086602, &(0x7f0000000040))

[ 1280.327116] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1280.327116]    program syz-executor.2 not setting count and/or reply_len properly
[ 1280.368516] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1280.368516]    program syz-executor.2 not setting count and/or reply_len properly
13:57:15 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:15 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_io_uring_setup(0x1748, &(0x7f00000000c0)={0x0, 0x7ffb, 0x2, 0x3, 0x56}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000140))
splice(r1, &(0x7f0000000180)=0x7, r0, &(0x7f00000001c0)=0x5, 0x5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000018c65cc9456f41b00147621000000", @ANYRES32, @ANYBLOB="01000000040000002e2f66696c653000"])

13:57:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = openat$incfs(r2, &(0x7f0000000040)='.pending_reads\x00', 0x200, 0x10c)
ioctl$TIOCGPTLCK(r3, 0x80045439, &(0x7f0000000080))

13:57:15 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000d00, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:15 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x20000000000000)

13:57:15 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x7b, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:15 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xd000000, 0x0, 0x0, 0x0})

13:57:15 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x40087602, &(0x7f0000000040))

[ 1280.638222] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1280.638222]    program syz-executor.2 not setting count and/or reply_len properly
13:57:15 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80003f00, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[ 1280.688647] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1280.688647]    program syz-executor.2 not setting count and/or reply_len properly
13:57:25 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x8000f400, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x0, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
ioctl$int_in(r0, 0x0, &(0x7f0000000240)=0xfffffffffffffffe)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000040)={@rand_addr=0x64010101, @broadcast}, 0x8)

13:57:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x401c5820, &(0x7f0000000040))

13:57:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xe0ffffff7f0000)

13:57:25 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xfffffff, 0x0, 0x0, 0x0})

13:57:25 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000000, 0x110, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(0x0, r3, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r4, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
recvmsg$unix(r4, &(0x7f0000000840)={&(0x7f0000000040)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f00000000c0)=""/124, 0x7c}, {&(0x7f0000000140)=""/138, 0x8a}, {&(0x7f0000000200)=""/121, 0x79}, {&(0x7f0000000440)=""/68, 0x44}, {&(0x7f00000004c0)=""/122, 0x7a}, {&(0x7f0000000280)=""/25, 0x19}, {&(0x7f0000000540)=""/95, 0x5f}, {&(0x7f00000008c0)=""/199, 0xc7}], 0x8, &(0x7f0000000740)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf0}, 0x40)

13:57:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000005180)=[{{&(0x7f0000000000)=@isdn, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)=""/75, 0x4b}, {&(0x7f0000000100)=""/160, 0xa0}, {&(0x7f00000001c0)=""/66, 0x42}], 0x3, &(0x7f00000002c0)=""/8, 0x8}, 0x401}, {{&(0x7f0000000300)=@phonet, 0x80, &(0x7f0000001480)=[{&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/253, 0xfd}], 0x2, &(0x7f00000014c0)=""/4096, 0x1000}, 0xf78}, {{&(0x7f00000024c0)=@qipcrtr, 0x80, &(0x7f0000002680)=[{&(0x7f0000002540)=""/184, 0xb8}, {&(0x7f0000002600)=""/54, 0x36}, {&(0x7f0000002640)=""/30, 0x1e}], 0x3, &(0x7f00000026c0)=""/36, 0x24}, 0x8}, {{&(0x7f0000002700)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000003a00)=[{&(0x7f0000002780)=""/192, 0xc0}, {&(0x7f0000002840)=""/4096, 0x1000}, {&(0x7f0000003840)=""/220, 0xdc}, {&(0x7f0000003940)=""/11, 0xb}, {&(0x7f0000003980)=""/21, 0x15}, {&(0x7f00000039c0)=""/52, 0x34}], 0x6, &(0x7f0000003a80)=""/179, 0xb3}, 0x5}, {{&(0x7f0000003b40)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, &(0x7f0000003dc0)=[{&(0x7f0000003bc0)=""/45, 0x2d}, {&(0x7f0000003c00)=""/133, 0x85}, {&(0x7f0000003cc0)=""/60, 0x3c}, {&(0x7f0000003d00)=""/179, 0xb3}], 0x4, &(0x7f0000003e00)=""/4096, 0x1000}, 0x2}, {{&(0x7f0000004e00)=@nfc, 0x80, &(0x7f0000004fc0)=[{&(0x7f0000004e80)=""/106, 0x6a}, {&(0x7f0000004f00)=""/9, 0x9}, {&(0x7f0000004f40)=""/110, 0x6e}], 0x3, &(0x7f0000005000)}, 0x1}], 0x6, 0x40010061, 0x0)

[ 1290.540659] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1290.540659]    program syz-executor.2 not setting count and/or reply_len properly
13:57:25 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x4020940d, &(0x7f0000000040))

13:57:25 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1290.595302] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1290.595302]    program syz-executor.2 not setting count and/or reply_len properly
13:57:25 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x11}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:25 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x2, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:25 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x4eb)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f00000001c0)=[{{&(0x7f0000000000)=@x25, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/144, 0x90}], 0x1}, 0xd7f6}], 0x1, 0x0, 0x0)

[ 1290.735409] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1290.735409]    program syz-executor.2 not setting count and/or reply_len properly
[ 1290.765463] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1290.765463]    program syz-executor.2 not setting count and/or reply_len properly
13:57:36 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:36 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x3, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:36 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1002, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:36 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf0ffffff0f0000)

13:57:36 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x80045432, &(0x7f0000000040))

13:57:36 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x2, 0x0, @private=0xa010101}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000440)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f0000000080)={0x1, 0x100, 0xff})

13:57:36 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xf5ffffff, 0x0, 0x0, 0x0})

13:57:36 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/protocols\x00')
dup3(r2, r3, 0x0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

[ 1301.902077] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1301.902077]    program syz-executor.2 not setting count and/or reply_len properly
[ 1301.934740] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1301.934740]    program syz-executor.2 not setting count and/or reply_len properly
13:57:37 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x80045440, &(0x7f0000000040))

13:57:37 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = syz_open_pts(r0, 0x519800)
write$binfmt_aout(r3, &(0x7f0000000440)={{0x108, 0x4, 0x7, 0xac, 0x56, 0x7, 0x3d5, 0x401}, "cc608a11a7892ae6c8c57bdd0221001951fc431b48ad722013510df927745cc655c71fa8e97167d497ab5960389d3cb4ecb8e6576b80c98aeba2198e8881c50bf001fefa8774075319faaecfd846bba85f3ca0742e6a3b77a5db48e722b1493ab80c42ae059ae54ad144d67d538f9c322f6cc2db42a443feec9be6213481e6c4dd927ebd1a3b69d5764bc9e69cae5df02e44005b01cdff9b468f6c6d6a59f806ba03b4f167c707f92849c74cd731afdbd6541785c2a763314e65de55243785273d0d7fe8bebe88bc3f5a45f1bfea41809ef431937807", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x5f6)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x107, 0x0, 0x0, 0x0, 0x0, 0x80}, "", ['\x00']}, 0x120)

13:57:37 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x4, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:37 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf0ffffff7f0000)

13:57:37 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x23)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
splice(r0, &(0x7f0000000000)=0x2, r0, &(0x7f0000000040)=0x6cb6, 0x400000004000, 0x2)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:37 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xf6ffffff, 0x0, 0x0, 0x0})

[ 1302.101285] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1302.101285]    program syz-executor.2 not setting count and/or reply_len properly
13:57:37 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x80085610, &(0x7f0000000040))

13:57:47 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:47 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xfdfdffff, 0x0, 0x0, 0x0})

13:57:47 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x100000000000000)

