current+0x187/0x280 [ 1625.210010] sg_build_indirect.isra.0+0x2f5/0x710 [ 1625.210747] sg_common_write.constprop.0+0x992/0x1a30 [ 1625.211519] ? sg_build_indirect.isra.0+0x710/0x710 [ 1625.212256] ? vprintk_func+0x93/0x140 [ 1625.212847] ? printk+0xba/0xf1 [ 1625.213336] ? record_print_text.cold+0x16/0x16 [ 1625.214041] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1625.214081] FAULT_INJECTION: forcing a failure. [ 1625.214081] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1625.214795] ? trace_hardirqs_on+0x5b/0x180 [ 1625.214821] sg_write.part.0+0x69e/0xaa0 [ 1625.214845] ? sg_new_write.isra.0+0x770/0x770 [ 1625.219577] ? __lockdep_reset_lock+0x180/0x180 [ 1625.220280] ? perf_trace_lock+0xac/0x490 [ 1625.220907] ? lock_acquire+0x197/0x470 [ 1625.221511] ? find_held_lock+0x2c/0x110 [ 1625.222139] ? _cond_resched+0x12/0x80 [ 1625.222735] ? inode_security+0x107/0x140 [ 1625.223366] ? avc_policy_seqno+0x9/0x70 [ 1625.223970] ? selinux_file_permission+0x92/0x520 [ 1625.224707] sg_write+0x87/0x120 [ 1625.225225] ? sg_write.part.0+0xaa0/0xaa0 [ 1625.225856] vfs_write+0x29a/0xb10 [ 1625.226411] ksys_write+0x12d/0x260 [ 1625.226967] ? __ia32_sys_read+0xb0/0xb0 [ 1625.227575] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1625.228364] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1625.229160] do_syscall_64+0x33/0x40 [ 1625.229722] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1625.230527] RIP: 0033:0x7f794b5b5b19 [ 1625.231080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1625.233787] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1625.234945] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1625.235997] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1625.237048] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1625.238122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1625.239217] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1625.240307] CPU: 0 PID: 22325 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1625.241993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1625.244032] Call Trace: [ 1625.244671] dump_stack+0x107/0x167 [ 1625.245554] should_fail.cold+0x5/0xa [ 1625.246501] __alloc_pages_nodemask+0x182/0x600 [ 1625.247641] ? __kmalloc+0x16e/0x390 [ 1625.248550] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1625.250037] ? trace_hardirqs_on+0x5b/0x180 [ 1625.251111] alloc_pages_current+0x187/0x280 [ 1625.252186] sg_build_indirect.isra.0+0x2f5/0x710 [ 1625.253363] sg_common_write.constprop.0+0x992/0x1a30 [ 1625.254644] ? sg_build_indirect.isra.0+0x710/0x710 [ 1625.255842] ? vprintk_func+0x93/0x140 [ 1625.256782] ? printk+0xba/0xf1 [ 1625.257584] ? record_print_text.cold+0x16/0x16 [ 1625.258715] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1625.259927] ? trace_hardirqs_on+0x5b/0x180 [ 1625.260988] sg_write.part.0+0x69e/0xaa0 [ 1625.261975] ? sg_new_write.isra.0+0x770/0x770 [ 1625.263098] ? __lockdep_reset_lock+0x180/0x180 [ 1625.264207] ? perf_trace_lock+0xac/0x490 [ 1625.265208] ? lock_acquire+0x197/0x470 [ 1625.266152] ? find_held_lock+0x2c/0x110 [ 1625.267153] ? _cond_resched+0x12/0x80 [ 1625.268086] ? inode_security+0x107/0x140 [ 1625.269077] ? avc_policy_seqno+0x9/0x70 [ 1625.270058] ? selinux_file_permission+0x92/0x520 [ 1625.271245] sg_write+0x87/0x120 [ 1625.272066] ? sg_write.part.0+0xaa0/0xaa0 [ 1625.273065] vfs_write+0x29a/0xb10 [ 1625.273914] ksys_write+0x12d/0x260 [ 1625.274790] ? __ia32_sys_read+0xb0/0xb0 [ 1625.275757] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 03:19:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0xb6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1625.276996] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1625.278402] do_syscall_64+0x33/0x40 [ 1625.279286] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1625.280516] RIP: 0033:0x7f5171091b19 [ 1625.281405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1625.285730] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1625.287516] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1625.289188] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1625.290874] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1625.292546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1625.294195] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:19:50 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0xf0e10b1b000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:19:50 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc020660b, &(0x7f0000000000)) 03:19:50 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0xf0210c1b000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 1625.344239] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1625.344239] program syz-executor.0 not setting count and/or reply_len properly 03:19:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x2, 0x1800}, {0x2, 0x7, 0x1400}, {0x2, 0x8fc}, {0x2, 0x7, 0x1800}, {0x2, 0x7ff}, {0x2, 0x1000, 0x800}, {0x2, 0x0, 0x1000}, {0x4, 0xff, 0x1800}, {0x4, 0x6, 0x1000}, {0x0, 0x7fff, 0x1000}], 0xa, &(0x7f00000000c0)={r0, r1+60000000}) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:19:51 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0xf0ff1f00000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:19:51 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000000)) 03:19:51 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0xf0ff1f00000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:19:51 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x5451, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:19:51 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:19:51 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 39) 03:19:51 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x100000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 1625.505902] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1625.505902] program syz-executor.0 not setting count and/or reply_len properly [ 1625.519598] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1625.519598] program syz-executor.7 not setting count and/or reply_len properly [ 1625.530622] FAULT_INJECTION: forcing a failure. [ 1625.530622] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1625.532180] CPU: 1 PID: 22650 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1625.533055] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1625.534104] Call Trace: [ 1625.534450] dump_stack+0x107/0x167 [ 1625.534910] should_fail.cold+0x5/0xa [ 1625.535398] __alloc_pages_nodemask+0x182/0x600 [ 1625.535989] ? __kmalloc+0x16e/0x390 [ 1625.536456] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1625.537216] ? trace_hardirqs_on+0x5b/0x180 [ 1625.537759] alloc_pages_current+0x187/0x280 [ 1625.538323] sg_build_indirect.isra.0+0x2f5/0x710 [ 1625.538947] sg_common_write.constprop.0+0x992/0x1a30 [ 1625.539602] ? sg_build_indirect.isra.0+0x710/0x710 [ 1625.540230] ? vprintk_func+0x93/0x140 [ 1625.540721] ? printk+0xba/0xf1 [ 1625.541142] ? record_print_text.cold+0x16/0x16 [ 1625.541729] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1625.542362] ? trace_hardirqs_on+0x5b/0x180 [ 1625.542919] sg_write.part.0+0x69e/0xaa0 [ 1625.543431] ? sg_new_write.isra.0+0x770/0x770 [ 1625.544020] ? __lockdep_reset_lock+0x180/0x180 [ 1625.544604] ? perf_trace_lock+0xac/0x490 [ 1625.545131] ? lock_acquire+0x197/0x470 [ 1625.545629] ? find_held_lock+0x2c/0x110 [ 1625.546151] ? _cond_resched+0x12/0x80 [ 1625.546653] ? inode_security+0x107/0x140 [ 1625.547174] ? avc_policy_seqno+0x9/0x70 [ 1625.547683] ? selinux_file_permission+0x92/0x520 [ 1625.548294] sg_write+0x87/0x120 [ 1625.548716] ? sg_write.part.0+0xaa0/0xaa0 [ 1625.549242] vfs_write+0x29a/0xb10 [ 1625.549688] ksys_write+0x12d/0x260 [ 1625.550141] ? __ia32_sys_read+0xb0/0xb0 [ 1625.550657] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1625.551311] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1625.551956] do_syscall_64+0x33/0x40 [ 1625.552421] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1625.553059] RIP: 0033:0x7f794b5b5b19 [ 1625.553524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1625.555815] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1625.556770] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1625.557663] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1625.558558] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1625.559444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1625.560338] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:20:05 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x800000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:05 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x5452, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:20:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:05 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 03:20:05 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x100000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 40) 03:20:05 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 37) 03:20:05 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000008, 0x20010, r0, 0x0) r2 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000180)=@sco}, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) syz_io_uring_submit(r6, r4, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r4, 0x0, 0x3) r7 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0) syz_io_uring_submit(r1, r4, &(0x7f0000000080)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r7}, 0xcb) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1639.746427] sg_write: data in/out 150994910/80 bytes for SCSI command 0x0-- guessing data in; [ 1639.746427] program syz-executor.0 not setting count and/or reply_len properly [ 1639.763164] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1639.763164] program syz-executor.6 not setting count and/or reply_len properly [ 1639.763869] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1639.763869] program syz-executor.7 not setting count and/or reply_len properly [ 1639.776189] FAULT_INJECTION: forcing a failure. [ 1639.776189] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1639.778790] CPU: 1 PID: 22822 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1639.780232] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.781947] Call Trace: [ 1639.782499] dump_stack+0x107/0x167 [ 1639.783260] should_fail.cold+0x5/0xa [ 1639.784048] __alloc_pages_nodemask+0x182/0x600 [ 1639.785004] ? __kmalloc+0x16e/0x390 [ 1639.785773] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1639.787030] ? trace_hardirqs_on+0x5b/0x180 [ 1639.787930] alloc_pages_current+0x187/0x280 [ 1639.788859] sg_build_indirect.isra.0+0x2f5/0x710 [ 1639.789863] sg_common_write.constprop.0+0x992/0x1a30 [ 1639.790964] ? sg_build_indirect.isra.0+0x710/0x710 [ 1639.791996] ? vprintk_func+0x93/0x140 [ 1639.792798] ? printk+0xba/0xf1 [ 1639.793480] ? record_print_text.cold+0x16/0x16 [ 1639.794450] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1639.795501] ? trace_hardirqs_on+0x5b/0x180 [ 1639.796396] sg_write.part.0+0x69e/0xaa0 [ 1639.797231] ? sg_new_write.isra.0+0x770/0x770 [ 1639.798189] ? __lockdep_reset_lock+0x180/0x180 [ 1639.799162] ? perf_trace_lock+0xac/0x490 [ 1639.800015] ? lock_acquire+0x197/0x470 [ 1639.800850] ? find_held_lock+0x2c/0x110 [ 1639.801685] ? _cond_resched+0x12/0x80 [ 1639.802484] ? inode_security+0x107/0x140 [ 1639.803357] ? avc_policy_seqno+0x9/0x70 [ 1639.804183] ? selinux_file_permission+0x92/0x520 [ 1639.805180] sg_write+0x87/0x120 [ 1639.805882] ? sg_write.part.0+0xaa0/0xaa0 [ 1639.806748] vfs_write+0x29a/0xb10 [ 1639.807504] ksys_write+0x12d/0x260 [ 1639.808250] ? __ia32_sys_read+0xb0/0xb0 [ 1639.809085] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1639.810167] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1639.811260] do_syscall_64+0x33/0x40 [ 1639.812022] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.813062] RIP: 0033:0x7f5171091b19 [ 1639.813830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.817611] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1639.819183] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1639.820647] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1639.822113] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.823595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1639.825067] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1639.826999] FAULT_INJECTION: forcing a failure. [ 1639.826999] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1639.830469] CPU: 0 PID: 22821 Comm: syz-executor.7 Not tainted 5.10.230 #1 03:20:05 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x800000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 1639.832462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.834999] Call Trace: [ 1639.835755] dump_stack+0x107/0x167 [ 1639.836800] should_fail.cold+0x5/0xa [ 1639.837895] __alloc_pages_nodemask+0x182/0x600 [ 1639.839239] ? __kmalloc+0x16e/0x390 [ 1639.840298] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1639.842022] ? trace_hardirqs_on+0x5b/0x180 [ 1639.843282] alloc_pages_current+0x187/0x280 [ 1639.844551] sg_build_indirect.isra.0+0x2f5/0x710 [ 1639.845945] sg_common_write.constprop.0+0x992/0x1a30 [ 1639.847452] ? sg_build_indirect.isra.0+0x710/0x710 [ 1639.848883] ? vprintk_func+0x93/0x140 [ 1639.849996] ? printk+0xba/0xf1 [ 1639.850951] ? record_print_text.cold+0x16/0x16 [ 1639.852287] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1639.853713] ? trace_hardirqs_on+0x5b/0x180 [ 1639.854981] sg_write.part.0+0x69e/0xaa0 [ 1639.855971] ? sg_new_write.isra.0+0x770/0x770 [ 1639.857086] ? __lockdep_reset_lock+0x180/0x180 [ 1639.858206] ? perf_trace_lock+0xac/0x490 [ 1639.859219] ? lock_acquire+0x197/0x470 [ 1639.860173] ? find_held_lock+0x2c/0x110 [ 1639.861169] ? _cond_resched+0x12/0x80 [ 1639.862101] ? inode_security+0x107/0x140 [ 1639.863116] ? avc_policy_seqno+0x9/0x70 [ 1639.864085] ? selinux_file_permission+0x92/0x520 [ 1639.865256] sg_write+0x87/0x120 [ 1639.866082] ? sg_write.part.0+0xaa0/0xaa0 [ 1639.867120] vfs_write+0x29a/0xb10 [ 1639.867979] ksys_write+0x12d/0x260 [ 1639.868857] ? __ia32_sys_read+0xb0/0xb0 [ 1639.869859] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1639.871165] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1639.872420] do_syscall_64+0x33/0x40 [ 1639.873327] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.874585] RIP: 0033:0x7f794b5b5b19 [ 1639.875503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.880032] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1639.881903] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1639.883661] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1639.885402] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.887160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1639.888910] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:20:05 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc05c5340, &(0x7f0000000000)) 03:20:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:05 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x1100000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:05 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x5460, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:20:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 41) [ 1640.030615] sg_write: data in/out 150994911/80 bytes for SCSI command 0x0-- guessing data in; [ 1640.030615] program syz-executor.0 not setting count and/or reply_len properly [ 1640.041925] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1640.041925] program syz-executor.7 not setting count and/or reply_len properly [ 1640.056384] FAULT_INJECTION: forcing a failure. [ 1640.056384] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1640.058977] CPU: 1 PID: 22984 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1640.060432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1640.062176] Call Trace: [ 1640.062732] dump_stack+0x107/0x167 [ 1640.063498] should_fail.cold+0x5/0xa [ 1640.064317] __alloc_pages_nodemask+0x182/0x600 [ 1640.065295] ? __kmalloc+0x16e/0x390 [ 1640.066080] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1640.067359] ? trace_hardirqs_on+0x5b/0x180 [ 1640.068275] alloc_pages_current+0x187/0x280 [ 1640.069209] sg_build_indirect.isra.0+0x2f5/0x710 [ 1640.070240] sg_common_write.constprop.0+0x992/0x1a30 [ 1640.071352] ? sg_build_indirect.isra.0+0x710/0x710 [ 1640.072397] ? vprintk_func+0x93/0x140 [ 1640.073220] ? printk+0xba/0xf1 [ 1640.073916] ? record_print_text.cold+0x16/0x16 [ 1640.074905] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1640.075978] ? trace_hardirqs_on+0x5b/0x180 [ 1640.076901] sg_write.part.0+0x69e/0xaa0 [ 1640.077762] ? sg_new_write.isra.0+0x770/0x770 [ 1640.078737] ? __lockdep_reset_lock+0x180/0x180 [ 1640.079721] ? perf_trace_lock+0xac/0x490 [ 1640.080597] ? lock_acquire+0x197/0x470 [ 1640.081434] ? find_held_lock+0x2c/0x110 [ 1640.082307] ? _cond_resched+0x12/0x80 [ 1640.083142] ? inode_security+0x107/0x140 [ 1640.084007] ? avc_policy_seqno+0x9/0x70 [ 1640.084843] ? selinux_file_permission+0x92/0x520 [ 1640.085872] sg_write+0x87/0x120 [ 1640.086587] ? sg_write.part.0+0xaa0/0xaa0 [ 1640.087487] vfs_write+0x29a/0xb10 [ 1640.088243] ksys_write+0x12d/0x260 [ 1640.089015] ? __ia32_sys_read+0xb0/0xb0 [ 1640.089880] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1640.090994] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1640.092092] do_syscall_64+0x33/0x40 [ 1640.092878] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1640.093960] RIP: 0033:0x7f794b5b5b19 [ 1640.094747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1640.098631] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1640.100252] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1640.101760] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1640.103273] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1640.104772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1640.106274] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:20:05 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc08c5332, &(0x7f0000000000)) 03:20:20 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x1100000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 42) 03:20:20 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40049409, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:20:20 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x3f00000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:20 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 38) 03:20:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgid(0x0) perf_event_open(&(0x7f0000000080)={0x7, 0x80, 0x7, 0x0, 0xff, 0xab, 0x0, 0x20, 0xc0490, 0xb, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x23, 0x4, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x4, 0x400, 0x7, 0x7b7, 0x511c, 0x1, 0x0, 0x800, 0x0, 0xcd}, r0, 0x2, 0xffffffffffffffff, 0x2) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000100)='net/vlan/vlan0\x00') ptrace(0xffffffffffffffff, 0x0) r2 = mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000004, 0x4000010, r1, 0x10000000) r3 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000140)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x10, 0x0, {0x0, r7}}, 0xfffffffc) socket$inet6_tcp(0xa, 0x1, 0x0) 03:20:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:20 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc08c5334, &(0x7f0000000000)) [ 1654.969901] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1654.969901] program syz-executor.7 not setting count and/or reply_len properly [ 1654.989489] sg_write: data in/out 150994912/80 bytes for SCSI command 0x0-- guessing data in; [ 1654.989489] program syz-executor.0 not setting count and/or reply_len properly [ 1654.991480] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1654.991480] program syz-executor.6 not setting count and/or reply_len properly [ 1655.001907] FAULT_INJECTION: forcing a failure. [ 1655.001907] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1655.004806] CPU: 0 PID: 23101 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1655.006370] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.008247] Call Trace: [ 1655.008852] dump_stack+0x107/0x167 [ 1655.009668] should_fail.cold+0x5/0xa [ 1655.010527] __alloc_pages_nodemask+0x182/0x600 [ 1655.011585] ? __kmalloc+0x16e/0x390 [ 1655.012426] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1655.013780] ? trace_hardirqs_on+0x5b/0x180 [ 1655.014759] alloc_pages_current+0x187/0x280 [ 1655.015758] sg_build_indirect.isra.0+0x2f5/0x710 [ 1655.016853] sg_common_write.constprop.0+0x992/0x1a30 [ 1655.018018] ? sg_build_indirect.isra.0+0x710/0x710 [ 1655.019137] ? vprintk_func+0x93/0x140 [ 1655.020025] ? printk+0xba/0xf1 [ 1655.020763] ? record_print_text.cold+0x16/0x16 [ 1655.021804] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1655.022937] ? trace_hardirqs_on+0x5b/0x180 [ 1655.023935] sg_write.part.0+0x69e/0xaa0 [ 1655.024847] ? sg_new_write.isra.0+0x770/0x770 [ 1655.025889] ? __lockdep_reset_lock+0x180/0x180 [ 1655.026933] ? perf_trace_lock+0xac/0x490 [ 1655.027878] ? lock_acquire+0x197/0x470 [ 1655.028768] ? find_held_lock+0x2c/0x110 [ 1655.029693] ? _cond_resched+0x12/0x80 [ 1655.030574] ? inode_security+0x107/0x140 [ 1655.031511] ? avc_policy_seqno+0x9/0x70 [ 1655.032422] ? selinux_file_permission+0x92/0x520 [ 1655.033508] sg_write+0x87/0x120 [ 1655.034268] ? sg_write.part.0+0xaa0/0xaa0 [ 1655.035217] vfs_write+0x29a/0xb10 [ 1655.036036] ksys_write+0x12d/0x260 [ 1655.036856] ? __ia32_sys_read+0xb0/0xb0 [ 1655.037776] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1655.038951] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1655.040124] do_syscall_64+0x33/0x40 [ 1655.040966] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.042112] RIP: 0033:0x7f794b5b5b19 [ 1655.042952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.047081] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1655.048802] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1655.050401] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1655.052013] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1655.053618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1655.055218] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:20:20 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc08c5335, &(0x7f0000000000)) [ 1655.065638] FAULT_INJECTION: forcing a failure. [ 1655.065638] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1655.068326] CPU: 0 PID: 23109 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1655.069878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.071752] Call Trace: [ 1655.072346] dump_stack+0x107/0x167 [ 1655.073178] should_fail.cold+0x5/0xa [ 1655.074040] __alloc_pages_nodemask+0x182/0x600 [ 1655.075087] ? __kmalloc+0x16e/0x390 [ 1655.075948] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1655.077313] ? trace_hardirqs_on+0x5b/0x180 [ 1655.078295] alloc_pages_current+0x187/0x280 [ 1655.079297] sg_build_indirect.isra.0+0x2f5/0x710 [ 1655.080406] sg_common_write.constprop.0+0x992/0x1a30 [ 1655.081581] ? sg_build_indirect.isra.0+0x710/0x710 [ 1655.082703] ? vprintk_func+0x93/0x140 [ 1655.083589] ? printk+0xba/0xf1 [ 1655.084329] ? record_print_text.cold+0x16/0x16 [ 1655.085385] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1655.086517] ? trace_hardirqs_on+0x5b/0x180 [ 1655.087512] sg_write.part.0+0x69e/0xaa0 [ 1655.088434] ? sg_new_write.isra.0+0x770/0x770 [ 1655.089473] ? __lockdep_reset_lock+0x180/0x180 [ 1655.090521] ? perf_trace_lock+0xac/0x490 [ 1655.091473] ? lock_acquire+0x197/0x470 [ 1655.092363] ? find_held_lock+0x2c/0x110 [ 1655.093294] ? _cond_resched+0x12/0x80 [ 1655.094173] ? inode_security+0x107/0x140 [ 1655.095101] ? avc_policy_seqno+0x9/0x70 [ 1655.096024] ? selinux_file_permission+0x92/0x520 [ 1655.097127] sg_write+0x87/0x120 [ 1655.097897] ? sg_write.part.0+0xaa0/0xaa0 [ 1655.098850] vfs_write+0x29a/0xb10 [ 1655.099668] ksys_write+0x12d/0x260 [ 1655.100487] ? __ia32_sys_read+0xb0/0xb0 [ 1655.101410] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1655.102591] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1655.103778] do_syscall_64+0x33/0x40 [ 1655.104617] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.105773] RIP: 0033:0x7f5171091b19 [ 1655.106610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.110744] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1655.112462] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1655.114059] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1655.115670] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1655.117272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1655.118878] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:20:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:20 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x3f00000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:20 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x4000000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 1655.182666] sg_write: data in/out 150994913/80 bytes for SCSI command 0x0-- guessing data in; [ 1655.182666] program syz-executor.0 not setting count and/or reply_len properly 03:20:20 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0xffffffff00000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000440)={0x100003, 0xb, 0x0, 'queue1\x00', 0x3}) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/zoneinfo\x00', 0x0, 0x0) r4 = syz_io_uring_setup(0x7950, &(0x7f00000002c0)={0x0, 0x9592, 0x24, 0x3, 0x1c0, 0x0, r3}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000180), &(0x7f0000000080)) r5 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000000c0)=0x0) ptrace(0x11, r7) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r5, r8, 0x6, 0xffffffffffffffff, r6) ptrace(0x8, r5) socket$inet6_tcp(0xa, 0x1, 0x0) 03:20:20 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc08c5336, &(0x7f0000000000)) 03:20:20 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x4000000000000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:20 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x2}, 0x58) 03:20:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 43) [ 1655.410165] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1655.410165] program syz-executor.7 not setting count and/or reply_len properly [ 1655.438677] FAULT_INJECTION: forcing a failure. [ 1655.438677] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1655.441529] CPU: 0 PID: 23394 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1655.443128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.445064] Call Trace: [ 1655.445676] dump_stack+0x107/0x167 [ 1655.446521] should_fail.cold+0x5/0xa [ 1655.447410] __alloc_pages_nodemask+0x182/0x600 [ 1655.448508] ? __kmalloc+0x16e/0x390 [ 1655.449370] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1655.450773] ? trace_hardirqs_on+0x5b/0x180 [ 1655.451792] alloc_pages_current+0x187/0x280 [ 1655.452813] sg_build_indirect.isra.0+0x2f5/0x710 [ 1655.453940] sg_common_write.constprop.0+0x992/0x1a30 [ 1655.455144] ? sg_build_indirect.isra.0+0x710/0x710 [ 1655.456312] ? vprintk_func+0x93/0x140 [ 1655.457212] ? printk+0xba/0xf1 [ 1655.457974] ? record_print_text.cold+0x16/0x16 [ 1655.459050] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1655.460227] ? trace_hardirqs_on+0x5b/0x180 [ 1655.461238] sg_write.part.0+0x69e/0xaa0 [ 1655.462180] ? sg_new_write.isra.0+0x770/0x770 [ 1655.463251] ? __lockdep_reset_lock+0x180/0x180 [ 1655.464337] ? perf_trace_lock+0xac/0x490 [ 1655.465301] ? lock_acquire+0x197/0x470 [ 1655.466220] ? find_held_lock+0x2c/0x110 [ 1655.467173] ? _cond_resched+0x12/0x80 [ 1655.468083] ? inode_security+0x107/0x140 [ 1655.469046] ? avc_policy_seqno+0x9/0x70 [ 1655.469980] ? selinux_file_permission+0x92/0x520 [ 1655.471103] sg_write+0x87/0x120 [ 1655.471901] ? sg_write.part.0+0xaa0/0xaa0 [ 1655.472878] vfs_write+0x29a/0xb10 [ 1655.473710] ksys_write+0x12d/0x260 [ 1655.474551] ? __ia32_sys_read+0xb0/0xb0 [ 1655.475504] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1655.476716] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1655.477911] do_syscall_64+0x33/0x40 [ 1655.478769] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.479964] RIP: 0033:0x7f794b5b5b19 [ 1655.480847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.485122] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1655.486881] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1655.488540] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1655.490187] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1655.491845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1655.493496] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:20:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 44) 03:20:36 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x7, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0x12, 0x1ff, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0x0, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$PTP_PIN_SETFUNC(r1, 0x40603d07, &(0x7f00000000c0)={'\x00', 0x10001, 0x3, 0x8}) r2 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) sendfile(r3, r2, 0x0, 0x0) close(0xffffffffffffffff) r4 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xa, 0x1010, r4, 0x10000000) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x2000000, 0x810, r4, 0x10000000) syz_io_uring_submit(0x0, r5, 0x0, 0x6) ptrace(0xffffffffffffffff, 0x0) r6 = getpid() mmap$perf(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x100000e, 0x1010, r4, 0x2) perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x9, 0x8, 0xf3, 0x4, 0x0, 0x9, 0x200, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x8f, 0x1488}, 0xcc42, 0x6, 0x8, 0x9, 0x80000001, 0x400, 0x17, 0x0, 0x5}, r6, 0x2, r2, 0x9) socket$inet6_tcp(0xa, 0x1, 0x0) 03:20:36 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:36 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 39) 03:20:36 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40086602, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:20:36 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc0a85320, &(0x7f0000000000)) 03:20:36 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0xffffffff00000000, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:20:36 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x3}, 0x58) [ 1671.032997] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1671.032997] program syz-executor.7 not setting count and/or reply_len properly [ 1671.046372] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1671.046372] program syz-executor.6 not setting count and/or reply_len properly [ 1671.046610] FAULT_INJECTION: forcing a failure. [ 1671.046610] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1671.053007] sg_write: data in/out 150994914/80 bytes for SCSI command 0x0-- guessing data in; [ 1671.053007] program syz-executor.0 not setting count and/or reply_len properly [ 1671.053327] CPU: 1 PID: 23448 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1671.058881] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.060626] Call Trace: [ 1671.061186] dump_stack+0x107/0x167 [ 1671.061955] should_fail.cold+0x5/0xa [ 1671.062759] __alloc_pages_nodemask+0x182/0x600 [ 1671.063730] ? __kmalloc+0x16e/0x390 [ 1671.064516] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1671.065780] ? trace_hardirqs_on+0x5b/0x180 [ 1671.066688] alloc_pages_current+0x187/0x280 [ 1671.067616] sg_build_indirect.isra.0+0x2f5/0x710 [ 1671.068646] sg_common_write.constprop.0+0x992/0x1a30 [ 1671.069741] ? sg_build_indirect.isra.0+0x710/0x710 [ 1671.070780] ? vprintk_func+0x93/0x140 [ 1671.071594] ? printk+0xba/0xf1 [ 1671.072299] ? record_print_text.cold+0x16/0x16 [ 1671.073269] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1671.074323] ? trace_hardirqs_on+0x5b/0x180 [ 1671.075237] FAULT_INJECTION: forcing a failure. [ 1671.075237] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1671.077695] sg_write.part.0+0x69e/0xaa0 [ 1671.078575] ? sg_new_write.isra.0+0x770/0x770 [ 1671.079556] ? __lockdep_reset_lock+0x180/0x180 [ 1671.080546] ? perf_trace_lock+0xac/0x490 [ 1671.081430] ? lock_acquire+0x197/0x470 [ 1671.082275] ? find_held_lock+0x2c/0x110 [ 1671.083151] ? _cond_resched+0x12/0x80 [ 1671.083976] ? inode_security+0x107/0x140 [ 1671.085093] ? avc_policy_seqno+0x9/0x70 [ 1671.085960] ? selinux_file_permission+0x92/0x520 [ 1671.086992] sg_write+0x87/0x120 [ 1671.087715] ? sg_write.part.0+0xaa0/0xaa0 [ 1671.088617] vfs_write+0x29a/0xb10 [ 1671.089381] ksys_write+0x12d/0x260 [ 1671.090158] ? __ia32_sys_read+0xb0/0xb0 [ 1671.091025] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.092148] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.093569] do_syscall_64+0x33/0x40 [ 1671.094423] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.095771] RIP: 0033:0x7f794b5b5b19 [ 1671.096579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.100445] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1671.102056] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1671.103551] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1671.105065] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1671.106564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1671.108079] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1671.109625] CPU: 0 PID: 23452 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1671.111382] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.113407] Call Trace: [ 1671.114056] dump_stack+0x107/0x167 [ 1671.114941] should_fail.cold+0x5/0xa [ 1671.115873] __alloc_pages_nodemask+0x182/0x600 [ 1671.117010] ? __kmalloc+0x16e/0x390 03:20:36 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x2}, 0x58) [ 1671.117918] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1671.119532] ? trace_hardirqs_on+0x5b/0x180 [ 1671.120598] alloc_pages_current+0x187/0x280 [ 1671.121674] sg_build_indirect.isra.0+0x2f5/0x710 [ 1671.122854] sg_common_write.constprop.0+0x992/0x1a30 [ 1671.124153] ? sg_build_indirect.isra.0+0x710/0x710 [ 1671.125360] ? vprintk_func+0x93/0x140 [ 1671.126303] ? printk+0xba/0xf1 [ 1671.127101] ? record_print_text.cold+0x16/0x16 [ 1671.128236] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1671.129453] ? trace_hardirqs_on+0x5b/0x180 [ 1671.130513] sg_write.part.0+0x69e/0xaa0 [ 1671.131501] ? sg_new_write.isra.0+0x770/0x770 [ 1671.132632] ? __lockdep_reset_lock+0x180/0x180 [ 1671.133756] ? perf_trace_lock+0xac/0x490 [ 1671.134767] ? lock_acquire+0x197/0x470 [ 1671.135727] ? find_held_lock+0x2c/0x110 [ 1671.136738] ? _cond_resched+0x12/0x80 [ 1671.137660] ? inode_security+0x107/0x140 [ 1671.138665] ? avc_policy_seqno+0x9/0x70 [ 1671.139645] ? selinux_file_permission+0x92/0x520 [ 1671.140829] sg_write+0x87/0x120 [ 1671.141652] ? sg_write.part.0+0xaa0/0xaa0 [ 1671.142678] vfs_write+0x29a/0xb10 [ 1671.143547] ksys_write+0x12d/0x260 [ 1671.144444] ? __ia32_sys_read+0xb0/0xb0 [ 1671.145430] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.146699] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.147951] do_syscall_64+0x33/0x40 [ 1671.148860] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.150100] RIP: 0033:0x7f5171091b19 [ 1671.151003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.155461] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1671.157314] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1671.159040] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1671.160812] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1671.162536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1671.164274] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:20:36 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc0a85322, &(0x7f0000000000)) 03:20:36 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:36 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x7fff) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:20:36 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40087602, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1671.368478] sg_write: data in/out 150994915/80 bytes for SCSI command 0x0-- guessing data in; [ 1671.368478] program syz-executor.0 not setting count and/or reply_len properly 03:20:53 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x4}, 0x58) 03:20:53 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 40) 03:20:53 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x4020940d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:20:53 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 45) 03:20:53 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x3}, 0x58) 03:20:53 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc0bc5310, &(0x7f0000000000)) 03:20:53 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x10, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:53 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x14082, 0x12) r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x2, 0x180) fcntl$getown(r1, 0x9) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1688.298251] sg_write: data in/out 150994924/80 bytes for SCSI command 0x0-- guessing data in; [ 1688.298251] program syz-executor.0 not setting count and/or reply_len properly [ 1688.304429] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1688.304429] program syz-executor.7 not setting count and/or reply_len properly [ 1688.309076] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1688.309076] program syz-executor.6 not setting count and/or reply_len properly [ 1688.315289] FAULT_INJECTION: forcing a failure. [ 1688.315289] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1688.317964] CPU: 0 PID: 23876 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1688.319506] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.321380] Call Trace: [ 1688.321974] dump_stack+0x107/0x167 [ 1688.322805] should_fail.cold+0x5/0xa [ 1688.323683] __alloc_pages_nodemask+0x182/0x600 [ 1688.324735] ? __kmalloc+0x16e/0x390 [ 1688.325566] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1688.326933] ? trace_hardirqs_on+0x5b/0x180 [ 1688.327904] alloc_pages_current+0x187/0x280 [ 1688.328912] sg_build_indirect.isra.0+0x2f5/0x710 [ 1688.330015] sg_common_write.constprop.0+0x992/0x1a30 [ 1688.331185] ? sg_build_indirect.isra.0+0x710/0x710 [ 1688.332305] ? vprintk_func+0x93/0x140 [ 1688.333195] ? printk+0xba/0xf1 [ 1688.333935] ? record_print_text.cold+0x16/0x16 [ 1688.334984] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1688.336113] ? trace_hardirqs_on+0x5b/0x180 [ 1688.337108] sg_write.part.0+0x69e/0xaa0 [ 1688.338014] ? sg_new_write.isra.0+0x770/0x770 [ 1688.339054] ? __lockdep_reset_lock+0x180/0x180 [ 1688.340102] ? perf_trace_lock+0xac/0x490 [ 1688.341052] ? lock_acquire+0x197/0x470 [ 1688.341943] ? find_held_lock+0x2c/0x110 [ 1688.342875] ? _cond_resched+0x12/0x80 [ 1688.343750] ? inode_security+0x107/0x140 [ 1688.344687] ? avc_policy_seqno+0x9/0x70 [ 1688.345603] ? selinux_file_permission+0x92/0x520 [ 1688.346705] sg_write+0x87/0x120 [ 1688.347466] ? sg_write.part.0+0xaa0/0xaa0 [ 1688.348417] vfs_write+0x29a/0xb10 [ 1688.349240] ksys_write+0x12d/0x260 [ 1688.350058] ? __ia32_sys_read+0xb0/0xb0 [ 1688.350971] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.352150] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.353315] do_syscall_64+0x33/0x40 [ 1688.354155] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.355308] RIP: 0033:0x7f794b5b5b19 [ 1688.356142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.360291] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1688.362021] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1688.363628] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1688.365240] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1688.366832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:20:53 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1688.368441] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1688.376688] FAULT_INJECTION: forcing a failure. [ 1688.376688] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1688.379325] CPU: 0 PID: 23883 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1688.380875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.382723] Call Trace: [ 1688.383307] dump_stack+0x107/0x167 [ 1688.384120] should_fail.cold+0x5/0xa [ 1688.384985] __alloc_pages_nodemask+0x182/0x600 [ 1688.386021] ? __kmalloc+0x16e/0x390 [ 1688.386861] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1688.388211] ? trace_hardirqs_on+0x5b/0x180 [ 1688.389206] alloc_pages_current+0x187/0x280 [ 1688.390203] sg_build_indirect.isra.0+0x2f5/0x710 [ 1688.391290] sg_common_write.constprop.0+0x992/0x1a30 [ 1688.392450] ? sg_build_indirect.isra.0+0x710/0x710 [ 1688.393595] ? vprintk_func+0x93/0x140 [ 1688.394458] ? printk+0xba/0xf1 [ 1688.395199] ? record_print_text.cold+0x16/0x16 [ 1688.396235] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1688.397367] ? trace_hardirqs_on+0x5b/0x180 [ 1688.398362] sg_write.part.0+0x69e/0xaa0 [ 1688.399276] ? sg_new_write.isra.0+0x770/0x770 [ 1688.400322] ? __lockdep_reset_lock+0x180/0x180 [ 1688.401377] ? perf_trace_lock+0xac/0x490 [ 1688.402306] ? lock_acquire+0x197/0x470 [ 1688.403195] ? find_held_lock+0x2c/0x110 [ 1688.404112] ? _cond_resched+0x12/0x80 [ 1688.404991] ? inode_security+0x107/0x140 [ 1688.405913] ? avc_policy_seqno+0x9/0x70 [ 1688.406815] ? selinux_file_permission+0x92/0x520 [ 1688.407904] sg_write+0x87/0x120 [ 1688.408668] ? sg_write.part.0+0xaa0/0xaa0 [ 1688.409607] vfs_write+0x29a/0xb10 [ 1688.410411] ksys_write+0x12d/0x260 [ 1688.411233] ? __ia32_sys_read+0xb0/0xb0 [ 1688.412144] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.413334] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.414493] do_syscall_64+0x33/0x40 [ 1688.415321] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.416468] RIP: 0033:0x7f5171091b19 [ 1688.417314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.421438] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1688.423134] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1688.424740] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1688.426327] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1688.427917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.429519] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:20:54 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x4}, 0x58) 03:20:54 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0xf}, 0x58) 03:20:54 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x48, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:54 executing program 5: perf_event_open(&(0x7f0000001d80)={0x7, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x395e167cbd7a1e5a}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:20:54 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x1f00}) [ 1688.544354] sg_write: data in/out 150994980/80 bytes for SCSI command 0x0-- guessing data in; [ 1688.544354] program syz-executor.0 not setting count and/or reply_len properly 03:20:54 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:20:54 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x4c, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:20:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 46) 03:20:54 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 41) [ 1688.700014] sg_write: data in/out 150994984/80 bytes for SCSI command 0x0-- guessing data in; [ 1688.700014] program syz-executor.0 not setting count and/or reply_len properly 03:20:54 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x1f000000}) 03:20:54 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0xf}, 0x58) [ 1688.768261] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1688.768261] program syz-executor.7 not setting count and/or reply_len properly [ 1688.778653] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1688.778653] program syz-executor.6 not setting count and/or reply_len properly [ 1688.784860] FAULT_INJECTION: forcing a failure. [ 1688.784860] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1688.787636] CPU: 0 PID: 24279 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1688.789204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.791073] Call Trace: [ 1688.791673] dump_stack+0x107/0x167 [ 1688.792487] should_fail.cold+0x5/0xa [ 1688.793365] __alloc_pages_nodemask+0x182/0x600 [ 1688.794400] ? __kmalloc+0x16e/0x390 [ 1688.795238] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1688.796590] ? trace_hardirqs_on+0x5b/0x180 [ 1688.797583] alloc_pages_current+0x187/0x280 [ 1688.798570] sg_build_indirect.isra.0+0x2f5/0x710 [ 1688.799660] sg_common_write.constprop.0+0x992/0x1a30 [ 1688.800832] ? sg_build_indirect.isra.0+0x710/0x710 [ 1688.801951] ? vprintk_func+0x93/0x140 [ 1688.802822] ? printk+0xba/0xf1 [ 1688.803564] ? record_print_text.cold+0x16/0x16 [ 1688.804614] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1688.805749] ? trace_hardirqs_on+0x5b/0x180 [ 1688.806740] sg_write.part.0+0x69e/0xaa0 [ 1688.807650] ? sg_new_write.isra.0+0x770/0x770 [ 1688.808705] ? __lockdep_reset_lock+0x180/0x180 [ 1688.809744] ? perf_trace_lock+0xac/0x490 [ 1688.810675] ? lock_acquire+0x197/0x470 [ 1688.811559] ? find_held_lock+0x2c/0x110 [ 1688.812477] ? _cond_resched+0x12/0x80 [ 1688.813362] ? inode_security+0x107/0x140 [ 1688.813840] FAULT_INJECTION: forcing a failure. [ 1688.813840] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1688.814288] ? avc_policy_seqno+0x9/0x70 [ 1688.814306] ? selinux_file_permission+0x92/0x520 [ 1688.814339] sg_write+0x87/0x120 [ 1688.819821] ? sg_write.part.0+0xaa0/0xaa0 [ 1688.820769] vfs_write+0x29a/0xb10 [ 1688.821567] ksys_write+0x12d/0x260 [ 1688.822385] ? __ia32_sys_read+0xb0/0xb0 [ 1688.823301] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.824476] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.825650] do_syscall_64+0x33/0x40 [ 1688.826489] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.827645] RIP: 0033:0x7f794b5b5b19 [ 1688.828491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.832620] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1688.834343] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1688.835940] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1688.837554] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1688.839164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.840769] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1688.842415] CPU: 1 PID: 24277 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1688.844057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.846041] Call Trace: [ 1688.846668] dump_stack+0x107/0x167 [ 1688.847528] should_fail.cold+0x5/0xa [ 1688.848446] __alloc_pages_nodemask+0x182/0x600 [ 1688.849550] ? __kmalloc+0x16e/0x390 [ 1688.850431] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1688.851857] ? trace_hardirqs_on+0x5b/0x180 [ 1688.852890] alloc_pages_current+0x187/0x280 [ 1688.853935] sg_build_indirect.isra.0+0x2f5/0x710 [ 1688.855090] sg_common_write.constprop.0+0x992/0x1a30 [ 1688.856333] ? sg_build_indirect.isra.0+0x710/0x710 [ 1688.857523] ? vprintk_func+0x93/0x140 [ 1688.858448] ? printk+0xba/0xf1 [ 1688.859225] ? record_print_text.cold+0x16/0x16 [ 1688.860335] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1688.861543] ? trace_hardirqs_on+0x5b/0x180 [ 1688.862594] sg_write.part.0+0x69e/0xaa0 [ 1688.863555] ? sg_new_write.isra.0+0x770/0x770 [ 1688.864656] ? __lockdep_reset_lock+0x180/0x180 [ 1688.865758] ? perf_trace_lock+0xac/0x490 [ 1688.866739] ? lock_acquire+0x197/0x470 [ 1688.867673] ? find_held_lock+0x2c/0x110 [ 1688.868679] ? _cond_resched+0x12/0x80 [ 1688.869601] ? inode_security+0x107/0x140 [ 1688.870570] ? avc_policy_seqno+0x9/0x70 [ 1688.871518] ? selinux_file_permission+0x92/0x520 [ 1688.872684] sg_write+0x87/0x120 [ 1688.873482] ? sg_write.part.0+0xaa0/0xaa0 [ 1688.874470] vfs_write+0x29a/0xb10 [ 1688.875311] ksys_write+0x12d/0x260 [ 1688.876169] ? __ia32_sys_read+0xb0/0xb0 [ 1688.877133] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.878357] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.879573] do_syscall_64+0x33/0x40 [ 1688.880450] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.881674] RIP: 0033:0x7f5171091b19 [ 1688.882541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.886851] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1688.888622] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1688.890291] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1688.891951] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1688.893621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.895262] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:21:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x68, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:10 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x4000}, 0x58) 03:21:10 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 47) 03:21:10 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x4000}, 0x58) 03:21:10 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) ppoll(&(0x7f0000000040)=[{r0, 0x1}], 0x1, &(0x7f0000000080), &(0x7f00000000c0)={[0x8]}, 0x8) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:21:10 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:21:10 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 42) 03:21:10 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x404c534a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1705.317520] sg_write: data in/out 150995012/80 bytes for SCSI command 0x0-- guessing data in; [ 1705.317520] program syz-executor.0 not setting count and/or reply_len properly [ 1705.318225] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1705.318225] program syz-executor.7 not setting count and/or reply_len properly [ 1705.329440] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1705.329440] program syz-executor.6 not setting count and/or reply_len properly [ 1705.340329] FAULT_INJECTION: forcing a failure. [ 1705.340329] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1705.342888] CPU: 1 PID: 24350 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1705.344348] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1705.346108] Call Trace: [ 1705.346669] dump_stack+0x107/0x167 [ 1705.347439] should_fail.cold+0x5/0xa [ 1705.348250] __alloc_pages_nodemask+0x182/0x600 [ 1705.349246] ? __kmalloc+0x16e/0x390 [ 1705.350036] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1705.351308] ? trace_hardirqs_on+0x5b/0x180 [ 1705.352223] alloc_pages_current+0x187/0x280 [ 1705.353155] sg_build_indirect.isra.0+0x2f5/0x710 [ 1705.354194] sg_common_write.constprop.0+0x992/0x1a30 [ 1705.355300] ? sg_build_indirect.isra.0+0x710/0x710 [ 1705.356354] ? vprintk_func+0x93/0x140 [ 1705.357177] ? printk+0xba/0xf1 [ 1705.357880] ? record_print_text.cold+0x16/0x16 [ 1705.358864] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1705.359925] ? trace_hardirqs_on+0x5b/0x180 [ 1705.360851] sg_write.part.0+0x69e/0xaa0 [ 1705.361722] ? sg_new_write.isra.0+0x770/0x770 [ 1705.362702] ? __lockdep_reset_lock+0x180/0x180 [ 1705.363686] ? perf_trace_lock+0xac/0x490 [ 1705.364564] ? lock_acquire+0x197/0x470 [ 1705.365412] ? find_held_lock+0x2c/0x110 [ 1705.366281] ? _cond_resched+0x12/0x80 [ 1705.367104] ? inode_security+0x107/0x140 [ 1705.367974] ? avc_policy_seqno+0x9/0x70 [ 1705.368829] ? selinux_file_permission+0x92/0x520 [ 1705.369864] sg_write+0x87/0x120 [ 1705.370578] ? sg_write.part.0+0xaa0/0xaa0 [ 1705.371469] vfs_write+0x29a/0xb10 [ 1705.372227] ksys_write+0x12d/0x260 [ 1705.372996] ? __ia32_sys_read+0xb0/0xb0 [ 1705.373867] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1705.374970] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1705.376058] do_syscall_64+0x33/0x40 [ 1705.376837] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1705.377923] RIP: 0033:0x7f5171091b19 [ 1705.378707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1705.382584] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1705.384191] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1705.384978] FAULT_INJECTION: forcing a failure. [ 1705.384978] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1705.385704] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1705.385718] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1705.385730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1705.385742] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1705.396507] CPU: 0 PID: 24357 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1705.398264] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1705.400365] Call Trace: [ 1705.401040] dump_stack+0x107/0x167 [ 1705.401976] should_fail.cold+0x5/0xa [ 1705.402952] __alloc_pages_nodemask+0x182/0x600 [ 1705.404144] ? __kmalloc+0x16e/0x390 [ 1705.405094] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1705.406650] ? trace_hardirqs_on+0x5b/0x180 [ 1705.407753] alloc_pages_current+0x187/0x280 [ 1705.408885] sg_build_indirect.isra.0+0x2f5/0x710 [ 1705.410129] sg_common_write.constprop.0+0x992/0x1a30 [ 1705.411463] ? sg_build_indirect.isra.0+0x710/0x710 [ 1705.412705] ? vprintk_func+0x93/0x140 [ 1705.413687] ? printk+0xba/0xf1 [ 1705.414517] ? record_print_text.cold+0x16/0x16 [ 1705.415678] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1705.416955] ? trace_hardirqs_on+0x5b/0x180 [ 1705.418055] sg_write.part.0+0x69e/0xaa0 [ 1705.419091] ? sg_new_write.isra.0+0x770/0x770 [ 1705.420255] ? __lockdep_reset_lock+0x180/0x180 [ 1705.421437] ? perf_trace_lock+0xac/0x490 [ 1705.422483] ? lock_acquire+0x197/0x470 [ 1705.423483] ? find_held_lock+0x2c/0x110 [ 1705.424517] ? _cond_resched+0x12/0x80 [ 1705.425512] ? inode_security+0x107/0x140 [ 1705.426560] ? avc_policy_seqno+0x9/0x70 [ 1705.427579] ? selinux_file_permission+0x92/0x520 [ 1705.428807] sg_write+0x87/0x120 [ 1705.429680] ? sg_write.part.0+0xaa0/0xaa0 [ 1705.430747] vfs_write+0x29a/0xb10 [ 1705.431649] ksys_write+0x12d/0x260 [ 1705.432562] ? __ia32_sys_read+0xb0/0xb0 [ 1705.433593] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1705.434900] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1705.436193] do_syscall_64+0x33/0x40 [ 1705.437118] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1705.438391] RIP: 0033:0x7f794b5b5b19 [ 1705.439314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1705.443877] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1705.445764] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1705.447535] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1705.449295] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1705.451058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1705.452808] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:21:11 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x57) 03:21:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x6c, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:11 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x1f00}) 03:21:11 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x57) 03:21:11 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1705.560928] sg_write: data in/out 150995016/80 bytes for SCSI command 0x0-- guessing data in; [ 1705.560928] program syz-executor.0 not setting count and/or reply_len properly 03:21:27 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40505331, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:21:27 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 43) 03:21:27 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x20000418) 03:21:27 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000740), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)={'U+', 0x4}, 0x16, 0x2) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240)='system_u:object_r:systemd_logind_sessions_t:s0\x00', 0x2f, 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FADVISE={0x18, 0x5, 0x0, @fd_index=0x1, 0x6, 0x0, 0x9, 0x0, 0x0, {0x0, r2}}, 0x81) ptrace(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x47, 0x4, 0x8, 0x7, 0x0, 0x2, 0x8180, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x85a, 0x2, @perf_bp={&(0x7f0000000140), 0x5}, 0x8004, 0x7, 0x7f, 0x5, 0x0, 0x2, 0x100, 0x0, 0x9, 0x0, 0x6}, 0x0, 0x9, r0, 0x1a) sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c410001", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fddbdf25100000009c0004804c000780080002000800000008000200ff030000080002000500000008000100060000000800020065bc000008000300cc555b3f08000200060000000800010008000000080001000c000000240007800800020002000000080002009b000000080001000100000008000200400000000900010073797a31000000001c000780080002003881000008000200faffffff08000400020000004c000180140002800d00040004000000080004000000000008000300050000002c00028008000400fbffffff0800020020000000080003000000000008190200450c000008000300018000003000018008000300040000000d0001007564703a73797a3100000000140002802800020002000000080004000008000015c04bd01df331961ccd888933751336107605412840fe164139e2e5022a2e994ba0322fd3f9d7455df035b7e9255baa5cd02df96f80b2761306330b2716e5bbfb0c313ba9a710346a8a2cfa2ba04fd945c01ed86ac2391d40afd5d040a0fd4070ab66b9bcf9c48b3c077cff9c5534ff5b9993bff1e204b15b6f906033472387da4025a6272cabf40363ad7d60645d3d10476c71d2a7c6212d60db7b561402dfeefd46c183e4958b7fe96013d7a77ca1248d03bbead6a64d62ae89bff480bcce5d95935c939c26e0ed3c1511e28b47232307366f42e554da39fcbf3bfbe7277e6421033885f76e4ea575a51dfc40a76ed5b89fe5a612914c0ee0e193677b30e0ff39fd8708ea490e83dfe879d9a5fbbc240c237fb9479ac91d38e72b8e7bf25e7114aa4c9af5e494aeb071289b74b1cd9e2b9e336a0b3f37cc56cf5deafc403216bece69174474a84056f808020694ad87c6fdf82c01c26fb2c127281d3b6971de6d77f96d9020c7b1a981596a4a124ee5aac539085b13271ed11f919d8878ca2e24c0acdaa99f51640b8e86c1f250ef95e01a1524f15fb51301db3d90a584319af55bb09d9adbd0cb19f0ef9ff39751a2d561214810f1"], 0x12c}, 0x1, 0x0, 0x0, 0x8040}, 0x4004) copy_file_range(r1, 0x0, r0, &(0x7f00000000c0)=0x4, 0x400, 0x0) ppoll(&(0x7f0000000380)=[{0xffffffffffffffff, 0x128}, {0xffffffffffffffff, 0x2002}, {}, {0xffffffffffffffff, 0x6080}, {0xffffffffffffffff, 0x9200}, {0xffffffffffffffff, 0x62}, {0xffffffffffffffff, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r3 = fork() kcmp(0x0, r3, 0x6, 0xffffffffffffffff, r1) r4 = fork() kcmp(r4, r3, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs(r3, &(0x7f0000000340)='attr/fscreate\x00') socket$inet6_tcp(0xa, 0x1, 0x0) 03:21:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 48) 03:21:27 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x1f000000}) 03:21:27 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x74, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:27 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x20000418) [ 1721.753115] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1721.753115] program syz-executor.7 not setting count and/or reply_len properly [ 1721.762921] sg_write: data in/out 150995024/80 bytes for SCSI command 0x0-- guessing data in; [ 1721.762921] program syz-executor.0 not setting count and/or reply_len properly [ 1721.770166] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1721.770166] program syz-executor.6 not setting count and/or reply_len properly [ 1721.780454] FAULT_INJECTION: forcing a failure. [ 1721.780454] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1721.783583] CPU: 0 PID: 24647 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1721.785301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1721.787370] Call Trace: [ 1721.788038] dump_stack+0x107/0x167 [ 1721.788943] should_fail.cold+0x5/0xa [ 1721.789902] __alloc_pages_nodemask+0x182/0x600 [ 1721.791048] ? __kmalloc+0x16e/0x390 [ 1721.791968] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1721.793460] ? trace_hardirqs_on+0x5b/0x180 [ 1721.794538] alloc_pages_current+0x187/0x280 [ 1721.795629] sg_build_indirect.isra.0+0x2f5/0x710 [ 1721.796833] sg_common_write.constprop.0+0x992/0x1a30 [ 1721.798124] ? sg_build_indirect.isra.0+0x710/0x710 [ 1721.799350] ? vprintk_func+0x93/0x140 [ 1721.800305] ? printk+0xba/0xf1 [ 1721.801123] ? record_print_text.cold+0x16/0x16 [ 1721.802278] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1721.803515] ? trace_hardirqs_on+0x5b/0x180 [ 1721.804599] sg_write.part.0+0x69e/0xaa0 [ 1721.805602] ? sg_new_write.isra.0+0x770/0x770 [ 1721.806749] ? __lockdep_reset_lock+0x180/0x180 [ 1721.807889] ? perf_trace_lock+0xac/0x490 [ 1721.808763] FAULT_INJECTION: forcing a failure. [ 1721.808763] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1721.808910] ? lock_acquire+0x197/0x470 [ 1721.811964] ? find_held_lock+0x2c/0x110 [ 1721.812972] ? _cond_resched+0x12/0x80 [ 1721.813927] ? inode_security+0x107/0x140 [ 1721.814939] ? avc_policy_seqno+0x9/0x70 [ 1721.815934] ? selinux_file_permission+0x92/0x520 [ 1721.817108] sg_write+0x87/0x120 [ 1721.817945] ? sg_write.part.0+0xaa0/0xaa0 [ 1721.818976] vfs_write+0x29a/0xb10 [ 1721.819862] ksys_write+0x12d/0x260 [ 1721.820748] ? __ia32_sys_read+0xb0/0xb0 [ 1721.821741] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1721.823023] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1721.824277] do_syscall_64+0x33/0x40 [ 1721.825182] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1721.826443] RIP: 0033:0x7f794b5b5b19 [ 1721.827356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1721.831804] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1721.833640] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1721.835376] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1721.837098] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1721.838843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1721.840555] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1721.842321] CPU: 1 PID: 24660 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1721.843564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1721.845041] Call Trace: [ 1721.845510] dump_stack+0x107/0x167 [ 1721.846170] should_fail.cold+0x5/0xa [ 1721.846857] __alloc_pages_nodemask+0x182/0x600 [ 1721.847682] ? __kmalloc+0x16e/0x390 [ 1721.848341] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1721.849401] ? trace_hardirqs_on+0x5b/0x180 [ 1721.850172] alloc_pages_current+0x187/0x280 [ 1721.850954] sg_build_indirect.isra.0+0x2f5/0x710 [ 1721.851817] sg_common_write.constprop.0+0x992/0x1a30 [ 1721.852739] ? sg_build_indirect.isra.0+0x710/0x710 [ 1721.853615] ? vprintk_func+0x93/0x140 [ 1721.854312] ? printk+0xba/0xf1 [ 1721.854895] ? record_print_text.cold+0x16/0x16 [ 1721.855716] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1721.856606] ? trace_hardirqs_on+0x5b/0x180 [ 1721.857377] sg_write.part.0+0x69e/0xaa0 [ 1721.858112] ? sg_new_write.isra.0+0x770/0x770 [ 1721.858928] ? __lockdep_reset_lock+0x180/0x180 [ 1721.859745] ? perf_trace_lock+0xac/0x490 [ 1721.860490] ? lock_acquire+0x197/0x470 [ 1721.861189] ? find_held_lock+0x2c/0x110 [ 1721.861924] ? _cond_resched+0x12/0x80 [ 1721.862609] ? inode_security+0x107/0x140 [ 1721.863338] ? avc_policy_seqno+0x9/0x70 [ 1721.864049] ? selinux_file_permission+0x92/0x520 [ 1721.864911] sg_write+0x87/0x120 [ 1721.865510] ? sg_write.part.0+0xaa0/0xaa0 [ 1721.866258] vfs_write+0x29a/0xb10 [ 1721.866893] ksys_write+0x12d/0x260 [ 1721.867532] ? __ia32_sys_read+0xb0/0xb0 [ 1721.868247] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1721.869165] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1721.870068] do_syscall_64+0x33/0x40 [ 1721.870723] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1721.871610] RIP: 0033:0x7f5171091b19 [ 1721.872260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1721.875458] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1721.876785] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1721.878029] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1721.879278] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1721.880525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1721.881765] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:21:27 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:21:27 executing program 2: r0 = getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1, 0x40, 0xad, 0x5d, 0x0, 0x7fffffff, 0x48810, 0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x4, @perf_config_ext={0xfffffffffffffffe, 0x7f}, 0x2000, 0x6, 0x5, 0x1, 0xfffffffffffffffc, 0xfffffffb, 0x5, 0x0, 0x20, 0x0, 0x6}, r1, 0xffffffffffffffff, r2, 0x1) r3 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) perf_event_open(&(0x7f0000000200)={0xa43e218d7952aaa5, 0x80, 0x39, 0x81, 0x5, 0x4, 0x0, 0x401, 0x88, 0x4, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x6, @perf_bp={&(0x7f00000001c0), 0x6}, 0x2160, 0x9, 0x4, 0x3, 0x200, 0x2, 0x3ff, 0x0, 0x7, 0x0, 0xdc}, 0x0, 0x6, 0xffffffffffffffff, 0x9) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r6 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r5}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r7 = fork() dup2(r5, r5) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000300)=[{r5, 0x128}, {0xffffffffffffffff, 0x2002}, {r6}, {r4, 0x6080}, {r6, 0x9200}, {r6, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x3c) r9 = fork() kcmp(r7, r9, 0x6, 0xffffffffffffffff, r8) socket$inet6_udp(0xa, 0x2, 0x0) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000002c0)={0x3, &(0x7f0000000280)=[{0x9, 0x1f, 0xfd, 0x1}, {0x1, 0x8, 0x2, 0x3}, {0x3, 0x55, 0xfe, 0x13e}]}) kcmp(r0, r7, 0x5, 0xffffffffffffffff, r10) migrate_pages(r3, 0x81, &(0x7f0000000000), &(0x7f0000000040)=0x3) 03:21:27 executing program 3: r0 = getpid() r1 = perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x40, 0x7, 0x7, 0x7c, 0x0, 0x100000001, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x71a, 0x4, @perf_bp={&(0x7f0000000000), 0x7}, 0x8, 0x2, 0x6120, 0x2, 0x101, 0x2, 0x1000, 0x0, 0x1, 0x0, 0x5}, r0, 0x0, 0xffffffffffffffff, 0x10) clone3(&(0x7f00000003c0)={0x60000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="07000000ea5699140daaeef94a010100"]) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) 03:21:27 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x7a, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:27 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x1f00}) 03:21:27 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:21:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 49) [ 1722.033741] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1722.033741] program syz-executor.7 not setting count and/or reply_len properly 03:21:27 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x1f000000}) [ 1722.048164] sg_write: data in/out 150995030/80 bytes for SCSI command 0x0-- guessing data in; [ 1722.048164] program syz-executor.0 not setting count and/or reply_len properly [ 1722.072785] FAULT_INJECTION: forcing a failure. [ 1722.072785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1722.075867] CPU: 0 PID: 24848 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1722.077629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1722.079625] Call Trace: [ 1722.080287] dump_stack+0x107/0x167 [ 1722.081106] should_fail.cold+0x5/0xa [ 1722.081981] __alloc_pages_nodemask+0x182/0x600 [ 1722.083022] ? __kmalloc+0x16e/0x390 [ 1722.083989] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1722.085409] ? trace_hardirqs_on+0x5b/0x180 [ 1722.086547] alloc_pages_current+0x187/0x280 [ 1722.087693] sg_build_indirect.isra.0+0x2f5/0x710 [ 1722.088957] sg_common_write.constprop.0+0x992/0x1a30 [ 1722.090167] ? sg_build_indirect.isra.0+0x710/0x710 [ 1722.091472] ? vprintk_func+0x93/0x140 [ 1722.092493] ? printk+0xba/0xf1 [ 1722.093328] ? record_print_text.cold+0x16/0x16 [ 1722.094379] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1722.095581] ? trace_hardirqs_on+0x5b/0x180 [ 1722.096651] sg_write.part.0+0x69e/0xaa0 [ 1722.097565] ? sg_new_write.isra.0+0x770/0x770 [ 1722.098700] ? __lockdep_reset_lock+0x180/0x180 [ 1722.099950] ? perf_trace_lock+0xac/0x490 [ 1722.100922] ? lock_acquire+0x197/0x470 [ 1722.101818] ? find_held_lock+0x2c/0x110 [ 1722.102864] ? _cond_resched+0x12/0x80 [ 1722.103904] ? inode_security+0x107/0x140 [ 1722.104874] ? avc_policy_seqno+0x9/0x70 [ 1722.105779] ? selinux_file_permission+0x92/0x520 [ 1722.106875] sg_write+0x87/0x120 [ 1722.107636] ? sg_write.part.0+0xaa0/0xaa0 [ 1722.108584] vfs_write+0x29a/0xb10 [ 1722.109388] ksys_write+0x12d/0x260 [ 1722.110210] ? __ia32_sys_read+0xb0/0xb0 [ 1722.111124] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1722.112292] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1722.113444] do_syscall_64+0x33/0x40 [ 1722.114292] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1722.115444] RIP: 0033:0x7f794b5b5b19 [ 1722.116276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1722.120393] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1722.122105] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1722.123707] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1722.125308] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1722.126911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1722.128502] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:21:43 executing program 3: r0 = getpid() getpgid(r0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:21:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 44) 03:21:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1737.522507] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1737.522507] program syz-executor.6 not setting count and/or reply_len properly 03:21:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 50) 03:21:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) dup3(r1, r3, 0x0) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0x8, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x1f, 0x1, &(0x7f00000000c0)="a6c581ba832fec78e0ffc767b9360a2f737a248ccd0a931bcc0cace5242123bc0bf0172675b18c17ea17277dc355680fc193514b4679db371fd8b53bdac54ab20da965133173fdf742d7f6254776c7dee98d218cfe4f30eac4a731bd36ff1e7e3bb2a50f41d92b7ea33ca216e6cdefb0968361ac8b46d0435d9db8559a1f13cc7feeb56d6ae2d6ce3c0aef6b119c7ae5fb3d7d964e3b29cdbc13f857fa04fa68761835e4a405d0c52fe136bae5b80d2b68b1aa2d4741eca37eb07cfe937ceca0361b335863428b63534b996b3fef349f2cb61b4fc07a34f3be", 0x401, 0x0, 0x2, {0x2, r7}}, 0x3) 03:21:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40605346, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1737.566030] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1737.566030] program syz-executor.0 not setting count and/or reply_len properly [ 1737.566421] FAULT_INJECTION: forcing a failure. [ 1737.566421] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1737.572208] CPU: 0 PID: 24993 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1737.573764] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1737.574103] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1737.574103] program syz-executor.7 not setting count and/or reply_len properly [ 1737.575641] Call Trace: [ 1737.575666] dump_stack+0x107/0x167 [ 1737.575688] should_fail.cold+0x5/0xa [ 1737.575715] __alloc_pages_nodemask+0x182/0x600 [ 1737.582320] ? __kmalloc+0x16e/0x390 [ 1737.583166] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1737.584523] ? trace_hardirqs_on+0x5b/0x180 [ 1737.585495] alloc_pages_current+0x187/0x280 [ 1737.586503] sg_build_indirect.isra.0+0x2f5/0x710 [ 1737.587607] sg_common_write.constprop.0+0x992/0x1a30 [ 1737.588779] ? sg_build_indirect.isra.0+0x710/0x710 [ 1737.589899] ? vprintk_func+0x93/0x140 [ 1737.590786] ? printk+0xba/0xf1 [ 1737.590984] FAULT_INJECTION: forcing a failure. [ 1737.590984] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1737.591527] ? record_print_text.cold+0x16/0x16 [ 1737.591550] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1737.591564] ? trace_hardirqs_on+0x5b/0x180 [ 1737.591599] sg_write.part.0+0x69e/0xaa0 [ 1737.598019] ? sg_new_write.isra.0+0x770/0x770 [ 1737.599065] ? __lockdep_reset_lock+0x180/0x180 [ 1737.600103] ? perf_trace_lock+0xac/0x490 [ 1737.601034] ? lock_acquire+0x197/0x470 [ 1737.601985] ? find_held_lock+0x2c/0x110 [ 1737.603014] ? _cond_resched+0x12/0x80 [ 1737.603895] ? inode_security+0x107/0x140 [ 1737.604816] ? avc_policy_seqno+0x9/0x70 [ 1737.605724] ? selinux_file_permission+0x92/0x520 [ 1737.606839] sg_write+0x87/0x120 [ 1737.607596] ? sg_write.part.0+0xaa0/0xaa0 [ 1737.608538] vfs_write+0x29a/0xb10 [ 1737.609343] ksys_write+0x12d/0x260 [ 1737.610158] ? __ia32_sys_read+0xb0/0xb0 [ 1737.611090] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1737.612287] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1737.613436] do_syscall_64+0x33/0x40 [ 1737.614274] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.615434] RIP: 0033:0x7f5171091b19 [ 1737.616271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1737.620396] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1737.622105] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1737.623715] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1737.625309] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1737.626908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1737.628500] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1737.630132] CPU: 1 PID: 25002 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1737.631656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1737.633435] Call Trace: [ 1737.633893] ALSA: seq fatal error: cannot create timer (-22) [ 1737.634115] dump_stack+0x107/0x167 [ 1737.634149] should_fail.cold+0x5/0xa [ 1737.637702] __alloc_pages_nodemask+0x182/0x600 [ 1737.638907] ? __kmalloc+0x16e/0x390 [ 1737.639854] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1737.641377] ? trace_hardirqs_on+0x5b/0x180 [ 1737.642479] alloc_pages_current+0x187/0x280 [ 1737.643591] sg_build_indirect.isra.0+0x2f5/0x710 [ 1737.644839] sg_common_write.constprop.0+0x992/0x1a30 [ 1737.646150] ? sg_build_indirect.isra.0+0x710/0x710 [ 1737.647417] ? vprintk_func+0x93/0x140 [ 1737.648396] ? printk+0xba/0xf1 [ 1737.649240] ? record_print_text.cold+0x16/0x16 [ 1737.650416] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1737.651688] ? trace_hardirqs_on+0x5b/0x180 [ 1737.652804] sg_write.part.0+0x69e/0xaa0 [ 1737.653844] ? sg_new_write.isra.0+0x770/0x770 [ 1737.655017] ? __lockdep_reset_lock+0x180/0x180 [ 1737.656200] ? perf_trace_lock+0xac/0x490 [ 1737.657260] ? lock_acquire+0x197/0x470 [ 1737.658273] ? find_held_lock+0x2c/0x110 [ 1737.659445] ? _cond_resched+0x12/0x80 [ 1737.660429] ? inode_security+0x107/0x140 [ 1737.661467] ? avc_policy_seqno+0x9/0x70 [ 1737.662511] ? selinux_file_permission+0x92/0x520 [ 1737.663591] sg_write+0x87/0x120 [ 1737.664301] ? sg_write.part.0+0xaa0/0xaa0 [ 1737.665179] vfs_write+0x29a/0xb10 [ 1737.665931] ksys_write+0x12d/0x260 [ 1737.666701] ? __ia32_sys_read+0xb0/0xb0 03:21:43 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r5, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r6 = fork() kcmp(r4, r6, 0x6, 0xffffffffffffffff, r5) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r8 = fcntl$dupfd(r7, 0x0, r7) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r8, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r9 = socket(0x1e, 0x80000, 0x200) kcmp$KCMP_EPOLL_TFD(r4, r0, 0x7, r8, &(0x7f0000000000)={0xffffffffffffffff, r9, 0x7}) [ 1737.667555] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1737.668943] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1737.670024] do_syscall_64+0x33/0x40 [ 1737.670809] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.671890] RIP: 0033:0x7f794b5b5b19 [ 1737.672663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1737.676469] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1737.678040] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1737.679538] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1737.681017] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1737.682496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1737.683977] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:21:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x1f00}}) 03:21:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 45) 03:21:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x408c5333, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:21:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000040)=0x8, 0x4) [ 1737.839378] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1737.839378] program syz-executor.6 not setting count and/or reply_len properly 03:21:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x1f000000}}) [ 1737.858912] sg_write: data in/out 150995420/80 bytes for SCSI command 0x0-- guessing data in; [ 1737.858912] program syz-executor.0 not setting count and/or reply_len properly [ 1737.876211] FAULT_INJECTION: forcing a failure. [ 1737.876211] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1737.878781] CPU: 1 PID: 25214 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1737.880245] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1737.881995] Call Trace: [ 1737.882564] dump_stack+0x107/0x167 [ 1737.883339] should_fail.cold+0x5/0xa [ 1737.884151] __alloc_pages_nodemask+0x182/0x600 [ 1737.885143] ? __kmalloc+0x16e/0x390 [ 1737.885933] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1737.887229] ? trace_hardirqs_on+0x5b/0x180 [ 1737.888144] alloc_pages_current+0x187/0x280 [ 1737.889081] sg_build_indirect.isra.0+0x2f5/0x710 [ 1737.890115] sg_common_write.constprop.0+0x992/0x1a30 [ 1737.891227] ? sg_build_indirect.isra.0+0x710/0x710 [ 1737.892288] ? vprintk_func+0x93/0x140 [ 1737.893110] ? printk+0xba/0xf1 [ 1737.893807] ? record_print_text.cold+0x16/0x16 [ 1737.894808] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1737.895871] ? trace_hardirqs_on+0x5b/0x180 [ 1737.896796] sg_write.part.0+0x69e/0xaa0 [ 1737.897664] ? sg_new_write.isra.0+0x770/0x770 [ 1737.898655] ? __lockdep_reset_lock+0x180/0x180 [ 1737.899641] ? perf_trace_lock+0xac/0x490 [ 1737.900520] ? lock_acquire+0x197/0x470 [ 1737.901357] ? find_held_lock+0x2c/0x110 [ 1737.902230] ? _cond_resched+0x12/0x80 [ 1737.903052] ? inode_security+0x107/0x140 [ 1737.903924] ? avc_policy_seqno+0x9/0x70 [ 1737.904770] ? selinux_file_permission+0x92/0x520 [ 1737.905796] sg_write+0x87/0x120 [ 1737.906525] ? sg_write.part.0+0xaa0/0xaa0 [ 1737.907408] vfs_write+0x29a/0xb10 [ 1737.908170] ksys_write+0x12d/0x260 [ 1737.908935] ? __ia32_sys_read+0xb0/0xb0 [ 1737.909798] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1737.910905] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1737.912003] do_syscall_64+0x33/0x40 [ 1737.912785] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.913867] RIP: 0033:0x7f5171091b19 [ 1737.914656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1737.918501] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1737.920100] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1737.921581] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1737.923087] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1737.924575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1737.926075] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:21:43 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x80000) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f00000001c0)={0x0, 0x8, 0x200, 0x8, 0x81, 0x8000}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = fsopen(&(0x7f0000000080)='binfmt_misc\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x90, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@msize={'msize', 0x3d, 0x80000001}}, {@uname={'uname', 0x3d, '!]\x8d}&'}}, {@access_any}, {@uname={'uname', 0x3d, '(^]-/]\xd8,'}}, {@msize={'msize', 0x3d, 0x9}}, {@posixacl}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]}}) 03:21:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1738.032242] sg_write: data in/out 150995676/80 bytes for SCSI command 0x0-- guessing data in; [ 1738.032242] program syz-executor.0 not setting count and/or reply_len properly 03:21:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:21:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:21:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 51) 03:21:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000080)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000000280)={r2, 0x0, "e109da3fb93b6d45e9fed8e179fe3d87fd98c709c1271fb63af5391cf2b91409a55fcda617bfed668557dd1e9bf673c8f09c05e7fb8c1d2ce033bae696591cc72677651cc00c1f3deb4346e51e663355752090d8521b961adc8fc3f4990799f46ca498fec37b0b17fd6407d11e41e509aa70448df4cdd9a5bec248d9dacd49c5f00094c1fa339f9ac26df9f2dcafdf688b865265e86df1e11010ad01d3b5a2a27586ad00e73c51625a597df3c08b56c4068800f1364b8085cff097784585bfa64f088dbd7375ea626431d5f29333959e75f5bc2918ecf9f63eb90262d74f276b9de0d8686225abe11df6b19d02deab4d4375db46f74be5417b55bd5bd7db5205", "eba84c28828cb40637b145a2d3de4fc1c767f68b6647744b17220bf21937df17af43e84b9278204c715118aad42edf11cc62d841c54e76cebf57cb153b72fa6a5f3a7e1d240c2957ec39e9a7e6d6d127583c32fbee47f99de10106f07d209e4c8d9f4c8fd0048d7bdfbbd5db52753e6e70a25a35f5099c7ba0b45a92914087ea173476e149db88799a85370d6907d20490eb382f6e2104513b8dce533c3ba5555becda02f1347a1d5e6cb907abcd1cdc0306fcf9aeb3c9028cc881b4cf0ee99d991bcae49fe719cf33706e576de49a9f4f2766afb161377272efda91871ad27d043e54835c7ccb74abb86ce1b4e6c130c2b40c2317033e5ccce45ea56914f700fc3483c51cb01ab5ba7a5effbbf107a4cdb8c35c8eb7010897d521d28b23d03614bb0eab9c95db21434438a5e7650737ab4a65557f9cb86410bc61836462f974899b877644613504491e5c2079c70e60abc09974aee9beebbd7ed8fd88f0b111e093aa78e4ed20da16e03e8eed16e7a70db4be03cac63da96e98cfde80b143e5853090c1ba4ce7bb16972722822d466ee6a452a2c27c966f0ff4a2ff33e06cefc59d0b751bb168e970a2c024c95ccb7ea87682f4de81f76eb76505ad7450661b9f7f1213f713ba9a21cdad8a5e4053769267f470a3612ff3a900b933486d795c9a83c700721e5b294f22ce421d0e6c3765712f35936d29cd47615b0e563b94c117ff066f7e7180311d583b22acf115e93648b408940c4893fb3f3a054fc47fc41842a326c0c08cf49cca6bbf4880e0f94e01b404ea55973ef8936ba343c73e7099d0f64672764e5567ef67aec7da3e406cd480c9f2991e91db247062bea03ffa09f8e81c0063f0f69c0220abdbd8b27878d61f10bf593837fd22d258c5cc2d96ebf600507cea12aefa8643a30d60c20f475d715510311aa712e1ac63957d97a5a964c176aeecd483a9f99b89d50507c52cf798fabd144f49ea76923e4468a8591df40652f96bfcd72a8c415723b2bfd6bdfab4071d948e5b4f7c603ecbe52b6bab08493e4c2cdbc978e10d223b1b720a48d3b33522767096b71e750b7dc264c7233f7421690e8a8839016806dc721798c814f9b42247740cfa9e0c0b31958fae05002c54f0aedb7b036997a8eaea64ceec7ef25487f833ffe3765bf3d91afde437a2851181b6ca43f66474208a05f80124a5f40d49b0d21b3ac695d1c2beda3a75f0999c790c4fd80c3a242b54c5440cb3cd5577d3026c87ccbdd5accfab0ec6348682bba69b7a7c7c35c7b9becd04d8e1504b80ed344f236b5c0aa70606d44cabcfd4b6b7453564c56f02252ba4de436543d9705f6dd7910181f624798616e859d66f7de7ddee6529290480542b0fb60edcf7d01836146a6ffa6bc209669744064ebc6f54044fa5f2779ee36c1253110ffdaa0cbae29bebbd1ae04003a80b38a75449cee78a60e03978423f6749410c3da53452a2617d42ee3faedc57428eb717db27f0c8dde296daa8286a4b850b2216f971cfb520a1857bbc9ddf166347fe52b37f6473e2218221b2b879014552635667d8197eab8312a45172cb5b1fc610012a14737fcae2ef7375e841c2d7a811832af92ea9c19f4a18463f74efd38a5d4e56f3153760f60851377d1d2dafa55cc8e88b6d113ed97210e8d90b81fc3d9da9d797bdf63c89b712d30ad182454740202c98c74fd6d7118935d1c0c56a9ee83b4e5fdad450647394222dd1fc2bff8ebe78e72fd62015ec87fb81ca4d81c2fbac0e2c73ba2be50ff1b29e7822cc76dfa277a4cca06fab62879fda346003b7fd76d17459f88f6644e459a3b5460b6d372f404e06e236d44b57cbb686a710a25f0144f82ebd9e38a7ce2f97d28f16194bb2cbe34484573831123ae7f44f76f0b72a6037bdfc91ea196689dfd9fb886d90d105e9a2dbe479d9a097bd363b650d75a3ca8841270933bd130d584f3e73b78f24fadf37baf3d7dd8d7f801ad75286ad12af7ee9dc853da3b4b0ee295f53a177dc40ab7a0d6a60d97ead2a56382b94dcff4df90c23dc81d0d68508631079fe62429ee5e16ec957c47da8a4cd905d7fbc30bac912d39fafe44bae6025860a7652b590c533dc40d7303169cefd7d0af2331541348dca509d91214fb53f975159a44bf88f1aa80a4e516cfb5aa57ff61821af772d5b12d6d470d189c406d83f471d404f42d4c7cf2167c6da7d1d3c5cf3c60d9fbe36e4d19cfe745c4c0ab2b7c6b03bf9141165d209a8a13af1a038275b209a6e3b3749d4fc2aa8b11e5306a387ffb5d56cf29f977ca83446cae28106c115e51bd3d12d3bc5b251e2d7257f7d724b1bd81d2aa3a44b21fdc2eab092cc2bce6b4beba7149d8ab185b6eacb9fe3749da7837f330a7d0bb960528f048ca752f42b5ba51f5d2fec828c36262b9c8a8eeb44d76677b7a7ee262249506482d789ff8c571164ab50b8cb3965e967a4386e03e629e872d473eac82a8b234ff81168c5a8a9a6fd94d2482868ae87fcac2267ba1ba0ae46cba4c3ad79fa5a373cd5ee037be3b6865732c1612576ccdceac637394d483e7d32e9e75da6a34a8a707728826b9f2a16242c43b58af4ac79493beab23ef5cf9457f9bd23f9f6269a8c75b273bf686dcf3c4ae2fa5b40b2136dae07fe983e3adca6f53683c983e57e57bea0fdd1292f648106dc6001d8fc10eeee3df1563321b50701861d7e08687f3522dc738f1306dac9dc4c1a5194947ac7ab18dd9a4e906ffe4dcf9cec6caa3a428f9a9ffddf407bc5f49771423f2b8b8dfa3723f914fe8003d6088c1a4a6d6291aa0031b6cc198e80eb6501347b998ed83a66aef96c8ecc58822e454bba80c0ba2be681b36413c5f811179f7819b482a39a8844055323b467f4acc7d59205c02741ff660715add2224d759a32825e6bb03a3731a160c4244faef63e09c9445c396a8368f3165a121de2cd330c06c9d195e7c9de1331d30657fb5c751f59f12a833b6efff373829ae5f48bdf73af36beebe619fe6b4e8315d98b9c4ef5b6e5320a85d0b775c69a4cb27a66080d8e89bebe9edce04d13fef634a26ea33b7ef5386de1b44b90146a0586a3fffb79cb121a37fcd3186ca3256badd284ee544234cca222ccb24bd585da44fb78784d0ac0b1dec98f4f7569d1e013419cccb80c22ad914e101c3fcde52bbbc9895a6ff16feddf03f51c0ad3f7bd32cc0c62c31e2b2b5b0308d1fae413a36ae234b3fc35861fa42fc88d0432981d4303ca77f1081e412af58fb39faa7281e4547638fefbbea24ab52c433e6e8d647a107497e483e6e1423a39c489b3c5707507792fa4f331e894a86d6a92dc892e8607aaf8be2f56c2e2fdac7287b92e67d9a024c523a6559e4deaf58aa0a2b94e3ea8a205dacee67394dae994e222d5da479bedc1c5c192cff942bf1dffb344cc369ad80cab5819fa36e6204780772923227758f897e8f73e735894f3405fa8c2ff44c7f9f29f659f90ea709280da7362b68fcde02e0756a27ba92064f186b12ccf7a7f42fb338917707ec76079a4ce53e6efa29da4b41d109bcf3f66506083ed2d42e60762d771a50fbc77843010aec1997ee65ef65898f2d774e0a3208b5412f0397f2020a76fc8af3ecec66c45ae5d12da750cb61d93ac3c611989c89e2b7658ece190836b5d504c4be7e31058fc0e4fe012a8127d12bf1ba8e93331187f1df3a34dc4ea24b4eb147b2a20cea5a181409da6221272b2f95d6a41b2c6aa6e955b8567f95729667ce04c51fd9f4d75db9cb342d588383997adcc0c8bf5a74624883ddaf68b091dcc397caab33459c661ae04cde4127429afe2ffc43478537d811e7fec775289127a7ae2578866c3f98db78b233ba9285e5185a9e9dce103ef4ded53dec296133a61274b60952a8bd264a736838cd085f147b54c5f1473779a02f65593dd1b9aed8af1501bd07abb660a912d3e5fd375f2a8a1e3d4e428557c5b941e6d3ba12b243a14a3262c79a565980d68b2cc2be0584e923e8d44303e26c29faea72d19d9ca25fb4c7e5856adc9e73fe1475082f2593d544167f2b608152fda5c42d6c73ea86dc2247ae31744bbea0027574afa7044581add092f5367c3e5850a14982b30b4dcefec1ee15d392c52ead2be65f516cbb1320d908f6b2db2f0ec114b26586e1a7bd2e790963ebb17bc2c026d7eeabcf2b275a6e63c8fbd884c6959fd8b1469370cac8f724beea7ba57214344101ea7275f65706cf82a201138365a91fd0a909bf22c6e3dcbfeb6dd37e8da14a38429e333a3e6685f496e5809fe7f422ee5ea80272ed694e08b9d9abd7a4e4d2ac512d961e285445b30237e664e592630ff38148292117555be9bb732eb61fe9b42f7cda0e4350718b22ad235138caaadffb5f7c9cd599f06e8ff920db2414c4ce237e966f43bb2cfb9d99bf62926e9a928f39769f9cbc6970264c9afaec1ba392e603080e1a3c79b6e6c56ac247f4877f16a38f396e9a3767402c5d5c0fa17cbb5beddf03e0875e68088af843fcb6341d1526618fd1af0a1e7683b02d0ffb95da46b2d3524bb1ac1aebed90a5f7ac757a39ea8062e9fc6b5e2313fc9e9107b0ffec6639476ee4138f65c3d16dc883c9c3a852407acb66d0b45a0fcaeec792f1936432749be38f9337245db6675c2d19faca2f61cb04e9a9cb90fd0070dcb6455a30e996227f30a0d34091fb93d67c69fb3d88d53433a0dab1f29b135f27295d0585d89992b7bed5758aee8a585c92394af7d59f5eb45cb32a4858f796b97197b33f1fdad152c6d137e83028862451f67e6cfc2dbb70f0b2d8b1fe32d246785bc1e1b9c384cceafefed7fc05ecd1bfc5c65539b452308cf4040d4056414d64c74584ab8ca32242dd3b49ac46484672731a480e3d83cbc60cb94496fef65861be5342a8fba5a650ca6aafd97165e12d6819b4dd8f05a9f9f320669a8d932b7c4c1c8e7f6c2e337ce1a1ca616c4d3fea8a640b2a2528095d09f7122ae27e89bee31b2053756153d46d939f790e8bf37a0888851bffa314fce38ee8a010768e240bb5c9e556bc2978b295a425b39600a5779beda1a46f1993ff9b4ee6040fc8177e447db38f3c3af3238cb3162e78f83709f60f450b6086947ec0d36e5d17f9a6ca8bd92b0fddc54a514a0fd8e8df9aec5fe66b3182b83a90df9b119407cd6af6fe47ac031a461fb6b3c50098632864b9785f4339e2e4ac1236d8ba4b2abbfcbb63f5432f37f7a2b21826b120a19f0bf834b294f138524d12b16d246a876a5d0b30a698ee6d713ef8c19a52f4099154e2f44d9cb93898620fc0f0b74ac45d8194c04e1cccdba93213a0d9e5d15cc597a2eb62c01da8dac87ad431ce27cd6beebca5e651da2e05af57b502721a6eef24bddbf84191e347005df2e4175f960e8799544f3b686e4b64c117d"}) socket$inet6_tcp(0xa, 0x1, 0x0) 03:21:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x0, 0x1f00}}) [ 1738.183299] sg_write: data in/out 150995932/80 bytes for SCSI command 0x0-- guessing data in; [ 1738.183299] program syz-executor.0 not setting count and/or reply_len properly 03:21:43 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) fstatfs(0xffffffffffffffff, &(0x7f0000000040)=""/237) setpriority(0x0, r0, 0x7b519d3b) [ 1738.231822] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1738.231822] program syz-executor.7 not setting count and/or reply_len properly [ 1738.256827] FAULT_INJECTION: forcing a failure. [ 1738.256827] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1738.259882] CPU: 0 PID: 25504 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1738.261620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1738.263712] Call Trace: [ 1738.264377] dump_stack+0x107/0x167 [ 1738.265294] should_fail.cold+0x5/0xa [ 1738.266264] __alloc_pages_nodemask+0x182/0x600 [ 1738.267441] ? __kmalloc+0x16e/0x390 [ 1738.268381] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1738.269896] ? trace_hardirqs_on+0x5b/0x180 [ 1738.270995] alloc_pages_current+0x187/0x280 [ 1738.272098] sg_build_indirect.isra.0+0x2f5/0x710 [ 1738.273319] sg_common_write.constprop.0+0x992/0x1a30 [ 1738.274629] ? sg_build_indirect.isra.0+0x710/0x710 [ 1738.275870] ? vprintk_func+0x93/0x140 [ 1738.276839] ? printk+0xba/0xf1 [ 1738.277664] ? record_print_text.cold+0x16/0x16 [ 1738.278833] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1738.280091] ? trace_hardirqs_on+0x5b/0x180 [ 