13:57:47 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1003, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:47 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000000c0)={@local, <r1=>0x0}, &(0x7f0000000100)=0x14)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r4=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r4, 0x2, 0x6}, 0x10)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x161c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_WOL_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_WOL_SOPASS={0x4}, @ETHTOOL_A_WOL_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}]}, @ETHTOOL_A_WOL_MODES={0x180, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xf5, 0x4, "432fed492356bfa98fa06857e72fb52ab93be41362798c36bb558a979eac4af613e65571f89d252eb037699ffc3896219551be92492c71c4894662c2403929b6097649e47e79311c797a2f0bfb15a4ce7295794a3c15f449e5d0014c83fe6e908a76402c51dd1992e7ae8a4b650c4baf8b97732ee3b8d99af1dac3baeb8114e69ab228a3e9ca1abf9422044cc64936fee7725a2dc49f740b57fea8c96b5a12646918b7828fbd501b0eac017ff25c8a31a19db182206b43fd521cf05c9568f636aaefea63ce8d168b1154f762cf145ba7f436316b29a1daa066d97ce284a05a8ce8fb117c615146abaf9178e6d9c20a1176"}, @ETHTOOL_A_BITSET_BITS={0x78, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffa}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '*\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, ',[-@{!\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1ff}]}, @ETHTOOL_A_WOL_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_WOL_MODES={0x254, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_VALUE={0x53, 0x4, "f413092848984dec4ed2b49124a127cb592dc600508100d1817d7d4e82ba24acdf8cebff11a8fddc71fc287bfe09effee334e9a49d2ec4bc4deabfc110871c31ea8a4c8413c36c1589e5590295d9c2"}, @ETHTOOL_A_BITSET_VALUE={0x7c, 0x4, "6b80ed75280b93185fd6f1c7d6e73e8f2e2ac9c5eecbc3fe0a6c181d9d0acd69035d9bf9b21a02a33b2aa1c5ae6e13c356a7140bb5a7730d0c69f7bcc01fa087a3e904bc228c7812eaed24b396bf5a97432b18c9316166c714862e62931ebef83ba63cf21956bbb8a7bd5490683be934a3a56d02c18bd9a6"}, @ETHTOOL_A_BITSET_BITS={0xc4, 0x3, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\\\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffc1}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x101}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xff2}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '.%\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc63}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\\^/\'$\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ',\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x78e6}]}]}, @ETHTOOL_A_BITSET_VALUE={0x36, 0x4, "c08a3ccfdd5bac6fe6ce25ee9bdda54a2ed0dbc5168749c8c34c1392ee76de7ef054b3cca17945cdc706cf3616081232dd9b"}, @ETHTOOL_A_BITSET_BITS={0x78, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '\xa4::..:\x00'}]}, {0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '.\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '@\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '+(.-:\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6c}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\xb4\xfe[&\\\x00'}]}]}]}, @ETHTOOL_A_WOL_HEADER={0x9c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}]}, @ETHTOOL_A_WOL_MODES={0x10a4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "a112fa235b0dde3583ae87d88e4e9afe63986d0c21dcf5b0742191579ee1dbea182656cd5632164896438288867c667ab991b4576a9419d906615318895595da3fa03c6034cbe0bf0d0219661786ad9578f98c724c4b2b075aec4368649d9dff5c823149c625bdeb09ffcf0fc8a453ec9bad8aac7b0df5c6b2acc3080b48b68cdd2964aaa6ce0eff9c80ddfd6231038214147abef54a59fdf8ca2efc6102707c7f09df506da640c23e715acf7ae56cfedb84e06870f07a5035f954518b43ba49738eafea31b9b5b5399f618970fb2b5ddcf2401a208176fd1e532c910cb90b7d2aad23acba1f618d35fe4b22bb8af12d7054a3053d0c7e876b86d9b0461798d4b031950180e0529052451da66bf105693ece74d3824219ff3789c3016e033d8788ccd1781c3ee28a8b184b076d0ddbdcfd78d70c3bf325714a06c0123fc0a6817e20936de4c9ea29adc9c7c683227e1a34495dea498b0036602e0b086a5f9c117538381326602f82f6e9c8af925c6a0b81d340185388965f55531a9f3e4924ed47853266fdd1bf63f488b73e253cf8eb84ce5419f7d2aa83569e6063779ed836be8dff0145af9383f97f7a342610975a120f5a7dcfaae98f2563813b096bc671f8f4464db38151b3929c8bb4d435d510211b8d458b2710c59a083c252182e71f11b39fecc5e520a42d7851fb12370ca07ce2ca7ba331875b30f8afc3051f3b85ed18e53f9203c8292d52bdd373701ea8726eeb473cc1b49d3072539b3bb7564d33f80009db6c4711a378e571a4a54e39b4fc5f0b75a23f2c209e282d28892dcf51599b003528e0aa75365b2713b659e483297dc84f81ad929cb0acc152eea11f2c2f6cb9f828c084e4e8079a56045dffa9e34459ef1c10a3a4884066906d478331d7a1974a6ad02da3d7dba01ca4c3de7ffcdc9dfb16aac6c547a04093ba16388cc02e89e5d892b885700478ea253450304aff4c4c71b7ee6f3de8ded2c410f4dd435820a28d96f28ef4724ae05d58621f83a0c15ba847035f56a496fc8bc1b23a86c533149a27ac4577069e562405fc348b7294371ee2186f5b74b3fd83b38caa5b323721e3f4c5cd8bc729a9711d170acd8056300d54fe2381a348162eba913622591c00f176ed3c91fcc3966714333f7412208b52696564d009f22ab02279e6d8a81a2ad62f752a6bc0e3b71ab79d23f55fd80db3af4c304ee7a23fab8b0915182bfda8a212ffd7b95618b25757dfeda102effb1228f80da8ea759d948ce6cc7a5c6198d2a69cbbf08fae746c4944fc08e4dd8a70dc1a3464ea1a61c22542ff136ac166e54057908d0e236211d44b81eaaa7815e50ff3e691796ed88636aa89685d26ac7bf3aed738ec7a3b3dcf91c81e5caca939edeb46a994b093054b9fe751ea9e921b0c3b8c1794cad3f57645818fa0bd06bf1d7e4aa6db7e3c2e5bc489348db744caa2dc98e9909ac495dec69b04d801e20b7219294ec7d1946fe2160b501b33d782c0e69aae36787dec3edcacc468e44410b711f678b71d467e8626e6de60d806abf796deb6cb1c2a36509e5bb0534b4bb232606dd92fc502f39fa4b60934f2dbd6dcdc9eed215b135d54fe78015f67bf5c3f42722b5592d008a58bd7eeaade5b4323cb71f3198e1aeccd41e22c86d103d8fec73ae31db837a13b9b9e970919056b1a5251908bfdd1baa6a96c7cdbba431378dc073d4e60120331017aeea3a3a1d56af4dbee2bd0733686e08dcdc24d42bd1e9836189e7de882c0006969b5a617796790c32149b05457e3cb9cc4eee5b53ce2d1832c572884ea2e0306b01885969877a3ef4f1fc5a3707e8c0e8980d928fbb9121980c7635fd489bb0af4257b8e79fe010e9b99a72fecd10199ac1176dc1e85203d3f4532033f9e786272f77c7f6cbdfc89fc160d424b7abab2597397f7e9c466f2526ac8a0dec3fbf98de8752e4078ffeb3502d836200aa972375f65ff2fd5005e42363889cdee8b20d11e6058364a7bd46eefecf9e53be4ffea0f3631c4a9889b7be6433f3d65b3198a46b0a8334e2833fac7d5d2ef3f5f90fe6f16ccb4b74ba03932caa95dc4bcc1977a845c55134f965e5601b869e21ea27ddd9fb5c9ce779cc663c964001c525aea2f5b1fe95ada88c6c713ea31c7bc094d463f17f3949cf5ad3cab727a9ae2de068554caf593725f9150b93a5935afedb1292d6ba58c5d3468bef84bd91a08f46caf2d551caa914b06fb02a02e6651d966a1cfb57b6444aaa34c2cad7a8cb953834ba391e85a1237d10919287a8520070230fe3b9cea07a3647a533b9d0f04ef3f11b7629ac55d4f82ed2e5e7ea45f00d28eca80a15aa14eb3079747193616f98d6b36e7bf1670af94bab325c7a99b4f89b663700f4740f48b8c356b800b22c360c315e2285b873f6698107a8fdbc1646dd69262db94bb0262bfcac87193f568c5f04beca9915638c2944528fd5b3cbe21ff39e09b98867becf0260a5df5ba0c4d5b38e2d995406bb6557eb63241ff7fe0bc32331eb094bea67fffb426cd665312664baa3146e62c80ab0e651923065fbac1c86843d29bb0adf162bd6b5baf9e9154ca03d599674b5f38322ed1b9a8d5b7baf1ea74b5e1aaea84e385612fcfba8e0cb8491c0c2865f453a1849145287d416800e074badd3e8efa8e03567e8bd02088c697b23fda57c3291dc3ba2a1e8d6f1839b31baddfde17e54d03e83aae54264d1d437fa2683de75a3683191bd0c30b0447556ce053aff4c7bef2c4400c0e460535cf2d0cd03d0a99ce81e63abe7b36f7bbffa68f4ddaa92f38ee3e8bd54e4ce205d3dada80f1053af6ead31b052cc82af07ac2a9f0996ffb1d1217887c0edc81576f2b166cf56ad8ea0c4542f4a51c838dfd8b6130bb51f994bb1ce65b8ac69164668147e38f857b51eef3865d64c3293200627ce71f5e4b546b2ad5e59ed93e1d1e7b9268f906afa9cc9f8afe2c7b300994d14d362eaf289d324b2414920512dadb454e3ea871fd6f154d1d391c01ce23acddb801d6a19fc61b1e74242f039533f574e6196f8f4835e838066c3cf94df36c2310744215bb74f7dec21e8b3d9d6e565dadf8e6d91a867c69391314f5f50399a8c34d0b891408b110d36f530eae9630af7f1725b80df03978e4470f3e4540d2ba35b035b85ed46c90ea29fd8cee5a55c503dfd0c8d88db6929d8ba8dd1763a62d7c2933f99c821020ea149297fe11b091325884532220e4bcb3d805c440f267b76b0bf8819f436a18680554693165b55813a0975361742497dd4ac86058f43ffa3d49454f4f44c381e9ef22550e15dc91b8b5aab3a37352c76793079d121fb8b6020d54ea2db907c15a974b88b413e22911b8ec832edfcf744aa3f54e3746f98bd90de42770b195e2b3714b824c7855f3c4e48281af05e03f25d3dff0ccfe76c80f97c760f205a043e8a4fd90c451c9068b5cd37a47e946b18698d6462f87e20c3e57e26abca0e7ab38f4a221ae3e1fa5d129415f2a9899f73851b0bc0e8f0aea8dbda620461146b703b5679705dcf312948c735ed6228f96af789916c6a17602a4e2f6b615dc75f041f1b2f6fa5ae24995b9108e30209c2cf0ad1f97df547e90e4e14d4c1215e424c9c11f0bfa0f207488a91591502029a5d6e43c4c24300c45a6ed4ac78b4fb2af6d2b97aa652bcf1a7a2f4f80463a17df8715b74c4588d886815224a5d1b68adb44757089f5824acf23f7772dd439ff49b600b3cf15b19e445acd0ae617e9fbb5cfd46987b39ec7406f699260795ea51b3f183474b54cdad1dae343cdd51b2fb524c4ac1d0eea7a0930099d760abea52b4115202e9a5922163db90cfc177a356ac6189de8200acd314ae6c8dfd9d2ed05e554f570455b1cd8a7a7cae12645b70d1c685446f00403f104fc4dee552e494d2340afb58a72ff0486d7a12fd3cd0051b53bb536841dfe23fb8abb113c9145af0456e7a7f99403a596a1422596e1306f9b44bcce2d0f04fda70a995b3c4b8dc96cd800644ccdca5625bd617466bcb114ced3712aa77af5102476b5235542e2503b1509ae0d0b584b43ad28eb02575a02f31aadb55df5190ade06a547c6b5733db34a3ab07b5d39b6da1b7917713f51674f0b69e534cb0ab1e5f2206b5b3b81d8ff9734c27bf299058ab5b9e2a43ce08e0a626d428a91dd93878497e74128e297492b61be3dc7a07c1785f4cb301180ffc28d9ed5417c8334cf293c3adbe7ee7f0ebc67d52e1a95a73e2f0d39916fb4a17630d741e89a4ee0bd29287ae60685dde0fb59204466cc1388cb5d40f4f67232f221d0730654798a605a52e919197f87ea8b81e4be67293d7bddf478b1243d7ea4a67796e51939d4ced8016dbe2fd869c04c01cb5d37f991bb4e2ae06c8302917ed46f06403fdf5fe2981b3796f553618c68e938cb1d7c9af21a2ccbffcb332442ed0c0409ef55ee05543b580c9f834baf13b18d0adb85feeb2c52b85cabda3cffd25535c09cd1c15ff0adca389be4274c8b578d154110b09f2fb9acbb0debef0497419aee4b0d1334d935ff1cbc1c67a4c2aeb2cb62185fe6ac29689ecc03270cb9b457408896c4748fb3c9042f5b36ff765cb387e0c0dd02d9105424d79cbd5477431a74f65a0510d18f8797378af4b9aaa58c8ec36c28c400f7fe9516bca9a18c19670abe70fd1c264268fe9921b448134f6bcd296bb6436c566a644e84469f8874a2ee8b98742343bdce4a9f2922d39a16bdf202f2e07c99b927b2753cf5d21492f1cf6128fe8e083c800fb6d025d12d8afa783f43653784c8ef059647089c419f6e55ca417824ad2c695c457a387a299405980c95eb904879d23a3c0e1f906ce2de9c0ed92d0985878e03ea744715ff36a1028bf2f77ec0651386e9afb2fbbeb6ff070b51342755530eef9e5d26050d454fa6469751c15cc5385677be108152780ca8e56cf7658bf3f01e110ab771476a30b4793e71dfeea724085697aa42685b917f9192a6cf22456b90a5af9c55893abf0d0dfbe5bbc9b333c477c6955626ed301e6c57f4ad5be8382678ad05d5034b572eab3b888311f1727a7f98e441e6e891e7505e3bdf80a7325152ce9202075da3bc8432d6a3317c4f3dfe409f53aadcff5840e3af0aa413a02e37521df02b35d7589c74b1c9ec48317681e8c346a2a1904ef2c9a4bf896ee108851d31931e265dd57f07bc551926dd8d99c31fdef2c07a1fd2e163c491b5380113a6cf6b9137401696a0947c3465f312067cf31b840677e1e1ebd59099f8fb08da4b3c1be5f6821c84a5444f532052d922c2a01411114e3ffb359ca5fdb5d1d7dac36e2332df82e82ee35823b844509bf84e0989c67c2acd863b9d628db8dfc0ec7de4359af671d38f4231d689cf00787b95b3339723280a1a212fbef0c9d0f0e0df6a5805d9b89336cb3da0d7c486052a9fbabf8a5a8bdfc56faf1736daf6a2d5b6985b9e9a6f71a82d6014efd4cb09ed10220a4621d299178a43a833b91486c8f2f94af8376ac3c469a7b001a2a9b7eae1f4a90a923f96c89991d80c5447ca983530d6960d6ebabaa80d1116f3d22f8dcbbdb908c015e96df32bff13e8707db6bc96b9f5afb27d11b35dfd7db968ad3e0878e4fe8206a13f942e9db9b474a9e32c4e20a67f7fb6254722595888fd9250e2e77eba534b4d5dfccaf27bbd7c98545b3ccaa817a95ad4e7c5e41fcfef0ee6fa53da06117c90c15bedddaa47473b103f6309c0687eb6bf7db95ec7a03fc86f9f78a2ec99fd7c25c469862997be9ed6a29ac178e6ca6fa16be28c84292047aef060bdd0"}, @ETHTOOL_A_BITSET_VALUE={0x35, 0x4, "c993c7e2980fe1100129bb0f051d374f9dbe5be24c3a7ff801b6301901034efd835a5b6471b98a66ac44052edf95fc450d"}, @ETHTOOL_A_BITSET_VALUE={0x62, 0x4, "4920372855d61bb91603983ac92265f0b7f7f461c1ebd1511da2c97fcfc7637d7617bf27f5be19f5888db8494424fd1fcdc417ab7d991c44975d7c62256fbd550f4195f507f360c1bd02101ee7a0005bf9a319d6daa215f15e1ae5ea2bf5"}]}]}, 0x161c}, 0x1, 0x0, 0x0, 0x4080}, 0x4000000)
r5 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x4800, 0x20)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)

13:57:47 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x5, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:47 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x80086601, &(0x7f0000000040))

13:57:47 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
getsockopt$inet6_buf(r2, 0x29, 0x44, &(0x7f0000000080)=""/153, &(0x7f0000000140)=0x99)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x107}, "", ['\x00']}, 0x120)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x8)

[ 1312.330988] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1312.330988]    program syz-executor.2 not setting count and/or reply_len properly
13:57:47 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x80087601, &(0x7f0000000040))

[ 1312.361816] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1312.361816]    program syz-executor.2 not setting count and/or reply_len properly
[ 1312.383904] mac80211_hwsim hwsim14 wlan1: entered allmulticast mode
[ 1312.387555] mac80211_hwsim hwsim14 wlan1: left allmulticast mode
[ 1312.410667] mac80211_hwsim hwsim14 wlan1: entered allmulticast mode
[ 1312.413252] mac80211_hwsim hwsim14 wlan1: left allmulticast mode
13:57:47 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x6, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:47 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1004, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:47 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x80111500, &(0x7f0000000040))

[ 1312.482715] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1312.482715]    program syz-executor.2 not setting count and/or reply_len properly
13:57:47 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x801c581f, &(0x7f0000000040))

13:57:47 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x200000000000000)

13:57:47 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x7, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:47 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x400200, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x2)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x16e)
newfstatat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x400)
r6 = getpid()
stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x800)
r9 = getpid()
pidfd_open(r9, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0}, 0x1000)
setresuid(0x0, r10, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000540)=ANY=[@ANYBLOB="0100003a5abfb48263e5672cda000100004800000300a18e8315a1c5cdf389f83a87f30bb7a4a6bb03f6d993e3e8dd9f9f67512132e4", @ANYRES32=r0, @ANYRES32, @ANYRES32=<r11=>0xffffffffffffffff, @ANYBLOB='./file0\x00'])
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{&(0x7f00000000c0)="cb642dfaa89b39a4162987b4", 0xc}], 0x1, &(0x7f00000008c0)=ANY=[@ANYBLOB="20000000000000000100000001000200", @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="1c000000000000000100000002000000", @ANYRESHEX=r11, @ANYRES32, @ANYRES32=r5, @ANYBLOB="000000001c00000000000000010000000200065d", @ANYRES32=r6, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="000000001c000000000000000000000002000000e3a2b312437f4754c1049a84fbe5861635fd46ed26694f77c684f1a718d8f6833513d8b8132f0af0735b5d9c3e231cb39f1927fe30e208408b15c2ffdad24523577aeb981102c36342de86f86cd5172771b9e7467b9b82ef2379a6dff5c04b3a57db76e5b8dcf9cd7c0a7b008fa355907ea94c55aedf97adb1631dae48a9fa9a01c78a17dcf287790eef6c19", @ANYRES32=r9, @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="703bcdd4b28eb2292bb18ac517db46cb4f99f204d12a412f936a752bfe201ad6db9cfb4cc36e9603e950b6fe98ba1cb5f1623dfb924dbd45f6360c429ecde9e2d7c46a05edc367148a8d319dc63edf539ead42ce9730897b6d0e1ec8248394711278304abce4f611a1f7b21cfc66e87837c2dbe552ee87f52d"], 0x80, 0x40810}}], 0x1, 0x80)

[ 1312.614898] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1312.614898]    program syz-executor.2 not setting count and/or reply_len properly
[ 1312.653506] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1312.653506]    program syz-executor.2 not setting count and/or reply_len properly
13:57:59 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1005, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:57:59 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:57:59 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x200080000000000)

13:57:59 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x80811501, &(0x7f0000000040))

13:57:59 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001300)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/38, 0x26}, {&(0x7f0000000100)=""/143, 0x8f}, {&(0x7f00000001c0)=""/52, 0x34}, {&(0x7f0000000280)=""/4096, 0x1000}], 0x4}, 0x22a}], 0x2, 0x0, 0x0)

13:57:59 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x9, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:57:59 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xfffffdfd, 0x0, 0x0, 0x0})

13:57:59 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f739d31772011e8b00"/288], 0x120)

[ 1324.053773] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1324.053773]    program syz-executor.2 not setting count and/or reply_len properly
13:57:59 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0xc0045878, &(0x7f0000000040))

13:57:59 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x8001, 0x800000003})
write$nbd(r3, &(0x7f0000001040)=ANY=[], 0x10)
getsockopt$inet6_buf(r2, 0x29, 0xcd, &(0x7f0000000040)=""/64, &(0x7f0000000080)=0x40)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r4, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5387, &(0x7f00000000c0))
ioctl$SG_IO(r2, 0x2285, 0x0)
fcntl$setpipe(r4, 0x407, 0x100000000)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:57:59 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000040)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r2=>r0, @ANYBLOB="0000e3ffffff00002e2f66696c653000"])
setsockopt$inet_opts(r2, 0x0, 0xd, &(0x7f0000000280)="9f21356b2c6992a604bdda6ba21df5da0e6663d0e891df482485ecfa54bfe0ce5940dff2c94de2b6d55367b3bb2b2b2ab8b0f7b92d3a3f1dc60c07ff7ff403ad33011540c02fa231faa6342e98e6c828dedefeab88d92b2237566a6ffcd854b4d1228dbd1b80ab8903c8a80d79b5b3cdc6935f0c963a02192809256c8984f304e72a065e2b35975aeeee3c6363abd62b5d4c9659b41273fbb1aacbf9116de8bec83586d9dba2765369", 0xa9)
recvfrom(r0, &(0x7f0000000000)=""/23, 0x17, 0x120, &(0x7f00000000c0)=@hci={0x1f, 0x2, 0x2}, 0x80)

13:57:59 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xffffff0f, 0x0, 0x0, 0x0})

13:57:59 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x300000000000000)

13:57:59 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x10, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

[ 1324.289571] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1324.289571]    program syz-executor.2 not setting count and/or reply_len properly
13:57:59 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0xc0045878, &(0x7f0000000040))

[ 1324.329895] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1324.329895]    program syz-executor.2 not setting count and/or reply_len properly
13:58:08 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x0, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:08 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/sockcreate\x00', 0x2, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x9, 0x88001)
r3 = dup2(r1, r2)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x610c02)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$int_out(r4, 0x2a30, &(0x7f0000000100))
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r0, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:58:08 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
getsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000000)={@remote, @multicast1}, &(0x7f0000000040)=0xc)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:08 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xfffffff5, 0x0, 0x0, 0x0})

13:58:08 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1006, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:08 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x400000000000000)

13:58:08 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x18, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:58:08 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0xc0189436, &(0x7f0000000040))

[ 1333.616800] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1333.616800]    program syz-executor.2 not setting count and/or reply_len properly
13:58:08 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0xc020660b, &(0x7f0000000040))

[ 1333.651096] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1333.651096]    program syz-executor.2 not setting count and/or reply_len properly
13:58:08 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x2f, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:58:08 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x478ffff00000000)

13:58:08 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, &(0x7f00000000c0)="024a3b158db39aa092eb1083660458243d2ca49257814007ffac1d634a1137d56e7549ace8cc90bd2fd46b45be0d45aa7b7512055a35a6cb327b6f194772807aeb4877b0c05bf4930dfd187a533849178a662e4f73e2a66ca2f2167d7ca8bc1107d67ff515cbc72084c4d3d6f05f3c75fa507fcc5487a482ab88fb735eb62ceeb778501a402fabd808caa06103af17f96c988208acc7520dad277ede976c822dc399b741141155", 0xa7, 0x48840, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10)
r1 = fsmount(0xffffffffffffffff, 0x0, 0xfb)
setsockopt$inet_int(r1, 0x0, 0x1, &(0x7f0000000040), 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:08 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xfffffff6, 0x0, 0x0, 0x0})

[ 1333.773437] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1333.773437]    program syz-executor.2 not setting count and/or reply_len properly
[ 1333.805674] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1333.805674]    program syz-executor.2 not setting count and/or reply_len properly
13:58:08 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x12d000, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000000))
ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f0000000140)={0x5, 0x6, 0x96})
fchmod(0xffffffffffffffff, 0x61)
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000080)={0x1, 0x9, 0x873, 0x20, 0x15, "48a774b5bf884c60"})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGPTLCK(r2, 0x80045439, &(0x7f0000000100))
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000001c0)=0x5)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000200)=0xff)

13:58:08 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1007, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:08 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x63, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

[ 1333.903499] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1333.903499]    program syz-executor.2 not setting count and/or reply_len properly
[ 1333.984570] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1333.984570]    program syz-executor.2 not setting count and/or reply_len properly
13:58:18 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x0, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:18 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
recvfrom(r0, &(0x7f0000005180)=""/102384, 0x18ff0, 0x40000002, 0x0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:18 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1009, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:18 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x462000, 0x0)
ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000080)={0x7, 0x9, 0x5})
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:58:18 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x24, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:58:18 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x3, 0x0, 0x99, 0x9, 0x3a5}}, 0x20)

13:58:18 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x500000000000000)

13:58:18 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0xffffffff, 0x0, 0x0, 0x0})