1738.281184] sg_write.part.0+0x69e/0xaa0 [ 1738.282201] ? sg_new_write.isra.0+0x770/0x770 [ 1738.283364] ? __lockdep_reset_lock+0x180/0x180 [ 1738.284519] ? perf_trace_lock+0xac/0x490 [ 1738.285558] ? lock_acquire+0x197/0x470 [ 1738.286550] ? find_held_lock+0x2c/0x110 [ 1738.287599] ? _cond_resched+0x12/0x80 [ 1738.288600] ? inode_security+0x107/0x140 [ 1738.289663] ? avc_policy_seqno+0x9/0x70 [ 1738.290737] ? selinux_file_permission+0x92/0x520 [ 1738.291972] sg_write+0x87/0x120 [ 1738.292827] ? sg_write.part.0+0xaa0/0xaa0 [ 1738.293887] vfs_write+0x29a/0xb10 [ 1738.294800] ksys_write+0x12d/0x260 [ 1738.295713] ? __ia32_sys_read+0xb0/0xb0 [ 1738.296752] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1738.298072] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1738.299387] do_syscall_64+0x33/0x40 [ 1738.300325] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1738.301610] RIP: 0033:0x7f794b5b5b19 [ 1738.302550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1738.307189] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1738.309105] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1738.310896] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1738.312684] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1738.314479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1738.316266] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:22:00 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 46) 03:22:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40a85323, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:22:00 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000100000018000000c723f102d4f57f1e135d730d89fc6c880d398938316814378a80575e47bab18cda70dfca37407659b4aed0dd6ed17f7fffd9a4c55e9802aed382a0b27441e069cc6c48025401d00912e2c2eddef5aefadcb6a127a7fcfa68bf428706e80c1d797b4ce8ab91e7f150e1e38e71dd31d811aba1da37fe1df4007c2e1ace634e2b188befa3d0f44e1503d63f13ab16149c90f5bd4e000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00040000000000002e2f66696c653000"]) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x1, 0x9, 0x20, 0x5, 0x0, 0x8, 0x40a80, 0x8, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, @perf_config_ext={0x4, 0x8001}, 0x49004, 0xab, 0x8000, 0x8, 0x7, 0x4, 0x3, 0x0, 0x9, 0x0, 0x7fffffff}, r1, 0xa, r2, 0x8) 03:22:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 52) 03:22:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:22:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x0, 0x1f000000}}) 03:22:00 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_xfrm(r1, &(0x7f0000001140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001100)={&(0x7f0000000080)=@delsa={0x107c, 0x11, 0x1, 0x70bd29, 0x25dfdbfd, {@in=@empty, 0x4d2, 0xa, 0x32}, [@algo_auth_trunc={0x104c, 0x14, {{'xxhash64\x00'}, 0x8000, 0x60, "d7595685a73cc3ced9ba4f1b2721b28c39ce4f4330b4ef5ea80d51387ad5202f23f6b2d20de11970fdb02d500ca9acc492f7154d3b8c6bb2191ecde2d2db8e3d432fceb71e37f42e441385c3a1267192cc3d8552637a98881925ca3c780c91251bafe0474acaf7274638b27214c6311a83e28fa186ee13da62dca72a53756bde972a96a43c2c74a0a1768ade166bbb06b084cee37e300f806541f10c87e57e33eb222c3ec4cf3c34e9af4e77d241100cb56a83ce20f757e8014ec1c2a5136a38214113324a415ca9a1b1b98c7fd7ad23774de6dea89a8d51084eba371d88881b8d33376f813b5184d4d8fea340df38ec9241cfb2e7750ccba3be2659178e857a17996237c4799fd2c0595487c50cd147ec83dc6dc721bbaa57257a3e68529fa92360cfcdc989a25651810c11cf77384c949e6e61083812a11834e69dfea32de5dc0210e1de107bf3ef905bd8222f9837c8a5087dfc3f33298efbb2f601be0d9763c3d237f50ccd7ea74682638b9f5dd4a7177c61ef9534b1fd409e5ad368685fcfbde344e63dfbbc4cf178509f5cea6edbc71ffedc34b1a5ee9b174d23719de05230ba38b28a8581c0379e4521adcefa781862d7781f843990aa71419af50b027f464a4d88cd8834b82a1ac5a65787740722eaba9a5068e96d50f618d6c250172dd29ac7e7c4a4de91db0417e7dcd670a721964311431a91953b343fab803a6c278a726841695f1a8ca1a70e78aa25d3ee46bb45331120a60d65b3799f7e707bbb2d9a7dc7c7c4ec3f3375450e3e34ccca01ab21268dd41c9b2cb932c5e1ca8fcbf5e8543b6299c11aa0da29c615363e9ef14d4c812c5d778249f23270303e70901f2bb0b9c00d0ce3de16da18b44a4666b20603ebe46b768bf87efd39accf80ca59e98a42090632612a90ab037f2dfb57e40a1fd052f014db19d44b2b2d9a2e9daa7f3e36d163f6b9745eb8749403691dd7831db24a139ea78b731752b2d3e9a9595faca17047ca72421d8508cc0f8fe50ee7d13b9ca8eb115f546e3b12361e9f9dc727e60ef1095ff72e0d8492c9019cfbb519f8f6440a2082e88bfd660fc293d4605b134e770341e3b30681bb8cefd7aa589260985160694d644d21e2e247140278058790bac158c6f133514ca1e7c9a20c42185419cc3bfa6a92cd975ac1ff02712d5d7812a8f599cff912fdcd5cd09ba8cfc9482d3c8041faf1b74c904dd7012911c521ff1ed0d7d0b73f41782bf36d8cf2d2746a65325e1c7f2cb85e6da63580d08d8d3abdf7980a4e7471f9631f39baf2c355aa1e6647c88f4e316509fd67c6e92f4c46dfa536f2f77ac36462d3a6277c7d69fbf2f26c6b6076812c672cef0e782a7fc8bae52aeeffb6af877a0026bb4f41d621450b119df0ed712cdf4dc853ce0f3658f4dc89aff3cb258012e6bf9ca45c98b4dfa57644517e21721b31563368a37d780441bec80939cb6088daf5abd97b978808aeb2254efb8dbd0b3621f8e060e8cd0a8a83120aa5a857ea69ffbd1256ef7928114fdfc7f5a164cfba6469f307bd33aaa83f12526fa30702e396458270770aa7e429d87b7a4c6af4e64203ea392863bade284f729bdd1f7e9392475d23e5c70c8384506f36afbd33588eeb54b99761a998a7a32bbe6184296f5257a75d61aad6e9b0cbcf2f3f00c459078ef6555c16c5be40718fa4846f04fb4ab347158dc3c82897696227b934f581ff57e13c8b76dfd008478414c1c8921933f2fa5d96f654b3642727ac853052d3eab0fd584808836f9cbda1701b6c83c457e72420ff4b330eb1d4da2165531ebc66fdd275bf8f6e54032eb8e6828a8ff3b474e6b2b71c1f8fb5d61bbc0db40ae139a14d49c362fb4bcb382d1a0b1ca31a1df3337d08d3de69def24e1cdbc7f7873026a32147f9d91f405c6359bfa301ca707d61ea4bc7542c90cb0fb97e669ad644f259d1e87b4b8b97305a36063c419f3fd564838a89cd07427571557e2433800c98cfeedea720d274b7a1bcd89787d565d103a9d3639ca4033971c21822842be07fb51f70099f6fb9aaddcdfc9bd16002d7583f83999606b83228db34d24705255c796814ab949ff94fa8a49fe427620ef12a56a6f0a83dec88733c722f6ec89a0380879853ededbdb29c99a5e84f8c8ddd745303666fcb372b0cd3d6246aeb8a41177066def16a00a84f9e85c827c4e4e27b3c70b181dbbf63a53a12e9b77f012d9f667b71014a7eb58dcb4487b5319d88e3236a086e0de8bb269f46ea6a6c6dec026ad5fdb06819d2bd739dedadb623d4823cd5279f4f6492da85ccdad458fed821df62500913f59905da1907408f821d6df05af029feb0e52be7f4127263971f354c509514501a4d1a1aad688d323d1fefbe6806b96fb23cad4320a751eb3f58d8c0dd7d0cdcb656a815ca1a061b7163ef2d2918edc84834242a38f1821463ec1081a33d77be562bcd06fab366da4d827f5e30212f18f068855862d33db64d63abc1b7508950e01846d4c19b9ec0204161e1316e3d9db88de1db996a42571a8433d069c825b03cc6d09042da20b59fd157a4342f0688d363cf09d27b4a261cc61f07b24f818a2244786702a503ea72fc8a355cd0246571a56112fb965ba0e19ae12b2cee770aca8a2c410bc9aec153920d01b6090b613cf4f423c7bba914b4f64942cb437ba37e1d785d0f5bcd89cce48ad8fb82dfbee91056128f24e97a30d0673053553cf436ddff3704972c9057cb9c3e202ffef243686af5e1a4efbe59e14036b84125facc15966ce62271c269a143238831aa9ca7c60f277b64f14b0dca35d8a875a385f8a26a2b677a90c1eac7709b0a7044ba34c7814c2a2e3372731c705d0651f4a4cf92245df0e9a9a388510d7e2554f48d8952db5ef746c77f40d661d1ebd1ddf648955bdd766bca442e73c3b66900cedee264a105638ae04511183a6c50c9cfffd77c076eedfadd5918471cc6f75b8c6e129680eb96716e9dedf284228949bde2170d3e06fb4b22e97d55eee4919bb9af35d65d036676b538036b0374e0a7730b098c927aebef808ef63032b9f44c1e3b0624578b46c6dacfb66b4a064afdcc5d7476db9a994555860313f3d238c16224b05c7c46216e039a7d5936723cd19718c501dc07e38f5b1392dc1d155d5791898ca79a6247bb7a709a8a80a57391459f36aca1292ebcf474687abb8fc8d173536a248a5f3ddadd28e01f14c1301ec15f084ee12eb5b860719262dbd963c0c1a6e07cd6450442d5e8fc6012eafb3131abe33267a579fe6139e330038bead89a252b6cbf93cff87f2d303ff466f3e1bf2409b06a9cb8ca652ec891776b8d7fe2c0685dd569422bb12bbcc308d41681ab6d87586a428635328fde4fd3b590c6e7756ff9e8d8703da23d6db02657acb64bf5750667a0dd872b540a5a1037a3e730476ed99565f536159c541537e50976d6407f7f8c5a3149b04ccb41a1a7d66f623d03d689d730f5e53721e53e20c0b0cb2dafdd9e8810d030572d8a5bed7c4833d40cb924a4c38da30f09dc1fe959d9fb10a70504aabe1545475425637c2753502eb08cbf304d18372444d0ab0ee405c6aa316a5b8ff66a6a35f37d5e35f02f1104c87244c3d3a576ba52d298941a89ba8dbc77e9bc6776043e8a3f849a1ca5ced872f35ae2096b496f041808ac008d5e93c89697270d5fba6af5a1dbffd6389cf3ec8afc95caec3cd94a39ee7dbc8124b1528dbac553ebcf397dca412e290b0e35bf62b762884eb472654021be876ebd2f0bcad75f443a81d1b0306790587b942d5a170bcb2bbecd3c6c45c6610173e707c476478360d38f2de470db2f4095e4e9d6ff6a22cc9fe69e3f4f642bf193527a4b42dd852353de638d0fc9d0bc795f01040ce004fec50834c330fe3c94f0533c609f331093431b9a403c96133678140134ff914a7198e4fbb39f2bae79f4b1c5a58c265975a39e3a3838a2e3cf47297607aeb17dfefa05e78f2af09b068847d706a57a28532eb8099670e8f6ecab13473457d93078e2e69fc80ae4f82c61450485131c899efddfb2e9bfa7d17e74e1c9b753f5d501eb879b890a620b1e9898a441ceb9b14d2b5dcf3b2612523d7e27042e28d2bf0728d3cb998fb53d605ab7f16826073161ea8797a269cb0b972194e89ccb5ea658c468b211a5975b7117a09edec5b4c39590ec95cde3b054e1e3334f6599e089af11fe4cf1ed45f2b0eb036b414142f158fe2fc5ed1205f5f1d809c174331a4dc2c5914b14b3677686076fd5076badbd8c2a19138ed368a123c437c216f6052947a9e06fb077219f890cb89381c059c29422e5b03d5547021ddc32b49b2e63574e5bdac020775862939b74d953a536c14d2f513272eb176ce3395c54912b493db5f73ec2e6b55941cfe7bbba4c38029745bd2a3bc42c870c4c7d90f59045446aa1d522238295ce8cd6441e123313e3ec3f6b217b18e83f523b309c601786918c56c4e5b0a1d4ba2ddcf80be47b18e53a350c665e0a1e2ad1e32e3329e4c209119caa598bafab15cb98f6b45d7e34f26c05122e5e53eca46e930d0a8c29da5a7eafd26937cfbc616dd5059585dc1f5f33757e4a7c16331b6efebe21c2cef9a4cb3f0c7094050ed18d63af08148c4b935e884497417c7b43bff11b35c9ec1337d87c59668658553469140accfc395e7965fcd6d6c4e08ca661356ef68f93ebe325617ac02400a18038966f567df778b386ab2dbe67cfe94714dbf39c79e533aa3586566314627027ab5c3776bdf4c53bdc80d0917efe7cc890b9e4e9f0b9dd8373302ab9dddaf0da0001fd423581b79eba0d40105a5b24789dd400ba25c1e491e2e64553b0a5098346da8307a30591aee5bb0fcd7c2189cba7d9ef3f403b55485e1d1bab2f69ef1656332832b93c014ba70e7b5c434a577c934079bf6cb07309f3588dadb868b5f8c3062cb24c5ae28ca8a90da1a55de20f9febfd09c3aeafde675c4949e40bcb707bc8b5b089e9d52a05b5c6a413fed11969aef897a5dfebf1ec22f1f7a8e714d6b5d691b9148ea1d6cc6868ef346909a9164c485a31961ae72877fa22c7b1257e564d39da38d1d5dc3b239040ae37069671119f31cab111c6764c3c79d21b365fce1c4ac8a4e592f1365f9f6af2e8cb124a7094f98db3f9ee8286614041f6201c529d72776ab1139f179515dbf63221f2f8dc33b2dd63e50eed15e70030d2b3860c3949d90ecbf8a6df113878c69bbc75668037d899ce4ece64dcfad1b3317acb9b8e94aa8c793dec8e1b47566f5cf0fb63d3c31ec3fe816bed7d319eded818e353d75e8cf380945f495f7908c6a0a80834f3a38cc9d2ec6fe36c8fbd4279180feb97f7e185db94ea1373c3a75302369d54aafbde954cf2e6c7af0f5153bf149db25f635515dad157f7fe514f4a958c836ac3e01ee2eee91f869ed29fbff1cb777f1be1cd3651f54d5da6c27738fbcd937c156ffca83176a01c48942546bd0993fa201ab3be1644704ebae47ef54d5ff551e95214b5b71c6b6d90c625c3471d3427553d9133eb2c5fea595c2521cd9c8152c193020a5695390192563adc98b25a896733b0a956176bba1ad34fcf1a19c86200d6c2bf41762d2c35754dda36c268d29df7f4cc5e0a2b4f346d79d030fa0b857f78856469fcb11db8d425316036f0fd6116f9a07a9c3b782d8e8cf90351b6b85392844dd71176468fb229adcf24eee3b7fb47925a81d12af23a0bdecc45bfe8dbd6381dda24f2082f1ef31043198dd07cddb41b96989af5420c539cab3ba7dd2c1ecf0589e3c4af85ac09"}}, @XFRMA_IF_ID={0x8}]}, 0x107c}, 0x1, 0x0, 0x0, 0x20040080}, 0x4000) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:22:00 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) sendmsg$NLBL_MGMT_C_LISTDEF(r0, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000740)={&(0x7f0000000680)={0x88, 0x0, 0x920, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1e}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010100}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @remote}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x36}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x10}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r2 = getpid() recvmsg$unix(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000080)=@abs, 0x6e, &(0x7f0000000540)=[{&(0x7f0000000100)=""/24, 0x18}, {&(0x7f0000000140)=""/108, 0x6c}, {&(0x7f00000001c0)=""/108, 0x6c}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f0000000440)=""/253, 0xfd}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x6, &(0x7f0000000340)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}, @cred={{0x1c}}], 0x40}, 0x1) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000600), 0x80001, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x67, 0x7f, 0x73, 0x0, 0x101, 0x8000, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x6}, 0x800, 0x1, 0x1, 0x4, 0x0, 0x1, 0x9, 0x0, 0x7, 0x0, 0x2538d716}, r3, 0xa, r4, 0x3) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r2], 0x1}, 0x58) [ 1755.154157] sg_write: data in/out 150996188/80 bytes for SCSI command 0x0-- guessing data in; [ 1755.154157] program syz-executor.0 not setting count and/or reply_len properly [ 1755.161040] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1755.161040] program syz-executor.6 not setting count and/or reply_len properly [ 1755.170751] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1755.170751] program syz-executor.7 not setting count and/or reply_len properly [ 1755.174231] FAULT_INJECTION: forcing a failure. [ 1755.174231] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1755.177037] CPU: 0 PID: 25662 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1755.178589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1755.180768] Call Trace: [ 1755.180794] dump_stack+0x107/0x167 [ 1755.180815] should_fail.cold+0x5/0xa [ 1755.180841] __alloc_pages_nodemask+0x182/0x600 [ 1755.180860] ? __kmalloc+0x16e/0x390 [ 1755.180883] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1755.180914] ? trace_hardirqs_on+0x5b/0x180 [ 1755.180941] alloc_pages_current+0x187/0x280 [ 1755.180967] sg_build_indirect.isra.0+0x2f5/0x710 [ 1755.181001] sg_common_write.constprop.0+0x992/0x1a30 [ 1755.181035] ? sg_build_indirect.isra.0+0x710/0x710 [ 1755.181056] ? vprintk_func+0x93/0x140 [ 1755.181076] ? printk+0xba/0xf1 [ 1755.181096] ? record_print_text.cold+0x16/0x16 [ 1755.181118] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1755.181133] ? trace_hardirqs_on+0x5b/0x180 [ 1755.181168] sg_write.part.0+0x69e/0xaa0 [ 1755.181194] ? sg_new_write.isra.0+0x770/0x770 [ 1755.181219] ? finish_task_switch+0x1a4/0x5d0 [ 1755.193160] FAULT_INJECTION: forcing a failure. [ 1755.193160] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1755.193481] ? __schedule+0x82c/0x1ea0 [ 1755.202884] ? io_schedule_timeout+0x140/0x140 [ 1755.202902] ? find_held_lock+0x2c/0x110 [ 1755.202936] ? _cond_resched+0x5d/0x80 [ 1755.202955] ? inode_security+0x107/0x140 [ 1755.202986] ? avc_policy_seqno+0x9/0x70 [ 1755.203003] ? selinux_file_permission+0x92/0x520 [ 1755.203035] sg_write+0x87/0x120 [ 1755.203056] ? sg_write.part.0+0xaa0/0xaa0 [ 1755.203074] vfs_write+0x29a/0xb10 [ 1755.203102] ksys_write+0x12d/0x260 03:22:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1755.203123] ? __ia32_sys_read+0xb0/0xb0 [ 1755.203147] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1755.203166] ? syscall_enter_from_user_mode+0x1d/0x50 03:22:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1755.203189] do_syscall_64+0x33/0x40 [ 1755.203207] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1755.203220] RIP: 0033:0x7f5171091b19 [ 1755.203239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1755.203249] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1755.203270] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1755.203281] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1755.203292] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1755.203302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1755.203314] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1755.203362] CPU: 1 PID: 25673 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1755.203375] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1755.203382] Call Trace: [ 1755.203408] dump_stack+0x107/0x167 [ 1755.203430] should_fail.cold+0x5/0xa [ 1755.203458] __alloc_pages_nodemask+0x182/0x600 [ 1755.203477] ? __kmalloc+0x16e/0x390 [ 1755.203506] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1755.203538] ? trace_hardirqs_on+0x5b/0x180 [ 1755.203565] alloc_pages_current+0x187/0x280 03:22:00 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) fdatasync(r1) fcntl$dupfd(r0, 0x0, r0) write$sndseq(r0, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0) openat(r2, &(0x7f0000000100)='./file0\x00', 0x180, 0x8) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0x80000000, 0x8000, 0xcb56}) ptrace(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1755.203590] sg_build_indirect.isra.0+0x2f5/0x710 [ 1755.203625] sg_common_write.constprop.0+0x992/0x1a30 [ 1755.203658] ? sg_build_indirect.isra.0+0x710/0x710 [ 1755.203680] ? vprintk_func+0x93/0x140 [ 1755.203700] ? printk+0xba/0xf1 [ 1755.203720] ? record_print_text.cold+0x16/0x16 [ 1755.203742] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1755.203757] ? trace_hardirqs_on+0x5b/0x180 [ 1755.203792] sg_write.part.0+0x69e/0xaa0 [ 1755.203817] ? sg_new_write.isra.0+0x770/0x770 [ 1755.203849] ? __lockdep_reset_lock+0x180/0x180 [ 1755.203868] ? perf_trace_lock+0xac/0x490 [ 1755.203893] ? lock_acquire+0x197/0x470 [ 1755.203911] ? find_held_lock+0x2c/0x110 [ 1755.203944] ? _cond_resched+0x12/0x80 [ 1755.203964] ? inode_security+0x107/0x140 [ 1755.203983] ? avc_policy_seqno+0x9/0x70 [ 1755.204001] ? selinux_file_permission+0x92/0x520 [ 1755.204032] sg_write+0x87/0x120 [ 1755.204053] ? sg_write.part.0+0xaa0/0xaa0 [ 1755.204072] vfs_write+0x29a/0xb10 [ 1755.204100] ksys_write+0x12d/0x260 [ 1755.204119] ? __ia32_sys_read+0xb0/0xb0 [ 1755.204143] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1755.204163] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1755.204185] do_syscall_64+0x33/0x40 [ 1755.204204] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1755.204218] RIP: 0033:0x7f794b5b5b19 [ 1755.204236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1755.204248] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1755.204269] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1755.204292] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1755.204311] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1755.204327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1755.204344] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1755.330220] sg_write: data in/out 150996444/80 bytes for SCSI command 0x0-- guessing data in; [ 1755.330220] program syz-executor.0 not setting count and/or reply_len properly 03:22:18 executing program 2: signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x9]}, 0x8, 0x100000) getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)}, 0x58) r0 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x3f, 0x8, 0x40, 0xe1, 0x0, 0xffffffffffffff00, 0xc410, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x4, 0x81, 0x9, 0x2, 0x6, 0x7, 0x1f, 0x0, 0xe504}, r0, 0xa, 0xffffffffffffffff, 0x8) 03:22:18 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:22:18 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000002e00)={0x7, [{}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {0x0, r4}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {r1}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {r2, r3}, {}, {}, {}, {}, {}, {}, {}, {r1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {r2}], 0x4, "9755154351ac9a"}) [ 1772.823863] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1772.823863] program syz-executor.6 not setting count and/or reply_len properly [ 1772.831104] FAULT_INJECTION: forcing a failure. [ 1772.831104] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1772.833557] CPU: 1 PID: 26001 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1772.834889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1772.836498] Call Trace: [ 1772.837006] dump_stack+0x107/0x167 [ 1772.837704] should_fail.cold+0x5/0xa [ 1772.838444] __alloc_pages_nodemask+0x182/0x600 [ 1772.839331] ? __kmalloc+0x16e/0x390 [ 1772.840054] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1772.840804] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1772.840804] program syz-executor.7 not setting count and/or reply_len properly [ 1772.841209] ? trace_hardirqs_on+0x5b/0x180 [ 1772.845761] alloc_pages_current+0x187/0x280 [ 1772.846605] sg_build_indirect.isra.0+0x2f5/0x710 [ 1772.847536] sg_common_write.constprop.0+0x992/0x1a30 [ 1772.848205] sg_write: data in/out 150996700/80 bytes for SCSI command 0x0-- guessing data in; [ 1772.848205] program syz-executor.0 not setting count and/or reply_len properly [ 1772.848539] ? sg_build_indirect.isra.0+0x710/0x710 [ 1772.848564] ? vprintk_func+0x93/0x140 [ 1772.853910] ? printk+0xba/0xf1 [ 1772.854542] ? record_print_text.cold+0x16/0x16 [ 1772.855423] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1772.856385] ? trace_hardirqs_on+0x5b/0x180 [ 1772.857223] sg_write.part.0+0x69e/0xaa0 [ 1772.857994] ? sg_new_write.isra.0+0x770/0x770 [ 1772.858872] ? __lockdep_reset_lock+0x180/0x180 [ 1772.859759] ? perf_trace_lock+0xac/0x490 [ 1772.860548] ? lock_acquire+0x197/0x470 [ 1772.861301] ? find_held_lock+0x2c/0x110 [ 1772.862080] ? _cond_resched+0x12/0x80 [ 1772.862816] ? inode_security+0x107/0x140 [ 1772.863612] ? avc_policy_seqno+0x9/0x70 [ 1772.864009] FAULT_INJECTION: forcing a failure. [ 1772.864009] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1772.864386] ? selinux_file_permission+0x92/0x520 [ 1772.864417] sg_write+0x87/0x120 [ 1772.868558] ? sg_write.part.0+0xaa0/0xaa0 [ 1772.869360] vfs_write+0x29a/0xb10 [ 1772.870037] ksys_write+0x12d/0x260 [ 1772.870723] ? __ia32_sys_read+0xb0/0xb0 [ 1772.871499] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1772.872495] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1772.873466] do_syscall_64+0x33/0x40 [ 1772.874165] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1772.875128] RIP: 0033:0x7f5171091b19 [ 1772.875846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1772.879286] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1772.880710] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1772.882037] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1772.883368] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1772.884699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1772.886039] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1772.887399] CPU: 0 PID: 26003 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1772.889046] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1772.890998] Call Trace: [ 1772.891643] dump_stack+0x107/0x167 [ 1772.892510] should_fail.cold+0x5/0xa [ 1772.893438] __alloc_pages_nodemask+0x182/0x600 [ 1772.894528] ? __kmalloc+0x16e/0x390 [ 1772.895406] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1772.896854] ? trace_hardirqs_on+0x5b/0x180 [ 1772.897887] alloc_pages_current+0x187/0x280 [ 1772.898934] sg_build_indirect.isra.0+0x2f5/0x710 [ 1772.900097] sg_common_write.constprop.0+0x992/0x1a30 [ 1772.901350] ? sg_build_indirect.isra.0+0x710/0x710 [ 1772.902511] ? vprintk_func+0x93/0x140 [ 1772.903426] ? printk+0xba/0xf1 [ 1772.904212] ? record_print_text.cold+0x16/0x16 [ 1772.905319] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1772.906520] ? trace_hardirqs_on+0x5b/0x180 [ 1772.907553] sg_write.part.0+0x69e/0xaa0 [ 1772.908533] ? sg_new_write.isra.0+0x770/0x770 [ 1772.909627] ? __lockdep_reset_lock+0x180/0x180 [ 1772.910721] ? perf_trace_lock+0xac/0x490 [ 1772.911728] ? lock_acquire+0x197/0x470 [ 1772.912667] ? find_held_lock+0x2c/0x110 [ 1772.913645] ? _cond_resched+0x12/0x80 [ 1772.914567] ? inode_security+0x107/0x140 [ 1772.915519] ? avc_policy_seqno+0x9/0x70 [ 1772.916478] ? selinux_file_permission+0x92/0x520 [ 1772.917604] sg_write+0x87/0x120 [ 1772.918388] ? sg_write.part.0+0xaa0/0xaa0 [ 1772.919362] vfs_write+0x29a/0xb10 [ 1772.920200] ksys_write+0x12d/0x260 [ 1772.921040] ? __ia32_sys_read+0xb0/0xb0 [ 1772.922006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1772.923216] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1772.924419] do_syscall_64+0x33/0x40 [ 1772.925292] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1772.926466] RIP: 0033:0x7f794b5b5b19 [ 1772.927343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1772.931575] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1772.933368] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1772.935012] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1772.936656] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1772.938308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1772.939944] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000000180)={0x0, r2, "52be79df2478089d69f08f5b92554ed378e13922a5b01eaa39ce57489ab9a521451998e1dd386aab83f2b1802cfee2efdc73272907047f09543d11b0b651e4dc6182e176361e1ccd940319f9b271fd661ca61d6fe1d162260916d23d7ff1697512b2646f769ed67752d8e67660bfa7260c500151742d70b81c650ab84b49f125015a0c04d7b092450f5dafceb58d71dc5e8be0a459fe7943f1b0edddba77893d3e84a64cb6af54a00ad7aab20f140497231281edb12ac98ac3540d5dadf6541aa52c2a4b26780c20aecedb76bf9892d3c4d5c278c786a2d0c3a84e3b432d908c49be27fa82818b8852c03f7e1b7deacae8dbe32eca247150de1d38fc51821344", "ea5842cbc2d18707b56c212823bcbfd96bd500f3125784ef556686f6ec8454c8e1bebc16596a26f65e39f6bb42c47d5b245eb8b3eae49ad744be89d4d8ce2c1b39ec7f628b519644db50903cd8a61144e5176a782c00baae2b451776047c05e1ce1853be438e8777f20faea646bbf6adaf1c43056d4530951d3edc2d455a08be62f147ecb716d41da1b492d4e84c026b14d69b33a395cc4e6b7555a5c04daafaf1a8685a485ec8188b03e4775b05fbc237a2416cf0e2a29725b6ab853cb88b2af3e6b650c504bbb36ad815ede54923c5ee1829b0ad63223c22070c9ce51f103550ec813de723f8211349c22e84106ce5bb9ffaf7287276ebb620a69135a33275de38027f6a69dab17448d78f899ad1abddd4ed692912e68cab2a12ae695f34fadfbd356ece53524d0a4f78825a7ca987d722b86cfba9e426268e27533f233b8cc6c0afe236bd0019cde7a377df0ac1f5e2cfc9c95bb7612616b216b98e961ff1685d1f08e21d8f16408193ebefe5b627877e37fdf711e5cf11acb4cfeb6054d78ae786ee8860f7b1c21b21cc09b98232c666705041f42884d3f3996e366a2e78a132f368c7a6aec600dc72bbc2676a1adbc20b8e635e3005977d6c5a8a0d6a6a38d678b9bec9c919f8e55ed2928cb9dd9f20576e6c2b0f73ffb4c93bee4055279d9eaa6ec00b13f0f1b079e8fa7000b48f4e66c42f9811d6db8bd2006d08b6b99b6bf49a02001d28faca243db447251f2709018c43bf76375f6a9cf235b6c51dd255e00d18f7ee5d4b43bde5733f21adc2665f063276a18d9138df04cb19a3a30958ad40bebce86241a379f23b1a066a56ea31ffc053f6fd6b50fbe7ce6aa4ab4d259b8b9ae2bf179237da3a754e708ac66951325f660ce57cc7777f6f43ad97e6449590671e0744090867f79469bc7836439b71d323373b6f4bf0fa9b36d5bb1f46c8fca1d73904d5642f711448af14900cab20698255d90b17537638c74938332e814e1debd623154524b31680ba19867cdbe5ffef5fe658d512a42c9a4b1ccfe60c0e854148b0289189b288f1ac6afd38d24e038d597e6646553a35a56af25df7a8ae23f7b09dd9c0022d0668cbed5bddd7e57da49843dfa65061f640721806dd59c691fe73e10f7557823b587bb335fb058e713a34106558e0a2058374719a43a4472a2b98b5d75366641438fe5f430350d6b335a79f83e735ae966d90e5a2586a9c699a056a4643e08482a01681803a8fc49e816f6a41a4e64499aa484f48fcd72085b2b41634f449d1fc18cb84ba9eb090394c442dd2315ba71bd0f58238e625d12ed43c052312c3cf055c2bb78be80f24b403fe4fb7ec1dbe0834391872af148d3df998965a9f03425beeefd0b76a2c786003bbe8d0ca1510136a5845010d6a6445f6a0210279a21c5eafcd118240364d02aec51ba3c1ffbf1cb66a4e9df1a199f4b2535a5ad90218a2a0bf46b468850c0d54fd471b461a8d3b70d204c3d49696af46bd90283d78e2edb01e11385d4cc6f2a0717395d9b046c391801952e069c699842b25c1de40da12063703c00008d3df3b027440a954d46dcbf199ca389e52d7d15da16aa825e9f5bb8db7efa3e5ad5bdfd265d4e236153b47bde8d76148a7bc8cdebbaefe8a5983bb570bb6a8020a96263f454f14f915eba0bcd4dd68df6f4c22af86d14b2397c1213a4b6d6ae5e62525d1a8561efa923aaa0879dd2674a907731a91879126920c79bf0081c3e274f44ade155dd11f72860986d5154cfb94976747c4f037c1a979cfe38e889c7f3e877d32106df2743d52336aec584b3cd8253cb29a80d3331408cccbfa5a48110a1c4a8c5f71ae503bdfebd9f37535b7a2f8e377128d3ff9300df68959809fba95860e2c15663be2a57d39ccedf8456cd2073a519a041e8b38386ffb7e51242e6d53f302916c1619767f7df895fb69ae2cca8fd9db3443d75a3c38b84c77a21d1bf66f143d48bb0a1b2a68d39495496a76abcfc1e1da2c65716eb7fbf3e4dcefbae1f09d43138ea18fddf82df14f5aef2d362fdc1799b6780d4de9ffffd82d3e93a4f4c1326e06fab9055207dca4d7074f802b8f17eb36a37d33502b88b46ceb122a76de5c366dd6c03c55c907fd59e46726a8611309a7a31b8b518d4074c5dd35e0dc951af54cdedc7a6f511c74ae6eae12c483552331c279997eebf6d4676ff1dc238b69869d913b4842e43daa6ed64e03b4e0e7fe74f1ab29cfbc905ea1ae17a6b3cc48dca24f0c9b653c8b67eb03008c27302e8f085740544b4a4f2d2f936e80cd56f55c04dea8efa2bd996ff2be2320a64d5d6b6f2fbb163fc3acfd8076bc80c8d7f4224fd013cb0f3d7c200e39cc61b4003d7ac09df7cc487a0cf1e20f5c171d4257bb8b732903eed04dd44ea3893e0c165e225469b39515fcedf1572dcf6838a31cc0ed8ae5d93e83ca37767f166502952cdb93f0ef74930af6808984632e539064fa214cdec4f13902eafd13a89f09328d5bc0c75a7b94607faf00647b8e66eeb02702bc8fbb47266ba854352a578f63676618e4a0feb5babf865a9493d3e46cd9741dc4fc23a2f8c81c49107664f7b513fbad309eb5074366008ce2ca99e2c93eb91de777b5b0a4d1dd5935467fed77bd7f9e4cc9db7ef4c527e6298b7ebe379d210345aa73bf37a29a6a07b9ab3267d6c98f19e775ba9c18e180fdda6dac06bf0bbbaa0fa7ef3338e2b5236ea0f8da64331b80dd095568bd1bdba4c0da8eca66785c661b30993672515db4179669b7477647c3ab98ff6c217203bcf67d419e83753ccae8318eaaf756a083f85e4214d75f9848c71e928bfa6d559176867a3fdee7e5af1a5848279f3feb003032f0356b916093ba95bfe41edfd9b7f4993d4d451bfc50a453a885b0d99f2d9aaa6a7d87669f100a78bb47fe98e7e7d91e19c2d16d60d2eaf205925f968ea915be63fc5710179af74d4f2bac35085b3bed4354eb80d26d6cf37e0e40bfe5f30973faf5d3e55d3872c943f11897ba8e162214076d0a5e7ac6382d9a687395943c4f01145acfe37ddf285fb50c0a0a5be4dc379cee735acb612959f74686b8cf018f4e930434fd67d4de648091da91ccc9216c40b70683281b4345e0d0a91fdb30e70bbd596fd09cba667be863a1e5cc34e4ed5e134c54efb34d5698dc143026dc9dcb9f09f2a5f7e128f53ba878cd5c04c0353636272fab13d65b0eac09a621f32b86b7ba9f85dd7c63d25519814f47184d7447f0f6048996a9650db96c8263f501b09c6f9a84b0e6ba50967707076e96d34d863e74f085ea49fb857f7518fd4cdcb4459e655d50477dfcfb12e81bf1d8684fc8f6795cf65fe8875215a948b1fb451fd0afab482ce90154fdbe402360816f62aa1cd6a2ecf4b9efae996ccce4e6a5857b6d86eeff787bf3ec21c307296820bcdb887893e0a1812028d2561b81c0db924a979ca3f980686cc0f8d3698368e3588c4c221b741c8582365dea0fd74bb79929c055534d0399370a07b6d3aa59ee1ea9de5db47a107a9e1e83cea99e77664cc327a3653c646eea6e7a5d110b9488a38aabc49db49fd15b2e1d5d9c3bfcfd9b9a6a52a70db5683f182a87ad67fc81f5ed2f1605a00e159944a7773566de8104bbbd37bab0229616877fbc2879e1379f3311ab646de2746447ed188bffcdd8e725e6d6bdb7a37cd4f6f2d4078f83c71b922d831478a890a59c3bfde94b23c89dbb59570c178c1fcda532ef613d4a389265ecacfced80928604d65d6ebe0aebece910bce7ad64af00ee468154a602ff6856e9cd59d9f27e0d5283af6c1de8cb1c13eba0128a2df1accd5ddbb2576e042f7dca690910edfe77ad80dec673f763d82c72aa5b8d3e5f769bcd177925f960be07331fcf19853134a07e9d4b0ff95a037978c1da93a36f2fab298d298d7baf023b36826fc665be6631f5322c139ae21ca8bea82b71920351ed08af2a665d693d52a1ee7ac250fb480fc24a62dd4e083e4f5dffb3c0078afdfde68c43694bcbe0180712276efe782ef29bb0e30417acd6a926b6a34696d7af0dc0ba7590c0020e1e4c1582d08efe8b80ff99f6faba0a7ed531b26191db7ae5be1e8a45019998108eb15ee0a3c1f22c8611b553573ffbd402ff705de2a7d029fe0cdecb049158722a5e0141d1f6603580635e7fa182b64506bc471da057ef79203b9ea145853793138d48977272b543c277a68cad9c8ed4df281396f31142fc35eea43e48e2590df50314964f472d0d100899fc5fcb7fdb2c8e221f4895791e566386c7b330b6368bf10ca27c15c4980201440eea680df99ad7da7cef2fd27e5f045fb695f6f36f69cada1c48f61539aed81886751df792fea7f43b7e5c870650c595f4bbcc6db11cac117ac43aa5a980cb8f2abbd0978e08bc6c4e8cdce8e7a94fadbb788dba36816dc36b4317f205cd6a5cf6728d5b9d7970f4223738cd17b607ad00f37bb0f8aeec36536fa675bf8c3553f024829d54cec56c0e0239d779ac423a2f348edf2ee6ae64dd3f570c17161798dd98dc787d58011bb9e44dca5728546aee03689e48738ad1bfc630fc8cb51e24eac40d23f3ed6a9a5f2391405a76b1d8e3d7e62ff3c08c250016869847d2935c624833cf421eb1eac2fbff481c54915d40fe5f34d6c4f9e7fb11c7a3cba106d0a3af7f4dc9212b0496cf6dc291f5ddb39b7dee988ac404e1eb69eea67fff3dcbd2adf9cf1fe11325685aa76db107c6513e80d5dbffc51d770ec1b0912884ee11a5ee16cfe62ade87a51d346a51d20ef51ca66ad3d2c58a2b33b44a421adcdb7cc1555baa62f5299935fe4769df0e7c95c353dbcbad3e67ebb7733280dcd9006a8a4ffbbaff55aea0f65afaa472a51979bd3bf063b65be0edda0c7b68ca155c263f46e06488549d52aa7317061ad8d18d299d9beb97ca6e83eb47e3d94b57c14a64a80de6737a25eb629b4016bbaa3f6425835c1eb1a54b4b3d2116bdc66c2b042f23d2bb32f331e907a8e6af9753b15e60f3a1a6faa11ff3bcb85b34c87fb310fec2b5a53a920c1787520141c30740a71529e61361576ac3760984b184089b6961380bc378b3d79ad4fcabeadc6da37b13b40606c522f6aa75af88b57db9a1c2b00a00b1078de73dc0a33acee78b0ab5c4d6a44c5bd8368003bbe1cc6c53161cdf85b3646da9a0071a6286c9a11f3b9112b748ca132dd046e22b138118b726030ae04b6ec95532a26914fa39d1a26ff52557bcacd7ac6728643100a3243e3544358ed37e6b72c82f79b7f562111ac3179ecc0016e6f6180895c2651cd48535c7ffb6f8386407be91bb2414fa8f5204c23ee059069560b1795b081100a3f0fe3088a821b0ec77115a4e77f8906909a65a38bd0200a1e0570e295eb5fec5aeec8ef73d6c1efefbbcd8d70a83b25c1dea"}) r6 = socket(0x5, 0x800, 0x80000000) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r6, 0x0, &(0x7f0000000040)="076adbf0afe4552f074321368b102f1b7977a5281e99976e927a0fe469d4fb89c3b271be2373dd8d10d5515aaaeeb6338bb50f5e8d8da85e1516d5c31272c5814c29feb817a41c20a5e7c6fea8b89518a0579bbca67b9e63bcb9747455d748bb54f42e549ccb34ba9ef31bf1d7b6f93a9cac6913f7b6d4842497ef492c14497ca4b8a5e98c8b8f1b2123c2320a2455cc9f28aad5f96bc7dcb1a4ce7e326b1f37013cf14890956e9e2ae1b884a9d19b832ff784f9c60aebf6d8436ad834c919d4de8fdcb0bc5685dc2b5316b0af21f7863c907bfa6cae91", 0xd7, 0x20000010}, 0x5) socket$inet6_tcp(0xa, 0x1, 0x0) 03:22:18 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) close(0xffffffffffffffff) 03:22:18 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {}, 0x1f00}) 03:22:18 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:22:18 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 47) 03:22:18 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 53) 03:22:18 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x60000200, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) tkill(r1, 0x41) 03:22:18 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {}, 0x1f000000}) 03:22:18 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x10, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:22:18 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x2) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:22:18 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x80045300, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:22:18 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 48) 03:22:18 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) pipe2$9p(&(0x7f0000000040), 0x400) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0xcc}}, './file0\x00'}) [ 1773.085424] sg_write: data in/out 150999004/80 bytes for SCSI command 0x0-- guessing data in; [ 1773.085424] program syz-executor.0 not setting count and/or reply_len properly 03:22:18 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1773.132157] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1773.132157] program syz-executor.6 not setting count and/or reply_len properly [ 1773.146224] FAULT_INJECTION: forcing a failure. [ 1773.146224] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1773.149183] CPU: 0 PID: 26251 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1773.150824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.152793] Call Trace: [ 1773.153416] dump_stack+0x107/0x167 [ 1773.154285] should_fail.cold+0x5/0xa [ 1773.155205] __alloc_pages_nodemask+0x182/0x600 [ 1773.156322] ? __kmalloc+0x16e/0x390 [ 1773.157205] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1773.158636] ? trace_hardirqs_on+0x5b/0x180 [ 1773.159671] alloc_pages_current+0x187/0x280 [ 1773.160718] sg_build_indirect.isra.0+0x2f5/0x710 [ 1773.161868] sg_common_write.constprop.0+0x992/0x1a30 [ 1773.163111] ? sg_build_indirect.isra.0+0x710/0x710 [ 1773.164314] ? vprintk_func+0x93/0x140 [ 1773.165244] ? printk+0xba/0xf1 [ 1773.166013] ? record_print_text.cold+0x16/0x16 [ 1773.167126] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1773.168371] ? trace_hardirqs_on+0x5b/0x180 [ 1773.169643] sg_write.part.0+0x69e/0xaa0 [ 1773.170669] ? sg_new_write.isra.0+0x770/0x770 [ 1773.171788] ? __lockdep_reset_lock+0x180/0x180 [ 1773.172877] ? perf_trace_lock+0xac/0x490 [ 1773.173835] ? lock_acquire+0x197/0x470 [ 1773.174758] ? find_held_lock+0x2c/0x110 [ 1773.175739] ? _cond_resched+0x12/0x80 [ 1773.176714] ? inode_security+0x107/0x140 [ 1773.177667] ? avc_policy_seqno+0x9/0x70 [ 1773.178601] ? selinux_file_permission+0x92/0x520 [ 1773.179763] sg_write+0x87/0x120 [ 1773.180560] ? sg_write.part.0+0xaa0/0xaa0 [ 1773.181544] vfs_write+0x29a/0xb10 [ 1773.182369] ksys_write+0x12d/0x260 [ 1773.183215] ? __ia32_sys_read+0xb0/0xb0 [ 1773.184169] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.185375] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.186554] do_syscall_64+0x33/0x40 [ 1773.187415] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.188606] RIP: 0033:0x7f5171091b19 [ 1773.189489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.193751] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1773.195502] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1773.197167] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1773.198829] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1773.200491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.202122] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1790.074143] sg_write: data in/out 151013340/80 bytes for SCSI command 0x0-- guessing data in; [ 1790.074143] program syz-executor.0 not setting count and/or reply_len properly 03:22:35 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 54) 03:22:35 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 49) 03:22:35 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {}, 0x0, 0x1f00}) 03:22:35 executing program 3: getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)}, 0x58) 03:22:35 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x48, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:22:35 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) unlinkat(r1, &(0x7f0000000040)='./file0\x00', 0x200) 03:22:35 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x80045301, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:22:35 executing program 2: r0 = getpid() r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xaf, 0x1, 0x6, 0x38, 0x0, 0x1f, 0x1000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0xd75, 0x1, @perf_config_ext={0x4, 0xffda}, 0x22, 0x2, 0x3, 0x7, 0x7ff, 0x2, 0x400, 0x0, 0x7, 0x0, 0xe1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x7) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) pread64(r1, &(0x7f0000000080)=""/116, 0x74, 0x26dd766c) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000100)) [ 1790.095126] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1790.095126] program syz-executor.7 not setting count and/or reply_len properly [ 1790.114969] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1790.114969] program syz-executor.6 not setting count and/or reply_len properly [ 1790.117891] FAULT_INJECTION: forcing a failure. [ 1790.117891] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1790.121428] CPU: 0 PID: 26444 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1790.122988] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1790.124861] Call Trace: [ 1790.125465] dump_stack+0x107/0x167 [ 1790.126287] should_fail.cold+0x5/0xa [ 1790.127152] __alloc_pages_nodemask+0x182/0x600 [ 1790.128222] ? __kmalloc+0x16e/0x390 [ 1790.129065] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1790.130426] ? trace_hardirqs_on+0x5b/0x180 [ 1790.131403] alloc_pages_current+0x187/0x280 [ 1790.132409] sg_build_indirect.isra.0+0x2f5/0x710 [ 1790.133508] sg_common_write.constprop.0+0x992/0x1a30 [ 1790.134682] ? sg_build_indirect.isra.0+0x710/0x710 [ 1790.135812] ? vprintk_func+0x93/0x140 [ 1790.136697] ? printk+0xba/0xf1 [ 1790.137440] ? record_print_text.cold+0x16/0x16 [ 1790.138487] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1790.139620] ? trace_hardirqs_on+0x5b/0x180 [ 1790.140719] sg_write.part.0+0x69e/0xaa0 [ 1790.141362] FAULT_INJECTION: forcing a failure. [ 1790.141362] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1790.141633] ? sg_new_write.isra.0+0x770/0x770 [ 1790.141667] ? __lockdep_reset_lock+0x180/0x180 [ 1790.141693] ? perf_trace_lock+0xac/0x490 [ 1790.147301] ? lock_acquire+0x197/0x470 [ 1790.148203] ? find_held_lock+0x2c/0x110 [ 1790.149122] ? _cond_resched+0x12/0x80 [ 1790.149991] ? inode_security+0x107/0x140 [ 1790.150912] ? avc_policy_seqno+0x9/0x70 [ 1790.151820] ? selinux_file_permission+0x92/0x520 [ 1790.152917] sg_write+0x87/0x120 [ 1790.153676] ? sg_write.part.0+0xaa0/0xaa0 [ 1790.154616] vfs_write+0x29a/0xb10 [ 1790.155418] ksys_write+0x12d/0x260 [ 1790.156236] ? __ia32_sys_read+0xb0/0xb0 [ 1790.157147] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1790.158312] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1790.159478] do_syscall_64+0x33/0x40 [ 1790.160313] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1790.161462] RIP: 0033:0x7f794b5b5b19 [ 1790.162275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1790.166411] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1790.168110] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1790.169723] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1790.171302] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1790.172901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1790.174491] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1790.176119] CPU: 1 PID: 26468 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1790.177731] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1790.179614] Call Trace: [ 1790.180226] dump_stack+0x107/0x167 [ 1790.181070] should_fail.cold+0x5/0xa [ 1790.181942] __alloc_pages_nodemask+0x182/0x600 [ 1790.183004] ? __kmalloc+0x16e/0x390 [ 1790.183853] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1790.185234] ? trace_hardirqs_on+0x5b/0x180 [ 1790.186221] alloc_pages_current+0x187/0x280 [ 1790.187227] sg_build_indirect.isra.0+0x2f5/0x710 [ 1790.188343] sg_common_write.constprop.0+0x992/0x1a30 [ 1790.189541] ? sg_build_indirect.isra.0+0x710/0x710 [ 1790.190714] ? vprintk_func+0x93/0x140 [ 1790.191636] ? printk+0xba/0xf1 [ 1790.192430] ? record_print_text.cold+0x16/0x16 [ 1790.193551] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1790.194740] ? trace_hardirqs_on+0x5b/0x180 [ 1790.195774] sg_write.part.0+0x69e/0xaa0 [ 1790.196753] ? sg_new_write.isra.0+0x770/0x770 [ 1790.197851] ? __lockdep_reset_lock+0x180/0x180 [ 1790.198949] ? perf_trace_lock+0xac/0x490 [ 1790.199937] ? lock_acquire+0x197/0x470 [ 1790.200881] ? find_held_lock+0x2c/0x110 [ 1790.201857] ? _cond_resched+0x12/0x80 [ 1790.202777] ? inode_security+0x107/0x140 [ 1790.203761] ? avc_policy_seqno+0x9/0x70 [ 1790.204736] ? selinux_file_permission+0x92/0x520 [ 1790.205898] sg_write+0x87/0x120 [ 1790.206698] ? sg_write.part.0+0xaa0/0xaa0 [ 1790.207697] vfs_write+0x29a/0xb10 [ 1790.208555] ksys_write+0x12d/0x260 [ 1790.209427] ? __ia32_sys_read+0xb0/0xb0 [ 1790.210401] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1790.211655] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1790.212885] do_syscall_64+0x33/0x40 [ 1790.214068] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1790.215334] RIP: 0033:0x7f5171091b19 [ 1790.216429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1790.220833] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1790.222607] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1790.224272] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1790.225934] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1790.227591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1790.229259] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:22:35 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4c, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:22:35 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {}, 0x0, 0x1f000000}) 03:22:35 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='cgroup.max.descendants\x00', 0x2, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) [ 1790.302362] sg_write: data in/out 151014364/80 bytes for SCSI command 0x0-- guessing data in; [ 1790.302362] program syz-executor.0 not setting count and/or reply_len properly 03:22:35 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0xc, @time={0x800, 0x1000}, 0x4, {0x2b, 0x81}, 0x80, 0x1, 0x18}) 03:22:35 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x80086601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:22:36 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x68, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:22:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 55) 03:22:36 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r1 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_setup(0xc81, &(0x7f0000000040)=0x0) io_submit(r2, 0x2, &(0x7f0000000440)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000200)="f3292809abe30cb8b921786afdce21dcd53fa772c3ce2cf3ce24eb690ecde6bf897534ff122d0c9d3e54e72da7fbbacd543f20522bbf5d0900bd9872e64a888315628614c8c4203e5237", 0x4a, 0x40, 0x0, 0x2}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x7, 0xffffffffffffffff, &(0x7f0000000380), 0x0, 0xfff, 0x0, 0x0, r1}]) r3 = syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x200000) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r4, 0x0, r4) write$sndseq(r4, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440), 0x101000, 0x0) io_submit(r2, 0x6, &(0x7f00000014c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x7ff, r3, &(0x7f0000000080)="8d5dd5db41e9559879726183f59b1c4fcb37bc28a3c486642d641d06a7dd3bb80ac33e7fa0fa8f6e232e9c3b8e415d359f6865356708208a9a8022411aa367071f918ee39647f3925eb551dd598a2490bf0d7021371fc2926c4f77f1b6aa5de4c7231afe72528476874b3c49d50e0357edc9f625ea4bae629295", 0x7a, 0x1}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x6, 0x9, r0, &(0x7f0000000140)="ee4ce39d925413a779fd60c38b9d7028dbb65d5fcf8d2073ba526ffa59414f9c1efc5154ebb801c06074a1288b44f9646633414ca63760262be9376f2f084f1fc34257496f9feb14429a3e76b7d83ec4b8dd5bca4e877c02d0bdd06569bfc77394a4f174035d52b54257a887ee9a54bb7ac6092c172c9158ac6f4202d285a9d8c086e328d9259250a22dfe0fb42e", 0x8e, 0x2, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x6480, r4, &(0x7f0000000240)="920c715766c24f8f196fe3d28175", 0xe, 0x2, 0x0, 0x2, r6}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x400, 0xffffffffffffffff, &(0x7f00000002c0)="86459850af353f4a6849109a12cbef245d98ddf39adc8b2cccb601da2dfd2ba4eb48590b36a656da0806f8c9633906a238c12f47b302bef268bd82e036259e790aededf6b2d227ab3eca4d410d23d96bc9f298108a89807d4b3b3790f11787e721663dd001cab5508baa2e5ac2cb36c6aa2cea3396c255706708814493af1cf26e1ac35883375cf4966c1353c192", 0x8e, 0x100, 0x0, 0x3}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x3, 0x9, r0, &(0x7f00000003c0)="ce454ff29573ae2e0420cc2b660ae1a2deee2a06e95b7f85edfee4e6b953", 0x1e, 0xfff, 0x0, 0x3}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x5, 0xffff, r7, &(0x7f0000000480)="2c0bc501570c79e4fe4ef472fceb2a18a9383e2227cf0fe23e545d575acca729eb10d76ff066f76bbc3389d1cf1633efaaaf1dc91bc977f91805cef7d135fee6d2d8a954b6497feca80e3ea940f897641df6788c49b81a891307ec08f0e18a91263992df10896cb69ce2d63e4dda7efbf6bb7730ffa48e8dbe69fddf6dfa5ecfc06e3c5d8c54ee100772a68d0c1c9b6e6c1add7b0e1e643deea03e1d23f28a474c1e9003459c2962dd2d9b9d5460d3edee60579e8876f8238208e8d94b6b9287b220e59aad7faf77d50c05f0e90e734eea68fa454557c5ac622bbd8c74c53e9f6c767883b67b51357088d6b67803f59d9623ff0a275f0b9ed6086312b319caf413ccaf2b1dd9c20d369efaef5dbcdb8b070f1a6533166c0cc0629aab907c32396e5101fcb55356b332bda6d541217428440c078f1203a065c19151964f90c779e7f53e27e2d85afef96602a2ff5fbb447f2287df9400b1c9fc4321099965563042109054177684d18bee34e93394cdd3ea31703935eb9173af65461044f013402b3d6f79eef20c4b109f9f237de6044bbdb6210f843793b85d487fc96678e68e067da467fc8b6aa0747f9156a50a14f1851d205bb89527d49038ef66d31b0b00d721f71af3f9dd00a4c79b98f53dd9ac4b0aa31cf7a2151b8a29cd97940bd983a2d512ebb8e81690f9fa3207fc5711a8fbe19729cc24ca99b294c3f687ba6cb397e24cacbb139ccacbbc793fc79c38983a62be449ecb08c62e03c960f93f5fb97a321603c0b39b5a0ba44954feeeb312559b063c23576edda0750f7148bf73bff8ff423893c30f346132661bd9a36d7acde5c6eb092485783a80fc22abf4fae8504524dfeb0de5b017f0b61df5c37dff698033b7232758c326e8458eb5dbbeb9e4c1a1609f2d564da73837162678dfbef048068a4265eb2551de9771587ccdd624660bd75804233cc79bf2c0c2fedd03847f0aee1f16157da7608781372f9c3a2a18fc30e4254cc4b667763d41521601bb4e52f6be81869c69a2a70992530d991b87683071e5b21c8d30b6dab42f79469e8050210a1d250530381755fa879e5dc68ce4dcc5f686a7c74e3117565aa75a14ef80d522b3371fd3b495c5aa5a24eab91ffd6bc44e42ddd333f3b36e6d8e4a2274775b5b865ffe85c930be193d8e2088cd1fbcb7758cde66762c88743d5d09e2f80969989e61e53dc5441935a39780477d11e3c5cc32bb1634705adf867f02f76aaa57f6571aa613b29b479a27fceb506a7de80a79da8b80ccbe87af2a0303c5eb51b464409217dff8ce86a6eef1c7b32e70e9639d64e58b538196d114c14df9ab469fd809ce2080e8a48b25182e1f1415d32264a3e8a06cdb4abb160502866c9a51321b7698fb29fc78bb2e5593413e2bc741e9cbcd963b09c625f0979fca503d96ed67059d0f650dfa1c529bbe80c343e74cad74bd9a84c28ebd600e78247ae6e79d72edca17e0b7b50532615b7f7c0b0a74ce00b4dbe76e4c8a0284066ff55c3cf40dd969cd06a0cb88bf48f1301f35603044711758f8b8d02d162ae589011ff6ebe0810e3f73296cb342e1f1f4ec2fa4c57d35692da1b7050cb66e3cd1e305c2b0aecd9360bee0946a9a3e40f9340e6d6b0a92b1254a5c069a354e3a528756a6a03f78577a01903e064723e9fb020724e4777375f44a4613a82a1469bfac791a7a0ee8159e6688762c8accfc11921e8b31adbebae61036069a4fa21797a047ccf749bc670f88b1690096d5bee6480dfbf16072c43f3361139f330d13838a44b50aa7d4f01e75d27a1ea2bd6ec3315b15eff28b4165aa57cebc1b2f9f4200ce310763c2f165fb0c43c6ecfc48a33c7717ccc2beb1807f56f4f658496316cdce01c9f6559c1d7e8f78dfde101e22f65e8caed9c0f6f7febc7b7fb8388f8fb170576a4d6a764790100dcbb4b588ab15e5fbbce16729d58ea540c30eea3b05e36c05c779b4543de2367caf66da59f5f1e07186fef1aa6693b29303d82889626eab69c8f26a9037ef7b1b20d7c46ec21fa6125e15cc57bdf02d18b343a42cccf40c71bc83d958b3b98f5f494cc195b03dbd5ddf4640a42cd2d6e255b20acef47b3d758289c864cd98ac7da0c24c8e68011d30d7712347e7db4639192a9ad884d29ac15f32f389a33702e8ba8d25d4c6b2fb2e19a70bba7c72f6694c33630a676f77fbedf9c0abc14d4fe2f3d4494fb458d3f095ab4c625d4045c75acbef83b53e8da932425bbadb7df811224beb8ba142950feb94c3ebd82644b468767dda6e5f8d4bf4b377cf5b05f8d9ce1b76b953d299bd04de0a04fb091fcd6ed92cd90392fd836ea9ac7f098d43aa7224696ab710eee1d3c72d903cab2ec17f346d494f522ed47f6067bfb1075e3a524cc959a898cedbae3a09c289efc0a9314bbc4d6fe21692f3e0240ccbe65de15b94359919fb98d1eef1ec06fa6bbe9b15b7889378b5ff6d0bacdaa1620c67407c94f2030202e9a880143beeaf2a9f46b3effc9e16bfa8be7050c89e4877194d813c1496db8bf67f39d3a8e7d3ea4baa12cef6e58140cc753c01bda92004e822f4182f759d85fba9a9acb3a6bcf854e93196ece1effc24cb3951125beb0faa465e3089d6ccc3397f09a4079bed3c919744305f6f16e6f8a0b6bf85e260aba1635725e4410bca747d3e80f4dc7ab3d3b5f4fdbab9b92104a021c6d06f00074de5ba6a22d0157aa9ca462c5a2cff5f813a03bc8880378612b7d729634b0ecb230e9f8f529040addfdcae40575fbd6d82def28bdb590a19ef392918b1515399fd8b5de7d3686355ded2745b09fa9a702720ef45cf3a7d86015f4aa34629e931e76e02ef107e845927866bfd57413515a06b19a51d5572ae6cb29aeaa473dd2b45bf1d785dbebebdd206d33ca8858f768fcd912569e08ae7fdb302122c5ba0624994f6d463a7223e9dabbc7da5e97cf6e63ed5fee623f0dafb7d337110803f6976f5ac7e2554e30d2cfc3c5d99f9373149c470f8080da9668499b1fc2eabd3f0254b256a05252111151147c17901555714ed96bb304cb083c56276ff2cb62aca95c68a3e4d6e118d11994b6d282eb046cfa8b0aaedd70ea323dc0da2e635aaf771a485ee472ac3cd95fd4c9b143b7153808b841d6ac1efcef9d48f250fb264b64750f969452e2ca3d6f317341dac5b72666b648ac0d6fb61d84c7c20db1387dd1b994559af874b6b67d526783383d517f267a26f395fd1b22ea7e7d3bc08489350f3b7e3fec6ee418a1aeca4ad2d639dd4770adac6cca1d54fc6e6f749736ced57ea61c6bf82dc22b9eca4ef1926c65ffe5f4c7f67dc5c22aca958961e08f6e33763d2c702e825d9827c916f5fc0aadeb02ae4a81c3b148bcb9c4c04fbe271517fca01858ee4999fe5be6c59e402951f9b37191b4f8666ee865113046b9a063e790906c630cdd2ac2c6f0e2aa5e9af7eb4c75d761f3c6a36584beb5ec9133e5b8c2dd83a81b99a47232d81143dd4723b8eb5d5e55d5d10bb6d4cbdd17e75e613b6d7b1695e758b644b375484028a66376c3b4eb422ff503044f7bae8a41db4a95820d6865ad650a52b1e79d64dda7309171e56cedae70d5e223ffe8ac3424ef92692f7f5ff790db08fdce73e327a76cb72427f933c09dfde7ab3339df500c66128325ede4329217fa8c421f0f1e3e3930d473030013c08dd820490eb190258aecd004e5cfeeb3684a918a6afd7531e974e5109ef1d7596928c1d6735e23debf09dcea24167dbf8e6929fd9f48a8b58011e10f06b6618cb9652e7d198b58564deb3910b7dc272c5039943ceb9eee791ed7c4f07ece921a7cd2960e01fabe5522673604582cb034a963395a885570045871ffd25e1472a201fe1d42aafbf11c59787b420da0b7f6e25ccb50e37d3d3ccfb014d93e2b60ff951c6c236803b2c55fbfef67a9b22348c61c99065e2165464835108cbc35d697a748138c0600bf8d2e4ae9d0c9df89db5a35b6eda13c53596cf85abaf61b6ef4706851e02f7f19631bd1c6cacc4c268adb6d192e7504a50732dcc8dbc1fb53e8afacb24e5fd0478c1fe2d53a1e0b84ca870b2a97cc36eef1a4b16706f88bccf9e652c90eb63b820e76e8b063407b50bb620ac78c1156346dabf68a8a8680d08b048ac78972268f678afec7fd6afee423b8583f7d7eabf7be4633dff11725a1f9472acf1d9edc2e5cac8514f160ad50ffa2a4abacf40df56c40351570962bddf8f16338099a467c952c4522182b3c5e0c905dd4d2e0eb1543060cea1cf6f61716df577dfba79d1da1146040713c3af88bb26c0d5ecdc69ebab0ac35b6d9ad88c6be5acb5ee2ef554aff0b02a424c7df8b09da2034cfe357d34619a83826afa085823ef19405888ac484ca637140ed74253933ed9a3058257cd9df96b20cec41299f1ae8c7a8b6efef9cb4ea21317f505e3b61944fa32d87782d81c83217bc8c5aacaafb1333f06bde841dd0d666f01c9802d4213cf1dde2eec5ab10a9a701195e931d4df16b7152aa703f2c786eb922f87580cce6989054b8986f71cb0d7ecf720be8913e3f0ed182ab2638c5c0f5e91a43e8a53a1b140e07d191a5a3e337f6ba18647b2f0b27dca4662d1f398703db6c621b50c752430bfca70d4428ce8cc91771cedaee6e3931633e4f1da1f92e1277407384699a96062c78e950cf3fde45756e486a1f497c2bc111e6a09de399d23239e7a553a452f3adbcfeed60b8a769e179271cdb20c0ffa15bb15ba5e8de9682e25d8fd50142c55a84a9a3a19cb1dd0941a55755adf32d753cc937306420351736381136e90e0d2814bd4196671806f7a64eedaa4062baa5c3076292019197d68063989c4f9749c8c6eec8d6f1c5e49cf054c440ac1b40fec08c65dcf5cd9be4bbbc3bb30610789587490afe63b2a1d2a527df1cb6d02c64ab7d998fd68249467d36705d752df08634023d31418defdf6d0cf75b75ad2284e08204e62f43f368c4eff09c754f8588aaf0a7a5ca679eefe729a4d2edd1ba86fb6f0aaf17a2b0817fa13c499a65f787a71e4034c79b2769921f912335b8e2b2b18ddac17c90cdf81a09f55e2d3ed86bf6276746b9c182d39561e14faa10f81ff2df0708ad16a40a3f5dfa0dc6461405ae35de52ac0fe575ea605927721ee3d9cac51adfdc953d9f655ef4152c4cadde11628010ddfcf6e3620186f4264e490c332751665e46a310c1d683bd9d984600bf7b3f9941a2272a0581f7ae24da5bde933a6019b475fb2dc0edff04a8c1882ade673e72c936e72b0f9473d479f5f0154a617a4c6dc410dd344977724a3e5849f673afb13c52ecf5f16849b45de0fc849414e894216e15e2b38e49e939588be820013babe73892867602e16c0dd7ea05b7c779166eed600460a4004d63328a52e66d3a082de714cc6a00ef6b587be892addfe4012ab0a57b424759ac3743b0b4545731be09735ae66c95390085f9e34e891560ee4a952df4eef6293392b61d9f2d3707d595663e25c91a3c6836f7b94244cbd7c780ce7735e96ec9e3bd884b5cb32b945aae220a9be7df6e4d91480dcfc4c1f063aab02f20cb17653b5719ec060b10881a0dc8281c37eea1a47e8d4991b21b212867e83519779566f8e0ea24d07836dbfccb818f3cc328339cf7c646b4e41597a2a2fe4e2d5320cb5ce2872e14d28c07d16474cbc72c21e3c7e504e41b415915a152c4297d599a04994ba7a9c3736cebea6a15fb164777cef5f47a575c7485de2169832d5e32b1c5e77c866d614ec2b5dcd900b0153c3fc0c71d8fa725c08fed009a672d920", 0x1000, 0x9, 0x0, 0x1}]) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1790.469490] sg_write: data in/out 151021532/80 bytes for SCSI command 0x0-- guessing data in; [ 1790.469490] program syz-executor.0 not setting count and/or reply_len properly [ 1790.471278] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1790.471278] program syz-executor.7 not setting count and/or reply_len properly [ 1790.491263] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1790.492483] FAULT_INJECTION: forcing a failure. [ 1790.492483] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1790.492540] CPU: 1 PID: 26691 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1790.492553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1790.492561] Call Trace: [ 1790.492587] dump_stack+0x107/0x167 [ 1790.492613] should_fail.cold+0x5/0xa [ 1790.492643] __alloc_pages_nodemask+0x182/0x600 [ 1790.492671] ? __kmalloc+0x16e/0x390 [ 1790.495318] print_req_error: 4 callbacks suppressed [ 1790.495339] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1790.496873] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1790.496910] ? trace_hardirqs_on+0x5b/0x180 [ 1790.508596] alloc_pages_current+0x187/0x280 [ 1790.509621] sg_build_indirect.isra.0+0x2f5/0x710 [ 1790.510749] sg_common_write.constprop.0+0x992/0x1a30 [ 1790.511952] ? sg_build_indirect.isra.0+0x710/0x710 [ 1790.513123] ? vprintk_func+0x93/0x140 [ 1790.514025] ? printk+0xba/0xf1 [ 1790.514791] ? record_print_text.cold+0x16/0x16 [ 1790.515858] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1790.517022] ? trace_hardirqs_on+0x5b/0x180 [ 1790.518023] sg_write.part.0+0x69e/0xaa0 [ 1790.518954] ? sg_new_write.isra.0+0x770/0x770 [ 1790.520007] ? __lockdep_reset_lock+0x180/0x180 [ 1790.521076] ? perf_trace_lock+0xac/0x490 [ 1790.522030] ? lock_acquire+0x197/0x470 [ 1790.522946] ? find_held_lock+0x2c/0x110 [ 1790.523885] ? _cond_resched+0x12/0x80 [ 1790.524788] ? inode_security+0x107/0x140 [ 1790.525729] ? avc_policy_seqno+0x9/0x70 [ 1790.526653] ? selinux_file_permission+0x92/0x520 [ 1790.527765] sg_write+0x87/0x120 [ 1790.528546] ? sg_write.part.0+0xaa0/0xaa0 [ 1790.529505] vfs_write+0x29a/0xb10 [ 1790.530319] ksys_write+0x12d/0x260 [ 1790.531144] ? __ia32_sys_read+0xb0/0xb0 [ 1790.532066] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1790.533250] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1790.534417] do_syscall_64+0x33/0x40 [ 1790.535257] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1790.536426] RIP: 0033:0x7f794b5b5b19 [ 1790.537262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1790.541401] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1790.543118] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1790.544710] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1790.546276] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1790.547868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1790.549462] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:22:50 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 56) 03:22:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) 03:22:50 executing program 2: getpid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r10}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) fork() clone3(&(0x7f00000003c0)={0x2000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040)=[r0, r7, 0x0], 0x3}, 0x58) [ 1804.810349] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1804.810349] program syz-executor.7 not setting count and/or reply_len properly 03:22:50 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x2, 0x0, 0x0, {}, 0x0, 0x8}) [ 1804.829770] FAULT_INJECTION: forcing a failure. [ 1804.829770] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1804.832346] CPU: 1 PID: 26873 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1804.833847] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.835630] Call Trace: [ 1804.836204] dump_stack+0x107/0x167 [ 1804.836996] should_fail.cold+0x5/0xa [ 1804.837830] __alloc_pages_nodemask+0x182/0x600 [ 1804.838828] ? __kmalloc+0x16e/0x390 [ 1804.839631] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1804.840933] ? trace_hardirqs_on+0x5b/0x180 [ 1804.841870] alloc_pages_current+0x187/0x280 [ 1804.842214] sg_write: data in/out 151022556/80 bytes for SCSI command 0x0-- guessing data in; [ 1804.842214] program syz-executor.0 not setting count and/or reply_len properly [ 1804.842814] sg_build_indirect.isra.0+0x2f5/0x710 [ 1804.842850] sg_common_write.constprop.0+0x992/0x1a30 [ 1804.847396] ? sg_build_indirect.isra.0+0x710/0x710 [ 1804.848451] ? vprintk_func+0x93/0x140 [ 1804.849291] ? printk+0xba/0xf1 [ 1804.849993] ? record_print_text.cold+0x16/0x16 [ 1804.850991] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1804.852061] ? trace_hardirqs_on+0x5b/0x180 [ 1804.853004] sg_write.part.0+0x69e/0xaa0 03:22:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6c, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:22:50 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r7, 0x0, r7) write$sndseq(r7, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r7, 0x62}, {r6, 0x12c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r4, r8, 0x6, 0xffffffffffffffff, r6) r9 = fork() kcmp(r9, r8, 0x6, r5, 0xffffffffffffffff) syz_open_procfs(r8, &(0x7f0000000000)='net/igmp\x00') 03:22:50 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0x80087601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:22:50 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 50) [ 1804.853871] ? sg_new_write.isra.0+0x770/0x770 [ 1804.855068] ? __lockdep_reset_lock+0x180/0x180 [ 1804.856054] ? perf_trace_lock+0xac/0x490 [ 1804.856954] ? lock_acquire+0x197/0x470 [ 1804.857800] ? find_held_lock+0x2c/0x110 [ 1804.858673] ? _cond_resched+0x12/0x80 [ 1804.859494] ? inode_security+0x107/0x140 [ 1804.860376] ? avc_policy_seqno+0x9/0x70 [ 1804.861243] ? selinux_file_permission+0x92/0x520 [ 1804.862274] sg_write+0x87/0x120 [ 1804.862990] ? sg_write.part.0+0xaa0/0xaa0 [ 1804.863890] vfs_write+0x29a/0xb10 [ 1804.864647] ksys_write+0x12d/0x260 [ 1804.865435] ? __ia32_sys_read+0xb0/0xb0 [ 1804.866300] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.867416] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.868512] do_syscall_64+0x33/0x40 [ 1804.869316] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1804.870402] RIP: 0033:0x7f794b5b5b19 [ 1804.871192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.875089] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1804.876700] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1804.878217] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1804.879736] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1804.881252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1804.882749] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1804.891073] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1804.891073] program syz-executor.6 not setting count and/or reply_len properly [ 1804.899128] FAULT_INJECTION: forcing a failure. [ 1804.899128] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1804.900990] CPU: 0 PID: 26887 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1804.902062] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.903294] Call Trace: [ 1804.903681] dump_stack+0x107/0x167 [ 1804.904239] should_fail.cold+0x5/0xa [ 1804.904836] __alloc_pages_nodemask+0x182/0x600 [ 1804.905540] ? __kmalloc+0x16e/0x390 [ 1804.906093] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1804.906999] ? trace_hardirqs_on+0x5b/0x180 [ 1804.907663] alloc_pages_current+0x187/0x280 [ 1804.908338] sg_build_indirect.isra.0+0x2f5/0x710 [ 1804.909079] sg_common_write.constprop.0+0x992/0x1a30 [ 1804.909859] ? sg_build_indirect.isra.0+0x710/0x710 [ 1804.910586] ? vprintk_func+0x93/0x140 [ 1804.911173] ? printk+0xba/0xf1 [ 1804.911656] ? record_print_text.cold+0x16/0x16 [ 1804.912475] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1804.913248] sg_write.part.0+0x69e/0xaa0 [ 1804.913844] ? sg_new_write.isra.0+0x770/0x770 [ 1804.914526] ? __lockdep_reset_lock+0x180/0x180 [ 1804.915207] ? perf_trace_lock+0xac/0x490 [ 1804.915826] ? lock_acquire+0x197/0x470 [ 1804.916412] ? find_held_lock+0x2c/0x110 [ 1804.917049] ? _cond_resched+0x12/0x80 [ 1804.917618] ? inode_security+0x107/0x140 [ 1804.918239] ? avc_policy_seqno+0x9/0x70 [ 1804.918840] ? selinux_file_permission+0x92/0x520 [ 1804.919561] sg_write+0x87/0x120 [ 1804.920068] ? sg_write.part.0+0xaa0/0xaa0 [ 1804.920700] vfs_write+0x29a/0xb10 [ 1804.921235] ksys_write+0x12d/0x260 [ 1804.921776] ? __ia32_sys_read+0xb0/0xb0 [ 1804.922386] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.923161] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.923950] do_syscall_64+0x33/0x40 [ 1804.924498] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1804.925246] RIP: 0033:0x7f5171091b19 [ 1804.925804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.928518] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1804.929641] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1804.930698] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1804.931758] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1804.932805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1804.933838] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:22:50 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000000c0)={0x0, 0x0, {0x0, 0x1, 0x20, 0x1}, 0x6}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:22:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x74, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1804.986950] sg_write: data in/out 151024604/80 bytes for SCSI command 0x0-- guessing data in; [ 1804.986950] program syz-executor.0 not setting count and/or reply_len properly 03:23:06 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 51) 03:23:06 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = getpgid(r1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0)=0x0) clone3(&(0x7f0000000240)={0x60003000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x24}, &(0x7f00000000c0)=""/125, 0x7d, &(0x7f0000000140)=""/69, &(0x7f0000000200)=[r2, r2, r0, r3, r1], 0x5}, 0x58) r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x100) write$binfmt_elf64(r4, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x1, 0x7f, 0x3, 0xa0ab, 0x2, 0x3, 0x80000000, 0x3cb, 0x40, 0x387, 0x6, 0x2, 0x38, 0x1, 0x1, 0xb5, 0x8}, [{0x70000000, 0x0, 0x2, 0x8, 0x80000000, 0x40fff, 0xffffffff, 0x8}, {0x4, 0x3, 0x7fffffff, 0x4, 0x2, 0x2, 0x100, 0x4}], "49e1798284256aad0ccf62a395b2f292a6e3d67d7a2808cb11dbc0358033232221001fc9ff33d5bfa7c6c4253cb1bfb99003d6b342b1d61a164dc4031925ec4382adc1de8aafe13cd22a68de2174053f43eea64625a1dfaa8a80d3cbcb392ce11f3ca6bfa95256bb1ec93cc2182befd26d9e9ff8398c761cf6c5510001a8eeb609179f4fff17ef6d6c551ed35fcc1440bbd5a988cd62e51dbe31c92dde56ecc87d1db553abc7dc47487657ce04f3cb2b7de529fdde", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x765) 03:23:06 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) pidfd_open(r1, 0x0) 03:23:06 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 57) 03:23:06 executing program 1: write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000000)={0x68, 0x29, 0x2, {0x9, [{{0x80, 0x1, 0x8}, 0xcaf, 0xff, 0x7, './file0'}, {{0x80, 0x2, 0x2}, 0x3, 0x5, 0x7, './file0'}, {{0x2, 0x3}, 0x800, 0x9, 0x7, './file0'}]}}, 0x68) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000001c0)={0x4, @time={0x1f, 0xffffffe0}, 0xf7, {0x2, 0x20}, 0x4, 0x2, 0xfc}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f0000000200)=[{0x2c, 0x40, 0x1, 0x1, @tick=0x4, {0x5, 0x9}, {0x6d, 0x2}, @connect={{0x7f, 0x81}, {0x2, 0x7}}}, {0x2, 0xff, 0x1f, 0x7f, @tick=0x10001, {0x0, 0x9}, {0x0, 0x2}, @raw8={"7eee7e9236add53fff47c0fc"}}, {0x3, 0x3, 0xff, 0x80, @tick=0x2, {0x2}, {0x1f, 0xd7}, @connect={{0x0, 0x7}, {0x9, 0x3}}}, {0x9, 0x4, 0xae, 0x2, @time={0x5, 0x20}, {0x1f, 0x4}, {0x4e}, @connect={{0x7, 0x7f}, {0x1, 0x9}}}, {0x1, 0x9, 0x81, 0x7, @tick=0x4, {0x9, 0x9}, {0x25, 0x7f}, @raw8={"4467a65dd1a3b8dc6a2637a9"}}], 0x8c) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x5}, {0x4, 0xfe}, 0xfff, 0x2, 0x3f}) 03:23:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7a, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:06 executing program 5: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000100000418000000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB='.\x00']) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc0, 0x200}, 0x37a0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x9bfc, 0x0, 0x80000}, 0x0, 0x0, r0, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:23:06 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0045878, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1821.263721] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1821.263721] program syz-executor.6 not setting count and/or reply_len properly [ 1821.277032] FAULT_INJECTION: forcing a failure. [ 1821.277032] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1821.279715] CPU: 1 PID: 27123 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1821.281212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.283007] Call Trace: [ 1821.283579] dump_stack+0x107/0x167 [ 1821.283873] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1821.283873] program syz-executor.7 not setting count and/or reply_len properly [ 1821.284366] should_fail.cold+0x5/0xa [ 1821.288817] __alloc_pages_nodemask+0x182/0x600 [ 1821.289828] ? __kmalloc+0x16e/0x390 [ 1821.290018] sg_write: data in/out 151026140/80 bytes for SCSI command 0x0-- guessing data in; [ 1821.290018] program syz-executor.0 not setting count and/or reply_len properly [ 1821.290630] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1821.290665] ? trace_hardirqs_on+0x5b/0x180 [ 1821.296464] alloc_pages_current+0x187/0x280 [ 1821.297427] sg_build_indirect.isra.0+0x2f5/0x710 [ 1821.298481] sg_common_write.constprop.0+0x992/0x1a30 [ 1821.299608] ? sg_build_indirect.isra.0+0x710/0x710 [ 1821.300685] ? vprintk_func+0x93/0x140 [ 1821.301538] ? printk+0xba/0xf1 [ 1821.302248] ? record_print_text.cold+0x16/0x16 [ 1821.303250] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1821.304339] ? trace_hardirqs_on+0x5b/0x180 [ 1821.305291] sg_write.part.0+0x69e/0xaa0 [ 1821.306179] ? sg_new_write.isra.0+0x770/0x770 [ 1821.307178] ? __lockdep_reset_lock+0x180/0x180 [ 1821.308182] ? perf_trace_lock+0xac/0x490 [ 1821.309082] ? lock_acquire+0x197/0x470 [ 1821.309395] FAULT_INJECTION: forcing a failure. [ 1821.309395] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1821.309945] ? find_held_lock+0x2c/0x110 [ 1821.309983] ? _cond_resched+0x12/0x80 [ 1821.314335] ? inode_security+0x107/0x140 [ 1821.315231] ? avc_policy_seqno+0x9/0x70 [ 1821.316103] ? selinux_file_permission+0x92/0x520 [ 1821.317151] sg_write+0x87/0x120 [ 1821.317892] ? sg_write.part.0+0xaa0/0xaa0 [ 1821.318801] vfs_write+0x29a/0xb10 [ 1821.319574] ksys_write+0x12d/0x260 [ 1821.320357] ? __ia32_sys_read+0xb0/0xb0 [ 1821.321235] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.322370] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.323482] do_syscall_64+0x33/0x40 [ 1821.324281] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.325391] RIP: 0033:0x7f5171091b19 [ 1821.326192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.330157] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1821.331796] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1821.333343] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1821.334876] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.336410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.338005] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1821.339578] CPU: 0 PID: 27152 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1821.341175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.343250] Call Trace: [ 1821.343864] dump_stack+0x107/0x167 [ 1821.344706] should_fail.cold+0x5/0xa [ 1821.345600] __alloc_pages_nodemask+0x182/0x600 [ 1821.346669] ? __kmalloc+0x16e/0x390 [ 1821.347525] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1821.348917] ? trace_hardirqs_on+0x5b/0x180 [ 1821.349926] alloc_pages_current+0x187/0x280 [ 1821.350939] sg_build_indirect.isra.0+0x2f5/0x710 [ 1821.352062] sg_common_write.constprop.0+0x992/0x1a30 [ 1821.353261] ? sg_build_indirect.isra.0+0x710/0x710 [ 1821.354417] ? vprintk_func+0x93/0x140 [ 1821.355311] ? printk+0xba/0xf1 [ 1821.356070] ? record_print_text.cold+0x16/0x16 [ 1821.357153] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1821.358319] ? trace_hardirqs_on+0x5b/0x180 [ 1821.359327] sg_write.part.0+0x69e/0xaa0 [ 1821.360266] ? sg_new_write.isra.0+0x770/0x770 [ 1821.361336] ? __lockdep_reset_lock+0x180/0x180 [ 1821.362408] ? perf_trace_lock+0xac/0x490 [ 1821.363364] ? lock_acquire+0x197/0x470 [ 1821.364276] ? find_held_lock+0x2c/0x110 [ 1821.365222] ? _cond_resched+0x12/0x80 [ 1821.366124] ? inode_security+0x107/0x140 [ 1821.367076] ? avc_policy_seqno+0x9/0x70 [ 1821.368008] ? selinux_file_permission+0x92/0x520 [ 1821.369131] sg_write+0x87/0x120 [ 1821.369921] ? sg_write.part.0+0xaa0/0xaa0 [ 1821.370893] vfs_write+0x29a/0xb10 [ 1821.371717] ksys_write+0x12d/0x260 [ 1821.372556] ? __ia32_sys_read+0xb0/0xb0 [ 1821.373503] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.374712] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.375901] do_syscall_64+0x33/0x40 [ 1821.376758] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.377950] RIP: 0033:0x7f794b5b5b19 [ 1821.378807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.383048] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1821.384796] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1821.386443] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1821.388084] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.389742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.391385] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:23:07 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x48643) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000200)={0x0, 0x2, {0x1, 0x1, 0x0, 0x2}, 0x4018}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x1a2, 0x72f4, 0x1, 'queue1\x00', 0x9}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:23:07 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0045878, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:23:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:07 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = fcntl$dupfd(r0, 0x406, r2) r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000008, 0x50, r3, 0x10000000) syz_io_uring_submit(0x0, r4, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r3, 0x83a, 0x0, 0x1, 0x0, 0x1}, 0x2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r5 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, r5}, './file0\x00'}) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x28, r7, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) sendmsg$NLBL_UNLABEL_C_LIST(r6, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1400fe004eea574ffac2f090d51a7d366cc0cfcd4ceef257bc07c4b0eb234284d1276086b773a4fa587381aaedfb7b05450276e7e630fa6f0e063be0c3d7e05826a114a74632a9227e5b0a611054cc314608b72df7857f35023c4ed7a243613a24639f990706bc0e59cb3c549d", @ANYRES16=0x0, @ANYBLOB="000127bd7000fddbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008814}, 0x0) r8 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r8], 0x1}, 0x58) 03:23:07 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 52) 03:23:07 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000080)={0x0, "19d7f4293a4fd3380c222dc27d551e8a"}) r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind$packet(r1, &(0x7f0000000040)={0x11, 0xc, 0x0, 0x1, 0x6, 0x6, @multicast}, 0x14) [ 1821.585758] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1821.585758] program syz-executor.6 not setting count and/or reply_len properly [ 1821.586024] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1821.586024] program syz-executor.0 not setting count and/or reply_len properly [ 1821.604943] FAULT_INJECTION: forcing a failure. [ 1821.604943] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1821.607758] CPU: 0 PID: 27348 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1821.609356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.611263] Call Trace: [ 1821.611872] dump_stack+0x107/0x167 [ 1821.612711] should_fail.cold+0x5/0xa [ 1821.613603] __alloc_pages_nodemask+0x182/0x600 [ 1821.614673] ? __kmalloc+0x16e/0x390 [ 1821.615533] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1821.616927] ? trace_hardirqs_on+0x5b/0x180 [ 1821.617931] alloc_pages_current+0x187/0x280 [ 1821.618950] sg_build_indirect.isra.0+0x2f5/0x710 [ 1821.620070] sg_common_write.constprop.0+0x992/0x1a30 [ 1821.621270] ? sg_build_indirect.isra.0+0x710/0x710 [ 1821.622449] ? vprintk_func+0x93/0x140 [ 1821.623341] ? printk+0xba/0xf1 [ 1821.624100] ? record_print_text.cold+0x16/0x16 [ 1821.625169] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1821.626361] ? trace_hardirqs_on+0x5b/0x180 [ 1821.627341] sg_write.part.0+0x69e/0xaa0 [ 1821.628252] ? sg_new_write.isra.0+0x770/0x770 [ 1821.629287] ? __lockdep_reset_lock+0x180/0x180 [ 1821.630345] ? perf_trace_lock+0xac/0x490 [ 1821.631277] ? lock_acquire+0x197/0x470 [ 1821.632166] ? find_held_lock+0x2c/0x110 [ 1821.633091] ? _cond_resched+0x12/0x80 [ 1821.633966] ? inode_security+0x107/0x140 [ 1821.634895] ? avc_policy_seqno+0x9/0x70 [ 1821.635802] ? selinux_file_permission+0x92/0x520 [ 1821.636892] sg_write+0x87/0x120 [ 1821.637659] ? sg_write.part.0+0xaa0/0xaa0 [ 1821.638606] vfs_write+0x29a/0xb10 [ 1821.639412] ksys_write+0x12d/0x260 [ 1821.640229] ? __ia32_sys_read+0xb0/0xb0 [ 1821.641142] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.642324] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.643482] do_syscall_64+0x33/0x40 [ 1821.644321] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.645475] RIP: 0033:0x7f5171091b19 [ 1821.646306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.650424] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1821.652126] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1821.653729] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1821.655360] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.656956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.658555] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:23:07 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f00000000c0)) 03:23:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:07 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 58) [ 1821.818959] sg_write: data in/out 151125980/80 bytes for SCSI command 0x0-- guessing data in; [ 1821.818959] program syz-executor.0 not setting count and/or reply_len properly [ 1821.838764] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1821.838764] program syz-executor.7 not setting count and/or reply_len properly [ 1821.854008] FAULT_INJECTION: forcing a failure. [ 1821.854008] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1821.856387] CPU: 1 PID: 27558 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1821.857781] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.859421] Call Trace: [ 1821.859950] dump_stack+0x107/0x167 [ 1821.860677] should_fail.cold+0x5/0xa [ 1821.861450] __alloc_pages_nodemask+0x182/0x600 [ 1821.862377] ? __kmalloc+0x16e/0x390 [ 1821.863127] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1821.864331] ? trace_hardirqs_on+0x5b/0x180 [ 1821.865201] alloc_pages_current+0x187/0x280 [ 1821.866101] sg_build_indirect.isra.0+0x2f5/0x710 [ 1821.867083] sg_common_write.constprop.0+0x992/0x1a30 [ 1821.868122] ? sg_build_indirect.isra.0+0x710/0x710 [ 1821.869107] ? vprintk_func+0x93/0x140 [ 1821.869889] ? printk+0xba/0xf1 [ 1821.870546] ? record_print_text.cold+0x16/0x16 [ 1821.871469] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1821.872474] ? trace_hardirqs_on+0x5b/0x180 [ 1821.873357] sg_write.part.0+0x69e/0xaa0 [ 1821.874169] ? sg_new_write.isra.0+0x770/0x770 [ 1821.875086] ? __lockdep_reset_lock+0x180/0x180 [ 1821.876010] ? perf_trace_lock+0xac/0x490 [ 1821.876840] ? lock_acquire+0x197/0x470 [ 1821.877652] ? find_held_lock+0x2c/0x110 [ 1821.878479] ? _cond_resched+0x12/0x80 [ 1821.879251] ? inode_security+0x107/0x140 [ 1821.880065] ? avc_policy_seqno+0x9/0x70 [ 1821.880863] ? selinux_file_permission+0x92/0x520 [ 1821.881834] sg_write+0x87/0x120 [ 1821.882506] ? sg_write.part.0+0xaa0/0xaa0 [ 1821.883341] vfs_write+0x29a/0xb10 [ 1821.884056] ksys_write+0x12d/0x260 [ 1821.884782] ? __ia32_sys_read+0xb0/0xb0 [ 1821.885600] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.886636] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.887655] do_syscall_64+0x33/0x40 [ 1821.888386] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.889410] RIP: 0033:0x7f794b5b5b19 [ 1821.890144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.893771] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1821.895270] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1821.896667] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1821.898078] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.899479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.900888] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:23:23 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 59) 03:23:23 executing program 2: r0 = getpid() r1 = gettid() clone3(&(0x7f0000000240)={0x108024000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x3f}, &(0x7f00000000c0)=""/153, 0x99, &(0x7f0000000180)=""/94, &(0x7f0000000200)=[r0, r1, r0, r0, r0, r0], 0x6}, 0x58) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:23:23 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0105303, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:23:23 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 53) 03:23:23 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:23 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r2, 0x0, r2) write$sndseq(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f0000000140)={0x4, 0x3, 0x1, 'queue0\x00', 0x80000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f00000000c0)={0x0, 0x0, 0x0, {}, 0x0, 0x4}) 03:23:23 executing program 3: getpid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x400000}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, {r1}}, 0x58) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) sendmsg$AUDIT_GET_FEATURE(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3fb, 0x2, 0x70bd2a, 0x25dfdbfc, "", ["", "", "", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4048081}, 0x8814) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r4, 0x4, 0x2400) 03:23:23 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000880)=""/4096, 0x1000) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1837.930199] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1837.930199] program syz-executor.6 not setting count and/or reply_len properly [ 1837.936236] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1837.936236] program syz-executor.7 not setting count and/or reply_len properly [ 1837.948975] sg_write: data in/out 151191516/80 bytes for SCSI command 0x0-- guessing data in; [ 1837.948975] program syz-executor.0 not setting count and/or reply_len properly [ 1837.955880] FAULT_INJECTION: forcing a failure. [ 1837.955880] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1837.958450] CPU: 1 PID: 27567 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1837.959917] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1837.961635] Call Trace: [ 1837.962193] dump_stack+0x107/0x167 [ 1837.962950] should_fail.cold+0x5/0xa [ 1837.963764] __alloc_pages_nodemask+0x182/0x600 [ 1837.964730] ? __kmalloc+0x16e/0x390 [ 1837.965525] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1837.966807] ? trace_hardirqs_on+0x5b/0x180 [ 1837.967731] alloc_pages_current+0x187/0x280 [ 1837.968700] sg_build_indirect.isra.0+0x2f5/0x710 [ 1837.969742] sg_common_write.constprop.0+0x992/0x1a30 [ 1837.970839] ? sg_build_indirect.isra.0+0x710/0x710 [ 1837.971916] ? vprintk_func+0x93/0x140 [ 1837.972754] ? printk+0xba/0xf1 [ 1837.973483] ? record_print_text.cold+0x16/0x16 [ 1837.974182] FAULT_INJECTION: forcing a failure. [ 1837.974182] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1837.974460] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1837.978525] ? trace_hardirqs_on+0x5b/0x180 [ 1837.979451] sg_write.part.0+0x69e/0xaa0 [ 1837.980319] ? sg_new_write.isra.0+0x770/0x770 [ 1837.981315] ? __lockdep_reset_lock+0x180/0x180 [ 1837.982302] ? perf_trace_lock+0xac/0x490 [ 1837.983178] ? lock_acquire+0x197/0x470 [ 1837.983994] ? find_held_lock+0x2c/0x110 [ 1837.984838] ? _cond_resched+0x12/0x80 [ 1837.985650] ? inode_security+0x107/0x140 [ 1837.986544] ? avc_policy_seqno+0x9/0x70 [ 1837.987397] ? selinux_file_permission+0x92/0x520 [ 1837.988433] sg_write+0x87/0x120 [ 1837.989161] ? sg_write.part.0+0xaa0/0xaa0 [ 1837.990038] vfs_write+0x29a/0xb10 [ 1837.990773] ksys_write+0x12d/0x260 [ 1837.991516] ? __ia32_sys_read+0xb0/0xb0 [ 1837.992355] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1837.993424] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1837.994494] do_syscall_64+0x33/0x40 [ 1837.995272] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1837.996314] RIP: 0033:0x7f794b5b5b19 [ 1837.997069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.000810] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1838.002370] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1838.003868] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1838.005388] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.006856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.008371] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1838.009904] CPU: 0 PID: 27571 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1838.011490] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1838.013371] Call Trace: [ 1838.014031] dump_stack+0x107/0x167 [ 1838.014871] should_fail.cold+0x5/0xa [ 1838.015762] __alloc_pages_nodemask+0x182/0x600 [ 1838.016798] ? __kmalloc+0x16e/0x390 [ 1838.017734] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1838.019132] ? trace_hardirqs_on+0x5b/0x180 [ 1838.020139] alloc_pages_current+0x187/0x280 [ 1838.021144] sg_build_indirect.isra.0+0x2f5/0x710 [ 1838.022272] sg_common_write.constprop.0+0x992/0x1a30 [ 1838.023464] ? sg_build_indirect.isra.0+0x710/0x710 [ 1838.024647] ? vprintk_func+0x93/0x140 [ 1838.025525] ? printk+0xba/0xf1 [ 1838.026294] ? record_print_text.cold+0x16/0x16 [ 1838.027374] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1838.028527] ? trace_hardirqs_on+0x5b/0x180 [ 1838.029551] sg_write.part.0+0x69e/0xaa0 [ 1838.030511] ? sg_new_write.isra.0+0x770/0x770 [ 1838.031566] ? __lockdep_reset_lock+0x180/0x180 [ 1838.032629] ? perf_trace_lock+0xac/0x490 [ 1838.033579] ? lock_acquire+0x197/0x470 [ 1838.034522] ? find_held_lock+0x2c/0x110 [ 1838.035484] ? _cond_resched+0x12/0x80 [ 1838.036370] ? inode_security+0x107/0x140 [ 1838.037309] ? avc_policy_seqno+0x9/0x70 [ 1838.038244] ? selinux_file_permission+0x92/0x520 [ 1838.039345] sg_write+0x87/0x120 [ 1838.040127] ? sg_write.part.0+0xaa0/0xaa0 [ 1838.041089] vfs_write+0x29a/0xb10 [ 1838.041911] ksys_write+0x12d/0x260 [ 1838.042749] ? __ia32_sys_read+0xb0/0xb0 [ 1838.043671] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1838.044912] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1838.046119] do_syscall_64+0x33/0x40 [ 1838.046977] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1838.048158] RIP: 0033:0x7f5171091b19 [ 1838.048998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.053258] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1838.055004] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1838.056647] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1838.058319] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.060008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.061629] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:23:23 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$TIOCGICOUNT(r1, 0x545d, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000000)) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) pidfd_getfd(0xffffffffffffffff, r3, 0x0) 03:23:23 executing program 3: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) ptrace(0x8, 0xffffffffffffffff) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() r5 = dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000080)=0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000680)={0x8001, 0x7f, 0x1ff}) clone3(&(0x7f0000000600)={0x200, &(0x7f00000000c0), &(0x7f0000000140)=0x0, &(0x7f00000002c0), {0x1c}, &(0x7f0000000440)=""/208, 0xd0, &(0x7f0000000540)=""/176, &(0x7f0000000300)=[r0, r7, r0, r0, r7, r7], 0x6, {r5}}, 0x58) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[r0, r0, r8, r4, r9], 0x5}, 0x58) fcntl$setown(0xffffffffffffffff, 0x8, r0) 03:23:23 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000140)={0x2, r1}) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f00000000c0)) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x101900) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r2, 0xc058534b, &(0x7f00000001c0)={0xffffffe0, 0x5ed, 0xee75, 0x20, 0x9d9, 0x80000000}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000240)={0x14, @time={0x80000001, 0x7ff}, 0x6, {0xff, 0x5}, 0x10, 0x1, 0x9}) 03:23:23 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 60) 03:23:23 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:23 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0189436, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1838.239451] sg_write: data in/out 151257052/80 bytes for SCSI command 0x0-- guessing data in; [ 1838.239451] program syz-executor.0 not setting count and/or reply_len properly 03:23:23 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 54) [ 1838.259221] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1838.259221] program syz-executor.7 not setting count and/or reply_len properly [ 1838.278603] FAULT_INJECTION: forcing a failure. [ 1838.278603] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1838.281457] CPU: 0 PID: 27794 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1838.283034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1838.284975] Call Trace: [ 1838.285581] dump_stack+0x107/0x167 [ 1838.286429] should_fail.cold+0x5/0xa [ 1838.287308] __alloc_pages_nodemask+0x182/0x600 [ 1838.288371] ? __kmalloc+0x16e/0x390 [ 1838.289247] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1838.290666] ? trace_hardirqs_on+0x5b/0x180 [ 1838.291653] alloc_pages_current+0x187/0x280 [ 1838.292669] sg_build_indirect.isra.0+0x2f5/0x710 [ 1838.293789] sg_common_write.constprop.0+0x992/0x1a30 [ 1838.294969] ? sg_build_indirect.isra.0+0x710/0x710 [ 