13:58:18 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

13:58:18 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)="24bbeacaddc3aa76fd065f295b142b2a1e6c02767c919dd7b593f6ecef0befd1727e9ca34eda7d5be9d4a5e4a2c45b56c82fc797b59ae7772f991172808523ea843d3255c5c17a70b94fc63b2c06ae34581cd2482032b3f1cb3d056b6782b49904f3fd3fe33d51cafca161311b2d0df920ed0a99085c33fd6eb202d75b814b55e369a6468bd7f6ba4d57d8e238d477470e44b0c3a5751c7f9db8446a7c9deb2dbec823c979ba771c916835aebc47548554472ab13cbfe9", 0xb7}, {&(0x7f0000000440)="f8e6403319ad3685b4479b6ff42e3d5c862871c5df15676a9bf7ca993ff80d99f6c636dddf5c2130f81545eb0e8c3f2468d43b21f7a3206d92e7594510e0f00d0241a97c0d2ba7d85d1c5f8753b57b0cc6e0d2b071ec04c80fd1ef6f13aa7325b22887d1d86177f6ee167a5adc12209ffd83dcee26fe21ceb7e4a6a3e378b807158993e572edbe9753785ba5934182e4d75a20119cd95376f65a1846d7db8e594b27ead6370121ad28df2d5bbf92ec632430010ed386b7ee23fef6c0d1313bac974f41cb6db4f0db038c54b46561c9ecf807973d465b4e2d21435dd7f10c0c5ecdfe3559478b7d96f80ea027094fca4f585b06a30ea280d33081674211d660f6fca56e8592daac52c97751e16575f751d98039e83cd81613a57efca0f40c22e1b61d57423c9c164951a0ce657342dd10cf3c2c59313f2b51ea6dc060800b5e5d55e0b2c44732e2b72268bc49aa3aa28f5f8ae63a32c82fd50466e2e6260ccff882ecf756e1aa70fdaca9e68efd1adc606665937f7260509fe9468057296b951bd361692c4569d8e32fd705cfb62e5fed2928446169b454626649ce2873abbac89e4b928dc8c1953e40d31dc3bdd5e2ee82a73b1600566d2424a570cb337525e250133cf0df4605549172d9741cba05e09139149c2135e3b773b8273c2c95fadb5e798cba27ca988182e604d847aa5cd399fa04e48d9fa850de18405418d48dd0babfddba3d12957e1314bfb80c0d77c12717d37c7eb3c8b7ebd1d385ded428fa283401853d1f41bc5a3156f35a4164fbc3eef2cf894be1c60cf715ebe411fa217a4cd91787ef074f1b6328387c1174940b112707499b790c685e27a61bf01c9b75a0beffe7684ee41c9fd5d71563695621f3b2d76c48140bf5774326860bb4d3269c4372dc939049b52e328ee36890fdf00e8260cf65d66aca881d15afa73c612fd2a5528c108db17ec6d121ddeeb880a871fc0379cd89a40f3043316d31fa941709791477784c5c3a9eff4cdd531423662c0263ef0014bc393815bcecd4c21a6a241f8689e0cc3730cf5dba7daf7ad2367e8b29937b418fdc9b2ddcb4d604a8fa84d03be5ae4dd02f0c73ffe60537b101bccdb140f501b97c09d591e948ba0f1168e240316e8fcb43408639e6a7c02101bf7248e18c4d6300b8084700679f32f9f947395a07e2d9d4ad1e1f3aaf60537d80efe7b907c337d182a5390edd08703a7a97bae1f6ee4284ba3f8d1c1341f61caf88fbd8fd7cf3631940cae338451f747935ee74839266acc3dcb669641b840f53f675b208e57bb7758eb29a42c5e5dea3d2ca93b21cf8d287d1c74f52369cec160cd71abce6911860acf72dade73a6da0c8ddadeacb364df5be404b4a9161faab89eb74c81835a3bbf528b8726fe884cf5847ccc7e443943e07cceb4cc2eb43af86893bde433381fef7d0663777181ec80b54ea28b98263fa5eeab196c48650359ad19253d37176a0d7a7750be887c53eacacf74549922b557df14cef294b4926050475152602846b7cb2cfe0831e9b8d799a13790dcf4a059150f25c3a392cfeddd4d80257c1f2150137f3c87f1b125a3b2dfa4f85d64b913ab247869f2f870df6156eaaadd914583f1d61440d6a2b1e34c61b1abad724b90c9b0b4833080e6649bf3a55499f5dc1afc1c7638595d0e96a7d65b95700dfdfad0bc40ed7d1f706aa1b650cbe8557fa2eedb76ceeac3cab16f34068a00331ee38c25b9704092e1f773426c2f6c0ad901c454b001db8fd3d1e657f0511cd63d549d99149705ff6073028ada332afccb153b77327aef2bee802129ac88fc1fa5320d4bf1eb81f8a1acc852173cdc9b2a62bcb1bac2adb90c949124adeaf0e0f75edb5fa8a2f4eb4c8a19bad0c0283ca40126ac50e0a937068ac8fe5424c57d1e226fa614ab3b99d26b60d155409e96a77e14526f60434bdfd3ac28325d387cd6614e73d2b7a80d7df0b7b22fb0802df202224fa0195b1986a4e2884fd76f11a9a9225c522660f299d661552687dba8f2d010c02ab7a2d02569fa3c61d2f1e4c7ce1e97028b70216c0d0248528f129838519bce8cd7e114b8ec08b12544f434096884a00f9620a5cc5a6eef1bc5c041c71b81bfaa0b67882640eecb7b828a2848a4785a966842c0bf4b2d06d6481c943f188e31b572f4f02c8d1c3daca9b05369e78a30aaac49b08cac01dce8059a722a74a4e82a65925bf52f7796fedaa1abe70e67616ad0d248619b5bedb621352c9059ea5286a72b41e0c106d62915096c1d20dfdb687fa4d43f6f2e86d2876ce56c8b28c32d963d182a87ba136cfd76ce3c86193dceb7c546a58cecc1656974927a50d8af325b33fbf838c03c16c8e33585d126f13244dded79d6fc43dabfffa5d974c62064841019ca337798f6037c7bf217df3693ce4a62bdf2b78a61ede21334db4d4b1f043c95d51edcb730bfe3dbabe38614288fc061f41a42e36bf2d639c7fb4ea8f0e638d28908cc208ab9480bd290cc3642ea9c4decb23484101588664334b0ee92ffc55167672188ac56560a8f1fd4cf1f2282655ace437d0994ff3ff648b300ff85700461ebe00856f838b955a69a5e586af874537861d3c66ae57abdbb5317733650a62a47f34c3ec30772812de30ef99c968bb4e35be1095401c47158a81256579b83645098cb0fdea7021769d72abebf8edeb4e2e9d15039889120e947c3f06c60c1eb46b19aac564a6bf145a081422736708601f3a0fc4ef59746ac7d77e1db7be47842c54068a02d0dc8391aeacb902de2853b14dce9949a23ea167a3e96e71a2a366a2ae9e7aa5ac884835f1002b711aa969cd10c67b0dde5edde23362d83994706e6a282bacb148fe2ea57a0cf51d8c2b8fa6de2a866624aebf360f6fde5cab1b7e6fea66711fa402451dbc36a0321315e69bf7407befe8e6c1ade5196f0473b51538f68c20dd8f8a88af8c297103b4c6ed0cb0bde273a0fc4d7663469cff32ec53233ed6640833e1f2605f98fc6071ff1575ed9844b57369b0f6fa871ee8cc318d121088ac9a77bac0b8942ce9008183f762d70d0aa50c176cc520180411b83fe2c79e8abf1e57faf985aa294c2b4d26d372467bbe182eac5eba827286d6917419ce82cc5f5ab12b81687d5f786bfbb4396c9a7d7c5858998f0fc4870f8b8487a3f4e71da6052d6b9f34438f66c3dcfb7232b80535c4cc5195d22816b36b309e366c8f7d55af663c704cf657b0b71032e032a7d42ba70edf4a90acc24df6ba306309363e624d25452bb29f4c5485888a46f71608449253f2b61acfac7a6a8f6502b10e023fb8a9a61e22f06d167524b559446eb6ba84790f3e723e9b8cff2c4452af155b526331c90911da92ef61defe109c653f2eea6d672d01498e945176e8712dffb3fda55e6466fde7edb0453d7816c5e3aad89f9adc46f0c88d84ea47a042f8e84791953a678011aba6c88c56efc60003043917c933b02bfdde8f578ef2a5073633ab3540408b8ea91b3cef92e0aad7de170d7ca2c6b6038de3d931a140bec61c9767ec7acf3701bbaf80fc76d2b54009ebb630183c001b744a5673e190668bdc7e6adc84e1ac9de74b8a1b7491be707c536dae23d10348ca140e6efe945f353832d6fc849171f93c66c42b1e0ee1b1d8cf88058bc6adcf9b0dbdf729ee2df59591adf11b9b28a81afb1e9513f93213788a101e1786885185c9a7abe6921f82701b680282a7b5b87f33b9192bbbeb31da9bc17611f0001880b9ee9a7c5d6efa02d65fd3edb284e937eac0a8665d83686d7aa2e68b20124c1757f223fa53b10d510387682a228bd3193a9038b034acf2b5cabb329288dee45747a6fa79aa1305d7680d6cf8bc930fc3f93e0056a36893a07be81f9ef1368516c804082120f3ba608bb18437637f4b2f77e35bb598a395d3273c7403e695571abfc1383c599a53cac9090e2a12c1ab45c076a399b502ad079a979888e29b2e106e221c8f8d5f403ddcae1edaa53981a7437f0a233801f9b2b58b2f9613a135814cf148b2c203c9ce7ed5b6702bfbf15e02d199f29b20e5facb557943b06e51bfce664f334a66c290ce39765a87d37fa83680b7ddc7c4c7569bc376e1cd38627bcc2974498ec521703de9e7bc3da39f64d53e7625c25484024769b2c5a4cd5496b254500d690f926bad334b8ca94203b92dcd16d9549720c30b8700786895c96ea639bc7d03e4c24e072eedfb9c9ab97647a884f98946784505537ad325bddd9e584ab5e9c8d167469e20478305ee1e73c70d418137e5d664382b4c607d5447d8b3612afbf8908bdd65bd77db84f841fee34c1728035a9e5803e0d341da3dbf89d41804963fbd38e0b3d0d8d91371454a4c5eb5fc39643e584a5951e590a8c7648175214ae1fe1e9119a105ffcd155ce50149681b68020db485aeedf270476f3bb475b3295927fc6465a7d95bef4e559c49e9dae0f2bbe215fd7c5d475ecf9e93b7a57e4c3cfcfcfa2d98470853c675c940f848822b3f9df1f94375ae690c3fad22cc676452b7ea15b039844eee4ce74fb4476749407c871d7ccb4ad215fac8cc61d8b4a8f9d6083c2c0d0aa82e2114fc27bf64786834bf5d107e3fddfcb41b7265e125e16783494ea4d9412d580ff5c75e00b0126c303ee2e884ac679651057565eb0894324437daeca0556eec516d8169eb125fa8eb465698975000ba695088a4dec5c23b0831066670d88fd5ea01b8c8d56fa8ffd25eb4c9d26fc91099880e4e557fd5eff4c4c90ace90b465dbd73e48dc2bbaee77d245ce8da5ec9524301ca73a86c1b5bccdd6be93d900b41c8c30b1580f682c062f97fbfe30bcf61e5ec4bf6679683f32f8bfc41c560281df77e112c1c9b74d36aeb2855d2e5baa8948c1ba88ab0a86f40e1cc6afb4a0aa5a6a417fbcbf038538b2b56b2a7c34bc3f0bb6b6037ab2af020d5556f226d1a694a3ff4c19b67b6dc12da4ffa3efd7e0909ce1269c09f33e8aa5fd47f83a7c819c19f0b1db07e735ec8691b8579ee5faaca5a71bae0d1a21ff9cec15331056aa990b32437cc45c2c53084362ec19be04b5bf13bb266815436a3a4e848593ec9a73e0973128d74f09b44d375ae143fe4cb28859027dbe37796618fcd4105674b72e0c4f1b90d6b7bbc658fdf5562f0e08acb48aa072d8234b7954370346692ae4d6231369bf62891b5315d1b691d5b43d73a56048b6ef4e2665e6e267d4d7432d3c68ab227463b2cd7d8b42181502e7aa4844f857330caab56cc8c8538a5cfc71076e490b22a4130c93a993cbb4a225e719961fb732e6182b829c175d44856b8312db559f90e36d6d92170bd2b43a84a144275aa4cb65f3786abb5a3c46ab439d5659dcd96f1e3432dc7c9e40bca7a389c0493bbc18405a9e200236ca3ca58d32e2fb59ee83f84d96a91c18b76006265072656c0bf724be33348f34516c9547df18b2e7d3209ed14a03c84acdc4638fa1b6e5457956093fd25203f2109c0e9c0e427ae75ab38f2b68b84800808177ecc6bca4723a232509fbf2a0449e4bc51c5f762e1d76b2d2800f92d0edce53462393345fc7f12f819e924d5a7b418f21aa9e3e2b6d35b75eee218419afb5d69de7ddb54ab700a14953a691479511a8c967c382878cd582eefa2287b19656f977f221a124158491e459d0da6a6727a4b4574174494878c69a121f5a1998168d007c89e1d69bbc19f9239f6551db2829b6bb6419263a1b6d82b32a271c40b76ba156cce6171465847aa42940f8424df45c51fdf402c8f77b1cc69251d66d60467161cc3d99b15d6935a7", 0x1000}], 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001cc0)={0x0, 0xfffffffffffffffc, 0x39, 0x20, @scatter={0x3, 0x0, &(0x7f0000001600)=[{&(0x7f0000001540)=""/169, 0xa9}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f00000001c0)=""/50, 0x32}]}, &(0x7f0000001bc0)="77030faada19af9c7a8edae4c200ecfc88e2ea37bf5d9b197a162a14acb9219bce9a89c6c2ca5f9ee66bb3d1ae6a985bb9a02f07fd3df0aed4", &(0x7f0000001c00)=""/119, 0x4, 0x10, 0x1, &(0x7f0000001c80)})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))
ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x96)
ioctl$TIOCGSOFTCAR(r3, 0x5602, &(0x7f0000000040))
ioctl$TCSETSF2(r3, 0x402c542d, &(0x7f0000001ec0)={0x7, 0x7, 0x8001, 0x29, 0x80, "31ec41b36af8a087ef27f25769ddcf8f82fa33", 0x80, 0x18})
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
pidfd_getfd(0xffffffffffffffff, r2, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
r4 = syz_open_procfs(0x0, &(0x7f0000001680)='net/kcm\x00')
mknodat$null(r4, &(0x7f0000000140)='./file0\x00', 0x100, 0x103)
getsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f0000001d40)=0x7c, &(0x7f0000001ac0)=0x2)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001500)=<r5=>0x0)
r6 = openat2(0xffffffffffffffff, &(0x7f0000001640)='./file0\x00', &(0x7f0000001e80)={0x210400, 0x1b0, 0xa}, 0x18)
perf_event_open(&(0x7f0000001480)={0x1, 0x80, 0x1, 0x3, 0x80, 0xff, 0x0, 0x400, 0x92120, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x8003, 0x0, @perf_bp={&(0x7f0000001440), 0x1}, 0x600, 0x9, 0x7ffffffe, 0xe, 0x4, 0x400, 0x306, 0x0, 0x8000, 0x0, 0x800001}, r5, 0x10, r6, 0x0)

13:58:18 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x0, 0x2}, "", ['\x00']}, 0x120)

13:58:18 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="f2ae210ec06462df4a8b5eed4476900ec90bbafd80ce6e0b926d5bca8547295476862436ac50e95618141aa368d715507f1a599c7aafc2a57e07b2a1d7e5681eba3291c1f8b0590f03289cd5f1145ba3615ad83eca85e41fe95f57c6662304e9b8af9e725cf673fce8311cfce7e129c861b0bc13d6472adc8e2a4db370564221903b88331cdf3c7c0593dd8f01e96710033db3e9b8eaf3536672a48ba782dcef8731aee8e439d002e1e5cb7bd845ee2b9991986502ea3f92645f34080b30a6d39dbda34a3a3961e9b742db7f032f34de55bf3881cb0a6e96837b077ef39b0d7022a86f344eb1fa25242f0c673d2e", 0xee}, {&(0x7f0000000180)="ff922f0242ae7e0a50b7eb5254db9d2cf4d88ba130bc2c50c797138b0a89669d0021bc30077ec2dbdf6eccb99940b90d07b63036d08d7b01a6560b83dfc8248d4b08b891f97088f225ceaf709450bee85208bc88b8eccd9fc72b109d83f71570a4f304b3a9d3089cad2fa5287f08381bd43128758f22d885df9c19f213a68dccd2333c4ef2e90b0b086b380d21ba9ffd618051fd49c839eb183ff37ac014cd26c8b25b97388f1a7b1730be9ad94bfcfa4bd9abae22ce", 0xb6}, {&(0x7f0000000240)="f45c573d34528921951b8d575e3fdccb99ddea3545523b2d3e3768bfb21d76a4760ed00bb1f752f033551b37bfbbf594e36815a7101d3cb62a9118cf7873f45f81d820605af174c5f97a8b0c9816d612cbae8b7cb29c88a1b6f82206115d83bf17c28930f2877d3b35c6b8349a549b367dc5cf75bdb2dd79d3915455bb926180f2848f56c51532dfea6b178e15203b48c1648c982c134b306c30b929170080ac730b97339e1a0fd4559ea4dc5d4e7590b2ff24a171eac3", 0xb7}, {&(0x7f0000000300)="6816881d93fa9a741cb98ed244d6d1b2f6e49bb446e1a921611c671d13f108e08c3749021f25abd40f237139b957fefa00c0ef46409eba17d9e2dfcf00b789aa0bf148924318ed22d2f57cac56d38aa3319341b75ed17d5b805b26ed012794f11101534770f8c780be13fea602f741157e939b4047c357e764132d4133db23503557b4c54ed323e4517cb7135aefa0e37b0c23dee699ea295bfd4fe22323adddb35c0e79fca18ea3f479a74c2e2007b8e36199", 0xb3}], 0x4)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:58:18 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, &(0x7f00000000c0)="e57bec1e94b27d2336c41951d727d2b609572150594c60b3556a350b3e6a6289ba8f82dc644d0ce3c5ce6ae81361c2362f85c003ae93dfe181ef3b094cbfd958379dbf11fd9ca6d1215f85397ea0813644afa89ee2e3f375b1b6ef23eaeba111c9ef0e090f0642b64670feaec637e03154ce64f7f21e3a2966704f3d33474bce1f1769f41df39fefc490671b06f836f43f56b94ce33c81986bddc5c7164f6be6f147024ceb565979766f0fbcc6f41fe6dd8b529d52b02faf4aef273a511057c53516d0a64f4a4876ae379002f2ebbc06fca448b9d9300c53966939bb95911c00e9e7", 0xe2, 0x40088c4, &(0x7f0000000000)={0x2, 0x4e21, @private=0xa010100}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:18 executing program 0:
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x215ba14d2b472a90, 0x10)
faccessat2(r0, &(0x7f0000000080)='./file0\x00', 0x4, 0x300)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r3 = dup2(r2, r1)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
write$binfmt_aout(r2, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:58:18 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x600000000000000)