1838.296106] ? vprintk_func+0x93/0x140 [ 1838.296977] ? printk+0xba/0xf1 [ 1838.297712] ? record_print_text.cold+0x16/0x16 [ 1838.298779] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1838.299921] ? trace_hardirqs_on+0x5b/0x180 [ 1838.300893] sg_write.part.0+0x69e/0xaa0 [ 1838.301821] ? sg_new_write.isra.0+0x770/0x770 [ 1838.302847] ? __lockdep_reset_lock+0x180/0x180 [ 1838.303907] ? perf_trace_lock+0xac/0x490 [ 1838.304876] ? lock_acquire+0x197/0x470 [ 1838.305771] ? find_held_lock+0x2c/0x110 [ 1838.306727] ? _cond_resched+0x12/0x80 [ 1838.307648] ? inode_security+0x107/0x140 [ 1838.308612] ? avc_policy_seqno+0x9/0x70 [ 1838.309551] ? selinux_file_permission+0x92/0x520 [ 1838.310695] sg_write+0x87/0x120 [ 1838.311467] ? sg_write.part.0+0xaa0/0xaa0 [ 1838.312433] vfs_write+0x29a/0xb10 [ 1838.313250] ksys_write+0x12d/0x260 [ 1838.314092] ? __ia32_sys_read+0xb0/0xb0 [ 1838.314994] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1838.316178] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1838.316404] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1838.316404] program syz-executor.6 not setting count and/or reply_len properly [ 1838.317360] do_syscall_64+0x33/0x40 [ 1838.317379] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1838.317393] RIP: 0033:0x7f794b5b5b19 [ 1838.317420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.327845] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1838.329601] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1838.331220] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1838.332840] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.334177] FAULT_INJECTION: forcing a failure. [ 1838.334177] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1838.334537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.334549] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1838.339959] CPU: 1 PID: 27799 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1838.341364] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1838.343047] Call Trace: [ 1838.343587] dump_stack+0x107/0x167 [ 1838.344322] should_fail.cold+0x5/0xa [ 1838.345097] __alloc_pages_nodemask+0x182/0x600 [ 1838.346037] ? __kmalloc+0x16e/0x390 [ 1838.346788] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1838.348015] ? trace_hardirqs_on+0x5b/0x180 [ 1838.348894] alloc_pages_current+0x187/0x280 [ 1838.349792] sg_build_indirect.isra.0+0x2f5/0x710 [ 1838.350783] sg_common_write.constprop.0+0x992/0x1a30 [ 1838.351838] ? sg_build_indirect.isra.0+0x710/0x710 [ 1838.352850] ? vprintk_func+0x93/0x140 [ 1838.353632] ? printk+0xba/0xf1 [ 1838.354317] ? record_print_text.cold+0x16/0x16 [ 1838.355268] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1838.356287] ? trace_hardirqs_on+0x5b/0x180 [ 1838.357169] sg_write.part.0+0x69e/0xaa0 [ 1838.358005] ? sg_new_write.isra.0+0x770/0x770 [ 1838.358944] ? __lockdep_reset_lock+0x180/0x180 [ 1838.359881] ? perf_trace_lock+0xac/0x490 [ 1838.360725] ? lock_acquire+0x197/0x470 [ 1838.361527] ? find_held_lock+0x2c/0x110 [ 1838.362374] ? _cond_resched+0x12/0x80 [ 1838.363163] ? inode_security+0x107/0x140 [ 1838.364006] ? avc_policy_seqno+0x9/0x70 [ 1838.364833] ? selinux_file_permission+0x92/0x520 [ 1838.365819] sg_write+0x87/0x120 [ 1838.366520] ? sg_write.part.0+0xaa0/0xaa0 [ 1838.367373] vfs_write+0x29a/0xb10 [ 1838.368098] ksys_write+0x12d/0x260 [ 1838.368835] ? __ia32_sys_read+0xb0/0xb0 [ 1838.369670] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1838.370739] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1838.371783] do_syscall_64+0x33/0x40 [ 1838.372541] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1838.373572] RIP: 0033:0x7f5171091b19 [ 1838.374331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.378058] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1838.379597] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1838.381034] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1838.382475] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.383923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.385360] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:23:39 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x5, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x3c9403) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) mq_timedsend(r1, &(0x7f0000000040)="977adcdd6bf566953d5d3c4e231507aa3853b54ddef52748c9670abc38232bfc27b26021c0ee22137c4474e93aaa0a69c66bc8cc9ef72c276dad8e1c69d0ac406587c882ea79ed8468cb6d3e0e898e550b41a1ad0f268e4316615a4b79b39013f301c84836750b81feec57b0d0212d7845faa7bb581638d9319c131b9bac12c64a27441bc6f7a239cc3fc27bd6f3e256b18aa90d1eb8d1aca6a1fd68759ffea83980b7df520058a75f6d32292e8f77c91d9bd607d9aa0c1d9eb7a8bae46c441214421d9883f0cf5927ad7bb9c6423c2428db63d1dc27e2a5885b465479ac5a53a2bb60f073fe834c3b517eebae329ef451006152f76d6ff00432c1d4", 0xfc, 0x1ff, &(0x7f0000000140)={0x77359400}) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$sndseq(r0, &(0x7f0000000300)=[{0x9, 0x8, 0x4, 0x64, @tick=0xdf8b, {0x0, 0x3}, {0x5, 0x3a}, @queue={0x5, {0x2, 0x401}}}], 0x1c) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}, 0xb610, 0x0, 0x7, 0x0, 0x1000008000000b7a, 0x1040000, 0x0, 0x0, 0xffff, 0x0, 0x4}, 0xffffffffffffffff, 0x2, r2, 0x3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x3, 0x0, r2, &(0x7f0000000180)={0x2}, r1, 0x1, 0x0, 0x0, {0x0, r7}}, 0x6) 03:23:39 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x10000}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x3, 0x4, 0x0, 'queue1\x00', 0x3}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000180)={0x1, 0x3, {0xffffffffffffffff, 0x1, 0x8000, 0x0, 0x10001}}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) openat(r2, &(0x7f0000000200)='./file0\x00', 0x0, 0x8) 03:23:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 61) 03:23:39 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 55) 03:23:39 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1853.547359] sg_write: data in/out 151322588/80 bytes for SCSI command 0x0-- guessing data in; [ 1853.547359] program syz-executor.0 not setting count and/or reply_len properly [ 1853.549596] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1853.549596] program syz-executor.6 not setting count and/or reply_len properly [ 1853.557027] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1853.557027] program syz-executor.7 not setting count and/or reply_len properly 03:23:39 executing program 2: clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1}, 0x58) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000040)={0x0, r0}) 03:23:39 executing program 3: getpid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r2 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r3 = fork() dup2(r1, r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r1, 0x128}, {0xffffffffffffffff, 0x2002}, {r2}, {0xffffffffffffffff, 0x6080}, {r2, 0x9200}, {r2, 0x62}, {r4, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r5 = fork() r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r6, 0x0, r6) write$sndseq(r6, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000140)=0x8) kcmp(r3, r5, 0x6, 0xffffffffffffffff, r4) r7 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x8100, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x19, 0x7d, 0x1, 0x5, 0x0, 0x2, 0x9, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000000), 0x4}, 0x40, 0x4, 0x8, 0x5, 0x3f, 0x80000001, 0x0, 0x0, 0x6}, r3, 0x7, r7, 0xc) [ 1853.580907] FAULT_INJECTION: forcing a failure. [ 1853.580907] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1853.583709] CPU: 1 PID: 27918 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1853.585239] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.587074] Call Trace: [ 1853.587660] dump_stack+0x107/0x167 [ 1853.588466] should_fail.cold+0x5/0xa [ 1853.589315] __alloc_pages_nodemask+0x182/0x600 [ 1853.590338] ? __kmalloc+0x16e/0x390 [ 1853.591174] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1853.592505] ? trace_hardirqs_on+0x5b/0x180 [ 1853.593463] alloc_pages_current+0x187/0x280 [ 1853.594450] sg_build_indirect.isra.0+0x2f5/0x710 [ 1853.595482] sg_common_write.constprop.0+0x992/0x1a30 [ 1853.596635] ? sg_build_indirect.isra.0+0x710/0x710 [ 1853.597734] ? vprintk_func+0x93/0x140 [ 1853.598603] ? printk+0xba/0xf1 [ 1853.599332] ? record_print_text.cold+0x16/0x16 [ 1853.600352] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1853.601453] ? trace_hardirqs_on+0x5b/0x180 [ 1853.602409] sg_write.part.0+0x69e/0xaa0 [ 1853.603313] ? sg_new_write.isra.0+0x770/0x770 [ 1853.604321] ? __lockdep_reset_lock+0x180/0x180 [ 1853.605330] ? perf_trace_lock+0xac/0x490 [ 1853.606240] ? lock_acquire+0x197/0x470 [ 1853.607114] ? find_held_lock+0x2c/0x110 [ 1853.607976] ? _cond_resched+0x12/0x80 [ 1853.608830] ? inode_security+0x107/0x140 [ 1853.609736] ? avc_policy_seqno+0x9/0x70 [ 1853.610629] ? selinux_file_permission+0x92/0x520 [ 1853.611694] sg_write+0x87/0x120 [ 1853.612441] ? sg_write.part.0+0xaa0/0xaa0 [ 1853.612916] FAULT_INJECTION: forcing a failure. [ 1853.612916] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1853.613361] vfs_write+0x29a/0xb10 [ 1853.613391] ksys_write+0x12d/0x260 [ 1853.616743] ? __ia32_sys_read+0xb0/0xb0 [ 1853.617635] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1853.618781] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1853.619912] do_syscall_64+0x33/0x40 [ 1853.620724] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.621842] RIP: 0033:0x7f5171091b19 [ 1853.622661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.626641] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1853.628287] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1853.629824] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1853.631372] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.632909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1853.634459] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1853.636028] CPU: 0 PID: 27917 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1853.637096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.638386] Call Trace: 03:23:39 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1853.638807] dump_stack+0x107/0x167 [ 1853.639520] should_fail.cold+0x5/0xa [ 1853.640114] __alloc_pages_nodemask+0x182/0x600 [ 1853.640830] ? __kmalloc+0x16e/0x390 [ 1853.641405] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1853.642338] ? trace_hardirqs_on+0x5b/0x180 [ 1853.643010] alloc_pages_current+0x187/0x280 [ 1853.643687] sg_build_indirect.isra.0+0x2f5/0x710 [ 1853.644433] sg_common_write.constprop.0+0x992/0x1a30 [ 1853.645238] ? sg_build_indirect.isra.0+0x710/0x710 [ 1853.645993] ? vprintk_func+0x93/0x140 [ 1853.646599] ? printk+0xba/0xf1 [ 1853.647103] ? record_print_text.cold+0x16/0x16 [ 1853.647828] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1853.648598] ? trace_hardirqs_on+0x5b/0x180 [ 1853.649274] sg_write.part.0+0x69e/0xaa0 [ 1853.649901] ? sg_new_write.isra.0+0x770/0x770 [ 1853.650621] ? __lockdep_reset_lock+0x180/0x180 [ 1853.651338] ? perf_trace_lock+0xac/0x490 [ 1853.651981] ? lock_acquire+0x197/0x470 [ 1853.652595] ? find_held_lock+0x2c/0x110 [ 1853.653222] ? _cond_resched+0x12/0x80 [ 1853.653822] ? inode_security+0x107/0x140 [ 1853.654461] ? avc_policy_seqno+0x9/0x70 [ 1853.655086] ? selinux_file_permission+0x92/0x520 [ 1853.655828] sg_write+0x87/0x120 [ 1853.656352] ? sg_write.part.0+0xaa0/0xaa0 [ 1853.656995] vfs_write+0x29a/0xb10 [ 1853.657541] ksys_write+0x12d/0x260 [ 1853.658095] ? __ia32_sys_read+0xb0/0xb0 [ 1853.658726] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1853.659524] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1853.660310] do_syscall_64+0x33/0x40 [ 1853.660877] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.661659] RIP: 0033:0x7f794b5b5b19 [ 1853.662228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.664986] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1853.666132] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1853.667217] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1853.668262] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.669330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1853.670404] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:23:39 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x84000) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000180)={0x0, @time={0x6908, 0xfff}, 0x1f, {0x81}, 0x1f, 0x0, 0x5}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f00000000c0)={{0x1, 0x6}, {0x40, 0x77}, 0x6, 0x7, 0x9}) [ 1853.713707] sg_write: data in/out 151388124/80 bytes for SCSI command 0x0-- guessing data in; [ 1853.713707] program syz-executor.0 not setting count and/or reply_len properly 03:23:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfff}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:23:39 executing program 1: prctl$PR_GET_ENDIAN(0x13, &(0x7f00000000c0)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0xffffffff, 0x0, 0x2002, {0x1}, 0x20000}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0x0, 0x5, r2, 0x3) prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000100)) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x200480) fcntl$dupfd(r3, 0x0, r3) write$sndseq(r3, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f00000002c0)) 03:23:39 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc02c5341, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:23:39 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 56) 03:23:39 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x80000200, 0x0, 0x0, 0x0, {0x2f}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = fork() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x8, 0x6f, 0xb0, 0x40, 0x0, 0x8, 0x80, 0x5, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x10, 0x8d, 0x8001, 0xe83fa849b0e5f70b, 0x0, 0x8, 0x6, 0x0, 0xffff}, r1, 0xc, r3, 0xa) ioctl$BTRFS_IOC_DEV_REPLACE(r4, 0xca289435, &(0x7f0000000440)={0x0, 0x4, @start={0x0, 0x1, "c46c4f71eb11722baed22f90c16df227c093fe0def6f762b806f3bba90e5a329304e1909ac60577f1415117b71952234a1604fbbf3ec57ab6305565b49d753f9740284db17a81475f522147f93659488c07e25fba3fe55c1e7c2f5a11950127fb829d7163aefd879a84ef6b88e1170d94f93a369cf02dccce9f61a9243be59d18754389a94f10c9def59bfc1373e205689095e9f3bf76096613ee1a3e0193b6c9212db9e2661abb909eb28c62ce6f5ca0e3ea9cd16b21dd703d944b92abbbe7e04b9b533a9e954f9d9f07098727764958ae37973dc9fbc86adeff64670a486ff1c2c36a97a9a7f5d5fb61726e7d177be5e7935b37698f414fc087da088a60aa111986d77783b2b5394e2c29bf531fb7c9b59949c3e376898e5304ea7a1c2b0c434eb921da7ad33ce80e3093d5f0f53dadb095cce29be8d3e44c5a45282fc55670deb43dc6373f9710b8f6140865dfd92b71b5a382e5dd8a7afd21361946cac9e818a3fd16af52b35b2bdefe4991a353cdd6005dece9edbb6638a8999fc26efa32cb49dbfb04b015250cc3d8384f5e888a9d457dd5e78a56548dcc77f5257476921137dc814e2c869703eadec4469d7f7b564981b242a7e79f6a28e4f7a7c458a29737db9d87066ec650ba0e1d285f5751db08e0160af5bcca0dbd5e3845f5277275e5224b95e7f7d6bdccf6b57dcd2224c166d09acdc815cb1802918033790142f72a972ac815d6f4f5205c24a16e996cae730c0042c14c054daa53fa203e2db7598daa71c3341421135bda9a511a4d87aa2816f71dabb8edddb46ee0f44c5e26323b07eb773061dd11c95652b95406bf53c44647e3219ece5c032f658fadbc2ff068c464aa188877adf63d4cf87936d327f982f40e121aca5ee7780ca3c43658af769b23f261df0cc7505fa2f1e5b91037c7091ac08f66457a727865ad8ef5d8a2db06f8673ed9a875c5c5be5e6e007e8460f20c66aa3b02b66e0c73d56e88f208c7ad20afda426c7ec5b1c61ea56941dccdd4cbbb53c50e2809ee39f2b577cc9554a22f26d4d4b255f9c0c21a4b5db8186fe8e1c19f5e1bb4c7fb0849349653428b5946b58958b47da4656fef9019e52d840c024ca586049940c307e0994ed507f1adaaa5825edb1c47317b707986dbfee0cb747d9baee31077b2d4d2c10c004b04bfc0af1371a45f5012dbf8603235c98d62716ac8703264ebd1e0c3637510363b3bda0a985adcea85b28285476771b93a3cb7db2396eb7c98704967f4bc759c49c3fdd74afa190ae2bd78f1d171f6ee7c59270cc6461b570c888f78586697d4758d304a57a02f4b8e7aee4586aa679e566dfcd5e1b9d6d9bbdf0c79284619227187916f2a0566d1b4b79e17292c6ef266b4970e6b308b150865843518e8249bb8c8d97bc078d1d1f0322d988b300512133a99a98d29527ecdeee63680ed7ef", "70e48265206939c3195c8afec9cc43d9bee9d18b2ed52ac1d244832a12cf9219318bb6bd6ce976dfb6737eb29ede817a890525c5c987a7f777097ec0cb1113c516c65625ca0073d20a204e5dd772b9f7d88b4de99b6e0e04644f9a3296050a83a8741cd7562c100735f5cc01383423b8e9b46ada8873e7fe2b0b2fec10f53abfffbef44aa474722d153a57c569da340e1a98028d7cd69d3a1c54ff7a421f657d0677ea357e4bd6f41d37f17ca5c2acd6051e915fc227af40a8bf1a69ad062bb08055e5957dd06f8d775affb7e02a57585a379e4544e59c15b625d81dbd59d8aa6f8ed67f7eb64bb6779ee292feba4c38958e215f3444a65efbc8e53e2e0190b91c88335af28347c4d4436ff61efe1f157d1495aecc0030761901ecaa8b449f4dd66210987889f28bac28d9a1f7ef1b4ece6ddb993e0acd150a0def4807e80174e8d7504a256693c89c2de50047c99f2fde0ba712714ab1f865538583858c06254f6e1795c3e2c50dfd66eeec0bd7c62f4e00d4666c625d8f11c9e31c81530ecd110fa21c9efb8b9f05c478eeda1cad8198b9ad265220a2bf5926fb5c76b5d63f0052b347837e045cc11f785c1319467c298d7b11843b69e22a5489f5df597f4c808bcb5f071e50d8941f3636fd50d2a863bac49d5e05d5050cc322587c7d6a34cd0ad92ef470bd2b33cd44470483eb4977d4f08bf0463f423cfd0860d9568d51dd0f9016181cf38ab7656f5f2394e05d183726a0f5b0740f5659a5011e367836081d6a03ca177a12e9acc8dcd1f68d1033896bc1e9ffe135dc3aab225c837cb30bd6fbf8b9422da69ebe0e41693b929c0cbb6c78370454f730aa04d4ff96dc10146171c77caa0dca54f0514f4fc865c50e21fa456beea49751819101bc9df0f7ba05be414fe2411302907c81fb02cd98d236d56ba345f303a984854300eee1c348efdf7826c5f2acdfa783d2cf2facafcb4e3b4eb6918369ac5b520f611d9deef14665d13e95439ed8f656c22a02116900eb6553d3ef1c7be3c40b462c3710d16658046811d132eb4063898c33b18c84cccf98550591aad980334887666a00f2c062096fd7c73b5c7a2d79ae22862d936f6f6f533dc85d9c49d2cf1c654e4460b3fecda471653deb6a5511862c758fd26da763afe8662d3037c1c98535aaa1fd9f0a09e97835b658d4bfcca9dca9bc12422d36303d5fa1286f84fc3d42faf4ae2540165ffc7fc8293ba0a022d31fac5924a9103dc8ad2127cc409bdc93ee163c281eb972cf5d7950c02a2288f0d8ebbf65969efc4b1df84c21f2d8836afd76b66f2381fad1370e8f308e85cc0c9f1ec0ceef0250c2d8bd58ff652a095fd555fc1de2e4ff317b9e81cf9b485de6284debefc6acd2349b245468bb13d71539d02278a208044f5f8f22405cb3e663d9b9a98b137e5789b3908b113bc0ff4109f08dd6"}, [0x280000000000, 0x1200000000000, 0x58c, 0x12, 0x1, 0x2, 0x0, 0x7, 0xffffffff, 0xfffffffffffffffc, 0x9, 0x0, 0x7, 0x9, 0x4, 0x5, 0x4, 0x2, 0x6, 0x9, 0x1, 0x1000, 0x2, 0x2, 0x2, 0x7, 0x0, 0x1, 0x7, 0x1, 0x7769, 0x2, 0x100000000, 0x12fb, 0x80000000, 0x173, 0x3, 0x9, 0x3, 0x400, 0x0, 0xfffffffffffffff7, 0x40, 0x100000001, 0x8, 0x0, 0x5, 0x7f8000, 0x401, 0x0, 0x8, 0x1ff, 0x4, 0x2, 0x6, 0x0, 0x1, 0x0, 0x10001, 0x5, 0x81, 0x0, 0x4, 0x1]}) [ 1853.850067] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1853.850067] program syz-executor.6 not setting count and/or reply_len properly 03:23:39 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x0, 0x100000}}) [ 1853.866339] FAULT_INJECTION: forcing a failure. [ 1853.866339] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1853.867883] CPU: 0 PID: 28181 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1853.868774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.869873] Call Trace: [ 1853.870230] dump_stack+0x107/0x167 [ 1853.870726] should_fail.cold+0x5/0xa [ 1853.871241] __alloc_pages_nodemask+0x182/0x600 [ 1853.871874] ? __kmalloc+0x16e/0x390 03:23:39 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1853.872378] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1853.873320] ? trace_hardirqs_on+0x5b/0x180 [ 1853.873914] alloc_pages_current+0x187/0x280 [ 1853.874516] sg_build_indirect.isra.0+0x2f5/0x710 [ 1853.875169] sg_common_write.constprop.0+0x992/0x1a30 [ 1853.875866] ? sg_build_indirect.isra.0+0x710/0x710 [ 1853.876541] ? vprintk_func+0x93/0x140 [ 1853.877062] ? printk+0xba/0xf1 [ 1853.877499] ? record_print_text.cold+0x16/0x16 [ 1853.878127] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1853.878800] ? trace_hardirqs_on+0x5b/0x180 [ 1853.879398] sg_write.part.0+0x69e/0xaa0 [ 1853.879947] ? sg_new_write.isra.0+0x770/0x770 [ 1853.880557] ? __lockdep_reset_lock+0x180/0x180 [ 1853.881169] ? perf_trace_lock+0xac/0x490 [ 1853.881733] ? lock_acquire+0x197/0x470 [ 1853.882265] ? find_held_lock+0x2c/0x110 [ 1853.882825] ? _cond_resched+0x12/0x80 [ 1853.883337] ? inode_security+0x107/0x140 03:23:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 62) [ 1853.883890] ? avc_policy_seqno+0x9/0x70 [ 1853.884471] ? selinux_file_permission+0x92/0x520 [ 1853.885116] sg_write+0x87/0x120 [ 1853.885563] ? sg_write.part.0+0xaa0/0xaa0 [ 1853.886131] vfs_write+0x29a/0xb10 [ 1853.886623] ksys_write+0x12d/0x260 [ 1853.887116] ? __ia32_sys_read+0xb0/0xb0 [ 1853.887673] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1853.888392] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1853.889092] do_syscall_64+0x33/0x40 [ 1853.889597] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.890295] RIP: 0033:0x7f5171091b19 [ 1853.890809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.893278] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1853.894300] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1853.895261] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1853.896220] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.897184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1853.898144] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1853.946066] sg_write: data in/out 151453660/80 bytes for SCSI command 0x0-- guessing data in; [ 1853.946066] program syz-executor.0 not setting count and/or reply_len properly [ 1853.951295] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1853.951295] program syz-executor.7 not setting count and/or reply_len properly [ 1853.972197] FAULT_INJECTION: forcing a failure. [ 1853.972197] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1853.974949] CPU: 1 PID: 28312 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1853.976543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.978362] Call Trace: [ 1853.978976] dump_stack+0x107/0x167 [ 1853.979803] should_fail.cold+0x5/0xa [ 1853.980700] __alloc_pages_nodemask+0x182/0x600 [ 1853.981751] ? __kmalloc+0x16e/0x390 [ 1853.982606] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1853.983967] ? trace_hardirqs_on+0x5b/0x180 [ 1853.984951] alloc_pages_current+0x187/0x280 [ 1853.985952] sg_build_indirect.isra.0+0x2f5/0x710 [ 1853.987070] sg_common_write.constprop.0+0x992/0x1a30 [ 1853.988256] ? sg_build_indirect.isra.0+0x710/0x710 [ 1853.989390] ? vprintk_func+0x93/0x140 [ 1853.990273] ? printk+0xba/0xf1 [ 1853.991030] ? record_print_text.cold+0x16/0x16 [ 1853.992087] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1853.993231] ? trace_hardirqs_on+0x5b/0x180 [ 1853.994234] sg_write.part.0+0x69e/0xaa0 [ 1853.995201] ? sg_new_write.isra.0+0x770/0x770 [ 1853.996261] ? __lockdep_reset_lock+0x180/0x180 [ 1853.997323] ? perf_trace_lock+0xac/0x490 [ 1853.998283] ? lock_acquire+0x197/0x470 [ 1853.999182] ? find_held_lock+0x2c/0x110 [ 1854.000118] ? _cond_resched+0x12/0x80 [ 1854.000984] ? inode_security+0x107/0x140 [ 1854.001932] ? avc_policy_seqno+0x9/0x70 [ 1854.002868] ? selinux_file_permission+0x92/0x520 [ 1854.003997] sg_write+0x87/0x120 [ 1854.004782] ? sg_write.part.0+0xaa0/0xaa0 [ 1854.005755] vfs_write+0x29a/0xb10 [ 1854.006594] ksys_write+0x12d/0x260 [ 1854.007435] ? __ia32_sys_read+0xb0/0xb0 [ 1854.008378] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1854.009589] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1854.010796] do_syscall_64+0x33/0x40 [ 1854.011665] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1854.012859] RIP: 0033:0x7f794b5b5b19 [ 1854.013723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1854.017982] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1854.019779] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1854.021479] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1854.023172] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1854.024877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1854.026458] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:23:39 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x10, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:39 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x2, {}, 0x0, 0x7}) 03:23:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x220a82, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:23:39 executing program 2: r0 = getpid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x3, 0x2e, 0xc1, 0x1, 0x0, 0xfff, 0x30f5fe6e4b1192fe, 0xc, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x101, 0x4, @perf_bp={&(0x7f0000000000), 0x1}, 0x11000, 0x3ff, 0x75e, 0x8, 0x8001, 0x1000, 0x5, 0x0, 0xfffff000, 0x0, 0x10000}, r1, 0xe, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:23:39 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1854.108256] sg_write: data in/out 152043484/80 bytes for SCSI command 0x0-- guessing data in; [ 1854.108256] program syz-executor.0 not setting count and/or reply_len properly 03:23:54 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 57) 03:23:54 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc04c5349, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:23:54 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x7f, 0x3, 0x41, 0x3f, 0x0, 0x7, 0x80, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0xffff23b2, 0x0, @perf_bp={&(0x7f0000000000), 0x8}, 0x6110, 0x2, 0x1, 0x9, 0xa5, 0xffffffff, 0x4, 0x0, 0x7f, 0x0, 0xffffffff}, r1, 0xb, 0xffffffffffffffff, 0x1) r2 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x10202, 0x4) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r2, 0x0, &(0x7f00000001c0)="c33ddc4d6498925af9cc0c567a78e71f615506d7d90259292946d2158f4001ddd2425833c56be079bcbc67fb3055ff8b60f1895dbe6caae4f832197acb89e396218b095a99956f1863322af4f7f584a32c73757417b15bb94ba06eba1fd5f9786163eb337b87b817c459879f99", 0x6d, 0x4000, 0x0, {0x0, r3}}, 0x10001) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x2, 0x4, 0x0, 0x0, 0x3, 0x4, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xeffd, 0x1, @perf_bp={&(0x7f00000000c0), 0x1}, 0x40, 0x100, 0x7, 0x9, 0x218b, 0x3, 0x800, 0x0, 0x80000001, 0x0, 0x10001}, 0xffffffffffffffff, 0x7, r2, 0x0) 03:23:54 executing program 2: r0 = getpid() r1 = getpgrp(r0) clone3(&(0x7f0000000240)={0xa4861480, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x32}, &(0x7f00000000c0)=""/119, 0x77, &(0x7f0000000140)=""/191, &(0x7f0000000200)=[r0, r0, r0, r0, r1, r0], 0x6}, 0x58) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x1b}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r0, r2], 0x2}, 0x58) [ 1869.164659] sg_write: data in/out 155713500/80 bytes for SCSI command 0x0-- guessing data in; [ 1869.164659] program syz-executor.0 not setting count and/or reply_len properly 03:23:54 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) write$sndseq(r0, &(0x7f00000000c0)=[{0x3, 0x5, 0x0, 0x3, @time={0x1439}, {0xf2}, {0x40, 0x81}, @result={0x4, 0x6}}, {0xf3, 0xb3, 0x3, 0x6, @tick=0x8a, {0x4, 0x3}, {0x20, 0x1f}, @queue={0x7f, {0x8, 0x9}}}, {0x7, 0x81, 0x40, 0xd5, @time={0x481596b0, 0x200}, {0x8, 0xfb}, {0x40, 0x1f}, @control={0x0, 0x4, 0x10000}}, {0x2f, 0x81, 0x9, 0x81, @time={0x1, 0x7}, {0x8, 0x8}, {0xff, 0x9}, @time=@time={0x4, 0x8000}}], 0x70) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:23:54 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x48, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:23:54 executing program 5: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x73, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x3fe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0xff, 0xff, 0xff, 0x7, 0x0, 0xffffffff, 0xa800, 0x7, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfffffc00, 0x2, @perf_bp={&(0x7f0000000040), 0x1}, 0x40040, 0x120000000000, 0x5, 0x8, 0x6, 0x8c3, 0x81, 0x0, 0x7, 0x0, 0x5}, 0x0, 0x0, r1, 0xa) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1869.175776] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1869.175776] program syz-executor.6 not setting count and/or reply_len properly [ 1869.183683] FAULT_INJECTION: forcing a failure. [ 1869.183683] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1869.185429] CPU: 0 PID: 28592 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1869.186488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1869.187660] Call Trace: [ 1869.188066] dump_stack+0x107/0x167 [ 1869.188622] should_fail.cold+0x5/0xa [ 1869.189210] __alloc_pages_nodemask+0x182/0x600 [ 1869.189916] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1869.190739] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1869.191666] ? policy_node+0xef/0x140 [ 1869.192246] ? __sanitizer_cov_trace_pc+0x42/0x60 [ 1869.192984] alloc_pages_current+0x187/0x280 [ 1869.193657] sg_build_indirect.isra.0+0x2f5/0x710 [ 1869.194401] sg_common_write.constprop.0+0x992/0x1a30 [ 1869.195206] ? sg_build_indirect.isra.0+0x710/0x710 [ 1869.195967] ? vprintk_func+0x93/0x140 [ 1869.196561] ? printk+0xba/0xf1 [ 1869.197061] ? record_print_text.cold+0x16/0x16 03:23:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 63) [ 1869.197773] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1869.198620] ? trace_hardirqs_on+0x5b/0x180 [ 1869.199300] sg_write.part.0+0x69e/0xaa0 [ 1869.200054] ? sg_new_write.isra.0+0x770/0x770 [ 1869.200802] ? __lockdep_reset_lock+0x180/0x180 [ 1869.201509] ? perf_trace_lock+0xac/0x490 [ 1869.202146] ? lock_acquire+0x197/0x470 [ 1869.202750] ? find_held_lock+0x2c/0x110 [ 1869.203349] ? _cond_resched+0x12/0x80 [ 1869.203942] ? inode_security+0x107/0x140 [ 1869.204571] ? avc_policy_seqno+0x9/0x70 [ 1869.205188] ? selinux_file_permission+0x92/0x520 [ 1869.205868] sg_write+0x87/0x120 [ 1869.206382] ? sg_write.part.0+0xaa0/0xaa0 [ 1869.207026] vfs_write+0x29a/0xb10 [ 1869.207569] ksys_write+0x12d/0x260 [ 1869.208123] ? __ia32_sys_read+0xb0/0xb0 [ 1869.208739] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1869.209532] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1869.210312] do_syscall_64+0x33/0x40 [ 1869.210874] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1869.211660] RIP: 0033:0x7f5171091b19 [ 1869.212222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1869.215008] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1869.216204] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1869.217324] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1869.218330] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1869.219452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1869.220451] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1869.232222] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1869.232222] program syz-executor.7 not setting count and/or reply_len properly [ 1869.238053] FAULT_INJECTION: forcing a failure. [ 1869.238053] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1869.239809] CPU: 0 PID: 28631 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1869.240868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1869.242156] Call Trace: [ 1869.242567] dump_stack+0x107/0x167 [ 1869.243140] should_fail.cold+0x5/0xa [ 1869.243735] __alloc_pages_nodemask+0x182/0x600 [ 1869.244458] ? __kmalloc+0x16e/0x390 [ 1869.245046] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1869.245986] ? trace_hardirqs_on+0x5b/0x180 [ 1869.246685] alloc_pages_current+0x187/0x280 [ 1869.247371] sg_build_indirect.isra.0+0x2f5/0x710 [ 1869.248127] sg_common_write.constprop.0+0x992/0x1a30 [ 1869.248931] ? sg_build_indirect.isra.0+0x710/0x710 [ 1869.249700] ? vprintk_func+0x93/0x140 [ 1869.250299] ? printk+0xba/0xf1 [ 1869.250805] ? record_print_text.cold+0x16/0x16 [ 1869.251529] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1869.252312] ? trace_hardirqs_on+0x5b/0x180 [ 1869.252985] sg_write.part.0+0x69e/0xaa0 [ 1869.253611] ? sg_new_write.isra.0+0x770/0x770 [ 1869.254322] ? __lockdep_reset_lock+0x180/0x180 [ 1869.255053] ? perf_trace_lock+0xac/0x490 [ 1869.255700] ? lock_acquire+0x197/0x470 [ 1869.256311] ? find_held_lock+0x2c/0x110 [ 1869.256944] ? _cond_resched+0x12/0x80 [ 1869.257540] ? inode_security+0x107/0x140 [ 1869.258177] ? avc_policy_seqno+0x9/0x70 [ 1869.258802] ? selinux_file_permission+0x92/0x520 [ 1869.259564] sg_write+0x87/0x120 [ 1869.260087] ? sg_write.part.0+0xaa0/0xaa0 [ 1869.260734] vfs_write+0x29a/0xb10 [ 1869.261289] ksys_write+0x12d/0x260 [ 1869.261847] ? __ia32_sys_read+0xb0/0xb0 [ 1869.262478] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1869.263291] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1869.264087] do_syscall_64+0x33/0x40 [ 1869.264659] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1869.265455] RIP: 0033:0x7f794b5b5b19 [ 1869.266026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1869.268865] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1869.270025] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1869.271128] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1869.272215] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1869.273306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1869.274398] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:23:54 executing program 1: accept$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000280)=0x1c) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x4002, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x3, 0x294, 0x1, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r2 = dup2(r0, r0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc02c5341, &(0x7f00000000c0)) 03:23:54 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4c, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1869.333155] sg_write: data in/out 155975644/80 bytes for SCSI command 0x0-- guessing data in; [ 1869.333155] program syz-executor.0 not setting count and/or reply_len properly 03:24:09 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = open(&(0x7f0000000000)='./file0\x00', 0x20100, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) 03:24:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 64) 03:24:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x68, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:24:09 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 58) 03:24:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc05c5340, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:24:09 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000040), 0x5, 0x40) close_range(r2, r3, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @private0, 0x7}, 0x1c) getpid() [ 1884.093999] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.093999] program syz-executor.7 not setting count and/or reply_len properly [ 1884.095394] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.095394] program syz-executor.6 not setting count and/or reply_len properly [ 1884.101050] sg_write: data in/out 157810652/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.101050] program syz-executor.0 not setting count and/or reply_len properly 03:24:09 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x400000, {}, 0x3, 0x8}) [ 1884.116370] FAULT_INJECTION: forcing a failure. [ 1884.116370] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1884.117581] FAULT_INJECTION: forcing a failure. [ 1884.117581] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1884.119047] CPU: 1 PID: 28816 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1884.122466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1884.124360] Call Trace: [ 1884.124958] dump_stack+0x107/0x167 [ 1884.125785] should_fail.cold+0x5/0xa [ 1884.126659] __alloc_pages_nodemask+0x182/0x600 [ 1884.127722] ? __kmalloc+0x16e/0x390 [ 1884.128569] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1884.129937] ? trace_hardirqs_on+0x5b/0x180 [ 1884.130915] alloc_pages_current+0x187/0x280 [ 1884.131923] sg_build_indirect.isra.0+0x2f5/0x710 [ 1884.133025] sg_common_write.constprop.0+0x992/0x1a30 [ 1884.134193] ? sg_build_indirect.isra.0+0x710/0x710 [ 1884.135304] ? vprintk_func+0x93/0x140 [ 1884.136179] ? printk+0xba/0xf1 [ 1884.136916] ? record_print_text.cold+0x16/0x16 [ 1884.137952] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1884.139080] ? trace_hardirqs_on+0x5b/0x180 [ 1884.140072] sg_write.part.0+0x69e/0xaa0 [ 1884.140990] ? sg_new_write.isra.0+0x770/0x770 [ 1884.142027] ? __lockdep_reset_lock+0x180/0x180 [ 1884.143070] ? perf_trace_lock+0xac/0x490 [ 1884.144012] ? lock_acquire+0x197/0x470 [ 1884.144901] ? find_held_lock+0x2c/0x110 [ 1884.145827] ? _cond_resched+0x12/0x80 [ 1884.146699] ? inode_security+0x107/0x140 [ 1884.147635] ? avc_policy_seqno+0x9/0x70 [ 1884.148542] ? selinux_file_permission+0x92/0x520 [ 1884.149630] sg_write+0x87/0x120 [ 1884.150385] ? sg_write.part.0+0xaa0/0xaa0 [ 1884.151328] vfs_write+0x29a/0xb10 [ 1884.152144] ksys_write+0x12d/0x260 [ 1884.152958] ? __ia32_sys_read+0xb0/0xb0 [ 1884.153873] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1884.155047] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1884.156210] do_syscall_64+0x33/0x40 [ 1884.157037] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1884.158167] RIP: 0033:0x7f794b5b5b19 [ 1884.158994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1884.163059] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1884.164778] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1884.166400] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1884.168032] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1884.169644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1884.171262] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1884.172872] CPU: 0 PID: 28812 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1884.174203] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1884.175826] Call Trace: [ 1884.176335] dump_stack+0x107/0x167 [ 1884.177043] should_fail.cold+0x5/0xa [ 1884.177779] __alloc_pages_nodemask+0x182/0x600 [ 1884.178672] ? __kmalloc+0x16e/0x390 [ 1884.179380] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1884.180548] ? trace_hardirqs_on+0x5b/0x180 [ 1884.181377] alloc_pages_current+0x187/0x280 [ 1884.182223] sg_build_indirect.isra.0+0x2f5/0x710 [ 1884.183153] sg_common_write.constprop.0+0x992/0x1a30 [ 1884.184164] ? sg_build_indirect.isra.0+0x710/0x710 [ 1884.185117] ? vprintk_func+0x93/0x140 [ 1884.185861] ? printk+0xba/0xf1 [ 1884.186489] ? record_print_text.cold+0x16/0x16 [ 1884.187382] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1884.188345] ? trace_hardirqs_on+0x5b/0x180 [ 1884.189181] sg_write.part.0+0x69e/0xaa0 [ 1884.189961] ? sg_new_write.isra.0+0x770/0x770 [ 1884.190836] ? __lockdep_reset_lock+0x180/0x180 [ 1884.191724] ? perf_trace_lock+0xac/0x490 [ 1884.192524] ? lock_acquire+0x197/0x470 [ 1884.193278] ? find_held_lock+0x2c/0x110 [ 1884.194061] ? _cond_resched+0x12/0x80 [ 1884.194801] ? inode_security+0x107/0x140 [ 1884.195593] ? avc_policy_seqno+0x9/0x70 [ 1884.196364] ? selinux_file_permission+0x92/0x520 [ 1884.197294] sg_write+0x87/0x120 [ 1884.197943] ? sg_write.part.0+0xaa0/0xaa0 [ 1884.198745] vfs_write+0x29a/0xb10 [ 1884.199419] ksys_write+0x12d/0x260 [ 1884.200031] ? __ia32_sys_read+0xb0/0xb0 [ 1884.200809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1884.201801] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1884.202774] do_syscall_64+0x33/0x40 [ 1884.203484] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1884.204461] RIP: 0033:0x7f5171091b19 [ 1884.205154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1884.208383] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1884.209597] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1884.210738] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1884.211885] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1884.213024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1884.214156] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:24:09 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$inet6(r2, &(0x7f0000001540)={&(0x7f0000000080)={0xa, 0x4e20, 0x6, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xfffffffc}, 0x1c, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e60154995b58065339c0ea83d9d97f57c32f774f287ea3e2a13be667283aca2d110de4f8073a4c3c28077a4b9b0903cfdd9f1d605f58df96da5f5ad5d23e1ecc4c495f28c73da1a90103a420d463ad79c554539fe6aefaae09f4fa23899ffc71edbb0614a4d6d5c9eb71f1bb0a1e0d6b2601142e265ad95f234534838d5cbf23c0fe6380b8499bdf5d650421d8f560950957c47873a4f50af60fac3a2c57a7eb78ef48c0bb76a39d8e4554", 0xab}, {&(0x7f0000000180)="0bdb8df2bcf8eec2c07706ced795ddc68cc4d0128944514b3e6f49e9955d1c4b6dba43d729e8fbe08e170189148862ae9681658333efcb13705ab0be8660a2e2a2f6ff56b3db77f98727f5fa", 0x4c}, {&(0x7f0000000200)="1a67cb403adf18125dd77ef245bed02aeba64c04b6c22dc8b9278e2bd5d94bc901eb55a2f791a5d45adc0736680cccad311be57443931e09a6e2a8e15e53f9148717c1657db94499a95e509518117e0e60b61d4f2ada4319e66d09a565a4a194b6e6d1690237140f52d84975ab9ba347df0ee362bde14400bcb1257e243775de0739eaac663847a8", 0x88}], 0x3, &(0x7f0000001e00)=[@dstopts={{0x10a0, 0x29, 0x37, {0x3b, 0x210, '\x00', [@ra={0x5, 0x2, 0x40}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x48, {0x3, 0x10, 0x75, 0x0, [0x9, 0x3, 0x8, 0x2, 0x40, 0x4, 0x80, 0x7]}}, @ra={0x5, 0x2, 0xe000}, @enc_lim={0x4, 0x1, 0xdd}, @generic={0xa0, 