13:58:18 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x2, 0x0, 0x0})

[ 1343.222826] sg_write: data in/out 3171656/4 bytes for SCSI command 0x0-- guessing data in;
[ 1343.222826]    program syz-executor.0 not setting count and/or reply_len properly
[ 1343.238927] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1343.238927]    program syz-executor.2 not setting count and/or reply_len properly
[ 1343.288686] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1343.288686]    program syz-executor.2 not setting count and/or reply_len properly
13:58:34 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x100d, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:34 executing program 0:
clock_nanosleep(0x8, 0x1, &(0x7f00000000c0), 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
dup(r0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
r5 = geteuid()
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_fscache}], [{@subj_type={'subj_type', 0x3d, '/dev/ptmx\x00'}}, {@seclabel}, {@dont_measure}, {@uid_gt={'uid>', r5}}]}})
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:58:34 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/26, 0x1a, 0x1, &(0x7f0000000440)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0xfffffffffffffea1)
sendto(r1, &(0x7f0000000480)="d67aecf3667cf1555527c78d4d887b79f82033947ef64e07befdff9e0ea5fe464d03e0cac2d3ed1b98a05e7e57647c3c1d0eba389ec279b01ad99e27fe22e5e86b8dae49417eb87c54eefaf227522e343e6cbe88b68247d7c1b6990cafd55f68422a21a9e19043013cc16fb25d78124175da9c43d580b509e92aab34d90758f8b982176a25dd5c52823331a1a388d09677a30039b12cfe4d2be4117249f378b57b901998c8ef2073998f99a8450a1dbb2e863210e48aa4934e6f3d23461fb6d69476fb11b8e2d365ba16d88826cb8a9837e4c436b448", 0xd6, 0x8000, &(0x7f0000000580)=@x25, 0x80)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/121, 0x79}, {&(0x7f00000000c0)=""/113, 0x71}, {&(0x7f0000000140)=""/216, 0xd8}], 0x3, &(0x7f00000003c0)=""/82, 0x52}, 0x2}], 0x2, 0x1, 0x0)
recvfrom(r1, &(0x7f0000000600)=""/186, 0xba, 0x0, &(0x7f00000006c0)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e23, 0x8, @dev={0xfe, 0x80, '\x00', 0x20}, 0x41}}, 0x80)

13:58:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x6, 0x0, 0x0})

13:58:34 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x2, 0x2}, "", ['\x00']}, 0x120)

13:58:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x700000000000000)

13:58:34 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x0, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:34 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {0x9}}, './file0\x00'})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000140))
ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000080)="395047b0ff929181e312de5f6e7267a822513797c65f73d1cb0fe75ff6cf6009ad160da43d09ae070eeae44fe3bbe7d964fd02c7530e5d729bdafb06078284609d5b9cec2c002940f5681ca99adafdbf3c27edd51c6860e15a8cc21387b2ed8d8e0d6bae579ad0f75073f3bb3d53dff9e43f72be16a1da2e988188fcff33536bc796faeb6f6e26e8f3c03564e2e4fb0c5e4fdc30d5a179b3fc0782493f5e47cc875987b7d2a779e05309e536bb89c47130dc7f91")

[ 1359.906821] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1359.906821]    program syz-executor.2 not setting count and/or reply_len properly
13:58:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x8, 0x0, 0x0})

[ 1359.952173] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1359.952173]    program syz-executor.2 not setting count and/or reply_len properly
13:58:35 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x10f4, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x3, 0x2}, "", ['\x00']}, 0x120)

13:58:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x800000000000000)

13:58:35 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/9, 0x9, 0x40000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = mq_open(&(0x7f0000000840)='*\x00', 0x40, 0xa2, &(0x7f0000000880)={0x3ff, 0x8d, 0xfffffffffffffff9, 0x7})
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
dup3(r1, r2, 0x0)
ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000800)={0x3f, 0x78, 0xff})
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200040, 0x0)
write$binfmt_aout(r3, &(0x7f0000000080)={{0x10b, 0x1, 0x4, 0x6e, 0xef, 0x7fffffff, 0x35c, 0x9}, "ace9a1cef0528ddea10a311c294178ed7479626aa6859f61d68276379ac2b50e930b5e99e67582523a98fc8f507f0ab8a4218204c5a630c426b073cdc66d6f94394f2e3e1af8391176b6080c27f2", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x76e)

[ 1360.070623] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
13:58:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x9, 0x0, 0x0})

[ 1360.070623]    program syz-executor.2 not setting count and/or reply_len properly
[ 1360.124190] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1360.124190]    program syz-executor.2 not setting count and/or reply_len properly
13:58:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x4, 0x2}, "", ['\x00']}, 0x120)

13:58:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xd, 0x0, 0x0})

13:58:35 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5452, &(0x7f0000000240)=0x100000000)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x53)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x30, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1000000, @mcast1}}}, 0x108)
accept(r1, &(0x7f00000000c0)=@caif, &(0x7f0000000140)=0x80)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000040))

13:58:35 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
r3 = dup2(r2, r0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r3, 0x2285, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x2)
write$binfmt_aout(r0, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
ioctl$EXT4_IOC_GETSTATE(r3, 0x40046629, &(0x7f0000000040))

13:58:35 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00')
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x9, 0x8000, 0x4, 0x6ee68369, 0xf, "8dfa767aea7850dc14e707df4b9892694c7507"})
ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x27f7, 0x5, 0x4, 0x1, 0x4}})
ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000080))

[ 1360.307636] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1360.307636]    program syz-executor.2 not setting count and/or reply_len properly
[ 1360.371526] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1360.371526]    program syz-executor.2 not setting count and/or reply_len properly
13:58:45 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, 0x0)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:45 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000440))
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)=0x1)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
r3 = getpgrp(0x0)
r4 = getpid()
pidfd_open(r4, 0x0)
r5 = getpid()
pidfd_open(r5, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000001c0), 0xab4, 0x2340c0)
clone3(&(0x7f0000000200)={0x2000100, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x35}, &(0x7f0000000280)=""/41, 0x29, &(0x7f0000001440)=""/4096, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, r3, r4, 0x0, 0xffffffffffffffff, r5, 0x0, 0xffffffffffffffff], 0x9, {r6}}, 0x58)
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r7, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r7, 0x4c80, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r7, 0xc010f508, &(0x7f0000000140)={0xfffffffffffeffff, 0x7})
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, "", ['\x00']}, 0x120)

13:58:45 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1400, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:45 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000000))

13:58:45 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x600, 0x0, 0x0})

13:58:45 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendto(r0, &(0x7f00000000c0)="cbceddcaf611d92e724390383843e95fad3868832ffb2c7f31b299efa6de8edcb1602e95a06ddda3bd268a2a9bc218d3e648582d15263f97aaa46912208691572ce541480dc7e814fadd34afc69dd35d90cbda1f1b380a972ce42201a2b473f3a153fa473d4eefb2588bf055a423894358e185e32104d02a11d67a9ae21bab16f9943cbaa4a237f0ecce828d0f15cc2d8a8e5534481ba8ddfb18981ec5c540ec3af9d4de57a99b7dc957e2070f047426fe7c0c46c5d5f88b48ddd992235a9a540d06e811116b265e6e979addacd647", 0xcf, 0x11, &(0x7f0000000000)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e22, 0x80000001, @local, 0x5}}, 0x80)

13:58:45 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x5, 0x2}, "", ['\x00']}, 0x120)

13:58:45 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x810000000000000)

[ 1370.733647] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1370.733647]    program syz-executor.2 not setting count and/or reply_len properly
13:58:45 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1f00, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:45 executing program 7:
r0 = socket$inet(0x2, 0xa, 0x400008)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x300, 0x4000)
close_range(r0, r1, 0x0)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:45 executing program 6:
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5602, &(0x7f0000000040))

13:58:45 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x6, 0x2}, "", ['\x00']}, 0x120)

[ 1370.994048] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1370.994048]    program syz-executor.2 not setting count and/or reply_len properly
[ 1371.045865] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1371.045865]    program syz-executor.2 not setting count and/or reply_len properly
13:58:55 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, 0x0)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:58:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xa78ffff00000000)

13:58:55 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x7, 0x2}, "", ['\x00']}, 0x120)

13:58:55 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x65024, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:58:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x900, 0x0, 0x0})

13:58:55 executing program 6:
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000480)={{0x2, 0x4e23, @remote}, {0x1, @broadcast}, 0xa, {0x2, 0x4e23, @multicast2}, 'veth0_to_bridge\x00'})
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCFLSH(r0, 0x540b, 0x2)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x9, 0x5a, 0xc1, &(0x7f0000000080)})
ioctl$VT_RELDISP(r0, 0x5605)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:58:55 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)
ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000000040))

13:58:55 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r1=>r0, {0x6}}, './file0\x00'})
setsockopt$inet_int(r1, 0x0, 0x6, &(0x7f00000006c0)=0x7, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f00000001c0))
sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x430, 0x3f3, 0x200, 0x70bd26, 0x25dfdbfb, {0x1, 0x2, 0x28, [0x7fff, 0x3, 0x1, 0x8, 0x5, 0x5, 0x401, 0x400, 0x81, 0xee10, 0x3, 0x81, 0x6, 0x0, 0x7, 0x5, 0x10000, 0x8, 0x7f, 0xac, 0x7, 0x101, 0x5, 0x6, 0x1, 0xf40d, 0xbe, 0x3, 0x4, 0x7, 0x6, 0x5, 0x80, 0x88, 0xcd5, 0x80000000, 0x4, 0x9, 0x4, 0xfffffff7, 0x3, 0x1, 0x0, 0xfffffffb, 0xffff, 0x4, 0xfffffffb, 0xfffffeff, 0x401, 0x7f, 0xfb, 0xff, 0x8, 0x2, 0xfff, 0x7, 0xfffffffb, 0xfffffffa, 0x8001, 0xfffffff8, 0x1, 0x0, 0x9, 0x59], [0xb8000000, 0xffff1a24, 0xffffffff, 0x0, 0x0, 0x0, 0x8, 0x7fff, 0xfffffff2, 0x9, 0x89a3, 0x8001, 0x1, 0x0, 0xe4e4, 0x800, 0x3, 0x3452, 0x8, 0x4, 0x20, 0x1, 0x3ff, 0x8, 0x6, 0x2, 0x101, 0x0, 0xba0, 0x4, 0x244, 0x1, 0x9, 0x1000, 0x8001, 0xcad, 0x4, 0x3e20, 0x0, 0x4, 0xfffffffd, 0x1f, 0x5, 0x0, 0x4, 0x5a4, 0x3ff, 0xfb3c, 0x9, 0x9, 0x200, 0x5, 0x0, 0x5, 0x6, 0x80000000, 0x0, 0x6, 0x8, 0x9, 0x7f, 0xfff, 0x3, 0x7], [0x3, 0x8, 0x4, 0x9, 0x8ad, 0x0, 0x3, 0x9, 0x8, 0x4, 0x5, 0xb, 0x8373, 0x6, 0x10001, 0x20, 0x6, 0x5, 0x2, 0x101, 0x2, 0x5, 0x9, 0x5, 0x4, 0x7, 0x9, 0x56f4374d, 0x9, 0xfff, 0x8001, 0xd0f8, 0x0, 0x5, 0x0, 0x5, 0x4, 0x10000, 0x6, 0x464f1ba9, 0x3, 0x49, 0x798, 0x1, 0x60f62e86, 0x5, 0x6, 0x1fbd, 0x6, 0x800, 0x3, 0x8001, 0x81, 0x60, 0x1, 0x7fffffff, 0x4, 0x4, 0x7f, 0x800, 0x7f, 0x5, 0xee, 0x8], [0x6, 0x5, 0x7fffffff, 0x7fffffff, 0x8001, 0x3f, 0x7ff, 0x0, 0x249cfb18, 0x9, 0x7, 0x2f000000, 0x1f, 0x3, 0x10000, 0x5, 0xb741, 0x6, 0x1ff, 0x1f, 0x847, 0xfffffffd, 0x0, 0x2, 0x7ff, 0x1, 0x3f, 0x6, 0x9, 0x7ff, 0xffffffff, 0x5, 0x7, 0x5, 0xd55, 0x101, 0x12000000, 0xffffffff, 0x100, 0xfffffffb, 0x2, 0x10001, 0x1, 0xfff, 0x7fffffff, 0x8, 0x1000, 0xffffffff, 0xffff, 0x80000000, 0x400000, 0x7fff, 0x1e9, 0x80000000, 0xfffffff8, 0xc7, 0x7, 0x81, 0x5, 0x1, 0x0, 0x1, 0xa403, 0x200], 0x10, ['^/\xed&*}\x00', '&-}\x00', '#\x00', '/\x00', '\x00']}, ["", "", "", ""]}, 0x430}, 0x1, 0x0, 0x0, 0x40000}, 0x24004871)
r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x0)
recvmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12142, 0x0)