0x1000, "4a0ea316bbd9b19506a2c23a231a5326a5f104905cf412da671a6bd087c99af02e898907b15bd2c9ae5e0db3bfea6267a9be2bd6acd8088554d54fa96f1d61947dfe14a87e6efdcd8161b2ae5d071efa5b4aba04136018adbb1aecb295a32e1d578b6fd2a118ecd138dfadc6c0b5f72d622928950c9c1fa4c3359c2039a6c990e87e7a130daa00e1516092b2357a845b12c4de110d1ff147b5e97e4df9d92df870d37fe2d6168ac9c7979f87ef880fd8e09f34007d1bc4e758da8eb780c4e632f44ea73557f2d76e827cdc895410135b9c81eaabc6513c86b5874ea815fabc093f9570e26b013c82a7cc2a855a4ed3c9b781ac73f03b0f2075cdd05c2b0b5c2d6cf9d31ecc0a6c35daf28ccfba4f8aba6f77654b0134c9fa56c11865d8b25fa7aff13e0f6ceae6cfd355dd2c488d9771860c4f16cc816e5c0dffa94c2308d4f7c5c6099890efb0316d4fb5dec170a7751ce0acab29e3f231bd4d7423090dc5a45afe2d5cfb12b6cb89321373da8a9e0c1fdfa5d69ee253cbea4b3d8444b2fab6fe8d14cfe21052e1d28cefc3ae657ba3dcb2806569b0a1918626bb6fb96ce39028bff6f9f781638565be8f61f5da3781f2845a97a33c94430d6041fed885a12056ef00ea1ecc469f2b71c1fbc026298bd389048e07c1f40f8292cfb4d2cabbafffe461f88f290f1ecab644ffcd941ef37e1e9ca9cc176775c95026d835d859a0c099337bee786b22718ba4923fb9dfd672f4d700a0e7ee0262699894ef1bc882051fccc9cd81d4ac72290d27b1f036e9f983f1194bda648c9f7f5007baddc18cc13ad8ca26897683e2ce4b57434d53f6d583fc0bac01512e1a48ff0e59cfa5f183c0f66885db79f8d47f87983d5c346b965f8f89510ded1ee6f4039a3d747bcd95a9e7573270ab012af7fffc6fa719a4742963c0a8eb95a6b621355ee110f9f9a2f05afed4677d22f339d51876d7663edbe2c40a5a102f1f9f5171240423f78e0c6157fbaf8f0ecd23bb2701b3d0b304497f850c873d7109d4c792fba28ab712094e9d123807a246701544042e5726ce74ddf66e188170c50749033dd9fb8c8ec6fe0073c057e12f0c68d8166144b13a3ff59ab096b360c4fdff43245726ebd3251a2a2ff27855707f3ff2eca402776504f0cb931b09078a33c1d123216df9757e6a655d1a885d0c59ca04aa568da7790d6dadc90535aaeb50b32b7762a07ac0efa8a1c91618362c20a617b95de48a1569e90bf89c4ed5d0baece5604a9d04e35cd46ffc7438dcc073c3214c27d4e602d9e5bfb4d9a0ccb800d3432205449edf6a7ec1f4b0581d03f56c00f7cf888616d94f9b84e2c6983b70685cdf253c7cc13d083fbf1c11dbb952b2c54bafa330176eb237f5dd035bf81860406cb3ae86b1915e4f671dd91f4396c38b41601d2e93c58ab306c2da99286d2b84fe7012e84e8e6bd7edf07c06d68497aaf917107c7f132195a3af549aef8f4d67b19b0365082a3fe0b97ddc528c35befa044b81b1be5c2aa931f0e788d8024ef3c5b660b2764965e95bbc2a28d14178c19fb7406178941b13327582fd265c80a33a82b02d681340e89b4271581b77f4466b304176edb4c7a842b0041b9995b83a06d52567903535b3d87971fa47f9c81397508087fd674eeebad7d8c57c40c4cbdb2ae961a73cb2afe63e5023af874c2b876f593a746267896ef50286374bf57a59c6757a09d6d0b720605cbf6cbaf8019a3b5aa71220cd9291cd092fc1ad554d03c02a70c6c056096965880485f0185db013cd52fbdaf41ff753b37fd664cb226d515917d0832089886d40fd8d624343fbd5d750c331527532fd209ba628f5bbaf1d0f9f88e06a1d4533bd22beaab74f1b814e07ae88af4c67f7eee62754c8b99c8e0293ba0cfa3ce138932ef8ee4753221ddd2f26543fd401dd2def2f1a45b59a9a44cf2876948ed48956b1098f3496057f34ea6c5dadf17f4fa235551bba199d911b159c08def69bba06759ad888a5df094c8a6b8000c8cee280fc2e09cbeb350449f60667cdab094234e51f47456f2168d1626f15ea7bb51ce83b7363b3c38d27ea192a1d04309f862c2fa7de63aed83e518be3f3e2c8546f352c7959a0584c383f3d04e790c906caaacaa385cea274d7a72c49ab800ae30a32410559333a62f5b2acbd799ce9cf5070b7754265c2f2f5d76ff01f1fa46b4e067b6df5be22693752998ecc71129143d9d9ee58ee416a524d260d3b1860fa488eb63b1eeb2302c908ff980cd717694016317cebdf091ababc955944c000ffbcd2bc9b237345c434052bbd912c2dc57ee40374c7c53ecdaa17c3e24a0b383e2924454157f6e63108e43c15ab3d676e5ca12e6b1316be641e42da72c6b10fe78242df78e9cc4d5c40bbc2d3d1695c85f90b513da7ca6aa37566c18a217b00208b3f5b419feb7ff2d1953a76b0fd85bd267404b368a91ff3cf9ed7cdf2c646e0a4a1c5c460186a83fda5e2c018a6bb41c56a7d25416c37a8ccbf3da552d64aa0df90270b6750aacc5e394f69fb5b6648332de2c95184bbaabb30260f24020adfd2d7a7036abdbf89676fe146c0d74004c70d723665f6595ec3df64b95b5e03df9b729b8743a5f10295c314e7644482c5834c14a6537c9c37cf1c03da8d2ccf6a1dc0ec96480d4c5b74d18d1979cd486e40b95f1ede676e1b9c85c95d10075e2be51a8a2c6982745bdc49a0a44d67506bfb4be2f0f8a61268800f93c4c5f8a55e5d42c88233cdb34d66b2fde66c0393487ab13bcdbf3dee6b396fe21713a66b39b3e93b6c825d6405e7458f371faf4f8a773d49eb7635f0fe26bc029724a17dd4605bc91f6d8146b10ee43ae0ace86101e7193c9e4d06f873cf881162c0e1759ec1c19886f12da23cf2c3c5a473fedf8cd5c4af6e50d671129ec1a86453761082316fa0457c1512e294d55b431354a2910b017e85661995fddbf252d428892baf3af487cbd7be42919d01e34c4a2465cd8a66152056e61ac9a9c20cbf676e288cf8c4516dda8ddf91e97bda7d7676fb1fdbd5362ffb0b004232e4c2ad381e399774bb2754dc01d0a66d351396cf2298a204be08e21aabedc7a90357dbbcad6298fab18701db1ca9db7080a8a09cdc62e6748ebfb4623ce76d0afc0b42a76d024f1b364c5f4004012370652d7343406be91db75d0231c12a0e1cab28d94357ed79afbc7fa0e15c67f8e262d1aed58b10d9768fc6dd352ce665f4e8570191bcd0e444c691256a9b62392f925ce2cc1d676fa913fe3f515bd118a3b44ee61f731e6bcc30064f59d0c943a7d8375862d93436f7352209ef9c09e1816ca24d095a354633d1c6df9ed19d93a2beb36b7be3caf019b819c9380e660f50dba7352294c5455db1717d7000b27802f82c071bcdb75bb9db8ea3f295379bc10f8bfe7f8156cef682d8a1ecba9567b1142a8384782301a5e7f28c4b365f9485d2ef6ff5d2023414a0454c880cad838abdeabc203f73e5e50e57da7e785378f8745a36cc6b477fa6612508c2af975c3f97158410f0dc43097a542bc6af1f9da83ac33e7ba26c5004a7e3c784a61d0758bd4f764094c2e9c591ad7747f3c4e708762796a67ae96d1c3f12f9abe87a4d17f1cfc30425044a958093506259069ca911aa6f8938561a59e47f819db560b85d32ec6d966ffe96a8151b7d854aceefffa9705bfadfae9592c055908b354d17c5bc4c4f366b5b1c5f6f6f13e597456d1bb321744df1818bb2b23f0af6db4b59d3167f1a3301219a0a0d20c254e2125139ab5d7f7e2b50e8ca5a210ab80478cc701c539e53211261d075083fba82b7715a04e9530caf285ef52cb3c94a8ec8fd96681e39945a9f8d9b29c09c32a3d55745967d512b48cb6caa377b31685d093cf4d2f1d1adc88b2254dd902014c2f1ca4002444da34a8751ff30cf312c97558dd2bcd092611444700f0c8afe72726dc60aaf980c23a22dbd9b4c938994f0cf3567b016c37308615efbdbf375369356844a2234773107742081e2dfd455647c7702d685eeb0f42273d1b6e6b142c7c37d64850b2fc584e9ad5227b6fddaed42b152d05846e60ab82424599e8bbd719b41001dbdde0b0650a0e3f095daae48d075ff7796ed91b4602b9eb1f29066c7f3ee0d22fc9f8e526cedcb115d7a921d25ba297103bf58b362471eec6310a6c1e5f938136a5df8886745339655a71057155a2f0d6f6537d69f42160ff5ebd8b19d19d83d9e41cd59a0fd3e0ca7319ce51bd850719e981fe2a3854838da6dc7a0f8cb4c7fd17152039682a52c7e7ddba92aa3de6a85c9c6c64b2c38f1bc1b688b2cda5fc12bc564634859105558130a20f5f884f46cb84b978812cbf3261101e769c8aac2e6e22fba8707bf20e4b524ceef961c5fa744670d4a7d9ad60da683750224b1c51500911c44261bb57e6b575fcf1c3ab3fb4cc3886eae3fff9ffdf19ed54a277967fec1d077d46436524a7437bfb233d0e0c1031051e5207641f833b5e57986aae71f25e7cfb90f1e328f45c7805020f990930f8ce81503e78ee2c4600c24649accfd9e0748f508747dee46f4d9abb58562a0c954a5c6b4a2aa3b3e56c4300e5081bd56b86252f4561aebc7230b712f5757d143eff4ab0b5fcefb14af365583adf11dc46fcb6de0694393713f6c68e8a01e2492646466f8ad6c38ff921a84a8c8be9278ef244059ecba07a93088c2427dfac02004f1e383d1f18bb6e0773b8e024697001704334947258f6f0b245d9b9c9394aabadcdce55041f8771699309861ad4b8eef5e49ad6a07393ed802d5e181577614d58d5332a6b3f0ddc526d9cbd3c01feff04509fbd28834eec1d43dfb3d3cda06222e73b057ab89ddcbbb09d5674811c97730d2c8ff4b965caf2ce7500c989713475ba070f6cf74570945e4d62b285517f9393b3dbae468d007125ef5bce0b308572b6c4ea6003a60e135dac873636ea719f488b74a7d59840fcbc4a8a53d1371b7e40003e7e780b3ba1118932bf7e624b0ddc0bc68d9601839695fc7866d4ad027b6ea5a4379ea555738a57c52fd16adfaa998fd4e557c9015ed4a92172df56918313b504ed892b9474960ffe0bfc81ac00130f02a028d70d2b8c7ad2d9b6579a49d4c6b24b4ec2f68d671dd6d0de597413d810963cd1ca2a2ba789a1e2a7311da1b973b6a856fc56ab361960d47bcd95d2f9ea88bb9be10d3bdabce388b0cb7770310fd22e48a1b578a7fffe2206b958e2aee94950dd058cd61d8697dacaf1f13f5cba9d5a5ce0c5fd4deac660c2ab4586e7756ef6126d426257f98d278ecde86a7783bddb7d607a55139d85dbaa1847f2b8fa3a1f17471209369aba934677ef8ff14fff842b00e6989516f8fc463fa4171f31e35762d48330b311123bf07720dc5e0a74b4b9ec1245ecefa94840b51181cbf5ed832bfde2f02ee2bdef3c76b53c05e3ba78993d35446fc9a14d583aecb6a25926a3a9fb6c4b878b857b202b70f6c0d8fbf25163ca6283b749e4a5fd444127db5afb8262b9cd1bf11fb91a04afca7352f759ccdafbd26624059b0a362361b7583f6722ea04d2cf6df91cd67c0cb41b26f99166f9e880e4cad14cf8c24bbaa4d5722b1549540b5261b9376ca26726a0f3ed68e85e7f1fdf93916c83b9f7e5da335b00fe4a70e34b56004dc21ff41aca01d09df3febfa00f15259f167dd238fa24bc411a697dce24d771438c1c3b2f3dce74f2ace402d2969d0f3bbfddfaecbc7144b8f9f603b51da5e0727d8ab56e2e2e9eeaacd368d18e15d3a79d600ac48039a8cb41ba5d383548bda478c"}, @generic={0x4, 0x18, "c5812899a2ce4ff1fce426b904d5fdfa3ff02e62678389a1"}, @ra={0x5, 0x2, 0x8001}, @jumbo={0xc2, 0x4, 0x7}, @enc_lim={0x4, 0x1, 0x4}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x8}}, @pktinfo={{0x24, 0x29, 0x32, {@empty}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x5}}, @rthdr={{0xa8, 0x29, 0x39, {0x29, 0x12, 0x2, 0x3, 0x0, [@remote, @local, @private0, @private1, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @remote]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x6}}], 0x11b8}, 0x2004895) io_uring_enter(r0, 0x4dac, 0x51c8, 0x1, &(0x7f0000000040)={[0x9fd]}, 0x8) 03:24:09 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000008000000050000000000000002000000000000008100000000000000b80e000000000000000000000000000000004db40f0000000000000000000000000000000000000800000001000000000000006600000000000000018000"/451]) bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x4000000}, 0xc) 03:24:09 executing program 3: r0 = getpid() r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r3, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000055c0)=[{{&(0x7f0000000140)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f00000001c0)=""/65, 0x41}, {&(0x7f0000000240)=""/231, 0xe7}, {&(0x7f0000000440)=""/126, 0x7e}, {&(0x7f00000004c0)=""/186, 0xba}, {&(0x7f0000000580)=""/85, 0x55}, {&(0x7f0000000340)=""/56, 0x38}, {&(0x7f0000000600)=""/173, 0xad}], 0x7}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f00000008c0)=[{&(0x7f00000007c0)=""/55, 0x37}, {&(0x7f0000000800)=""/149, 0x95}], 0x2, &(0x7f0000000900)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x88}}, {{&(0x7f00000009c0)=@abs, 0x6e, &(0x7f0000000d80)=[{&(0x7f0000000a40)=""/163, 0xa3}, {&(0x7f0000000b00)=""/156, 0x9c}, {&(0x7f0000000bc0)=""/37, 0x25}, {&(0x7f0000000c00)=""/134, 0x86}, {&(0x7f0000000cc0)=""/10, 0xa}, {&(0x7f0000000d00)=""/119, 0x77}], 0x6, &(0x7f0000000e00)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000000e80)=@abs, 0x6e, &(0x7f0000001000)=[{&(0x7f0000000f00)=""/174, 0xae}, {&(0x7f0000000fc0)=""/31, 0x1f}], 0x2, &(0x7f0000001040)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}, @cred={{0x1c}}], 0x140}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000001180)=""/117, 0x75}, {&(0x7f0000001200)=""/19, 0x13}, {&(0x7f0000001240)=""/171, 0xab}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000001300)=""/96, 0x60}, {&(0x7f0000001380)=""/15, 0xf}, {&(0x7f00000013c0)=""/60, 0x3c}], 0x7, &(0x7f0000001480)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f0000001580)=@abs, 0x6e, &(0x7f00000017c0)=[{&(0x7f0000001600)=""/166, 0xa6}, {&(0x7f00000016c0)=""/247, 0xf7}], 0x2, &(0x7f0000001800)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}, {{&(0x7f00000018c0)=@abs, 0x6e, &(0x7f0000001c40)=[{&(0x7f0000001940)=""/230, 0xe6}, {&(0x7f0000001a40)=""/242, 0xf2}, {&(0x7f0000001b40)=""/161, 0xa1}, {&(0x7f0000001c00)=""/20, 0x14}], 0x4, &(0x7f0000001c80)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x78}}, {{0x0, 0x0, &(0x7f0000004040)=[{&(0x7f0000001d00)=""/12, 0xc}, {&(0x7f0000001d40)=""/39, 0x27}, {&(0x7f0000002e00)=""/12, 0xc}, {&(0x7f0000002e40)=""/86, 0x56}, {&(0x7f0000002ec0)=""/18, 0x12}, {&(0x7f0000002f00)=""/46, 0x2e}, {&(0x7f0000002f40)=""/209, 0xd1}, {&(0x7f0000003040)=""/4096, 0x1000}], 0x8, &(0x7f00000040c0)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}}, {{&(0x7f0000004140)=@abs, 0x6e, &(0x7f00000041c0), 0x0, &(0x7f0000004200)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x108}}, {{&(0x7f0000004340)=@abs, 0x6e, &(0x7f0000005540)=[{&(0x7f00000043c0)=""/175, 0xaf}, {&(0x7f0000004480)=""/178, 0xb2}, {&(0x7f0000004540)=""/4096, 0x1000}], 0x3, &(0x7f0000005580)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}], 0xa, 0x40010100, &(0x7f0000005840)) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x90002, &(0x7f0000005880)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@msize={'msize', 0x3d, 0x9}}, {@dfltgid={'dfltgid', 0x3d, 0xee01}}, {@dfltuid={'dfltuid', 0x3d, r3}}, {@nodevmap}, {@msize={'msize', 0x3d, 0x3}}, {@access_any}, {@access_uid={'access', 0x3d, r4}}, {}, {@access_uid={'access', 0x3d, 0xffffffffffffffff}}], [{@subj_user={'subj_user', 0x3d, '*!-'}}, {@context={'context', 0x3d, 'system_u'}}]}}) fcntl$setstatus(r1, 0x4, 0x2400) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0xf7, 0x3, 0x2, 0x9, 0x0, 0x4, 0x200, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_config_ext={0x1ff}, 0x100, 0x1, 0x6, 0xd, 0x6e0e, 0x3, 0x1ff, 0x0, 0x2, 0x0, 0x6ec8}, 0xffffffffffffffff, 0x10, r1, 0x0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:24:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x6c, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1884.322125] sg_write: data in/out 158072796/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.322125] program syz-executor.0 not setting count and/or reply_len properly 03:24:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0605345, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:24:09 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x340, 0x0) ppoll(&(0x7f0000000180)=[{r0, 0x1042}], 0x1, &(0x7f00000001c0)={0x77359400}, &(0x7f0000000200)={[0x3ff]}, 0x8) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0, {0x6, 0x6}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'}) fstatfs(r1, &(0x7f0000000100)=""/108) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="02000000003300002e2f66696c653000"]) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:24:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x74, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:24:10 executing program 2: r0 = getpid() r1 = perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x40, 0x40, 0x5, 0x1, 0x0, 0x7f, 0x400, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000000), 0x8}, 0x444, 0x101, 0xfffeffff, 0x3, 0x9c, 0x1, 0x1f, 0x0, 0x9, 0x0, 0xffffffffffffffe0}, r0, 0xb, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r4 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r5 = fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r3, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r5, r7, 0x6, 0xffffffffffffffff, r6) perf_event_open(&(0x7f00000000c0)={0x3, 0x80, 0x81, 0x6, 0x6, 0x3, 0x0, 0x5, 0x60000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x1f, 0x2}, 0x10082, 0xd, 0xa08e, 0x1, 0x2, 0x4, 0x3, 0x0, 0x1, 0x0, 0x1}, r5, 0x1, r1, 0x0) [ 1884.399288] sg_write: data in/out 158597084/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.399288] program syz-executor.0 not setting count and/or reply_len properly 03:24:10 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}, 0x40, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x4, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010262ad166149f07c6372118403797a8180d612622b1af366179bf17d8ba2264695f386ad74a73fd7c73c7a349438ba38c9c11353f76d1236181ebcc26d7684db83c4fc73e2de06f298913d5b272be5d0e731825ee7f982e93d514f07930b0bd1e1b03b60e9c5bc5867f4325c33dcbc9be4619b6839749b79460500656a41d4dbf79723685aa842314f3ca7a19fcdd190c28b6fea3a5e7c617b81603a8a9ac2c5a2588609fb6b88ad3f757cb0889498d1b8f9c2b0a2c02aebf18b81f82fd8fadee967f5b8dad1ace0e11ed75f929e8787b7e3cb4935bedffd01914940a78b102b2f6e26df243a9cfa56524bccadb06e0f737c27a37b8420e7e4bce6797137d0dd72d9e5e877f10d20efcf54d1fb7c3dd7144f3000000000000008e8415018bba57ed394ba766318434c3698cca71eccdb77c37b9f19897be02f2e70a0b7870e3f2696db71deaa52b744895d3417bca0ff290ba99d563a76ed3e717b4ef6385cd29bb5a35c690503be487d45e66471928f5a25cc945ba0388", @ANYRES16=r3, @ANYBLOB="00012cbd7000fddbdf2563000000"], 0x14}}, 0x4000000) ptrace(0xffffffffffffffff, 0x0) syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f0000000180)=@sco}, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r2, &(0x7f00000002c0)={0x200082, 0x13, 0x8}, &(0x7f0000000300)='./file0\x00', 0x18, 0x0, 0x12345}, 0x5) socket$inet6_tcp(0xa, 0x1, 0x0) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bind(r7, &(0x7f0000000100)=@un=@abs={0x0, 0x0, 0x4e20}, 0x80) 03:24:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x7a, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1884.473647] sg_write: data in/out 158990300/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.473647] program syz-executor.0 not setting count and/or reply_len properly 03:24:10 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 65) 03:24:10 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) sendfile(0xffffffffffffffff, r1, &(0x7f0000000000)=0x3, 0x8) [ 1884.532311] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.532311] program syz-executor.7 not setting count and/or reply_len properly [ 1884.557025] FAULT_INJECTION: forcing a failure. [ 1884.557025] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1884.560034] CPU: 1 PID: 29151 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1884.561709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1884.563712] Call Trace: [ 1884.564349] dump_stack+0x107/0x167 [ 1884.565230] should_fail.cold+0x5/0xa [ 1884.566164] __alloc_pages_nodemask+0x182/0x600 [ 1884.567284] ? __kmalloc+0x16e/0x390 [ 1884.568188] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1884.569634] ? trace_hardirqs_on+0x5b/0x180 [ 1884.570675] alloc_pages_current+0x187/0x280 [ 1884.571748] sg_build_indirect.isra.0+0x2f5/0x710 [ 1884.572921] sg_common_write.constprop.0+0x992/0x1a30 [ 1884.574170] ? sg_build_indirect.isra.0+0x710/0x710 [ 1884.575373] ? vprintk_func+0x93/0x140 [ 1884.576324] ? printk+0xba/0xf1 [ 1884.577118] ? record_print_text.cold+0x16/0x16 [ 1884.578231] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1884.579436] ? trace_hardirqs_on+0x5b/0x180 [ 1884.580500] sg_write.part.0+0x69e/0xaa0 [ 1884.581471] ? sg_new_write.isra.0+0x770/0x770 [ 1884.582578] ? __lockdep_reset_lock+0x180/0x180 [ 1884.583692] ? perf_trace_lock+0xac/0x490 [ 1884.584685] ? lock_acquire+0x197/0x470 [ 1884.585626] ? find_held_lock+0x2c/0x110 [ 1884.586606] ? _cond_resched+0x12/0x80 [ 1884.587539] ? inode_security+0x107/0x140 [ 1884.588525] ? avc_policy_seqno+0x9/0x70 [ 1884.589495] ? selinux_file_permission+0x92/0x520 [ 1884.590652] sg_write+0x87/0x120 [ 1884.591460] ? sg_write.part.0+0xaa0/0xaa0 [ 1884.592479] vfs_write+0x29a/0xb10 [ 1884.593337] ksys_write+0x12d/0x260 [ 1884.594196] ? __ia32_sys_read+0xb0/0xb0 [ 1884.595167] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1884.596408] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1884.597633] do_syscall_64+0x33/0x40 [ 1884.598510] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1884.599737] RIP: 0033:0x7f794b5b5b19 [ 1884.600644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1884.605047] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1884.606824] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1884.608496] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1884.610152] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1884.611843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1884.613504] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:24:10 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 59) 03:24:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1884.645986] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.645986] program syz-executor.6 not setting count and/or reply_len properly [ 1884.653861] FAULT_INJECTION: forcing a failure. [ 1884.653861] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1884.655348] CPU: 0 PID: 29215 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1884.656207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1884.657216] Call Trace: [ 1884.657545] dump_stack+0x107/0x167 [ 1884.657992] should_fail.cold+0x5/0xa [ 1884.658480] __alloc_pages_nodemask+0x182/0x600 [ 1884.659044] ? __kmalloc+0x16e/0x390 [ 1884.659506] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1884.660278] ? trace_hardirqs_on+0x5b/0x180 [ 1884.660822] alloc_pages_current+0x187/0x280 [ 1884.661367] sg_build_indirect.isra.0+0x2f5/0x710 [ 1884.661970] sg_common_write.constprop.0+0x992/0x1a30 [ 1884.662609] ? sg_build_indirect.isra.0+0x710/0x710 [ 1884.663333] ? vprintk_func+0x93/0x140 [ 1884.663883] ? printk+0xba/0xf1 [ 1884.664375] ? record_print_text.cold+0x16/0x16 [ 1884.665017] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1884.665757] ? trace_hardirqs_on+0x5b/0x180 [ 1884.666377] sg_write.part.0+0x69e/0xaa0 [ 1884.666975] ? sg_new_write.isra.0+0x770/0x770 [ 1884.667547] ? __lockdep_reset_lock+0x180/0x180 [ 1884.668232] ? perf_trace_lock+0xac/0x490 [ 1884.668740] ? lock_acquire+0x197/0x470 [ 1884.669320] ? find_held_lock+0x2c/0x110 [ 1884.669833] ? _cond_resched+0x12/0x80 [ 1884.670410] ? inode_security+0x107/0x140 [ 1884.671017] ? avc_policy_seqno+0x9/0x70 [ 1884.671621] ? selinux_file_permission+0x92/0x520 [ 1884.672336] sg_write+0x87/0x120 [ 1884.672834] ? sg_write.part.0+0xaa0/0xaa0 [ 1884.673458] vfs_write+0x29a/0xb10 [ 1884.673986] ksys_write+0x12d/0x260 [ 1884.674523] ? __ia32_sys_read+0xb0/0xb0 [ 1884.675119] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1884.675895] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1884.676655] do_syscall_64+0x33/0x40 [ 1884.677199] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1884.677954] RIP: 0033:0x7f5171091b19 [ 1884.678497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1884.681186] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1884.682294] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1884.683335] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1884.684387] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1884.685434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1884.686477] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:24:10 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:24:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1884.721677] sg_write: data in/out 33554396/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.721677] program syz-executor.0 not setting count and/or reply_len properly 03:24:10 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 60) 03:24:10 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff0000/0xe000)=nil, 0xe000, 0xb, 0x20010, r0, 0x8000000) syz_io_uring_setup(0xde, &(0x7f00000000c0)={0x0, 0x3fe7, 0x8, 0x3, 0x10a}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180)=0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_STATX={0x15, 0x1, 0x0, r4, &(0x7f00000002c0), &(0x7f00000001c0)='./file0\x00', 0x20, 0x800, 0x1}, 0x8) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x420201, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x0, 0xfd, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01, 0x0, 0x7ff}, 0xffffffffffffffff, 0x5, r6, 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) [ 1884.775162] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1884.775162] program syz-executor.6 not setting count and/or reply_len properly 03:24:10 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 66) [ 1884.789118] FAULT_INJECTION: forcing a failure. [ 1884.789118] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1884.790869] CPU: 0 PID: 29333 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1884.791723] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1884.792734] Call Trace: [ 1884.793066] dump_stack+0x107/0x167 [ 1884.793520] should_fail.cold+0x5/0xa [ 1884.793997] __alloc_pages_nodemask+0x182/0x600 [ 1884.794564] ? __kmalloc+0x16e/0x390 [ 1884.795023] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1884.795771] ? trace_hardirqs_on+0x5b/0x180 [ 1884.796300] alloc_pages_current+0x187/0x280 [ 1884.796951] sg_build_indirect.isra.0+0x2f5/0x710 [ 1884.797674] sg_common_write.constprop.0+0x992/0x1a30 [ 1884.798439] ? sg_build_indirect.isra.0+0x710/0x710 [ 1884.799174] ? vprintk_func+0x93/0x140 [ 1884.799755] ? printk+0xba/0xf1 [ 1884.800244] ? record_print_text.cold+0x16/0x16 [ 1884.800934] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1884.801680] ? trace_hardirqs_on+0x5b/0x180 [ 1884.802318] sg_write.part.0+0x69e/0xaa0 [ 1884.802916] ? sg_new_write.isra.0+0x770/0x770 [ 1884.803608] ? __lockdep_reset_lock+0x180/0x180 [ 1884.804292] ? perf_trace_lock+0xac/0x490 [ 1884.804907] ? lock_acquire+0x197/0x470 [ 1884.805491] ? find_held_lock+0x2c/0x110 [ 1884.806098] ? _cond_resched+0x12/0x80 [ 1884.806675] ? inode_security+0x107/0x140 [ 1884.807277] ? avc_policy_seqno+0x9/0x70 [ 1884.807881] ? selinux_file_permission+0x92/0x520 [ 1884.808593] sg_write+0x87/0x120 [ 1884.809091] ? sg_write.part.0+0xaa0/0xaa0 [ 1884.809714] vfs_write+0x29a/0xb10 [ 1884.810245] ksys_write+0x12d/0x260 [ 1884.810779] ? __ia32_sys_read+0xb0/0xb0 [ 1884.811374] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1884.812143] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1884.812901] do_syscall_64+0x33/0x40 [ 1884.813446] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1884.814196] RIP: 0033:0x7f5171091b19 [ 1884.814735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1884.817416] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1884.818526] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1884.819571] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1884.820606] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1884.821647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1884.822691] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:24:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:24:10 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5334, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1884.948405] FAULT_INJECTION: forcing a failure. [ 1884.948405] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1884.950140] CPU: 0 PID: 29541 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1884.951144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1884.952176] Call Trace: [ 1884.952563] dump_stack+0x107/0x167 [ 1884.953093] should_fail.cold+0x5/0xa [ 1884.953653] __alloc_pages_nodemask+0x182/0x600 [ 1884.954334] ? __kmalloc+0x16e/0x390 [ 1884.954882] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1884.955774] ? trace_hardirqs_on+0x5b/0x180 [ 1884.956412] alloc_pages_current+0x187/0x280 [ 1884.957062] sg_build_indirect.isra.0+0x2f5/0x710 [ 1884.957776] sg_common_write.constprop.0+0x992/0x1a30 [ 1884.958535] ? sg_build_indirect.isra.0+0x710/0x710 [ 1884.959267] ? lock_downgrade+0x6d0/0x6d0 [ 1884.959884] ? do_raw_spin_trylock+0xad/0x180 [ 1884.960542] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1884.961308] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1884.962041] ? trace_hardirqs_on+0x5b/0x180 [ 1884.962672] ? ___ratelimit+0x1fc/0x440 [ 1884.963260] sg_write.part.0+0x69e/0xaa0 [ 1884.964202] ? sg_new_write.isra.0+0x770/0x770 [ 1884.965271] ? __lockdep_reset_lock+0x180/0x180 [ 1884.966330] ? perf_trace_lock+0xac/0x490 [ 1884.967278] ? lock_acquire+0x197/0x470 [ 1884.968193] ? find_held_lock+0x2c/0x110 [ 1884.969132] ? _cond_resched+0x12/0x80 [ 1884.970018] ? inode_security+0x107/0x140 [ 1884.970961] ? avc_policy_seqno+0x9/0x70 [ 1884.971895] ? selinux_file_permission+0x92/0x520 [ 1884.973005] sg_write+0x87/0x120 [ 1884.973777] ? sg_write.part.0+0xaa0/0xaa0 [ 1884.974739] vfs_write+0x29a/0xb10 [ 1884.975564] ksys_write+0x12d/0x260 [ 1884.976393] ? __ia32_sys_read+0xb0/0xb0 [ 1884.977322] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1884.978515] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1884.979700] do_syscall_64+0x33/0x40 [ 1884.980548] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1884.981714] RIP: 0033:0x7f794b5b5b19 [ 1884.982564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1884.986762] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1884.988504] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1884.990127] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1884.991763] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1884.993389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1884.995021] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:24:26 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:24:26 executing program 1: pread64(0xffffffffffffffff, &(0x7f0000000080)=""/49, 0x31, 0x7) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x10, 0x70bd25, 0x25dfdbff, {{}, {}, {0x4c, 0x18, {0xd20b, @link='syz1\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x8000, {0xfffffffe}}) r0 = openat2(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x800, 0x1a4, 0x6}, 0x18) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x60, r1, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000002) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) pread64(r3, &(0x7f0000000400)=""/172, 0xac, 0x1) 03:24:26 executing program 2: getpid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r2 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r3 = fork() dup2(r1, r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r1, 0x128}, {0xffffffffffffffff, 0x2002}, {r2}, {0xffffffffffffffff, 0x6080}, {r2, 0x9200}, {r2, 0x62}, {r4, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) sendfile(r4, r2, &(0x7f00000000c0)=0x1, 0x9) r5 = fork() kcmp(r3, r5, 0x6, 0xffffffffffffffff, r4) r6 = fork() r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r7, 0x0, r7) write$sndseq(r7, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) fcntl$setstatus(r7, 0x4, 0x4000) kcmp(r6, 0x0, 0x6, r4, 0xffffffffffffffff) clone3(&(0x7f00000003c0)={0x20200200, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x58) ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f0000000040)={0x0, 0x1, 0x84e05c54da19230d}) 03:24:26 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 61) 03:24:26 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5335, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:24:26 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x800}, 0x0, 0x4, 0xffffffffffffffff, 0x1) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) clock_settime(0x6, &(0x7f0000000140)={r2, r3+10000000}) openat(r0, &(0x7f00000000c0)='./file0/file0\x00', 0x40800, 0x163) fcntl$setstatus(r1, 0x4, 0x2400) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, ':'}, {0x20, '\xee'}, {0x20, '(}(%%&1]}\xa4\x87:@'}, {0x20, './]/]'}], 0xa, "2f10b6eb47081bdbb4f2bc0e91623c41d84d0de7d4977a728b97b45ed2"}, 0x40) clock_gettime(0x1, &(0x7f0000000080)) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:24:26 executing program 3: r0 = open_tree(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0xa, 0x0, 0x0, 0x1, [@generic="487fec864b24"]}]}, 0x28}}, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r1) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x88, r2, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x74, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xdf00}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}]}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x393}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1ff}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x90}, 0x40090) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r2, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x800}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080}, 0x8000) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x80, r2, 0x71c, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x10001}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xb87}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffffffffffd5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfff}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x60004000}, 0x20004000) r3 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r3], 0x1}, 0x58) [ 1900.915103] sg_write: 2 callbacks suppressed [ 1900.915121] sg_write: data in/out 67108828/80 bytes for SCSI command 0x0-- guessing data in; [ 1900.915121] program syz-executor.0 not setting count and/or reply_len properly [ 1900.921342] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1900.922095] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1900.922095] program syz-executor.6 not setting count and/or reply_len properly 03:24:26 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 67) [ 1900.945299] FAULT_INJECTION: forcing a failure. [ 1900.945299] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1900.947816] CPU: 1 PID: 29590 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1900.949285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1900.951029] Call Trace: [ 1900.951608] dump_stack+0x107/0x167 [ 1900.952388] should_fail.cold+0x5/0xa [ 1900.953193] __alloc_pages_nodemask+0x182/0x600 [ 1900.954169] ? __kmalloc+0x16e/0x390 [ 1900.954952] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1900.956232] ? trace_hardirqs_on+0x5b/0x180 [ 1900.957145] alloc_pages_current+0x187/0x280 [ 1900.958072] sg_build_indirect.isra.0+0x2f5/0x710 [ 1900.959098] sg_common_write.constprop.0+0x992/0x1a30 [ 1900.960201] ? sg_build_indirect.isra.0+0x710/0x710 [ 1900.961248] ? vprintk_func+0x93/0x140 [ 1900.962066] ? printk+0xba/0xf1 [ 1900.962760] ? record_print_text.cold+0x16/0x16 [ 1900.963732] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1900.964798] ? trace_hardirqs_on+0x5b/0x180 [ 1900.965720] sg_write.part.0+0x69e/0xaa0 [ 1900.966577] ? sg_new_write.isra.0+0x770/0x770 [ 1900.966813] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1900.967547] ? __lockdep_reset_lock+0x180/0x180 [ 1900.967573] ? perf_trace_lock+0xac/0x490 [ 1900.970682] ? lock_acquire+0x197/0x470 [ 1900.971514] ? find_held_lock+0x2c/0x110 [ 1900.972391] ? _cond_resched+0x12/0x80 [ 1900.973207] ? inode_security+0x107/0x140 [ 1900.974076] ? avc_policy_seqno+0x9/0x70 [ 1900.974926] ? selinux_file_permission+0x92/0x520 [ 1900.975948] sg_write+0x87/0x120 [ 1900.976667] ? sg_write.part.0+0xaa0/0xaa0 [ 1900.977552] vfs_write+0x29a/0xb10 [ 1900.978299] ksys_write+0x12d/0x260 [ 1900.979061] ? __ia32_sys_read+0xb0/0xb0 [ 1900.979918] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1900.981024] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1900.982108] do_syscall_64+0x33/0x40 [ 1900.982887] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1900.983959] RIP: 0033:0x7f5171091b19 [ 1900.984746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1900.988600] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1900.990193] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1900.991684] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1900.993184] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1900.994678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1900.996179] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1901.009630] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1901.009630] program syz-executor.7 not setting count and/or reply_len properly [ 1901.015401] FAULT_INJECTION: forcing a failure. [ 1901.015401] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1901.017910] CPU: 1 PID: 29702 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1901.019364] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1901.021118] Call Trace: [ 1901.021672] dump_stack+0x107/0x167 [ 1901.022437] should_fail.cold+0x5/0xa [ 1901.023241] __alloc_pages_nodemask+0x182/0x600 [ 1901.024222] ? __kmalloc+0x16e/0x390 [ 1901.025005] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1901.026271] ? trace_hardirqs_on+0x5b/0x180 [ 1901.027183] alloc_pages_current+0x187/0x280 [ 1901.028122] sg_build_indirect.isra.0+0x2f5/0x710 [ 1901.029153] sg_common_write.constprop.0+0x992/0x1a30 [ 1901.030255] ? sg_build_indirect.isra.0+0x710/0x710 [ 1901.031300] ? vprintk_func+0x93/0x140 [ 1901.032124] ? printk+0xba/0xf1 [ 1901.032809] ? record_print_text.cold+0x16/0x16 [ 1901.033784] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1901.034842] ? trace_hardirqs_on+0x5b/0x180 [ 1901.035761] sg_write.part.0+0x69e/0xaa0 [ 1901.036625] ? sg_new_write.isra.0+0x770/0x770 [ 1901.037594] ? __lockdep_reset_lock+0x180/0x180 [ 1901.038568] ? perf_trace_lock+0xac/0x490 [ 1901.039443] ? lock_acquire+0x197/0x470 [ 1901.040285] ? find_held_lock+0x2c/0x110 [ 1901.041153] ? _cond_resched+0x12/0x80 [ 1901.041966] ? inode_security+0x107/0x140 [ 1901.042833] ? avc_policy_seqno+0x9/0x70 [ 1901.043686] ? selinux_file_permission+0x92/0x520 [ 1901.044714] sg_write+0x87/0x120 [ 1901.045426] ? sg_write.part.0+0xaa0/0xaa0 [ 1901.046308] vfs_write+0x29a/0xb10 [ 1901.047060] ksys_write+0x12d/0x260 [ 1901.047822] ? __ia32_sys_read+0xb0/0xb0 [ 1901.048684] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1901.049783] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1901.050861] do_syscall_64+0x33/0x40 [ 1901.051641] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1901.052720] RIP: 0033:0x7f794b5b5b19 [ 1901.053501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1901.057372] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1901.058965] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1901.060465] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1901.061961] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1901.063455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1901.064960] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1901.141149] cgroup: fork rejected by pids controller in /syz2 03:24:43 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[r0, r0], 0x2}, 0x58) 03:24:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5336, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:24:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 62) 03:24:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x19000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x2}) 03:24:43 executing program 3: syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r0, r1, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f0000000180)=@sco}, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r0, 0x0, &(0x7f0000000000)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x5, 0x0, @fd_index=0x2, 0x3, 0x0, 0x0, 0x6, 0x1, {0x0, r3}}, 0x1f00000) r4 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r4], 0x1}, 0x58) 03:24:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000180)=@sco}, 0x0) r0 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000180)=@sco}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r2, 0x0, 0x3) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000001180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x2, 0x0, 0xc677, 0x0, 0x0, 0x0, 0x0, 0x1, {0x2}}, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000001140)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, &(0x7f0000001080)=""/107, 0x6b}, 0x0, 0x40, 0x1, {0x0, r7}}, 0xfffffffe) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:24:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 68) 03:24:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1917.507868] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1917.507868] program syz-executor.6 not setting count and/or reply_len properly [ 1917.516268] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1917.516268] program syz-executor.7 not setting count and/or reply_len properly [ 1917.520845] sg_write: data in/out 83886044/80 bytes for SCSI command 0x0-- guessing data in; [ 1917.520845] program syz-executor.0 not setting count and/or reply_len properly [ 1917.529284] FAULT_INJECTION: forcing a failure. [ 1917.529284] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1917.531617] FAULT_INJECTION: forcing a failure. [ 1917.531617] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1917.531996] CPU: 0 PID: 29869 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1917.535697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1917.537541] Call Trace: [ 1917.538137] dump_stack+0x107/0x167 [ 1917.538939] should_fail.cold+0x5/0xa [ 1917.539796] __alloc_pages_nodemask+0x182/0x600 [ 1917.540825] ? __kmalloc+0x16e/0x390 [ 1917.541650] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1917.542988] ? trace_hardirqs_on+0x5b/0x180 [ 1917.543961] alloc_pages_current+0x187/0x280 [ 1917.544943] sg_build_indirect.isra.0+0x2f5/0x710 [ 1917.546022] sg_common_write.constprop.0+0x992/0x1a30 [ 1917.547175] ? sg_build_indirect.isra.0+0x710/0x710 [ 1917.548265] ? vprintk_func+0x93/0x140 [ 1917.549131] ? printk+0xba/0xf1 [ 1917.549863] ? record_print_text.cold+0x16/0x16 [ 1917.550887] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1917.551998] ? trace_hardirqs_on+0x5b/0x180 [ 1917.552975] sg_write.part.0+0x69e/0xaa0 [ 1917.553870] ? sg_new_write.isra.0+0x770/0x770 [ 1917.554904] ? __lockdep_reset_lock+0x180/0x180 [ 1917.555939] ? perf_trace_lock+0xac/0x490 [ 1917.556871] ? lock_acquire+0x197/0x470 [ 1917.557746] ? find_held_lock+0x2c/0x110 [ 1917.558657] ? _cond_resched+0x12/0x80 [ 1917.559525] ? inode_security+0x107/0x140 [ 1917.560438] ? avc_policy_seqno+0x9/0x70 [ 1917.561339] ? selinux_file_permission+0x92/0x520 [ 1917.562413] sg_write+0x87/0x120 [ 1917.563162] ? sg_write.part.0+0xaa0/0xaa0 [ 1917.564102] vfs_write+0x29a/0xb10 [ 1917.564917] ksys_write+0x12d/0x260 [ 1917.565730] ? __ia32_sys_read+0xb0/0xb0 [ 1917.566643] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1917.567798] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1917.568939] do_syscall_64+0x33/0x40 [ 1917.569763] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1917.570899] RIP: 0033:0x7f794b5b5b19 [ 1917.571724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1917.575915] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1917.577610] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1917.579175] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1917.580766] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1917.582330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1917.583900] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1917.585510] CPU: 1 PID: 29858 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1917.586919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1917.588566] Call Trace: [ 1917.589104] dump_stack+0x107/0x167 [ 1917.589820] should_fail.cold+0x5/0xa [ 1917.590604] __alloc_pages_nodemask+0x182/0x600 [ 1917.591534] ? __kmalloc+0x16e/0x390 [ 1917.592290] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1917.593512] ? trace_hardirqs_on+0x5b/0x180 [ 1917.594374] alloc_pages_current+0x187/0x280 [ 1917.595256] sg_build_indirect.isra.0+0x2f5/0x710 [ 1917.596238] sg_common_write.constprop.0+0x992/0x1a30 [ 1917.597311] ? sg_build_indirect.isra.0+0x710/0x710 [ 1917.598311] ? vprintk_func+0x93/0x140 [ 1917.599084] ? printk+0xba/0xf1 [ 1917.599759] ? record_print_text.cold+0x16/0x16 [ 1917.600698] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1917.601705] ? trace_hardirqs_on+0x5b/0x180 [ 1917.602744] sg_write.part.0+0x69e/0xaa0 [ 1917.603711] ? sg_new_write.isra.0+0x770/0x770 [ 1917.604836] ? __lockdep_reset_lock+0x180/0x180 [ 1917.605953] ? perf_trace_lock+0xac/0x490 [ 1917.606948] ? lock_acquire+0x197/0x470 [ 1917.607883] ? find_held_lock+0x2c/0x110 [ 1917.608897] ? _cond_resched+0x12/0x80 [ 1917.609819] ? inode_security+0x107/0x140 [ 1917.610804] ? avc_policy_seqno+0x9/0x70 [ 1917.611776] ? selinux_file_permission+0x92/0x520 [ 1917.612941] sg_write+0x87/0x120 [ 1917.613743] ? sg_write.part.0+0xaa0/0xaa0 [ 1917.614764] vfs_write+0x29a/0xb10 [ 1917.615616] ksys_write+0x12d/0x260 [ 1917.616463] ? __ia32_sys_read+0xb0/0xb0 [ 1917.617343] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1917.618457] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1917.619521] do_syscall_64+0x33/0x40 [ 1917.620257] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1917.621275] RIP: 0033:0x7f5171091b19 [ 1917.622031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1917.625665] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1917.627172] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1917.628593] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1917.630015] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1917.631430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1917.632846] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:24:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x200, 0xffa, 0x0, {}, 0x9}) 03:24:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:24:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 69) 03:24:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 63) 03:24:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0a85320, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1917.786931] sg_write: data in/out 100663260/80 bytes for SCSI command 0x0-- guessing data in; [ 1917.786931] program syz-executor.0 not setting count and/or reply_len properly [ 1917.805462] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1917.805462] program syz-executor.7 not setting count and/or reply_len properly [ 1917.825047] FAULT_INJECTION: forcing a failure. [ 1917.825047] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1917.826047] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1917.826047] program syz-executor.6 not setting count and/or reply_len properly [ 1917.827456] CPU: 1 PID: 30020 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1917.832327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1917.834017] Call Trace: [ 1917.834554] dump_stack+0x107/0x167 [ 1917.835107] FAULT_INJECTION: forcing a failure. [ 1917.835107] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1917.835284] should_fail.cold+0x5/0xa [ 1917.838554] __alloc_pages_nodemask+0x182/0x600 [ 1917.839486] ? __kmalloc+0x16e/0x390 [ 1917.840245] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1917.841458] ? trace_hardirqs_on+0x5b/0x180 [ 1917.842327] alloc_pages_current+0x187/0x280 [ 1917.843193] sg_build_indirect.isra.0+0x2f5/0x710 [ 1917.844164] sg_common_write.constprop.0+0x992/0x1a30 [ 1917.845203] ? sg_build_indirect.isra.0+0x710/0x710 [ 1917.846195] ? vprintk_func+0x93/0x140 [ 1917.846987] ? printk+0xba/0xf1 [ 1917.847646] ? record_print_text.cold+0x16/0x16 [ 1917.848583] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1917.849600] ? trace_hardirqs_on+0x5b/0x180 [ 1917.850474] sg_write.part.0+0x69e/0xaa0 [ 1917.851276] ? sg_new_write.isra.0+0x770/0x770 [ 1917.852218] ? __lockdep_reset_lock+0x180/0x180 [ 1917.853143] ? perf_trace_lock+0xac/0x490 [ 1917.853955] ? lock_acquire+0x197/0x470 [ 1917.854730] ? find_held_lock+0x2c/0x110 [ 1917.855549] ? _cond_resched+0x12/0x80 [ 1917.856315] ? inode_security+0x107/0x140 [ 1917.857142] ? avc_policy_seqno+0x9/0x70 [ 1917.857937] ? selinux_file_permission+0x92/0x520 [ 1917.858901] sg_write+0x87/0x120 [ 1917.859579] ? sg_write.part.0+0xaa0/0xaa0 [ 1917.860423] vfs_write+0x29a/0xb10 [ 1917.861157] ksys_write+0x12d/0x260 [ 1917.861877] ? __ia32_sys_read+0xb0/0xb0 [ 1917.862672] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1917.863709] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1917.864739] do_syscall_64+0x33/0x40 [ 1917.865468] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1917.866474] RIP: 0033:0x7f794b5b5b19 [ 1917.867215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1917.870830] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1917.872327] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1917.873748] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1917.875162] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1917.876561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1917.877970] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1917.879419] CPU: 0 PID: 30040 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1917.880980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1917.882805] Call Trace: [ 1917.883385] dump_stack+0x107/0x167 [ 1917.884183] should_fail.cold+0x5/0xa [ 1917.885041] __alloc_pages_nodemask+0x182/0x600 [ 1917.886062] ? __kmalloc+0x16e/0x390 [ 1917.886884] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1917.888209] ? trace_hardirqs_on+0x5b/0x180 [ 1917.889170] alloc_pages_current+0x187/0x280 [ 1917.890142] sg_build_indirect.isra.0+0x2f5/0x710 [ 1917.891218] sg_common_write.constprop.0+0x992/0x1a30 [ 1917.892358] ? sg_build_indirect.isra.0+0x710/0x710 [ 1917.893450] ? vprintk_func+0x93/0x140 [ 1917.894300] ? printk+0xba/0xf1 [ 1917.895035] ? record_print_text.cold+0x16/0x16 [ 1917.896061] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1917.897173] ? trace_hardirqs_on+0x5b/0x180 [ 1917.898142] sg_write.part.0+0x69e/0xaa0 [ 1917.899035] ? sg_new_write.isra.0+0x770/0x770 [ 1917.900056] ? __lockdep_reset_lock+0x180/0x180 [ 1917.901076] ? perf_trace_lock+0xac/0x490 [ 1917.901985] ? lock_acquire+0x197/0x470 [ 1917.902848] ? find_held_lock+0x2c/0x110 [ 1917.903757] ? _cond_resched+0x12/0x80 [ 1917.904608] ? inode_security+0x107/0x140 [ 1917.905524] ? avc_policy_seqno+0x9/0x70 [ 1917.906411] ? selinux_file_permission+0x92/0x520 [ 1917.907474] sg_write+0x87/0x120 [ 1917.908219] ? sg_write.part.0+0xaa0/0xaa0 [ 1917.909151] vfs_write+0x29a/0xb10 [ 1917.909935] ksys_write+0x12d/0x260 [ 1917.910740] ? __ia32_sys_read+0xb0/0xb0 [ 1917.911640] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1917.912813] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1917.913941] do_syscall_64+0x33/0x40 [ 1917.914755] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1917.915879] RIP: 0033:0x7f5171091b19 [ 1917.916713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1917.920745] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1917.922418] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1917.923981] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1917.925556] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1917.927103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1917.928664] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1934.434297] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1934.434297] program syz-executor.7 not setting count and/or reply_len properly 03:25:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 70) 03:25:00 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 64) 03:25:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f00000000c0)={0x90, @tick=0xa61, 0x2, {0x6, 0x4}, 0x1, 0x0, 0x8}) 03:25:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:25:00 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r5, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r6 = fork() kcmp(r4, r6, 0x6, 0xffffffffffffffff, r5) r7 = fcntl$getown(0xffffffffffffffff, 0x9) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r8, 0x0, r8) write$sndseq(r8, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r9 = inotify_init() kcmp(r4, r7, 0x4, r8, r9) 03:25:00 executing program 5: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x109a00, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x60, r1, 0x800, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0xd}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x6}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xb9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x80}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x800) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:25:00 executing program 3: getpid() getpid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r0, 0x0, r0) write$sndseq(r0, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) dup(r1) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000000c0)) 03:25:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0a85322, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1934.441415] sg_write: data in/out 117440476/80 bytes for SCSI command 0x0-- guessing data in; [ 1934.441415] program syz-executor.0 not setting count and/or reply_len properly [ 1934.445557] FAULT_INJECTION: forcing a failure. [ 1934.445557] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1934.447517] CPU: 1 PID: 30155 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1934.448668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1934.450050] Call Trace: [ 1934.450486] dump_stack+0x107/0x167 [ 1934.451091] should_fail.cold+0x5/0xa [ 1934.451726] __alloc_pages_nodemask+0x182/0x600 [ 1934.452488] ? __kmalloc+0x16e/0x390 [ 1934.453101] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1934.454122] ? trace_hardirqs_on+0x5b/0x180 [ 1934.454844] alloc_pages_current+0x187/0x280 [ 1934.455582] sg_build_indirect.isra.0+0x2f5/0x710 [ 1934.456174] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1934.456174] program syz-executor.6 not setting count and/or reply_len properly [ 1934.456390] sg_common_write.constprop.0+0x992/0x1a30 [ 1934.461556] ? sg_build_indirect.isra.0+0x710/0x710 [ 1934.462374] ? vprintk_func+0x93/0x140 [ 1934.463020] ? printk+0xba/0xf1 [ 1934.463572] ? record_print_text.cold+0x16/0x16 [ 1934.464347] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1934.465187] ? trace_hardirqs_on+0x5b/0x180 [ 1934.465920] sg_write.part.0+0x69e/0xaa0 [ 1934.466594] ? sg_new_write.isra.0+0x770/0x770 [ 1934.467348] ? __lockdep_reset_lock+0x180/0x180 [ 1934.468113] ? perf_trace_lock+0xac/0x490 [ 1934.468798] ? lock_acquire+0x197/0x470 [ 1934.469442] ? find_held_lock+0x2c/0x110 [ 1934.470118] ? _cond_resched+0x12/0x80 [ 1934.470765] ? inode_security+0x107/0x140 [ 1934.471449] ? avc_policy_seqno+0x9/0x70 [ 1934.472114] ? selinux_file_permission+0x92/0x520 [ 1934.472906] sg_write+0x87/0x120 [ 1934.473468] ? sg_write.part.0+0xaa0/0xaa0 [ 1934.474161] vfs_write+0x29a/0xb10 [ 1934.474746] ksys_write+0x12d/0x260 [ 1934.475334] ? __ia32_sys_read+0xb0/0xb0 [ 1934.476006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1934.476853] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1934.477704] do_syscall_64+0x33/0x40 [ 1934.478310] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1934.479145] RIP: 0033:0x7f794b5b5b19 [ 1934.479766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1934.482791] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1934.483998] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1934.485141] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1934.486310] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1934.487445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1934.488593] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1934.492007] FAULT_INJECTION: forcing a failure. [ 1934.492007] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1934.494888] CPU: 0 PID: 30172 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1934.496439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1934.498294] Call Trace: [ 1934.498885] dump_stack+0x107/0x167 [ 1934.499701] should_fail.cold+0x5/0xa [ 1934.500562] __alloc_pages_nodemask+0x182/0x600 [ 1934.501644] ? __kmalloc+0x16e/0x390 [ 1934.502477] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1934.503832] ? trace_hardirqs_on+0x5b/0x180 [ 1934.504803] alloc_pages_current+0x187/0x280 [ 1934.505795] sg_build_indirect.isra.0+0x2f5/0x710 [ 1934.506888] sg_common_write.constprop.0+0x992/0x1a30 [ 1934.508054] ? sg_build_indirect.isra.0+0x710/0x710 [ 1934.509165] ? vprintk_func+0x93/0x140 [ 1934.510039] ? printk+0xba/0xf1 [ 1934.510778] ? record_print_text.cold+0x16/0x16 [ 1934.511816] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1934.512940] ? trace_hardirqs_on+0x5b/0x180 [ 1934.513927] sg_write.part.0+0x69e/0xaa0 [ 1934.514843] ? sg_new_write.isra.0+0x770/0x770 [ 1934.515877] ? __lockdep_reset_lock+0x180/0x180 [ 1934.516915] ? perf_trace_lock+0xac/0x490 [ 1934.517858] ? lock_acquire+0x197/0x470 [ 1934.518743] ? find_held_lock+0x2c/0x110 [ 1934.519662] ? _cond_resched+0x12/0x80 [ 1934.520526] ? inode_security+0x107/0x140 [ 1934.521454] ? avc_policy_seqno+0x9/0x70 [ 1934.522355] ? selinux_file_permission+0x92/0x520 [ 1934.523441] sg_write+0x87/0x120 [ 1934.524204] ? sg_write.part.0+0xaa0/0xaa0 [ 1934.525145] vfs_write+0x29a/0xb10 [ 1934.525963] ksys_write+0x12d/0x260 [ 1934.526774] ? __ia32_sys_read+0xb0/0xb0 [ 1934.527683] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1934.528857] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1934.530015] do_syscall_64+0x33/0x40 [ 1934.530845] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1934.531985] RIP: 0033:0x7f5171091b19 [ 1934.532819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1934.536947] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1934.538655] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1934.540254] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1934.541855] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1934.543445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1934.545040] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:25:00 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81001f6f}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[r1], 0x1}, 0x58) r2 = fcntl$getown(0xffffffffffffffff, 0x9) clone3(&(0x7f00000002c0)={0x200100, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x25}, &(0x7f0000000140)=""/40, 0x28, &(0x7f0000000180)=""/242, &(0x7f0000000280)=[r2], 0x1}, 0x58) ftruncate(r0, 0x8) perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x40, 0x9, 0x9, 0x0, 0x8, 0x11, 0xa, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7b0, 0x1, @perf_config_ext={0xea7, 0x53}, 0xc00, 0x0, 0x8, 0x9, 0xef, 0x9, 0xe8, 0x0, 0x1, 0x0, 0x200}, r1, 0xd, 0xffffffffffffffff, 0x1) 03:25:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1934.578434] sg_write: data in/out 134217692/80 bytes for SCSI command 0x0-- guessing data in; [ 1934.578434] program syz-executor.0 not setting count and/or reply_len properly 03:25:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0xfd3, 0xfffffffd, {0x20000}}) 03:25:00 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:25:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc0bc5310, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:25:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1934.693454] sg_write: data in/out 167772124/80 bytes for SCSI command 0x0-- guessing data in; [ 1934.693454] program syz-executor.0 not setting count and/or reply_len properly 03:25:00 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 65) 03:25:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x9cd081a988e25914) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1934.805967] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1934.805967] program syz-executor.6 not setting count and/or reply_len properly [ 1934.816258] FAULT_INJECTION: forcing a failure. [ 1934.816258] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1934.817920] CPU: 1 PID: 30585 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1934.818872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1934.820015] Call Trace: [ 1934.820375] dump_stack+0x107/0x167 [ 1934.820864] should_fail.cold+0x5/0xa [ 1934.821400] __alloc_pages_nodemask+0x182/0x600 [ 1934.822032] ? __kmalloc+0x16e/0x390 [ 1934.822545] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1934.823382] ? trace_hardirqs_on+0x5b/0x180 [ 1934.823974] alloc_pages_current+0x187/0x280 [ 1934.824579] sg_build_indirect.isra.0+0x2f5/0x710 [ 1934.825240] sg_common_write.constprop.0+0x992/0x1a30 [ 1934.825955] ? sg_build_indirect.isra.0+0x710/0x710 [ 1934.826634] ? vprintk_func+0x93/0x140 [ 1934.827149] ? printk+0xba/0xf1 [ 1934.827598] ? record_print_text.cold+0x16/0x16 [ 1934.828240] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1934.828923] ? trace_hardirqs_on+0x5b/0x180 [ 1934.829521] sg_write.part.0+0x69e/0xaa0 [ 1934.830072] ? sg_new_write.isra.0+0x770/0x770 [ 1934.830696] ? __lockdep_reset_lock+0x180/0x180 [ 1934.831325] ? perf_trace_lock+0xac/0x490 [ 1934.831891] ? lock_acquire+0x197/0x470 [ 1934.832433] ? find_held_lock+0x2c/0x110 [ 1934.832981] ? _cond_resched+0x12/0x80 [ 1934.833511] ? inode_security+0x107/0x140 [ 1934.834074] ? avc_policy_seqno+0x9/0x70 [ 1934.834620] ? selinux_file_permission+0x92/0x520 [ 1934.835281] sg_write+0x87/0x120 [ 1934.835734] ? sg_write.part.0+0xaa0/0xaa0 [ 1934.836305] vfs_write+0x29a/0xb10 [ 1934.836791] ksys_write+0x12d/0x260 [ 1934.837292] ? __ia32_sys_read+0xb0/0xb0 [ 1934.837850] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1934.838557] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1934.839266] do_syscall_64+0x33/0x40 [ 1934.839756] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1934.840449] RIP: 0033:0x7f5171091b19 [ 1934.840942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1934.843381] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1934.844374] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1934.845322] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1934.846267] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1934.847205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1934.848146] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:25:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 71) [ 1934.895016] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1934.895016] program syz-executor.7 not setting count and/or reply_len properly [ 1934.900005] FAULT_INJECTION: forcing a failure. [ 1934.900005] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1934.902911] CPU: 0 PID: 30634 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1934.904561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1934.906445] Call Trace: [ 1934.907040] dump_stack+0x107/0x167 [ 1934.907863] should_fail.cold+0x5/0xa [ 1934.908731] __alloc_pages_nodemask+0x182/0x600 [ 1934.909792] ? __kmalloc+0x16e/0x390 [ 1934.910635] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1934.911995] ? trace_hardirqs_on+0x5b/0x180 [ 1934.912971] alloc_pages_current+0x187/0x280 [ 1934.913986] sg_build_indirect.isra.0+0x2f5/0x710 [ 1934.915086] sg_common_write.constprop.0+0x992/0x1a30 [ 1934.916355] ? sg_build_indirect.isra.0+0x710/0x710 [ 1934.917618] ? vprintk_func+0x93/0x140 [ 1934.918539] ? printk+0xba/0xf1 [ 1934.919316] ? record_print_text.cold+0x16/0x16 [ 1934.920409] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1934.921611] ? trace_hardirqs_on+0x5b/0x180 [ 1934.922661] sg_write.part.0+0x69e/0xaa0 [ 1934.923624] ? sg_new_write.isra.0+0x770/0x770 [ 1934.924700] ? finish_task_switch+0x126/0x5d0 [ 1934.925769] ? finish_task_switch+0xef/0x5d0 [ 1934.926829] ? __schedule+0x82c/0x1ea0 [ 1934.927762] ? io_schedule_timeout+0x140/0x140 [ 1934.928833] ? find_held_lock+0x2c/0x110 [ 1934.929806] ? _cond_resched+0x5d/0x80 [ 1934.930734] ? inode_security+0x107/0x140 [ 1934.931704] ? avc_policy_seqno+0x9/0x70 [ 1934.932661] ? selinux_file_permission+0x92/0x520 [ 1934.933823] sg_write+0x87/0x120 [ 1934.934603] ? sg_write.part.0+0xaa0/0xaa0 [ 1934.935595] vfs_write+0x29a/0xb10 [ 1934.936431] ksys_write+0x12d/0x260 [ 1934.937303] ? __ia32_sys_read+0xb0/0xb0 [ 1934.938262] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1934.939475] do_syscall_64+0x33/0x40 [ 1934.940346] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1934.941510] RIP: 0033:0x7f794b5b5b19 [ 1934.942327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1934.946615] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1934.948321] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1934.949933] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1934.951527] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1934.953119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1934.954717] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1954.891414] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1954.891414] program syz-executor.7 not setting count and/or reply_len properly 03:25:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 72) 03:25:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) clock_gettime(0x3, &(0x7f0000000040)) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:25:20 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 66) 03:25:20 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = getpgid(r1) clone3(&(0x7f0000000240)={0x8000000, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0x19}, &(0x7f00000000c0)=""/26, 0x1a, &(0x7f0000000100)=""/232, &(0x7f0000000200)=[r0, r2], 0x2}, 0x58) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r6 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r5}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r7 = fork() dup2(r5, r5) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r5, 0x128}, {0xffffffffffffffff, 0x2002}, {r6}, {0xffffffffffffffff, 0x6080}, {r6, 0x9200}, {r6, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r9 = fork() kcmp(r7, r9, 0x6, 0xffffffffffffffff, r8) rt_sigqueueinfo(r7, 0x1c, &(0x7f0000000440)={0x0, 0x5, 0x3}) r10 = fcntl$dupfd(r4, 0x0, r4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r10, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc) 03:25:20 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:25:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:25:20 executing program 1: setxattr$security_evm(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), &(0x7f0000000180)=@ng={0x4, 0x4, "55d0e9"}, 0x5, 0x3) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r2, 0x80045300, &(0x7f00000000c0)) 03:25:20 executing program 2: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) pidfd_open(r7, 0x0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 1954.897236] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1954.897236] program syz-executor.6 not setting count and/or reply_len properly [ 1954.898573] sg_write: data in/out 184549340/80 bytes for SCSI command 0x0-- guessing data in; [ 1954.898573] program syz-executor.0 not setting count and/or reply_len properly [ 1954.906654] FAULT_INJECTION: forcing a failure. [ 1954.906654] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1954.908609] CPU: 0 PID: 30708 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1954.909729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1954.911070] Call Trace: [ 1954.911491] dump_stack+0x107/0x167 [ 1954.912079] should_fail.cold+0x5/0xa [ 1954.912692] __alloc_pages_nodemask+0x182/0x600 [ 1954.913435] ? __kmalloc+0x16e/0x390 [ 1954.914057] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1954.915019] ? trace_hardirqs_on+0x5b/0x180 [ 1954.915703] alloc_pages_current+0x187/0x280 [ 1954.916420] sg_build_indirect.isra.0+0x2f5/0x710 [ 1954.916997] FAULT_INJECTION: forcing a failure. [ 1954.916997] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1954.917199] sg_common_write.constprop.0+0x992/0x1a30 [ 1954.920470] ? sg_build_indirect.isra.0+0x710/0x710 [ 1954.921258] ? vprintk_func+0x93/0x140 [ 1954.921872] ? printk+0xba/0xf1 [ 1954.922416] ? record_print_text.cold+0x16/0x16 [ 1954.923163] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1954.923975] ? trace_hardirqs_on+0x5b/0x180 [ 1954.924684] sg_write.part.0+0x69e/0xaa0 [ 1954.925333] ? sg_new_write.isra.0+0x770/0x770 [ 1954.926074] ? __lockdep_reset_lock+0x180/0x180 [ 1954.926828] ? perf_trace_lock+0xac/0x490 [ 1954.927534] ? lock_acquire+0x197/0x470 [ 1954.928170] ? find_held_lock+0x2c/0x110 [ 1954.928842] ? _cond_resched+0x12/0x80 [ 1954.929463] ? inode_security+0x107/0x140 [ 1954.930130] ? avc_policy_seqno+0x9/0x70 [ 1954.930766] ? selinux_file_permission+0x92/0x520 [ 1954.931527] sg_write+0x87/0x120 [ 1954.932067] ? sg_write.part.0+0xaa0/0xaa0 [ 1954.932734] vfs_write+0x29a/0xb10 [ 1954.933309] ksys_write+0x12d/0x260 [ 1954.933889] ? __ia32_sys_read+0xb0/0xb0 [ 1954.934560] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1954.935421] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1954.936255] do_syscall_64+0x33/0x40 [ 1954.936844] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1954.937674] RIP: 0033:0x7f794b5b5b19 [ 1954.938290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1954.941257] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1954.942493] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1954.943636] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1954.944792] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1954.945937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1954.947106] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1954.948294] CPU: 1 PID: 30704 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1954.949757] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1954.951503] Call Trace: [ 1954.952067] dump_stack+0x107/0x167 [ 1954.952831] should_fail.cold+0x5/0xa [ 1954.953636] __alloc_pages_nodemask+0x182/0x600 [ 1954.954626] ? __kmalloc+0x16e/0x390 [ 1954.955406] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1954.956673] ? trace_hardirqs_on+0x5b/0x180 [ 1954.957582] alloc_pages_current+0x187/0x280 [ 1954.958523] sg_build_indirect.isra.0+0x2f5/0x710 [ 1954.959546] sg_common_write.constprop.0+0x992/0x1a30 [ 1954.960630] ? sg_build_indirect.isra.0+0x710/0x710 [ 1954.961676] ? vprintk_func+0x93/0x140 [ 1954.962504] ? printk+0xba/0xf1 [ 1954.963194] ? record_print_text.cold+0x16/0x16 [ 1954.964171] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1954.965226] ? trace_hardirqs_on+0x5b/0x180 [ 1954.966162] sg_write.part.0+0x69e/0xaa0 [ 1954.967016] ? sg_new_write.isra.0+0x770/0x770 [ 1954.967987] ? __lockdep_reset_lock+0x180/0x180 [ 1954.968960] ? perf_trace_lock+0xac/0x490 [ 1954.969835] ? lock_acquire+0x197/0x470 [ 1954.970676] ? find_held_lock+0x2c/0x110 [ 1954.971543] ? _cond_resched+0x12/0x80 [ 1954.972355] ? inode_security+0x107/0x140 [ 1954.973218] ? avc_policy_seqno+0x9/0x70 [ 1954.974075] ? selinux_file_permission+0x92/0x520 [ 1954.975098] sg_write+0x87/0x120 [ 1954.975813] ? sg_write.part.0+0xaa0/0xaa0 [ 1954.976702] vfs_write+0x29a/0xb10 [ 1954.977465] ksys_write+0x12d/0x260 [ 1954.978244] ? __ia32_sys_read+0xb0/0xb0 [ 1954.979104] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1954.980202] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1954.981293] do_syscall_64+0x33/0x40 [ 1954.982087] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1954.983174] RIP: 0033:0x7f5171091b19 [ 1954.983957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1954.987818] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1954.989419] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1954.990927] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 03:25:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1954.992425] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1954.994140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1954.995639] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1955.047885] sg_write: data in/out 201326556/80 bytes for SCSI command 0x0-- guessing data in; [ 1955.047885] program syz-executor.0 not setting count and/or reply_len properly 03:25:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x80000040) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:25:20 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="3b26f21a9b6abe715c0800000000000000000000000000000092e789d94f23b272ae1a19abe1530986d679d94f4045e475e015db266f3ca703e374fe2bf1b0926880fede792499b1d9de3382ec58a37d"]) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x800, 0x3, 0x1, 'queue1\x00', 0x3ff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$F2FS_IOC_GET_PIN_FILE(r3, 0x8004f50e, &(0x7f00000001c0)) 03:25:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:25:20 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0xbf, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1955.159678] sg_write: data in/out 218103772/80 bytes for SCSI command 0x0-- guessing data in; [ 1955.159678] program syz-executor.0 not setting count and/or reply_len properly 03:25:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1955.261033] sg_write: data in/out 234880988/80 bytes for SCSI command 0x0-- guessing data in; [ 1955.261033] program syz-executor.0 not setting count and/or reply_len properly [ 1969.561598] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1969.561598] program syz-executor.7 not setting count and/or reply_len properly [ 1969.573306] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1969.573306] program syz-executor.6 not setting count and/or reply_len properly 03:25:35 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xd0c00) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x0, 0x802}}) 03:25:35 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 73) 03:25:35 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000002c0)=0x0) r10 = getpid() clone3(&(0x7f0000000440)={0x200000400, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x27}, &(0x7f00000000c0)=""/199, 0xc7, &(0x7f00000001c0)=""/230, &(0x7f0000000300)=[r7, r9, r1, r10], 0x4}, 0x58) 03:25:35 executing program 2: r0 = getpid() kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) clone3(&(0x7f0000000440)={0x42100200, &(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100), {0x2}, &(0x7f0000000140)=""/142, 0x8e, &(0x7f0000000200)=""/222, &(0x7f0000000300)=[r0, r0], 0x2}, 0x58) r2 = gettid() r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r6 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r5}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r7 = fork() dup2(r5, r5) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r5, 0x128}, {0xffffffffffffffff, 0x2002}, {r6}, {0xffffffffffffffff, 0x6080}, {r6, 0x9200}, {r6, 0x62}, {r9, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r10 = fork() kcmp(r7, r10, 0x6, 0xffffffffffffffff, r9) r11 = fork() kcmp(r11, r10, 0x6, r8, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f00000004c0)={0x16c, 0x0, 0x8, 0x70bd2a, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r11}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x4}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000) clone3(&(0x7f00000003c0)={0x900000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) 03:25:35 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 67) 03:25:35 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0xbf00, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:25:35 executing program 5: r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xe, r0, 0x0) clock_gettime(0x2, &(0x7f0000000000)) r2 = fcntl$dupfd(r0, 0x0, r0) fallocate(r2, 0x18, 0x1, 0x50d4) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) pwrite64(r1, &(0x7f0000000040)="9a3548400afb794f3481c5fc3b194ad162edf53c0779b868122f127cb1a3ac4bf9400272743404615fb2e29f832b3bddc995308165528412fea05000d4b77e7ab8f8170149c7b442e2dffcb44ead495763b50383cf942e57bd4eb2f1ca4f571a1b35d45ee1cf073dab5d6cd2b6ada0d553de31c6b25d7b6b79471e7524cb3525045540465ef21612f91a0974422a5428ef6e8ad87b77828f7fa889b9a8504b84e224c42c610461b1a6a00651d5c89435156a4ada3c5c0eb9e1fe771e3df3ec55b7981acde47818996a08a5b13cc2782ec0f38c8196d8647cb5b6ce02be3afa943b0f1dccd5c31d6d6bd7042e06f117f1e0f0", 0xf2, 0x800) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:25:35 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1969.591730] sg_write: data in/out 268435420/80 bytes for SCSI command 0x0-- guessing data in; [ 1969.591730] program syz-executor.0 not setting count and/or reply_len properly [ 1969.592137] FAULT_INJECTION: forcing a failure. [ 1969.592137] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1969.596999] FAULT_INJECTION: forcing a failure. [ 1969.596999] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1969.597357] CPU: 0 PID: 31242 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1969.601015] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1969.602216] Call Trace: [ 1969.602622] dump_stack+0x107/0x167 [ 1969.603171] should_fail.cold+0x5/0xa [ 1969.603744] __alloc_pages_nodemask+0x182/0x600 [ 1969.604418] ? __kmalloc+0x16e/0x390 [ 1969.604972] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1969.605863] ? trace_hardirqs_on+0x5b/0x180 [ 1969.606517] alloc_pages_current+0x187/0x280 [ 1969.607181] sg_build_indirect.isra.0+0x2f5/0x710 [ 1969.607891] sg_common_write.constprop.0+0x992/0x1a30 [ 1969.608659] ? sg_build_indirect.isra.0+0x710/0x710 [ 1969.609402] ? vprintk_func+0x93/0x140 [ 1969.609977] ? printk+0xba/0xf1 [ 1969.610457] ? record_print_text.cold+0x16/0x16 [ 1969.611148] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1969.611879] ? trace_hardirqs_on+0x5b/0x180 [ 1969.612530] sg_write.part.0+0x69e/0xaa0 [ 1969.613132] ? sg_new_write.isra.0+0x770/0x770 [ 1969.613822] ? __lockdep_reset_lock+0x180/0x180 [ 1969.614505] ? perf_trace_lock+0xac/0x490 [ 1969.615124] ? lock_acquire+0x197/0x470 [ 1969.615713] ? find_held_lock+0x2c/0x110 [ 1969.616315] ? _cond_resched+0x12/0x80 [ 1969.616898] ? inode_security+0x107/0x140 [ 1969.617513] ? avc_policy_seqno+0x9/0x70 [ 1969.618103] ? selinux_file_permission+0x92/0x520 [ 1969.618814] sg_write+0x87/0x120 [ 1969.619317] ? sg_write.part.0+0xaa0/0xaa0 [ 1969.619958] vfs_write+0x29a/0xb10 [ 1969.620481] ksys_write+0x12d/0x260 [ 1969.621033] ? __ia32_sys_read+0xb0/0xb0 [ 1969.621641] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1969.622409] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1969.623181] do_syscall_64+0x33/0x40 [ 1969.623717] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1969.624482] RIP: 0033:0x7f794b5b5b19 [ 1969.625025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1969.627698] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1969.628808] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1969.629838] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1969.630924] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1969.631989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1969.633007] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1969.634075] CPU: 1 PID: 31244 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1969.635555] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1969.637492] Call Trace: [ 1969.638109] dump_stack+0x107/0x167 [ 1969.638992] should_fail.cold+0x5/0xa [ 1969.639834] __alloc_pages_nodemask+0x182/0x600 [ 1969.640836] ? __kmalloc+0x16e/0x390 [ 1969.641600] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1969.642867] ? trace_hardirqs_on+0x5b/0x180 [ 1969.643759] alloc_pages_current+0x187/0x280 [ 1969.644717] sg_build_indirect.isra.0+0x2f5/0x710 [ 1969.645929] sg_common_write.constprop.0+0x992/0x1a30 [ 1969.647148] ? sg_build_indirect.isra.0+0x710/0x710 [ 1969.648337] ? vprintk_func+0x93/0x140 [ 1969.649283] ? printk+0xba/0xf1 [ 1969.649976] ? record_print_text.cold+0x16/0x16 [ 1969.650963] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1969.652045] ? trace_hardirqs_on+0x5b/0x180 [ 1969.652940] sg_write.part.0+0x69e/0xaa0 [ 1969.653787] ? sg_new_write.isra.0+0x770/0x770 [ 1969.654872] ? __lockdep_reset_lock+0x180/0x180 [ 1969.655858] ? perf_trace_lock+0xac/0x490 [ 1969.656708] ? lock_acquire+0x197/0x470 [ 1969.657515] ? find_held_lock+0x2c/0x110 [ 1969.658544] ? _cond_resched+0x12/0x80 [ 1969.659339] ? inode_security+0x107/0x140 [ 1969.660181] ? avc_policy_seqno+0x9/0x70 [ 1969.661167] ? selinux_file_permission+0x92/0x520 [ 1969.662297] sg_write+0x87/0x120 [ 1969.663189] ? sg_write.part.0+0xaa0/0xaa0 [ 1969.664094] vfs_write+0x29a/0xb10 [ 1969.664913] ksys_write+0x12d/0x260 [ 1969.665708] ? __ia32_sys_read+0xb0/0xb0 [ 1969.666604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1969.667683] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1969.668853] do_syscall_64+0x33/0x40 [ 1969.669735] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1969.670805] RIP: 0033:0x7f5171091b19 [ 1969.671568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1969.675365] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1969.677041] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1969.678598] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1969.680146] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1969.681689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1969.683153] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:25:35 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0xbf000000, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:25:35 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x2600) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x801, 0x2, 0x0, {}, 0x40000}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = openat$cgroup_ro(r2, &(0x7f0000000140)='blkio.bfq.io_service_time\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r3, 0xc058534b, &(0x7f0000000180)={0x8, 0x9, 0x7fff, 0x80000000, 0x9}) r4 = openat$incfs(r2, &(0x7f0000000100)='.log\x00', 0x98001, 0x18) ioctl$BTRFS_IOC_DEFRAG_RANGE(r4, 0x40309410, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000080)) 03:25:35 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1969.777022] sg_write: data in/out 285212636/80 bytes for SCSI command 0x0-- guessing data in; [ 1969.777022] program syz-executor.0 not setting count and/or reply_len properly 03:25:35 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 74) 03:25:35 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x3, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000580)='./file0\x00', 0x52) r1 = openat(r0, &(0x7f00000005c0)='./file0\x00', 0x42000, 0x10b) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000cc0)) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) preadv(r2, &(0x7f0000000400)=[{&(0x7f0000000040)=""/38, 0x26}, {&(0x7f0000000080)=""/254, 0xfe}, {&(0x7f0000000180)=""/31, 0x1f}, {&(0x7f00000001c0)=""/217, 0xd9}, {&(0x7f00000002c0)=""/183, 0xb7}, {&(0x7f0000000380)=""/66, 0x42}], 0x6, 0x1, 0xbc24) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) r5 = accept$inet(r1, &(0x7f0000000600)={0x2, 0x0, @multicast2}, &(0x7f0000000640)=0x10) write$binfmt_elf64(r5, &(0x7f0000000d00)=ANY=[@ANYBLOB="7f454c468107468000080000000000000300060004000000930100000000000040000000000000000301000000000000db000000030038000100ff000000010404000000060000000001000000000000ba0e0000000000003c0000000000000000000000000000005600000000000000020000000000000004000000000100000500000000000000e1ffffffffffffff0400000000000000080000000000000003000000000000000000008000000000b05f034937d4e690a8ace5721bfc1b164b4fb6146b80851ea9b70b6bca680d2f6ec875511547f08ff67cfe0c78d3b985d6aa38b7b100fae72be33fdf1d557971306632378436f7bc1ed739a9a77a90a84077d4f47eba3627da555c3c44a11e8bbb143ffd077ca7969192e4329694edd6e44956a25394696f1f52309adcce6b4f19025982c910db01815b9f7b440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c3edda10d9f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d09f96caa01aea9069f87665fbcea05b71d47e6c30b5ce9fb2376c62a18932e935cb643f8ba9fd6e1dd982"], 0x63d) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) mq_timedsend(r4, &(0x7f0000000480)="6be4c6a2b4de08c92457fcd56f52c8a8ae00cbb16d7ba8b42fcf736bf9a4bad5d0b2a29792ac03afca462deb1d17c64a40c7f3d85878aebf7eb93f4f2e29c173c3c62ac3876253e1fc57970f25ec93d043a75b6fd75e46640e5321cc4012775d55a1daa966a526d3de61b76906d431345e3a5cd01e85b605f206d54711fc828932812c6ba51855c13766675b4f94e681f463429db9da0d0cc7d2a990c47048100df8768166dd0f43b84948a61ee8027741a31cef08d6ff3a70b5e3", 0xbb, 0x1, &(0x7f0000000540)={0x77359400}) [ 1969.824677] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1969.824677] program syz-executor.7 not setting count and/or reply_len properly [ 1969.832695] FAULT_INJECTION: forcing a failure. [ 1969.832695] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1969.834604] CPU: 1 PID: 31560 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1969.835695] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 03:25:35 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1969.837019] Call Trace: [ 1969.837587] dump_stack+0x107/0x167 [ 1969.838181] should_fail.cold+0x5/0xa [ 1969.838814] __alloc_pages_nodemask+0x182/0x600 [ 1969.839557] ? __kmalloc+0x16e/0x390 [ 1969.840158] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1969.841120] ? trace_hardirqs_on+0x5b/0x180 03:25:35 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x1, 0x10001, 0x0, 'queue0\x00', 0x8}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1969.841820] alloc_pages_current+0x187/0x280 [ 1969.842629] sg_build_indirect.isra.0+0x2f5/0x710 [ 1969.843424] sg_common_write.constprop.0+0x992/0x1a30 [ 1969.844259] ? sg_build_indirect.isra.0+0x710/0x710 [ 1969.845050] ? vprintk_func+0x93/0x140 [ 1969.845664] ? printk+0xba/0xf1 [ 1969.846190] ? record_print_text.cold+0x16/0x16 [ 1969.846941] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1969.847740] ? trace_hardirqs_on+0x5b/0x180 [ 1969.848436] sg_write.part.0+0x69e/0xaa0 [ 1969.849085] ? sg_new_write.isra.0+0x770/0x770 [ 1969.849821] ? __lockdep_reset_lock+0x180/0x180 [ 1969.850564] ? perf_trace_lock+0xac/0x490 [ 1969.851228] ? lock_acquire+0x197/0x470 [ 1969.851859] ? find_held_lock+0x2c/0x110 [ 1969.852516] ? _cond_resched+0x12/0x80 [ 1969.853133] ? inode_security+0x107/0x140 [ 1969.853792] ? avc_policy_seqno+0x9/0x70 [ 1969.854433] ? selinux_file_permission+0x92/0x520 [ 1969.855213] sg_write+0x87/0x120 [ 1969.855749] ? sg_write.part.0+0xaa0/0xaa0 [ 1969.856423] vfs_write+0x29a/0xb10 [ 1969.856987] ksys_write+0x12d/0x260 [ 1969.857557] ? __ia32_sys_read+0xb0/0xb0 [ 1969.858204] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1969.859043] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1969.859861] do_syscall_64+0x33/0x40 [ 1969.860452] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1969.861253] RIP: 0033:0x7f794b5b5b19 [ 1969.861844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1969.864754] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1969.865967] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1969.867099] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1969.868222] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1969.869340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1969.870459] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 1969.880889] sg_write: data in/out 301989852/80 bytes for SCSI command 0x0-- guessing data in; [ 1969.880889] program syz-executor.0 not setting count and/or reply_len properly 03:25:35 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0xfdfdffff, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:25:35 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1970.030114] cgroup: fork rejected by pids controller in /syz3 03:25:50 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x248000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0xfe, 0x8, 0x7f, 0x9, 0x0, 0x7, 0x50, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xfffffff9, 0x0, @perf_config_ext={0x2, 0x4f5}, 0x80, 0x3, 0x1, 0x0, 0xffffffffffff0001, 0x10000, 0x5, 0x0, 0x8, 0x0, 0x1}, r1, 0xe, 0xffffffffffffffff, 0x2) 03:25:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x1, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000080)) ptrace(0x11, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000180)=@sco}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x319a034639a5fab8, 0x13, r1, 0x0) syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r3, 0x0, 0x3) syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2) fcntl$lock(r1, 0x25, &(0x7f0000000140)={0x0, 0x0, 0xff, 0xff, 0xffffffffffffffff}) socket$inet6(0xa, 0x800, 0x5) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) 03:25:50 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 68) [ 1984.915406] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1984.915406] program syz-executor.0 not setting count and/or reply_len properly 03:25:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:25:50 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000000c0)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000140)={0x21, @time={0xffff}, 0x4, {0x3f, 0x7}, 0x1, 0x0, 0x6}) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r4, 0x4, 0x2400) fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f0000000180)=0x2) write$sndseq(r3, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000000300)={{0x0, 0xffffffff, 0xffffffff, 0x8, 0x60000000, 0x65e, 0x7, 0x7fff, 0x10001, 0x101, 0xfffff800, 0x5, 0x6, 0x9}}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f00000001c0)={{0x28, 0x8}, 'port1\x00', 0x1, 0x20000, 0xffffffff, 0xfffffff9, 0x3, 0x3f, 0x530b, 0x0, 0x1, 0x7}) 03:25:50 executing program 2: r0 = getpid() r1 = clone3(&(0x7f0000000780)={0xc0000a80, &(0x7f0000000380)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x3a}, &(0x7f0000000640)=""/232, 0xe8, &(0x7f0000000a80)=""/205, &(0x7f0000000740)=[r0], 0x1}, 0x58) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000940), 0x410000, 0x0) r4 = perf_event_open(&(0x7f0000000440)={0x5, 0x80, 0x6, 0x4c, 0xe8, 0x3f, 0x0, 0xffe, 0x3620, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={&(0x7f0000000340), 0x8}, 0x0, 0x3, 0x4, 0x4, 0xc26a, 0x80000001, 0xffff, 0x0, 0xff}, r1, 0x8, r3, 0x9) clone3(&(0x7f00000003c0)={0x20000600, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x36, 0x0, &(0x7f0000000380), 0x1}, 0x58) close(r4) r5 = dup2(r2, 0xffffffffffffffff) process_madvise(r5, &(0x7f0000000280)=[{&(0x7f0000000000)="a447e68c0bcb8a5be46a67b4580657e67db88e2367c9aa5a0dd6f121dc53e66f9b8879b316a6eb00", 0x28}, {&(0x7f0000000040)="acaef3d5e3c7f7202b63fe1a05354353af1a60555492414c3e5b936689d63c2af48d94a03a60118f0523247d7d473534a4f68b7040039dfd76733d4b6f0fbf958a8b92c11a2de92e22a10716be0725826b4d7f11b4eacfafd8ef8b30764feca7c82bc8ee1367e0c08050ff690de46d47b3c13f6d34837a215d2c07b26b6dd2416987f105a4ad6f0e528bffceb13a2bc57a96cd74502462d91b06bca9a07ce093b4ab7a55e13c1298516303f8e3b4c7f3d433d37a59b4bb0f4057402afbe13fa033c646d5dd96ef91dc06791d906334f14526cc970662ae63f6ec3af66e73274e02889b927a15", 0xe6}, {&(0x7f0000000140)="b36ab906daba4bd35ecfd909fda78fd5ae11737ef4b75dfe930eca8a6ec618bada31e53a49bca3bb62a8fa5fb7fba64ea4eaa7fe7ed7032401566ac699515611fcba52e7bb724cada490de9ef8b58cc37e1bd5a0a879295c2994c8c12ea0ca57f9b027734583f4e2def8e440", 0x6c}, {&(0x7f0000000980)="c5c98928ebe751ca3e223c45bee5c4a0616b3e44c6c300004b8edb8baebabbd5cb5a229fbdc02d7f9425d5d34c8d86cf0f21f46897ba58fb8aee8b25fef6980dc6b2a3fd09afb8ac1f0675437ddfe83cfd6845ee69484b293938b0a7a7d86c6736ee9a7e225303813090d46097f9e9955e34dc015a3af763f11cba16f7c0753ebf79a9ecf93f896fefc6926255a11e0213221d7ad071f98fb34dd0731595b32717bc1c51000000000000000014d45465cde600bc4ab0e6f4ccd40f77c83fe7b4c6b31cdb", 0xc4}], 0x4, 0x3, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r3, 0x4004662b, &(0x7f0000000300)=0x4) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f00000002c0)={r4, 0x3, 0x7, 0x7ffffff2}) syz_io_uring_setup(0x3d25, &(0x7f00000001c0)={0x0, 0xdd30, 0x20, 0x1, 0x366, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000540)) r7 = syz_io_uring_setup(0x7f02, &(0x7f00000008c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000180)=@sco}, 0x0) r11 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r7, 0x0) syz_io_uring_submit(r11, r9, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r9, 0x0, 0x3) syz_io_uring_submit(r6, r9, &(0x7f0000000580)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd_index=0x2, 0x5, 0x0, 0x0, 0x2, 0x1}, 0x8001) perf_event_open(&(0x7f0000000840)={0x2, 0x80, 0x0, 0xc0, 0x8c, 0x80, 0x0, 0x4, 0x20240, 0x5, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x808a, 0x3, @perf_config_ext={0x401, 0x10000}, 0x12008, 0x101, 0x4, 0x2, 0x0, 0x2631, 0x1f, 0x0, 0x200, 0x0, 0x2}, 0x0, 0x8, 0xffffffffffffffff, 0x1) 03:25:50 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 75) 03:25:50 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0xfffffdfd, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1984.944118] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1984.944118] program syz-executor.6 not setting count and/or reply_len properly [ 1984.958013] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1984.958013] program syz-executor.7 not setting count and/or reply_len properly [ 1984.967052] FAULT_INJECTION: forcing a failure. [ 1984.967052] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1984.969710] CPU: 0 PID: 31996 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1984.971269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1984.973135] Call Trace: [ 1984.973727] dump_stack+0x107/0x167 [ 1984.973953] FAULT_INJECTION: forcing a failure. [ 1984.973953] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1984.974536] should_fail.cold+0x5/0xa [ 1984.974574] __alloc_pages_nodemask+0x182/0x600 [ 1984.978986] ? __kmalloc+0x16e/0x390 [ 1984.979865] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1984.981174] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1984.982442] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1984.983815] alloc_pages_current+0x187/0x280 [ 1984.984900] ? __sanitizer_cov_trace_const_cmp4+0x6/0x20 [ 1984.986239] sg_build_indirect.isra.0+0x2f5/0x710 [ 1984.987445] sg_common_write.constprop.0+0x992/0x1a30 [ 1984.988700] ? sg_build_indirect.isra.0+0x710/0x710 [ 1984.989863] ? vprintk_func+0x93/0x140 [ 1984.990820] ? printk+0xba/0xf1 [ 1984.991645] ? record_print_text.cold+0x16/0x16 [ 1984.992784] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1984.993988] ? trace_hardirqs_on+0x5b/0x180 [ 1984.994994] sg_write.part.0+0x69e/0xaa0 [ 1984.995987] ? sg_new_write.isra.0+0x770/0x770 [ 1984.997135] ? __lockdep_reset_lock+0x180/0x180 [ 1984.998307] ? perf_trace_lock+0xac/0x490 [ 1984.999359] ? lock_acquire+0x197/0x470 [ 1985.000356] ? find_held_lock+0x2c/0x110 [ 1985.001321] ? _cond_resched+0x12/0x80 [ 1985.002262] ? inode_security+0x107/0x140 [ 1985.003260] ? avc_policy_seqno+0x9/0x70 [ 1985.004252] ? selinux_file_permission+0x92/0x520 [ 1985.005470] sg_write+0x87/0x120 [ 1985.006308] ? sg_write.part.0+0xaa0/0xaa0 [ 1985.007343] vfs_write+0x29a/0xb10 [ 1985.008197] ksys_write+0x12d/0x260 [ 1985.009062] ? __ia32_sys_read+0xb0/0xb0 [ 1985.010026] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1985.011352] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1985.012556] do_syscall_64+0x33/0x40 [ 1985.013457] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1985.014675] RIP: 0033:0x7f5171091b19 [ 1985.015606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1985.020015] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1985.021860] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1985.023631] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1985.025394] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1985.027164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1985.028905] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1985.030718] CPU: 