[ 1380.365989] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1380.365989]    program syz-executor.2 not setting count and/or reply_len properly
[ 1380.398627] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1380.398627]    program syz-executor.2 not setting count and/or reply_len properly
13:58:55 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x8, 0x2}, "", ['\x00']}, 0x120)

13:58:55 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x24008081, &(0x7f0000000000)={0x2, 0x4, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvmmsg(r0, &(0x7f0000001c00)=[{{&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/2, 0x2}], 0x1, &(0x7f0000000140)}}, {{&(0x7f0000000180)=@caif=@dbg, 0x80, &(0x7f0000000400)=[{&(0x7f0000000280)=""/151, 0x97}, {&(0x7f0000000200)=""/35, 0x23}, {&(0x7f0000000340)=""/139, 0x8b}], 0x3, &(0x7f0000000440)=""/83, 0x53}, 0x3ff}, {{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f00000004c0)=""/66, 0x42}, {&(0x7f0000000540)=""/198, 0xc6}, {&(0x7f0000000640)=""/247, 0xf7}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000001740)=""/127, 0x7f}, {&(0x7f00000017c0)=""/2, 0x2}], 0x6, &(0x7f0000001880)=""/205, 0xcd}, 0xffffffff}, {{&(0x7f0000001980)=@hci, 0x80, &(0x7f0000001b00)=[{&(0x7f0000001a00)=""/227, 0xe3}], 0x1, &(0x7f0000001b40)=""/190, 0xbe}, 0x6}], 0x4, 0x0, 0x0)
r1 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x800)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r4=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r4, 0x2, 0x6}, 0x10)
sendmmsg$inet(r1, &(0x7f00000023c0)=[{{&(0x7f0000001d00)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000001f80)=[{&(0x7f0000001d40)="ba1401e41966da6edc0549d268fcbca393e0d89e46558306ec0070ec75e7737aa6a658d6a8cb953c24844f8f24476d9a0937d320b01e8048ec1a8a33c561110b7551051441287a44313d0b886f1223e225de57264088f26ee7d79e63b148c6ed00967caf6d628516550051f9b7bae19e3688d9d4dc9914fc3f69c5a40c6b0ed95d23deec670e7fedf4c368af61485f9959971fbe3aca", 0x96}, {&(0x7f0000001e00)="cc8b8d8b0d71e36038edac82b512696a1af8e90444cd9a9f72225c74a6e655e393bf1f7b7f82f3492fa5f5aaddab0d40cc7c2bf7d580b4e2a1db837a86e36d1a68ff0f394a67a430acead18cff9a062af67c30b3d3acd9f12a0271540e38d1667cb4209f33c9c1d71d984e8ba49abd9dca114d240726c5db5a3f6651b187589726ade37183", 0x85}, {&(0x7f0000001ec0)="af86ec507339026a98f72d32c0c29ccd1efd17b843959e0b2f3c9d27b3b2f0d835d32b06dec0b61de0fb471ea197bd604828b556cd15bbe6051371864ab3278e175b49112878fa9cac729c3f3a34f48ef8ca16c59f2de6c86c6e9d5904e0d7e4b8c0d0bbf03d398d4cf733fbedef96dd3db2e181fc0f78aaea20f738980ccf3cef6f7c4780f9dcd65900830298d97735db", 0x91}], 0x3}}, {{&(0x7f0000001fc0)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f00000020c0)=[{&(0x7f0000002000)="4622edde6f05b33ef4c034ba6b577cb788ace138697e4effa66dc646d8f7bf4fdeeb8f29145a8f16809f8804cbcc2cb2ac69a5c3bda30f8169840727208c9400f83e93072384bc", 0x47}, {&(0x7f0000002080)="65362bb924d878cc4f24cc56a065c1f9f21569e92de9492958dbe9d4f4a491a5a6", 0x21}], 0x2, &(0x7f0000002100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @multicast1, @multicast1}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x80}}], 0x38}}, {{&(0x7f0000002140)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000002280)=[{&(0x7f0000002180)="f273cd12ff0baeb6b4c4a035e15bc736dad1a91a1c985b9b0922565893c68aa8ecddb75edf5ae8c1b3d7ffda0af7470c86a20eb7edfc02e4876f744e8252a0ba2007129eaecf1bb65505cf131d588d25d542b2829e176c72ab9c6fd1a572bd73705300fd2e11276d086c64721baf8d8d34a60fcee4487d627e2c96db919c2a1c8c1af1672e4e0b5017bb8059139b5319de2687420601317e8cd71c3ad88ebb197230d57b85bb0ee3546cd3733f9416f1af319dd201", 0xb5}, {&(0x7f0000002240)="c73e25e20990c0d6785fe4fbaee4c7b19cd5f146ca44e31d3874fcd70dc4eee531e00637f72f97b92f", 0x29}], 0x2, &(0x7f00000022c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0xffffffff}}, @ip_ttl={{0x14, 0x0, 0x2, 0xfffffff9}}, @ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_retopts={{0x74, 0x0, 0x7, {[@lsrr={0x83, 0x1f, 0x99, [@rand_addr=0x64010101, @local, @broadcast, @broadcast, @private=0xa010101, @rand_addr=0x64010100, @local]}, @ssrr={0x89, 0xb, 0x62, [@private=0xa010101, @rand_addr=0x64010101]}, @ssrr={0x89, 0x2b, 0x53, [@loopback, @private=0xa010100, @private=0xa010100, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x22}, @empty, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @rand_addr=0x64010102]}, @timestamp_prespec={0x44, 0xc, 0xff, 0x3, 0x4, [{@broadcast, 0x7}]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}, @ip_ttl={{0x14}}], 0xf0}}], 0x3, 0x20004011)

13:58:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x1000000000000000)

[ 1380.506242] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1380.506242]    program syz-executor.2 not setting count and/or reply_len properly
[ 1380.526819] mac80211_hwsim hwsim14 wlan1: entered allmulticast mode
[ 1380.528013] mac80211_hwsim hwsim14 wlan1: left allmulticast mode
[ 1380.530804] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1380.530804]    program syz-executor.2 not setting count and/or reply_len properly
[ 1380.540822] mac80211_hwsim hwsim14 wlan1: entered allmulticast mode
[ 1380.550132] mac80211_hwsim hwsim14 wlan1: left allmulticast mode
13:58:55 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000003ca83359fb000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000e2f9a5d700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000edffffffffffffff00000000000000000000000000000000000005000000000000000000000026a60000000000000000000000000000000000000000000000000000000000000000000000000000003238abb5b515b0fa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045929be9f4ffd67fc4dd67079d9271966efa4833ef9ee08a2aad2b8d1f42860850906ca3339bff8d4045f4fd1603b5c8487f30d6d0b10d384b3a71c990fd594d5730b7077737a4915769caff94719a654a46778eb85a80522441a1a87d96b687f4ae7d2786ac384c9c36c82fc4bb464c4ab240c1442745a7a32008b33beecc83efd2afc01c7c5967d28d657a7072f637d8ddfcb3ff304951822469722e0c4069326b4da495b8b9735f1d00f02e1c28d07dad33954b5a88248b8066094c0af51c11739bd66572ee43684907cabffde04d146831a66384d13c05a533ae534bc6241b3cea6905289224553f590de48a79f1"], 0x120)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x100000000)

13:58:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xd00, 0x0, 0x0})

13:58:55 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
syz_open_dev$tty1(0xc, 0x4, 0x3)

13:58:55 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x10, 0x2}, "", ['\x00']}, 0x120)

13:58:55 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x4000000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

[ 1380.653516] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1380.653516]    program syz-executor.2 not setting count and/or reply_len properly
[ 1380.687783] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1380.687783]    program syz-executor.2 not setting count and/or reply_len properly
13:59:07 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
r1 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0xad00, 0x1c8, 0x12}, 0x18)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f00000000c0)="6241c8de5e10aefe5c15cb812e7db3e91b80171ab0b4db28139de3e98e8515da2e048450b9d51d7e6590328aa7cb1c3a0ab85d254468c5c2522beacdd7fa1942d811dfd0a4a3ea9ec3ff8e320f3174939660ef0885846424053e7b9841bc5ffad1ac3fae8662e8856d33d757c6c3a1202aa3f70c5f1523968de8ba68826ef0373f83f460dc5455fcf4d4e3af4a3df3859bdd90fc", 0x94)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:59:07 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xfdfd, 0x0, 0x0})

13:59:07 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2000000000000000)

13:59:07 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0x100000001, 0x6880)
fcntl$notify(r1, 0x402, 0x80000031)

13:59:07 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f0000000040)={0x0, 0x81, [0xffffffff, 0x7, 0xd6, 0x80000000, 0xf56, 0x7]})
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000300)={{}, "", ['\x00']}, 0x120)

13:59:07 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x300, 0x2}, "", ['\x00']}, 0x120)

13:59:07 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x10000000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:59:07 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, 0x0)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1392.015084] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1392.015084]    program syz-executor.2 not setting count and/or reply_len properly
13:59:07 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f00000001c0)=0x61f3)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1392.075876] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1392.075876]    program syz-executor.2 not setting count and/or reply_len properly
13:59:07 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(0xffffffffffffffff)
ioctl$TIOCSLCKTRMIOS(r3, 0x5457, &(0x7f0000000000))
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
ioctl$TIOCSIG(r1, 0x40045436, 0x1d)

13:59:07 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x80000, 0x0, 0x0})

13:59:07 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x900, 0x0, 0x0})

13:59:07 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x40040d00, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)

13:59:07 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2002000000000000)

13:59:07 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x500, 0x2}, "", ['\x00']}, 0x120)

13:59:07 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f00000001c0)=0x61f3)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

13:59:07 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/timers\x00', 0x0, 0x0)
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000080)={0x7f, 0x412, 0x4, 0x0, 0x20, 0x9})
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

[ 1392.336454] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1392.336454]    program syz-executor.2 not setting count and/or reply_len properly
13:59:07 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x1000000, 0x0, 0x0})

[ 1392.395431] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1392.395431]    program syz-executor.2 not setting count and/or reply_len properly
13:59:19 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2103000000000000)

13:59:19 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240))
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:59:19 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x2000000, 0x0, 0x0})

13:59:19 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x600, 0x2}, "", ['\x00']}, 0x120)

13:59:19 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x1000000, 0x0, 0x0})

13:59:19 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:59:19 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x3}, 0x58)

13:59:19 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f00000001c0)=0x61f3)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1404.382722] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1404.382722]    program syz-executor.2 not setting count and/or reply_len properly
13:59:19 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

[ 1404.432557] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1404.432557]    program syz-executor.2 not setting count and/or reply_len properly
13:59:19 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x6000000, 0x0, 0x0})

13:59:19 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f00000001c0)=0x61f3)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

13:59:19 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))
ioctl$KDGETLED(r1, 0x4b31, &(0x7f0000000000))
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:59:19 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x810000000000000)

13:59:19 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x4}, 0x58)

13:59:19 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x2321000000000000)

13:59:30 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240))
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:59:30 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x6}, 0x58)

13:59:30 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
ioctl$SG_IO(r2, 0x2285, 0x0)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

13:59:30 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x700, 0x2}, "", ['\x00']}, 0x120)

13:59:30 executing program 6:
pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0xffffffffffffffff)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x1f)

13:59:30 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x9000000, 0x0, 0x0})

13:59:30 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x810000000000000)

13:59:30 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x3f00000000000000)

[ 1415.804428] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1415.804428]    program syz-executor.2 not setting count and/or reply_len properly
13:59:30 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1415.836768] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1415.836768]    program syz-executor.2 not setting count and/or reply_len properly
13:59:30 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x4000000000000000)

13:59:30 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x8}, 0x58)

13:59:30 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x0, 0xffffffffffffffff}}, './file0\x00'})
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0)
fcntl$notify(r1, 0x402, 0x8)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000080)={0x2, {0x2, 0x1, 0xff81, 0x4, 0x8}})
ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, &(0x7f00000000c0))

13:59:30 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xd000000, 0x0, 0x0})

13:59:31 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x600, 0x2}, "", ['\x00']}, 0x120)

[ 1415.975078] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1415.975078]    program syz-executor.7 not setting count and/or reply_len properly
13:59:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

13:59:31 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x1fa7, 0x2}, "", ['\x00']}, 0x120)

[ 1416.160660] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1416.160660]    program syz-executor.2 not setting count and/or reply_len properly
13:59:42 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
write$binfmt_aout(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

13:59:42 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x9}, 0x58)

13:59:42 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240))
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:59:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0xa71f, 0x2}, "", ['\x00']}, 0x120)

13:59:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5402000000000000)

13:59:42 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x600, 0x0, 0x0})

13:59:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xfffffff, 0x0, 0x0})

13:59:42 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))
ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000000000))
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
lseek(r1, 0xc5, 0x2)

[ 1427.079004] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1427.079004]    program syz-executor.2 not setting count and/or reply_len properly
13:59:42 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

13:59:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x80000, 0x2}, "", ['\x00']}, 0x120)

13:59:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xf5ffffff, 0x0, 0x0})

13:59:42 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

13:59:42 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

13:59:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5403000000000000)

13:59:42 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1427.334378] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1427.334378]    program syz-executor.2 not setting count and/or reply_len properly
13:59:42 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0xc}, 0x58)

[ 1427.375703] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1427.375703]    program syz-executor.2 not setting count and/or reply_len properly
13:59:42 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r1, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfff, 0x78}}}}, [@NL80211_ATTR_TSID={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xd}]}, 0x50}, 0x1, 0x0, 0x0, 0xc080}, 0x8000)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NL80211_CMD_GET_COALESCE(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r4, 0x100, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x48801}, 0x240080c1)
ioctl$TIOCGSOFTCAR(r6, 0x5602, &(0x7f0000000040))

13:59:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0xe0ffff, 0x2}, "", ['\x00']}, 0x120)

13:59:42 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

[ 1427.602047] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1427.602047]    program syz-executor.2 not setting count and/or reply_len properly
[ 1427.647081] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1427.647081]    program syz-executor.2 not setting count and/or reply_len properly
13:59:53 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:59:53 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xf6ffffff, 0x0, 0x0})

13:59:53 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x14}, 0x58)

13:59:53 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

13:59:53 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x8004000000000000)

13:59:53 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x1000000, 0x2}, "", ['\x00']}, 0x120)

13:59:53 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

13:59:53 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000000))
syz_open_dev$tty1(0xc, 0x4, 0x2)

[ 1437.993149] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1437.993149]    program syz-executor.2 not setting count and/or reply_len properly
13:59:53 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x159000, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1438.016951] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1438.016951]    program syz-executor.2 not setting count and/or reply_len properly
13:59:53 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

13:59:53 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x9f0a000000000000)

13:59:53 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x2000000, 0x2}, "", ['\x00']}, 0x120)

13:59:53 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xfdfdffff, 0x0, 0x0})

[ 1438.187974] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1438.187974]    program syz-executor.2 not setting count and/or reply_len properly
[ 1438.224974] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1438.224974]    program syz-executor.2 not setting count and/or reply_len properly
14:00:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xbc02000000000000)

14:00:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x22}, 0x58)

14:00:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x3000000, 0x2}, "", ['\x00']}, 0x120)

14:00:02 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000080)="65ac0d5f07e5d6e26c5c436463ddbf3823fa235fc265342dbe3ae3ad56ea1274638e1d882d89671067cab3924188be55c0843addedad810a14ae6e81024edb6a3f901961a16dfc247b06cfb91afc444cdb560fcbf3db2b4189a6f2f3ddb18b6947de86e6ff0985ddd0e6e2ace3e78bc47975c5f133c902")

14:00:02 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:02 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xfffffdfd, 0x0, 0x0})

14:00:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1447.071915] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1447.071915]    program syz-executor.2 not setting count and/or reply_len properly
14:00:02 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1447.102459] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1447.102459]    program syz-executor.2 not setting count and/or reply_len properly
14:00:02 executing program 0:
r0 = syz_open_dev$sg(0x0, 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x4000000, 0x2}, "", ['\x00']}, 0x120)

14:00:02 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:02 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x57)

14:00:02 executing program 6:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x9c, 0x0, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3c, 0x10}}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x21}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4}, 0x20000100)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x43200}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x20, r0, 0x300, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x3f}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x6ebdee499f5f0934)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r1)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x38, r5, 0x400, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x1840}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x9c, r6, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xa1, 0x6}}}}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x1}, @NL80211_ATTR_USE_MFP={0x8}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x40, {0x6, 0x9, 0x7, 0x8000}}}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}], @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x93d1}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0xf, 0xf9, "da539d812b6cab95c6a64b"}, @NL80211_ATTR_FILS_ERP_USERNAME={0xb, 0xf9, "645abe25eb16f2"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x20}], @NL80211_ATTR_BSS_SELECT={0xc, 0xe3, 0x0, 0x1, [@NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0xc, 0x1}}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40}, 0x8080)

[ 1447.230701] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1447.230701]    program syz-executor.2 not setting count and/or reply_len properly
14:00:02 executing program 0:
r0 = syz_open_dev$sg(0x0, 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1447.268693] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1447.268693]    program syz-executor.2 not setting count and/or reply_len properly
14:00:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf002000000000000)

14:00:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xffffff0f, 0x0, 0x0})

14:00:02 executing program 0:
r0 = syz_open_dev$sg(0x0, 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:10 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xfffffff5, 0x0, 0x0})

14:00:10 executing program 1:
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c000000f9be19547803ce4d31f73c411f10b134f6970697f28bd852aa36a1bcf62c3e02c955fcc2a324ef965e0abc9b3fc3135cf1e1e8b850a1f6183641d7303b168fefafc4c597f713aaec0ed15594a14b33a956eba72e4ae459eefd8aadb059015354071b845f8ad6063d3e26f3000000", @ANYRES16=0x0, @ANYBLOB="020029bd7000fddbdf250d0000004400018014000300ff01000000000000000000000000000114000300e0000001000000000000000000000000060001000208000008000500040000000600020084000000080004000000000014000280080007001f00000005000d000100000008000400ff7f0000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000085}, 0x0)
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = clone3(&(0x7f00000003c0)={0x80001000, 0x0, &(0x7f0000000300), &(0x7f0000000280), {0x1}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x2, 0x1, 0x1f, 0x0, 0x6, 0x8000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x1, 0x100}, 0x2200, 0x6, 0x1ff, 0x6, 0x2, 0x8, 0x3, 0x0, 0xffffff92, 0x0, 0x7}, r1, 0x3, r2, 0x2)

14:00:10 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x5000000, 0x2}, "", ['\x00']}, 0x120)

14:00:10 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf400000000000000)

14:00:10 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:10 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:10 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000000)={0x2, 0x80000001})
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.stat\x00', 0x0, 0x0)
r2 = openat$incfs(r1, &(0x7f00000000c0)='.log\x00', 0x400a02, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r4, 0xf50f, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$AUTOFS_IOC_FAIL(r3, 0x9361, 0x8)

14:00:10 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:10 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xfffffff6, 0x0, 0x0})

[ 1455.738894] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1455.738894]    program syz-executor.2 not setting count and/or reply_len properly
14:00:10 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

[ 1455.787735] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1455.787735]    program syz-executor.2 not setting count and/or reply_len properly
14:00:10 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x0, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:10 executing program 1:
clone3(&(0x7f0000000000)={0xc0080000, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)=<r0=>0x0)
r1 = getpid()
pidfd_open(r1, 0x0)
clone3(&(0x7f0000000300)={0x80000080, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x3f}, &(0x7f0000000140)=""/230, 0xe6, &(0x7f0000000240)=""/28, &(0x7f00000002c0)=[r0, r1], 0x2}, 0x58)
pidfd_open(0x0, 0x0)

14:00:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf500000000000000)

14:00:21 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x6000000, 0x2}, "", ['\x00']}, 0x120)

14:00:21 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r1 = clone3(&(0x7f0000000640)={0x20715c900, 0x0, 0x0, 0x0, {0x4000000}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
clone3(&(0x7f00000003c0)={0xc8000000, 0x0, &(0x7f0000000000), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r1, r1], 0x2}, 0x58)

14:00:21 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x0, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:21 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:21 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x2, 0x10000)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file0', [{}, {0x20, 'o-@'}, {}, {0x20, '-('}, {0x20, '\\&*\'&]/,#!\\'}, {0x20, ']^#'}, {0x20, '!$++@'}], 0xa, "630deb8db4726f3b71eac0dcb88a068201f9eeabbdb5a9e0118866b901b5e55201603316bd0e557a94254205752f16faf4fbd1a325abdfc2bc2944d220f922536ffc73829a194cd639453659654797c224fde409c91b9c1d593481a2ec061d9b12875c24ff0cc400fb40b8caf1768fe7db95b1dcb92540ea4af142a0bb845aac4485673ef1794506bba1f70249edb04d696e658188c599bb1d90b8c248972e09bc6b8090ed6d4f7ff7bb4c11f2da1424714b73c70b48a344307d5edd39744dacfb6a69fc0f3b8fd20529bf2d2c72d73ccce400405513412186c440"}, 0x105)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000200)={0x7fffffff, 0x2, {0x3, 0x3, 0x6, 0x0, 0x6}, 0xaa4})
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TCSETA(r2, 0x5406, &(0x7f00000001c0)={0x3, 0x7, 0x800, 0x5, 0x4, "44c50081ee84668a"})

14:00:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0xffffffff, 0x0, 0x0})

[ 1466.496284] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1466.496284]    program syz-executor.2 not setting count and/or reply_len properly
14:00:21 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

14:00:21 executing program 0:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:21 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x0, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1466.555615] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1466.555615]    program syz-executor.2 not setting count and/or reply_len properly
14:00:21 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$TIOCGRS485(r1, 0x542e, &(0x7f0000000080))
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

14:00:21 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xf800000000000000)

14:00:21 executing program 0:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:21 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x7000000, 0x2}, "", ['\x00']}, 0x120)

[ 1466.758437] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1466.758437]    program syz-executor.2 not setting count and/or reply_len properly
[ 1466.805734] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1466.805734]    program syz-executor.2 not setting count and/or reply_len properly
14:00:32 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:32 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x8000000, 0x2}, "", ['\x00']}, 0x120)

14:00:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xfbffffff00000000)

14:00:32 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:32 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x2, 0x0})

14:00:32 executing program 1:
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[0x0, 0x0], 0x2}, 0x58)
[ 1477.087869] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1477.087869]    program syz-executor.2 not setting count and/or reply_len properly
ioctl$BTRFS_IOC_SPACE_INFO(0xffffffffffffffff, 0xc0109414, &(0x7f000001a540)=ANY=[@ANYBLOB="ed0f00000000000001000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ddb155a4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f53669e92bded525a109992da000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100"/97877])
pselect6(0x2a, 0x0, 0x0, 0x0, &(0x7f0000000640), 0x0)
syz_open_dev$vcsu(&(0x7f0000000000), 0x7f, 0x101000)

14:00:32 executing program 0:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x2eb, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:32 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540a, 0x3)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

14:00:32 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:32 executing program 7:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:32 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x6, 0x0})

14:00:32 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0xaffffff, 0x2}, "", ['\x00']}, 0x120)

14:00:32 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, 0x0, 0x0)

14:00:32 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000000)='-$&\x81&}$/\'\\\x00', 0x0, r0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))

14:00:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xfeffffff00000000)

14:00:32 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:32 executing program 7:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:32 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x8, 0x0})

[ 1477.348529] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1477.348529]    program syz-executor.2 not setting count and/or reply_len properly
14:00:32 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, 0x0, 0x0)

[ 1477.401998] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1477.401998]    program syz-executor.2 not setting count and/or reply_len properly
14:00:32 executing program 7:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:32 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, 0x0, 0x0)

14:00:41 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:41 executing program 6:
r0 = semget$private(0x0, 0x2, 0x410)
semctl$SEM_INFO(r0, 0x4, 0x13, &(0x7f00000000c0)=""/147)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000080))

14:00:41 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffdfffffff7f0000)

14:00:41 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:41 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x9, 0x0})

14:00:41 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, <r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100))
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=<r2=>0x0)
pidfd_open(r2, 0x0)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000080), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4085, &(0x7f0000000380)=[r1, r0], 0x2}, 0x58)

14:00:41 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x10000000, 0x2}, "", ['\x00']}, 0x120)

14:00:41 executing program 7:
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

[ 1486.273715] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1486.273715]    program syz-executor.2 not setting count and/or reply_len properly
14:00:41 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1486.310695] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1486.310695]    program syz-executor.2 not setting count and/or reply_len properly
14:00:41 executing program 7:
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:41 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:41 executing program 6:
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000100)={0x1e4, r0, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x88, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x101}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xe36a0}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6e35}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_CON_NODE={0x8}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x81}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xf97}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x401}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5a6}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x56add019}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x401}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x11c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x72f7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xec0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x793}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x1e4}}, 0x20000804)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x2b)
ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000000))
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))

14:00:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffefffffff7f0000)

14:00:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x1bfdffff, 0x2}, "", ['\x00']}, 0x120)

14:00:50 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:50 executing program 7:
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:50 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0xd, 0x0})

14:00:50 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x6)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$TIOCGSOFTCAR(r2, 0x5602, &(0x7f0000000040))
ioctl$TCXONC(r2, 0x540a, 0x2)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
ioctl$TCXONC(r1, 0x540a, 0x1)
ioctl$TCGETS2(r1, 0x802c542a, &(0x7f0000000000))

14:00:50 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, "4d2740f7edbf73a84b79eebac74969191c48f0ba06000000e951f43a6366e3d5a5f447260d", ['\x00']}, 0x145)

14:00:50 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0, {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
r3 = fcntl$getown(0xffffffffffffffff, 0x9)
r4 = pidfd_open(0x0, 0x0)
clone3(&(0x7f0000002900)={0x900400, &(0x7f00000002c0)=<r5=>0xffffffffffffffff, &(0x7f0000000540), &(0x7f0000000580), {0x3b}, &(0x7f0000002800)=""/138, 0x8a, &(0x7f00000005c0)=""/45, &(0x7f00000028c0)=[r0, r1, r3, 0x0], 0x4}, 0x58)
ptrace$setopts(0x4206, 0x0, 0x4, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)=<r6=>0x0)
r7 = getpid()
write$binfmt_elf64(r5, &(0x7f0000003c40)=ANY=[@ANYBLOB="7f454c463f000220ffffffff000000000300030008000000f3010000000000004000000000000000d500000000000000080000007800380001005c02ff0f070000000000090000000000000000000000cf63000000000000ffffff7f000000000900000000000000080000000000000000000000000000000000000000040000ff0f00000000000090ab0000000000000400000000000000ff000000000000007f00000000000000020000000000000093a910d14eee187dade32c109f94847228ce4b786a44d9b5427360aa69e6ff810bc2b4548db8883be93b1f20fd17705c005e8ef5c369dd6d8d5c862e8cbc3ca1a8a9583e306bc76d677e4fb50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000895aa77d00"/764], 0x2fc)
pidfd_open(r7, 0x0)
pidfd_open(r2, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000440)=@abs, 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000500)=""/48, 0x30}], 0x1, &(0x7f0000002800)}, 0xa0)
r8 = getpgrp(0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000002980)={{0x1, 0x1, 0x18, <r9=>r5, {0xee00}}, './file0\x00'})
ioctl$BTRFS_IOC_RM_DEV_V2(r4, 0x5000943a, &(0x7f0000002c40)={{r9}, 0x0, 0x0, @inherit={0x58, &(0x7f0000002bc0)={0x0, 0x2, 0x30, 0xe90a, {0xf, 0x101, 0x81, 0x4, 0x4b7f}, [0x752, 0x7f]}}, @subvolid=0x53})
r10 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r10, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
r11 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000002780), 0x88040, 0x0)
clone3(&(0x7f0000002700)={0x200000000, &(0x7f00000027c0), &(0x7f0000000040), &(0x7f0000000080), {0xe}, &(0x7f00000000c0)=""/229, 0xe5, &(0x7f00000001c0)=""/184, &(0x7f00000026c0)=[r6, r8, 0x0, r2, r8, r1], 0x6, {r11}}, 0x58)

[ 1495.792965] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1495.792965]    program syz-executor.2 not setting count and/or reply_len properly
[ 1495.817428] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1495.817428]    program syz-executor.2 not setting count and/or reply_len properly
14:00:50 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x1)

14:00:50 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, "", ['\x00']}, 0x120)

14:00:50 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:00:51 executing program 7:
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:00:51 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x600, 0x0})

14:00:51 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffffc90000000000)

14:00:51 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x44feffff, 0x2}, "", ['\x00']}, 0x120)

14:00:51 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, "", ['\x00']}, 0x120)

[ 1496.134388] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1496.134388]    program syz-executor.2 not setting count and/or reply_len properly
[ 1496.207025] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1496.207025]    program syz-executor.2 not setting count and/or reply_len properly
14:01:02 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80)
recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:01:02 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x6a0041, 0x0)
r2 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7f, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="098a60b0366f74b0f9bb2aafe98ef9813df42f0dfe0ff8fcf77edd0b", 0x1c, 0xffff}], 0x21000, &(0x7f0000000300)=ANY=[@ANYBLOB="666d61736b3d30303030303030303030303030303030303030303030332c06971ee7ea8049a5636b66736861743d2f6465762f66756c6c002c657569643defaaab5ff01460bd9b802146195d244ac4442223444b955645d6c57ff4a3a4755a7e7436adde3a781ec56bd8b673750bc15189a43935bab400a1404d5e9b519a1aaee90ba020b21ebf0827a408", @ANYRESDEC, @ANYBLOB=',\x00'])
readlinkat(r2, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/90, 0x5a)
ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000000080))

14:01:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x6dffffff, 0x2}, "", ['\x00']}, 0x120)

14:01:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffffff7f00000000)

14:01:02 executing program 7:
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:01:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x900, 0x0})

14:01:02 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syncfs(0xffffffffffffffff)
ioctl$TIOCCONS(0xffffffffffffffff, 0x541d)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000026c0)=""/4096, &(0x7f0000000000)=[r0, r0, r0, r0], 0x4}, 0x58)

14:01:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, "", ['\x00']}, 0x120)

[ 1507.260784] loop6: detected capacity change from 0 to 255
[ 1507.278155] loop6: detected capacity change from 0 to 255
14:01:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, "4d2740f7edbf73a84b79eebac74969191c48f0", ['\x00']}, 0x133)

[ 1507.308688] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1507.308688]    program syz-executor.2 not setting count and/or reply_len properly
14:01:02 executing program 6:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0x4d, 0x2101)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x0, 0xee01}}, './file0\x00'})
r3 = accept$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000140)=0x1c)
kcmp(0xffffffffffffffff, r0, 0x1, r2, r3)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r4, 0x5602, &(0x7f0000000040))

14:01:02 executing program 7:
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

[ 1507.393766] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1507.393766]    program syz-executor.2 not setting count and/or reply_len properly
14:01:02 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0xd00, 0x0})

14:01:02 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:01:02 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

14:01:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, 'M', ['\x00']}, 0x121)

14:01:02 executing program 1:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x10001]}, 0x8, 0x0)
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)}], 0x1, 0x4)
r1 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
mknodat$null(r3, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
sendmsg$nl_netfilter(r3, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f0000000180)={0x150, 0xa, 0x5, 0x5, 0x70bd2c, 0x25dfdbff, {0xc, 0x0, 0x8}, [@typed={0x8, 0x5b, 0x0, 0x0, @fd=r2}, @typed={0xcd, 0xd, 0x0, 0x0, @binary="c2a6bd79b2cbeeb3e9cf1a7aa4fe6ed108703a9efce5b4a9416287f60e17af5107a766384ed926b126957e8f8cd4613559f33914f53860dc2e05746d126ef8ebcf08812cd08fe999284358425e635e185cf8c950707f83b100b88d09ddcbafacc4a0dcaa863e5d46c0f441c697a653933d37078bbe2e021ce85576f42e586d75b7fc47f124218c3c57457fd8ef360ef89a442ade707352a5f4fb23a49dde5f0b3a1eb570b77a35810d0a715262fadf3f45ef72ba4be56b7ea19d82f1cf82ec2f2d9641123d722234b2"}, @generic="5c89b2467c04f374a1cde577837fbb7c67081576cc98c69d166f2a85e2cd3c5e6bed23d1fe14de4ffe5375921b39cdd08966e30b808893fa04cdd91d25c22f0f420ff0eb75565c14d97d8cfdb61c8eefe3dfdd27590870940a8ba5452559dac3a271be06"]}, 0x150}, 0x1, 0x0, 0x0, 0x8}, 0xc00)
mknodat$null(r2, &(0x7f0000000140)='./file0\x00', 0x0, 0x103)
openat$cgroup_ro(r2, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0)
r4 = signalfd4(r0, &(0x7f0000000080)={[0x1]}, 0x8, 0x800)
getdents(r4, &(0x7f00000026c0)=""/4096, 0x1000)
clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340), {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r1, r1], 0x2}, 0x58)

14:01:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffffffff00000000)

14:01:02 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0x7efdffff, 0x2}, "", ['\x00']}, 0x120)

14:01:02 executing program 6:
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
ioctl$TCXONC(r0, 0x540a, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000000))

[ 1507.662884] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1507.662884]    program syz-executor.2 not setting count and/or reply_len properly
[ 1507.729429] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1507.729429]    program syz-executor.2 not setting count and/or reply_len properly
14:01:13 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:01:13 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:01:13 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, 'M', ['\x00']}, 0x121)

14:01:13 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0xffffffffffffffff)

14:01:13 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0xfdfd, 0x0})

14:01:13 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r1, 0x5602, &(0x7f0000000040))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x3f)
fcntl$getflags(0xffffffffffffffff, 0x3)
r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x5018c0, 0x100)
ioctl$VT_ACTIVATE(r2, 0x5606, 0x8)

14:01:13 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0xa71f0000, 0x2}, "", ['\x00']}, 0x120)

14:01:13 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0, {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
r4 = getpid()
pidfd_open(r4, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=<r5=>0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000280)=<r6=>0x0)
clone3(&(0x7f0000000440)={0x1000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x24}, &(0x7f00000000c0)=""/223, 0xdf, &(0x7f00000001c0)=""/116, &(0x7f00000002c0)=[r1, r4, r5, r2, 0x0, r6, 0xffffffffffffffff, r2, r3, r2], 0xa}, 0x58)

14:01:13 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(0xffffffffffffffff, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[ 1518.626766] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1518.626766]    program syz-executor.2 not setting count and/or reply_len properly
14:01:13 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:01:13 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x80000, 0x0})

14:01:13 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, 'M', ['\x00']}, 0x121)

14:01:13 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

[ 1518.695815] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1518.695815]    program syz-executor.2 not setting count and/or reply_len properly
14:01:13 executing program 6:
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000080)={0x3, 0x3f, 0x100, {0x400, 0x5}, 0x3f, 0xdd75})
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))

14:01:13 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)

14:01:13 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, "4d2740f7edbf73a84b79", ['\x00']}, 0x12a)

14:01:13 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0xa7feffff, 0x2}, "", ['\x00']}, 0x120)

14:01:13 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1ff)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:01:13 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x1000000, 0x0})

[ 1518.952652] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1518.952652]    program syz-executor.2 not setting count and/or reply_len properly
[ 1518.996412] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1518.996412]    program syz-executor.2 not setting count and/or reply_len properly
14:01:24 executing program 6:
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5602, &(0x7f0000000040))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000080))
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0xffffffff, 0x6, 0x1, 0x1, 0x1b, "8e3a25ba6c288c54ae78a77b12541fe7768636"})

14:01:24 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000300)={{0x0, 0x1, 0x8, 0x36b, 0xb8fcffff, 0x2}, "", ['\x00']}, 0x120)

14:01:24 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x2000000, 0x0})

14:01:24 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, 'M', ['\x00']}, 0x121)

14:01:24 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000240), &(0x7f0000000280)={'U+', 0x1648}, 0x16, 0x1)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x28, 0x0, 0x8, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x9, 0x6f}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x814)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)

14:01:24 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:01:24 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

14:01:24 executing program 1:
r0 = clone3(&(0x7f0000000640)={0xad00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = clone3(&(0x7f00000003c0)={0x80000000, 0x0, &(0x7f0000000300), &(0x7f0000000340)=<r2=>0x0, {0x2e}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f00000016c0)=""/4096, &(0x7f0000000380)=[r0, r0], 0x2}, 0x58)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r3=>0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/partitions\x00', 0x0, 0x0)
clone3(&(0x7f0000000240)={0x800000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x13}, &(0x7f00000000c0)=""/132, 0x84, &(0x7f00000026c0)=""/4096, &(0x7f00000001c0)=[r3, r1, r2], 0x3, {r4}}, 0x58)

[ 1529.508629] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1529.508629]    program syz-executor.2 not setting count and/or reply_len properly
14:01:24 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, 'M', ['\x00']}, 0x121)

[ 1529.533219] sg_write: data in/out 839/246 bytes for SCSI command 0x0-- guessing data in;
[ 1529.533219]    program syz-executor.2 not setting count and/or reply_len properly
14:01:24 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x5002000000000000)

14:01:24 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
write$binfmt_aout(r0, &(0x7f0000000040)={{}, 'M', ['\x00']}, 0x121)

14:01:24 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x26)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x1000000402)
recvfrom(r0, &(0x7f0000000000)=""/102, 0x66, 0x2, &(0x7f00000000c0)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

14:01:24 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x6000000, 0x0})


VM DIAGNOSIS:
14:06:25  Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=ffff88801686f118 RCX=ffffffff81508a4c RDX=ffffed1002d0de1a
RSI=0000000000000008 RDI=ffff88801686f0c8 RBP=ffff8880466df9e0 RSP=ffff8880466df918
R8 =0000000000000001 R9 =ffffed1002d0de19 R10=ffff88801686f0cf R11=0000000000000001
R12=ffff88801686f0c8 R13=ffff88801686f118 R14=ffff8880466df9e0 R15=ffff8880466df9c0
RIP=ffffffff81508a52 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fd9bc030700 00000000 00000000
GS =0000 ffff8880e55e7000 00000000 00000000
LDT=0000 fffffe2300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbe79a3f010 CR3=000000001e500000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=746f72702f6374652f00656372000a23
XMM04=40404040404040404040404040404040 XMM05=5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a
XMM06=20202020202020202020202020202020 XMM07=00000000000000000000000000000000
XMM08=3270682820262620294c4c554e203d21 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff85c1b7a0 RDI=ffffffff85c1b7a0 RBP=ffffffff85c1b7a0 RSP=ffff88800a42f8c0
R8 =00000000ffffffff R9 =ffffed1002d0de19 R10=0000000000000000 R11=0000000000000001
R12=ffff888015a15280 R13=ffff888015a15cd8 R14=00000000ffffffff R15=ffff88800a42f9c0
RIP=ffffffff84b9e841 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fd9bbfee700 00000000 00000000
GS =0000 ffff8880e56e7000 00000000 00000000
LDT=0000 fffffe2c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000562235542618 CR3=000000001e500000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000004157769200000000 XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000