1 PID: 32005 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 1985.032219] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1985.033966] Call Trace: [ 1985.034531] dump_stack+0x107/0x167 [ 1985.035308] should_fail.cold+0x5/0xa [ 1985.036122] __alloc_pages_nodemask+0x182/0x600 [ 1985.037102] ? __kmalloc+0x16e/0x390 [ 1985.037895] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1985.039182] ? trace_hardirqs_on+0x5b/0x180 [ 1985.040098] alloc_pages_current+0x187/0x280 [ 1985.041034] sg_build_indirect.isra.0+0x2f5/0x710 [ 1985.042062] sg_common_write.constprop.0+0x992/0x1a30 [ 1985.043161] ? sg_build_indirect.isra.0+0x710/0x710 [ 1985.044222] ? vprintk_func+0x93/0x140 [ 1985.045038] ? printk+0xba/0xf1 [ 1985.045726] ? record_print_text.cold+0x16/0x16 [ 1985.046710] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1985.047766] ? trace_hardirqs_on+0x5b/0x180 [ 1985.048679] sg_write.part.0+0x69e/0xaa0 [ 1985.049530] ? sg_new_write.isra.0+0x770/0x770 [ 1985.050501] ? __lockdep_reset_lock+0x180/0x180 [ 1985.051475] ? perf_trace_lock+0xac/0x490 [ 1985.052349] ? lock_acquire+0x197/0x470 [ 1985.053185] ? find_held_lock+0x2c/0x110 [ 1985.054047] ? _cond_resched+0x12/0x80 [ 1985.054855] ? inode_security+0x107/0x140 [ 1985.055738] ? avc_policy_seqno+0x9/0x70 [ 1985.056580] ? selinux_file_permission+0x92/0x520 [ 1985.057608] sg_write+0x87/0x120 [ 1985.058313] ? sg_write.part.0+0xaa0/0xaa0 [ 1985.059229] vfs_write+0x29a/0xb10 [ 1985.059982] ksys_write+0x12d/0x260 [ 1985.060749] ? __ia32_sys_read+0xb0/0xb0 [ 1985.061604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1985.062678] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1985.063778] do_syscall_64+0x33/0x40 [ 1985.064563] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1985.065640] RIP: 0033:0x7f794b5b5b19 [ 1985.066424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1985.070286] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1985.071890] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 1985.073388] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1985.074885] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1985.076392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1985.077886] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:25:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:25:50 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 69) 03:25:50 executing program 1: ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100, 0x3}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000000)) 03:25:50 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 1985.233067] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1985.233067] program syz-executor.0 not setting count and/or reply_len properly 03:25:50 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000180)="683198820649576b0167f90c300d9107f647e9c91f8183aed5b1aeb3a09872e523b977909070d9e7970d6d8f4b7d2616ae51e6780319caba77f6c4ba47ced0aff066dbff6edbb7cfe08c41572469f50c171c0982caa692c2453ad79be147e0e4fd85229cd5347a4f075ab4eb9b9ea8fe5c3a2bd7d0b6a44716390b7c2f75dcd3f6344cfcd3100891938e8b319328cd86d9e7f4706a1fb5657702a29b6669bbc8d4c63469780b3be5", 0xa8, 0x40000000}, 0xff) r2 = fork() r3 = perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0xf8, 0xfa, 0x9, 0x3, 0x0, 0xffffffffffff8001, 0x40, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3c8, 0x5, @perf_config_ext={0x40, 0x101}, 0x48800, 0x80000000, 0xfff, 0x0, 0x0, 0x7f, 0x83, 0x0, 0x7, 0x0, 0x1}, r2, 0xc, 0xffffffffffffffff, 0x9) ptrace$getregs(0xe, r1, 0x9, &(0x7f0000000080)=""/252) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000300)={{0x1, 0x1, 0x18, r3, {0xee00, 0xee01}}, './file0\x00'}) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x2, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1000, 0x5, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0xd8, 0x8}, 0x18000, 0x1, 0x958, 0x0, 0x3ff, 0x5, 0xffff, 0x0, 0x2, 0x0, 0x80000000}, 0xffffffffffffffff, 0x1, r4, 0x1) 03:25:50 executing program 2: r0 = getpid() r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x80000) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x40, 0x7, 0x8, 0x80, 0x0, 0x8, 0x200, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_config_ext={0x1a, 0x100000000}, 0x0, 0x2, 0xc40, 0x1, 0xfffffffffffffffc, 0xfffffffd, 0x6, 0x0, 0x0, 0x0, 0x3}, r0, 0x3, r1, 0x2) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 03:25:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x2, 0x80, 0x6, 0x81, 0x0, 0xfffffffffffffffb, 0x0, 0xc, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0xb7d7, 0x4, @perf_config_ext={0x0, 0x5}, 0x1004, 0x6, 0x7, 0x9, 0xfff, 0x4, 0x1, 0x0, 0x20, 0x0, 0x157}, r2, 0xe, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1985.283234] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1985.283234] program syz-executor.6 not setting count and/or reply_len properly 03:25:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1985.308267] FAULT_INJECTION: forcing a failure. [ 1985.308267] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1985.311310] CPU: 0 PID: 32316 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1985.313014] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1985.314888] Call Trace: [ 1985.315493] dump_stack+0x107/0x167 [ 1985.316304] should_fail.cold+0x5/0xa [ 1985.317154] __alloc_pages_nodemask+0x182/0x600 [ 1985.318198] ? __kmalloc+0x16e/0x390 [ 1985.319061] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1985.320532] ? trace_hardirqs_on+0x5b/0x180 [ 1985.321530] alloc_pages_current+0x187/0x280 [ 1985.322734] sg_build_indirect.isra.0+0x2f5/0x710 [ 1985.322770] sg_common_write.constprop.0+0x992/0x1a30 [ 1985.322806] ? sg_build_indirect.isra.0+0x710/0x710 [ 1985.322827] ? vprintk_func+0x93/0x140 [ 1985.322847] ? printk+0xba/0xf1 [ 1985.322867] ? record_print_text.cold+0x16/0x16 [ 1985.322889] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1985.322904] ? trace_hardirqs_on+0x5b/0x180 [ 1985.322939] sg_write.part.0+0x69e/0xaa0 [ 1985.322964] ? sg_new_write.isra.0+0x770/0x770 [ 1985.322996] ? __lockdep_reset_lock+0x180/0x180 [ 1985.323015] ? perf_trace_lock+0xac/0x490 [ 1985.323056] ? lock_acquire+0x197/0x470 [ 1985.323074] ? find_held_lock+0x2c/0x110 [ 1985.323109] ? _cond_resched+0x12/0x80 [ 1985.323127] ? inode_security+0x107/0x140 [ 1985.323149] ? avc_policy_seqno+0x9/0x70 03:25:51 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0x4b611, 0x0, 0x6, 0x5, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01, 0x0, 0x8000}, 0xffffffffffffffff, 0x5, r2, 0x0) r3 = openat$cgroup_pressure(r2, &(0x7f00000002c0)='cpu.pressure\x00', 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000300)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r5, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x26, 0x81, 0x1, 0x7f, 0x0, 0x3, 0x3000, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000340)}, 0x11020, 0x6, 0x5, 0x2, 0x1, 0x80000000, 0xd37, 0x0, 0x3, 0x0, 0x7}, 0x0, 0x9, r5, 0x9) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0xbb82, 0xa1e5, 0x0, 'queue0\x00', 0xdb4}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 1985.323166] ? selinux_file_permission+0x92/0x520 [ 1985.323199] sg_write+0x87/0x120 [ 1985.323219] ? sg_write.part.0+0xaa0/0xaa0 [ 1985.323237] vfs_write+0x29a/0xb10 03:25:51 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 1985.323265] ksys_write+0x12d/0x260 03:25:51 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 70) [ 1985.323285] ? __ia32_sys_read+0xb0/0xb0 [ 1985.323310] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1985.323329] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1985.323352] do_syscall_64+0x33/0x40 [ 1985.323370] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1985.323383] RIP: 0033:0x7f5171091b19 [ 1985.323401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1985.323412] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1985.323433] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1985.323444] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1985.323455] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1985.323466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1985.323478] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 1985.373760] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1985.373760] program syz-executor.0 not setting count and/or reply_len properly [ 1985.515101] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1985.515101] program syz-executor.0 not setting count and/or reply_len properly [ 1985.547896] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 1985.547896] program syz-executor.6 not setting count and/or reply_len properly [ 1985.548715] FAULT_INJECTION: forcing a failure. [ 1985.548715] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1985.548736] CPU: 1 PID: 32582 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 1985.548747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1985.548754] Call Trace: [ 1985.548779] dump_stack+0x107/0x167 [ 1985.548802] should_fail.cold+0x5/0xa [ 1985.548830] __alloc_pages_nodemask+0x182/0x600 [ 1985.548848] ? __kmalloc+0x16e/0x390 [ 1985.548871] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1985.548904] ? trace_hardirqs_on+0x5b/0x180 [ 1985.548931] alloc_pages_current+0x187/0x280 [ 1985.548958] sg_build_indirect.isra.0+0x2f5/0x710 [ 1985.548992] sg_common_write.constprop.0+0x992/0x1a30 [ 1985.549026] ? sg_build_indirect.isra.0+0x710/0x710 [ 1985.549047] ? vprintk_func+0x93/0x140 [ 1985.549067] ? printk+0xba/0xf1 [ 1985.549087] ? record_print_text.cold+0x16/0x16 [ 1985.549109] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 1985.549124] ? trace_hardirqs_on+0x5b/0x180 [ 1985.549159] sg_write.part.0+0x69e/0xaa0 [ 1985.549185] ? sg_new_write.isra.0+0x770/0x770 [ 1985.549218] ? __lockdep_reset_lock+0x180/0x180 [ 1985.549236] ? perf_trace_lock+0xac/0x490 [ 1985.549262] ? lock_acquire+0x197/0x470 [ 1985.549279] ? find_held_lock+0x2c/0x110 [ 1985.549314] ? _cond_resched+0x12/0x80 [ 1985.549333] ? inode_security+0x107/0x140 [ 1985.549353] ? avc_policy_seqno+0x9/0x70 [ 1985.549370] ? selinux_file_permission+0x92/0x520 [ 1985.549402] sg_write+0x87/0x120 [ 1985.549430] ? sg_write.part.0+0xaa0/0xaa0 [ 1985.549449] vfs_write+0x29a/0xb10 [ 1985.549483] ksys_write+0x12d/0x260 [ 1985.549503] ? __ia32_sys_read+0xb0/0xb0 [ 1985.549528] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1985.549557] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1985.549581] do_syscall_64+0x33/0x40 [ 1985.549604] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1985.549623] RIP: 0033:0x7f5171091b19 [ 1985.549645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1985.549662] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1985.549694] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 1985.549710] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 1985.549727] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 1985.549743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1985.549761] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2002.313140] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2002.313140] program syz-executor.0 not setting count and/or reply_len properly 03:26:07 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0xbf, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:26:07 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x182, 0x1) 03:26:07 executing program 3: r0 = getpid() timer_create(0x1, &(0x7f0000000000)={0x0, 0x25, 0x0, @tid=r0}, &(0x7f0000000040)=0x0) timer_getoverrun(r1) 03:26:07 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x3, 0x2f6, 0x100, {0xffffffdd}}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="ff003000"/16]) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x9, 0x5, 0x1, 'queue1\x00', 0xfffffff9}) 03:26:07 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:26:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2002.352569] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2002.352569] program syz-executor.7 not setting count and/or reply_len properly [ 2002.358858] FAULT_INJECTION: forcing a failure. [ 2002.358858] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2002.360671] CPU: 1 PID: 32759 Comm: syz-executor.7 Not tainted 5.10.230 #1 03:26:07 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 71) 03:26:07 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 76) [ 2002.361795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2002.363022] Call Trace: [ 2002.363405] dump_stack+0x107/0x167 [ 2002.363937] should_fail.cold+0x5/0xa [ 2002.364498] __alloc_pages_nodemask+0x182/0x600 [ 2002.365164] ? __kmalloc+0x16e/0x390 [ 2002.365699] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2002.366563] ? trace_hardirqs_on+0x5b/0x180 [ 2002.366659] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2002.366659] program syz-executor.6 not setting count and/or reply_len properly [ 2002.367181] alloc_pages_current+0x187/0x280 [ 2002.371484] sg_build_indirect.isra.0+0x2f5/0x710 [ 2002.372213] sg_common_write.constprop.0+0x992/0x1a30 [ 2002.372961] ? sg_build_indirect.isra.0+0x710/0x710 [ 2002.373670] ? vprintk_func+0x93/0x140 [ 2002.374228] ? printk+0xba/0xf1 [ 2002.374701] ? record_print_text.cold+0x16/0x16 [ 2002.375368] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2002.376113] ? trace_hardirqs_on+0x5b/0x180 [ 2002.376745] sg_write.part.0+0x69e/0xaa0 [ 2002.377328] ? sg_new_write.isra.0+0x770/0x770 [ 2002.377355] FAULT_INJECTION: forcing a failure. [ 2002.377355] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2002.377993] ? __lockdep_reset_lock+0x180/0x180 [ 2002.378007] ? perf_trace_lock+0xac/0x490 [ 2002.378026] ? lock_acquire+0x197/0x470 [ 2002.378047] ? find_held_lock+0x2c/0x110 [ 2002.382990] ? _cond_resched+0x12/0x80 [ 2002.383537] ? inode_security+0x107/0x140 [ 2002.384131] ? avc_policy_seqno+0x9/0x70 [ 2002.384708] ? selinux_file_permission+0x92/0x520 [ 2002.385398] sg_write+0x87/0x120 [ 2002.385878] ? sg_write.part.0+0xaa0/0xaa0 [ 2002.386482] vfs_write+0x29a/0xb10 [ 2002.386987] ksys_write+0x12d/0x260 [ 2002.387503] ? __ia32_sys_read+0xb0/0xb0 [ 2002.388092] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2002.388836] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2002.389570] do_syscall_64+0x33/0x40 [ 2002.390102] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2002.390833] RIP: 0033:0x7f794b5b5b19 [ 2002.391359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2002.393951] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2002.395021] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2002.396044] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2002.397044] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2002.398044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2002.399055] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2002.400108] CPU: 0 PID: 32762 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2002.401715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2002.403610] Call Trace: [ 2002.404246] dump_stack+0x107/0x167 [ 2002.405080] should_fail.cold+0x5/0xa [ 2002.405955] __alloc_pages_nodemask+0x182/0x600 [ 2002.407015] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2002.408266] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2002.409654] alloc_pages_current+0x187/0x280 [ 2002.410661] sg_build_indirect.isra.0+0x2f5/0x710 [ 2002.411784] sg_common_write.constprop.0+0x992/0x1a30 [ 2002.412965] ? sg_build_indirect.isra.0+0x710/0x710 [ 2002.414096] ? vprintk_func+0x93/0x140 [ 2002.414983] ? printk+0xba/0xf1 [ 2002.415758] ? record_print_text.cold+0x16/0x16 [ 2002.416831] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2002.418010] ? trace_hardirqs_on+0x5b/0x180 [ 2002.419020] sg_write.part.0+0x69e/0xaa0 [ 2002.419978] ? sg_new_write.isra.0+0x770/0x770 [ 2002.421037] ? __lockdep_reset_lock+0x180/0x180 [ 2002.422112] ? perf_trace_lock+0xac/0x490 [ 2002.423069] ? lock_acquire+0x197/0x470 [ 2002.424003] ? find_held_lock+0x2c/0x110 [ 2002.424964] ? _cond_resched+0x12/0x80 [ 2002.425859] ? inode_security+0x107/0x140 [ 2002.426817] ? avc_policy_seqno+0x9/0x70 [ 2002.427762] ? selinux_file_permission+0x92/0x520 [ 2002.428900] sg_write+0x87/0x120 [ 2002.429694] ? sg_write.part.0+0xaa0/0xaa0 [ 2002.430675] vfs_write+0x29a/0xb10 [ 2002.431510] ksys_write+0x12d/0x260 [ 2002.432363] ? __ia32_sys_read+0xb0/0xb0 [ 2002.433323] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2002.434558] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2002.434645] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2002.434645] program syz-executor.0 not setting count and/or reply_len properly [ 2002.435763] do_syscall_64+0x33/0x40 [ 2002.435787] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2002.440029] RIP: 0033:0x7f5171091b19 [ 2002.440888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2002.445127] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2002.446931] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2002.448614] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2002.450299] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2002.451982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2002.453670] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:26:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:26:08 executing program 3: r0 = getpid() r1 = gettid() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r4 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r5 = fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r3, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r5, r8, 0x6, 0xffffffffffffffff, r7) r9 = fork() kcmp(r9, r8, 0x6, r6, 0xffffffffffffffff) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xfe, 0x1, 0xff, 0x62, 0x0, 0x8, 0x800f, 0x9, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000080), 0x2}, 0x400, 0x2, 0x101, 0x6, 0x9, 0xff, 0x20, 0x0, 0x3}, r8, 0x7, 0xffffffffffffffff, 0x2) getpid() ptrace$setopts(0x4200, r1, 0x7326, 0xd) r10 = clone3(&(0x7f00000003c0)={0xa134558221d09462, 0x0, 0x0, 0x0, {0xfffffffd}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x2, 0xe7, 0x6, 0x6, 0x0, 0x5, 0x8204, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1, @perf_config_ext={0x8, 0x9}, 0x43241, 0x0, 0x81, 0x2, 0x10001, 0x1f, 0x64, 0x0, 0x4}, r10, 0x10, 0xffffffffffffffff, 0x1) 03:26:08 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x50) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r2, 0x0, r2) write$sndseq(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) write$sndseq(r2, &(0x7f0000001740)=[{0xff, 0x7f, 0xb3, 0x6, @tick=0xffe, {0x2, 0x4}, {0x1f, 0x2}, @result={0x7ff, 0x3}}], 0x1c) dup2(r1, r0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x10001}}, './file0\x00'}) readv(r1, &(0x7f00000016c0)=[{&(0x7f0000000200)=""/243, 0xf3}, {&(0x7f0000000300)=""/191, 0xbf}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/117, 0x75}, {0x0}, {&(0x7f0000001440)=""/180, 0xb4}, {&(0x7f0000001500)=""/242, 0xf2}, {&(0x7f0000001600)=""/130, 0x82}], 0x8) r4 = socket$inet_udplite(0x2, 0x2, 0x88) fsetxattr(r4, &(0x7f0000001780)=@random={'security.', '/dev/snd/seq\x00'}, &(0x7f00000017c0)='^[-*^[-&\',,$\'{\xd4\x00', 0x10, 0x3) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000100)={0x80000001, 0x1, {0x3, 0x3, 0x0, 0x2, 0x100}, 0x9}) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000000)={0x0, 0x4, 0x0, {}, 0x0, 0x8}) 03:26:08 executing program 2: r0 = getpid() ioprio_get$pid(0x2, r0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:26:24 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:26:24 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @broadcast, 'veth1\x00'}}}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000500), &(0x7f0000000540)='./file0/file0\x00', 0xe, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:26:24 executing program 2: r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@sco={0x1f, @none}, &(0x7f0000000080)=0x80) getpeername(r0, &(0x7f00000000c0)=@qipcrtr, &(0x7f0000000140)=0x80) r1 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r1], 0x1}, 0x58) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x401080, 0x0) dup(r2) r3 = syz_mount_image$nfs4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x200, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000240)="9387605aee196231aef962bb4a36f10591d4d373e7b7c07fcec9780972d9fd0d73c8e89026d5414e40c80b4e9520273509025629ee29bf442745da344043cddbf2cfa6d5cf65c349727f40e272c43969a8efad91bb947e5dafbd1f9fca", 0x5d, 0x1}], 0x1000, &(0x7f0000000300)={[{'/dev/ptp0\x00'}, {'$}:\xf6&,,*!\xb2!'}, {'\\'}, {'/dev/ptp0\x00'}, {'/dev/ptp0\x00'}, {'/dev/ptp0\x00'}, {'}#%^{'}, {'/dev/ptp0\x00'}, {'{&'}, {'/&'}], [{@seclabel}]}) statx(r3, &(0x7f0000000440)='./file0\x00', 0x6000, 0x80, &(0x7f0000000480)) 03:26:24 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 72) 03:26:24 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 77) 03:26:24 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0xbf00, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:26:24 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000000c0)={0x5, 0x1, {0x3, 0x3, 0x0, 0x1, 0x7}, 0x4}) 03:26:24 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r2, 0x0, r2) r3 = syz_open_dev$mouse(&(0x7f0000000040), 0x3, 0x300) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x40042409, 0x1) write$sndseq(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000000)={0x0, 0x3, r2, 0x1}) getpid() ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x1}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000100)={0x2, 0x2, {0x3, 0x1, 0x9, 0x2}, 0x9}) [ 2019.337282] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2019.337282] program syz-executor.6 not setting count and/or reply_len properly [ 2019.353309] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2019.353309] program syz-executor.0 not setting count and/or reply_len properly [ 2019.360122] FAULT_INJECTION: forcing a failure. [ 2019.360122] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2019.363499] CPU: 0 PID: 33084 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2019.365419] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.367404] Call Trace: [ 2019.368053] dump_stack+0x107/0x167 [ 2019.369067] should_fail.cold+0x5/0xa [ 2019.370100] __alloc_pages_nodemask+0x182/0x600 [ 2019.371367] ? __kmalloc+0x16e/0x390 [ 2019.372375] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2019.373965] ? trace_hardirqs_on+0x5b/0x180 [ 2019.375076] alloc_pages_current+0x187/0x280 [ 2019.376259] sg_build_indirect.isra.0+0x2f5/0x710 [ 2019.377545] sg_common_write.constprop.0+0x992/0x1a30 [ 2019.378974] ? sg_build_indirect.isra.0+0x710/0x710 [ 2019.380318] ? vprintk_func+0x93/0x140 [ 2019.381268] ? printk+0xba/0xf1 [ 2019.382178] ? record_print_text.cold+0x16/0x16 [ 2019.383427] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2019.384730] ? trace_hardirqs_on+0x5b/0x180 [ 2019.385796] sg_write.part.0+0x69e/0xaa0 [ 2019.386952] ? sg_new_write.isra.0+0x770/0x770 [ 2019.388193] ? __lockdep_reset_lock+0x180/0x180 [ 2019.389486] ? perf_trace_lock+0xac/0x490 [ 2019.390578] ? lock_acquire+0x197/0x470 [ 2019.391666] ? find_held_lock+0x2c/0x110 [ 2019.392815] ? _cond_resched+0x12/0x80 [ 2019.393852] ? inode_security+0x107/0x140 [ 2019.394868] ? avc_policy_seqno+0x9/0x70 [ 2019.395960] ? selinux_file_permission+0x92/0x520 [ 2019.397161] sg_write+0x87/0x120 [ 2019.398096] ? sg_write.part.0+0xaa0/0xaa0 [ 2019.399102] vfs_write+0x29a/0xb10 [ 2019.399973] ksys_write+0x12d/0x260 [ 2019.400863] ? __ia32_sys_read+0xb0/0xb0 [ 2019.401833] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.403139] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.404538] do_syscall_64+0x33/0x40 [ 2019.405474] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.406806] RIP: 0033:0x7f5171091b19 [ 2019.407809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.412534] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2019.414392] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2019.416108] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2019.417821] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2019.419501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2019.421508] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:26:25 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x288000, 0x103) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000100)={0x9b, @time={0x7ff, 0x3}, 0x8, {0x40, 0x40}, 0x1, 0x3, 0x6}) [ 2019.428127] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2019.428127] program syz-executor.7 not setting count and/or reply_len properly [ 2019.440260] FAULT_INJECTION: forcing a failure. [ 2019.440260] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2019.443009] CPU: 0 PID: 33106 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2019.444553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.446381] Call Trace: [ 2019.446968] dump_stack+0x107/0x167 [ 2019.447765] should_fail.cold+0x5/0xa [ 2019.448620] __alloc_pages_nodemask+0x182/0x600 [ 2019.449640] ? __kmalloc+0x16e/0x390 [ 2019.450470] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2019.451821] ? trace_hardirqs_on+0x5b/0x180 [ 2019.452797] alloc_pages_current+0x187/0x280 [ 2019.453776] sg_build_indirect.isra.0+0x2f5/0x710 [ 2019.454864] sg_common_write.constprop.0+0x992/0x1a30 [ 2019.456016] ? sg_build_indirect.isra.0+0x710/0x710 [ 2019.457133] ? vprintk_func+0x93/0x140 [ 2019.458002] ? printk+0xba/0xf1 [ 2019.458732] ? record_print_text.cold+0x16/0x16 [ 2019.459754] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2019.460887] ? trace_hardirqs_on+0x5b/0x180 [ 2019.461872] sg_write.part.0+0x69e/0xaa0 [ 2019.462769] ? sg_new_write.isra.0+0x770/0x770 [ 2019.463793] ? __lockdep_reset_lock+0x180/0x180 [ 2019.464831] ? perf_trace_lock+0xac/0x490 [ 2019.465747] ? lock_acquire+0x197/0x470 [ 2019.466616] ? find_held_lock+0x2c/0x110 [ 2019.467520] ? _cond_resched+0x12/0x80 [ 2019.468390] ? inode_security+0x107/0x140 [ 2019.469314] ? avc_policy_seqno+0x9/0x70 [ 2019.470203] ? selinux_file_permission+0x92/0x520 [ 2019.471272] sg_write+0x87/0x120 [ 2019.472024] ? sg_write.part.0+0xaa0/0xaa0 [ 2019.472963] vfs_write+0x29a/0xb10 [ 2019.473752] ksys_write+0x12d/0x260 [ 2019.474550] ? __ia32_sys_read+0xb0/0xb0 [ 2019.475451] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.476611] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.477757] do_syscall_64+0x33/0x40 [ 2019.478588] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.479705] RIP: 0033:0x7f794b5b5b19 [ 2019.480545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.484613] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2019.486291] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2019.487863] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2019.489444] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2019.490998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2019.492569] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:26:25 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x48, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:26:25 executing program 3: getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x5, 0x2, 0x20, 0xff, 0x0, 0x101, 0x10800, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xfe1, 0x0, @perf_config_ext={0x2, 0x6}, 0x80140, 0x101, 0xffffff00, 0x7, 0x7, 0xa10a, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x1, 0xffffffffffffffff, 0x0) [ 2019.552907] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2019.552907] program syz-executor.0 not setting count and/or reply_len properly 03:26:25 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/tty/drivers\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f0000000100)={{0x4, 0x8}, 'port1\x00', 0x9, 0x4100c, 0x4, 0x8001, 0xfe7499b, 0x4, 0xfffffff7, 0x0, 0x3, 0x2}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:26:25 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0xbf000000, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:26:25 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:26:25 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 78) 03:26:25 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 73) 03:26:25 executing program 3: r0 = getpid() r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(0x0, 0x0, 0x10, 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(r2, 0xc4089434, &(0x7f0000000e80)={0x0, 0x5, 0x0, [0x6, 0x7f, 0x2, 0x100, 0x9], [0x98, 0xfff, 0x0, 0x1, 0x80000000, 0x100000000, 0x2, 0x80000001, 0x0, 0x401, 0x81, 0x0, 0x101, 0x8, 0x1, 0x337dca13, 0x3, 0x10000, 0x8, 0x7, 0xfffffffffffffffe, 0xffffffffffffff53, 0x400000000000, 0x7f, 0x2, 0x5eec, 0x400, 0xfffffffffffffffe, 0x4, 0x4, 0x6, 0x6396, 0x8, 0x2, 0x7c, 0x7ff, 0x0, 0x100000000, 0x94, 0x10000, 0xcad, 0x40, 0x15, 0x4093f7d6, 0x6, 0x200000, 0x0, 0x1, 0x200, 0x8, 0x8, 0x8, 0x8, 0x7, 0x8001, 0xfffffffffffffffa, 0x5, 0xfffffffffffffff8, 0xb11, 0x35b, 0x95, 0x7, 0x1, 0x7f, 0x100, 0x4db, 0x10001, 0x80000000, 0x9, 0x0, 0xfffffffffffffffc, 0xe06, 0x3, 0x1, 0x0, 0xfffffffffffffffb, 0xd14a, 0x0, 0xffffffffffffffc0, 0x0, 0x1ff, 0x9, 0x40, 0x1, 0x4, 0xfff, 0x80, 0x0, 0x100000001, 0x4, 0x800, 0x0, 0x800, 0x6, 0x7fffffff, 0x1694c0000, 0x3ff, 0x401, 0x6, 0x23, 0x2, 0x3f, 0x0, 0x4a04d717, 0x10001, 0x7, 0x7f, 0x100000001, 0x6942, 0x6, 0x1836, 0x7f, 0x100, 0x0, 0x9, 0x1000, 0x4, 0x1, 0x2, 0x80000000, 0xd42b]}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000001e00)={{r1}, 0x0, 0x0, @unused=[0x7, 0x6, 0x99f5, 0xffffffff], @devid=r3}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r6, 0x8008f513, &(0x7f00000000c0)) sendmsg$nl_generic(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x30, 0x19, 0xc21, 0x0, 0x0, {0xa}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x1e, 0x0, 0x0, @u32}, @nested={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@empty}]}]}, 0x30}}, 0x0) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000200)) ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x4, 0xfb, 0x8, 0x8000, 0x0, @mcast2, @mcast1, 0x8, 0x80, 0x3, 0x4}}) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x4000, 0x0) syz_io_uring_setup(0x7860, &(0x7f0000000180)={0x0, 0xdc5d, 0x0, 0x1, 0x31a, 0x0, r7}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000240), &(0x7f00000002c0)) ioctl$SG_IO(0xffffffffffffffff, 0x127f, &(0x7f00000003c0)={0xe00, 0x0, 0x0, 0x0, @buffer={0x300, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x8, 0x80, 0x25, 0x8b, 0x0, 0x80000000, 0x81000, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1f, 0x1, @perf_bp={&(0x7f0000000000), 0x4}, 0x30, 0x7, 0x20000000, 0x5, 0x2, 0x3, 0x3, 0x0, 0x4, 0x0, 0x9}, r0, 0x4, 0xffffffffffffffff, 0x4) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 2019.765018] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2019.765018] program syz-executor.0 not setting count and/or reply_len properly [ 2019.774892] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2019.774892] program syz-executor.6 not setting count and/or reply_len properly [ 2019.777867] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2019.777867] program syz-executor.7 not setting count and/or reply_len properly [ 2019.793665] FAULT_INJECTION: forcing a failure. [ 2019.793665] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2019.796117] CPU: 1 PID: 33569 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2019.797519] FAULT_INJECTION: forcing a failure. [ 2019.797519] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2019.799874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.801597] Call Trace: [ 2019.802139] dump_stack+0x107/0x167 [ 2019.802881] should_fail.cold+0x5/0xa [ 2019.803661] __alloc_pages_nodemask+0x182/0x600 [ 2019.804619] ? __kmalloc+0x16e/0x390 [ 2019.805373] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2019.806603] ? trace_hardirqs_on+0x5b/0x180 [ 2019.807491] alloc_pages_current+0x187/0x280 [ 2019.808413] sg_build_indirect.isra.0+0x2f5/0x710 [ 2019.809406] sg_common_write.constprop.0+0x992/0x1a30 [ 2019.810466] ? sg_build_indirect.isra.0+0x710/0x710 [ 2019.811481] ? vprintk_func+0x93/0x140 [ 2019.812279] ? printk+0xba/0xf1 [ 2019.812972] ? record_print_text.cold+0x16/0x16 [ 2019.813916] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2019.814940] ? trace_hardirqs_on+0x5b/0x180 [ 2019.815830] sg_write.part.0+0x69e/0xaa0 [ 2019.816677] ? sg_new_write.isra.0+0x770/0x770 [ 2019.817625] ? __lockdep_reset_lock+0x180/0x180 [ 2019.818576] ? perf_trace_lock+0xac/0x490 [ 2019.819432] ? lock_acquire+0x197/0x470 [ 2019.820230] ? find_held_lock+0x2c/0x110 [ 2019.821081] ? _cond_resched+0x12/0x80 [ 2019.821869] ? inode_security+0x107/0x140 [ 2019.822712] ? avc_policy_seqno+0x9/0x70 [ 2019.823532] ? selinux_file_permission+0x92/0x520 [ 2019.824544] sg_write+0x87/0x120 [ 2019.825235] ? sg_write.part.0+0xaa0/0xaa0 [ 2019.826119] vfs_write+0x29a/0xb10 [ 2019.826857] ksys_write+0x12d/0x260 [ 2019.827600] ? __ia32_sys_read+0xb0/0xb0 [ 2019.828434] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.829496] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.830543] do_syscall_64+0x33/0x40 [ 2019.831298] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.832337] RIP: 0033:0x7f5171091b19 [ 2019.833092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.836822] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2019.838349] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2019.839792] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2019.841236] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2019.842670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2019.844104] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2019.845606] CPU: 0 PID: 33575 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2019.847206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.849086] Call Trace: [ 2019.849688] dump_stack+0x107/0x167 [ 2019.850514] should_fail.cold+0x5/0xa [ 2019.851383] __alloc_pages_nodemask+0x182/0x600 [ 2019.852439] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2019.853655] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2019.855019] ? policy_nodemask+0x10/0x1a0 [ 2019.855956] ? __sanitizer_cov_trace_pc+0x52/0x60 [ 2019.857054] alloc_pages_current+0x187/0x280 [ 2019.858049] sg_build_indirect.isra.0+0x2f5/0x710 [ 2019.859147] sg_common_write.constprop.0+0x992/0x1a30 [ 2019.860361] ? sg_build_indirect.isra.0+0x710/0x710 [ 2019.861487] ? vprintk_func+0x93/0x140 [ 2019.862354] ? printk+0xba/0xf1 [ 2019.863092] ? record_print_text.cold+0x16/0x16 [ 2019.864127] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2019.865260] ? trace_hardirqs_on+0x5b/0x180 [ 2019.866239] sg_write.part.0+0x69e/0xaa0 [ 2019.867149] ? sg_new_write.isra.0+0x770/0x770 [ 2019.868177] ? __lockdep_reset_lock+0x180/0x180 [ 2019.869218] ? perf_trace_lock+0xac/0x490 [ 2019.870148] ? lock_acquire+0x197/0x470 [ 2019.871030] ? find_held_lock+0x2c/0x110 [ 2019.871945] ? _cond_resched+0x12/0x80 [ 2019.872816] ? inode_security+0x107/0x140 [ 2019.873740] ? avc_policy_seqno+0x9/0x70 [ 2019.874638] ? selinux_file_permission+0x92/0x520 [ 2019.875720] sg_write+0x87/0x120 [ 2019.876487] ? sg_write.part.0+0xaa0/0xaa0 [ 2019.877433] vfs_write+0x29a/0xb10 [ 2019.878236] ksys_write+0x12d/0x260 [ 2019.879046] ? __ia32_sys_read+0xb0/0xb0 [ 2019.879961] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.881134] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.882290] do_syscall_64+0x33/0x40 [ 2019.883117] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.884269] RIP: 0033:0x7f794b5b5b19 [ 2019.885102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.889215] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2019.890909] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2019.892508] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2019.894101] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2019.895686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2019.897283] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:26:42 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 74) 03:26:42 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0xfdfdffff, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:26:42 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x68, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:26:42 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x100000000, 0x84, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x2, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = inotify_init1(0x0) r5 = getpgrp(r1) ptrace(0x11, r5) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000000)={0x1}) 03:26:42 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:26:42 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000100)={{0x37, 0x7f}, 0x0, 0x5, 0x4b6, {0x4f, 0x9}, 0x7, 0x2}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) fstatfs(r0, &(0x7f0000000200)=""/190) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000180)={0x1, 0x0, {0xffffffffffffffff, 0x3, 0x10001, 0x1, 0x5}, 0x5}) 03:26:42 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 79) 03:26:42 executing program 3: shmctl$SHM_LOCK(0x0, 0xb) shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000fff000/0x1000)=nil) r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil) shmctl$IPC_STAT(r0, 0x2, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000000)) r2 = semget$private(0x0, 0x6, 0x0) semop(0x0, &(0x7f0000000200)=[{0x4, 0xfff, 0x1000}, {0x0, 0xfff9}], 0x2) r3 = semget$private(0x0, 0x6, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x1, 0x0) semtimedop(0x0, &(0x7f0000001280)=[{0x0, 0x7}, {0x3, 0x4, 0x1000}, {0x2, 0x4, 0x1000}, {0x4, 0x2, 0x800}, {0x1, 0x8}, {0x3, 0xfff, 0x800}], 0x6, &(0x7f00000012c0)={0x77359400}) semctl$IPC_RMID(r3, 0x0, 0x0) getresgid(&(0x7f00000000c0), &(0x7f0000001100), &(0x7f0000000240)) semtimedop(r2, &(0x7f0000000040)=[{0x4, 0x3acd, 0x400}, {0x3, 0x400, 0x1000}, {0x2, 0xe7, 0x1000}, {0x3, 0x81, 0x1000}, {0x1, 0x20}, {0x1, 0x1, 0x1000}, {0x0, 0x3c, 0x1800}, {0x1, 0x7, 0x3000}], 0x8, &(0x7f0000000140)) semctl$SEM_INFO(0x0, 0x1, 0x13, &(0x7f0000002e40)=""/4111) stat(&(0x7f0000000100)='./file1\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, 0x0, 0x0) setresuid(r4, 0x0, 0x0) [ 2037.299117] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.299117] program syz-executor.0 not setting count and/or reply_len properly [ 2037.309909] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.309909] program syz-executor.6 not setting count and/or reply_len properly [ 2037.313838] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.313838] program syz-executor.7 not setting count and/or reply_len properly [ 2037.318596] FAULT_INJECTION: forcing a failure. [ 2037.318596] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2037.320560] CPU: 0 PID: 33731 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2037.321681] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2037.323007] Call Trace: [ 2037.323434] dump_stack+0x107/0x167 [ 2037.324021] should_fail.cold+0x5/0xa [ 2037.324637] __alloc_pages_nodemask+0x182/0x600 [ 2037.325392] ? __kmalloc+0x16e/0x390 [ 2037.325995] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2037.326976] ? trace_hardirqs_on+0x5b/0x180 [ 2037.327683] alloc_pages_current+0x187/0x280 [ 2037.328407] sg_build_indirect.isra.0+0x2f5/0x710 [ 2037.329209] sg_common_write.constprop.0+0x992/0x1a30 [ 2037.330069] ? sg_build_indirect.isra.0+0x710/0x710 [ 2037.330644] FAULT_INJECTION: forcing a failure. [ 2037.330644] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2037.330890] ? vprintk_func+0x93/0x140 [ 2037.334163] ? printk+0xba/0xf1 [ 2037.334716] ? record_print_text.cold+0x16/0x16 [ 2037.335484] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2037.336313] ? trace_hardirqs_on+0x5b/0x180 [ 2037.337043] sg_write.part.0+0x69e/0xaa0 [ 2037.337711] ? sg_new_write.isra.0+0x770/0x770 [ 2037.338467] ? __lockdep_reset_lock+0x180/0x180 [ 2037.339221] ? perf_trace_lock+0xac/0x490 [ 2037.339908] ? lock_acquire+0x197/0x470 [ 2037.340562] ? find_held_lock+0x2c/0x110 [ 2037.341252] ? _cond_resched+0x12/0x80 [ 2037.341891] ? inode_security+0x107/0x140 [ 2037.342567] ? avc_policy_seqno+0x9/0x70 [ 2037.343222] ? selinux_file_permission+0x92/0x520 [ 2037.344012] sg_write+0x87/0x120 [ 2037.344567] ? sg_write.part.0+0xaa0/0xaa0 [ 2037.345260] vfs_write+0x29a/0xb10 [ 2037.345848] ksys_write+0x12d/0x260 [ 2037.346441] ? __ia32_sys_read+0xb0/0xb0 [ 2037.347078] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2037.347923] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2037.348754] do_syscall_64+0x33/0x40 [ 2037.349372] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2037.350209] RIP: 0033:0x7f5171091b19 [ 2037.350804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2037.353790] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2037.355036] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2037.356200] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2037.357367] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2037.358520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.359680] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2037.360880] CPU: 1 PID: 33740 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2037.362450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2037.364305] Call Trace: [ 2037.364904] dump_stack+0x107/0x167 [ 2037.365694] should_fail.cold+0x5/0xa [ 2037.366545] __alloc_pages_nodemask+0x182/0x600 [ 2037.367577] ? __kmalloc+0x16e/0x390 [ 2037.368407] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2037.369758] ? trace_hardirqs_on+0x5b/0x180 [ 2037.370727] alloc_pages_current+0x187/0x280 [ 2037.371718] sg_build_indirect.isra.0+0x2f5/0x710 [ 2037.372804] sg_common_write.constprop.0+0x992/0x1a30 [ 2037.373980] ? sg_build_indirect.isra.0+0x710/0x710 [ 2037.375089] ? vprintk_func+0x93/0x140 [ 2037.375957] ? printk+0xba/0xf1 [ 2037.376693] ? record_print_text.cold+0x16/0x16 [ 2037.377738] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2037.378855] ? trace_hardirqs_on+0x5b/0x180 [ 2037.379831] sg_write.part.0+0x69e/0xaa0 [ 2037.380739] ? sg_new_write.isra.0+0x770/0x770 [ 2037.381778] ? __lockdep_reset_lock+0x180/0x180 [ 2037.382809] ? perf_trace_lock+0xac/0x490 [ 2037.383780] ? lock_acquire+0x197/0x470 [ 2037.384666] ? find_held_lock+0x2c/0x110 [ 2037.385598] ? _cond_resched+0x12/0x80 [ 2037.386460] ? inode_security+0x107/0x140 [ 2037.387375] ? avc_policy_seqno+0x9/0x70 [ 2037.388270] ? selinux_file_permission+0x92/0x520 [ 2037.389355] sg_write+0x87/0x120 [ 2037.390106] ? sg_write.part.0+0xaa0/0xaa0 [ 2037.391036] vfs_write+0x29a/0xb10 [ 2037.391835] ksys_write+0x12d/0x260 [ 2037.392639] ? __ia32_sys_read+0xb0/0xb0 [ 2037.393549] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2037.394703] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2037.395843] do_syscall_64+0x33/0x40 [ 2037.396670] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2037.397804] RIP: 0033:0x7f794b5b5b19 [ 2037.398623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2037.402680] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2037.404355] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2037.405930] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2037.407482] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2037.409048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.410603] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:26:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x200800, 0xfc) 03:26:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 75) 03:26:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2037.498891] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.498891] program syz-executor.6 not setting count and/or reply_len properly [ 2037.518790] FAULT_INJECTION: forcing a failure. [ 2037.518790] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2037.520537] CPU: 0 PID: 33946 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2037.521601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2037.522762] Call Trace: [ 2037.523166] dump_stack+0x107/0x167 [ 2037.523720] should_fail.cold+0x5/0xa [ 2037.524302] __alloc_pages_nodemask+0x182/0x600 [ 2037.525020] ? __kmalloc+0x16e/0x390 [ 2037.525586] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2037.526508] ? trace_hardirqs_on+0x5b/0x180 [ 2037.527169] alloc_pages_current+0x187/0x280 [ 2037.527847] sg_build_indirect.isra.0+0x2f5/0x710 [ 2037.528595] sg_common_write.constprop.0+0x992/0x1a30 [ 2037.529399] ? sg_build_indirect.isra.0+0x710/0x710 [ 2037.530156] ? vprintk_func+0x93/0x140 [ 2037.530747] ? printk+0xba/0xf1 [ 2037.531250] ? record_print_text.cold+0x16/0x16 [ 2037.531953] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2037.532712] ? trace_hardirqs_on+0x5b/0x180 [ 2037.533342] sg_write.part.0+0x69e/0xaa0 [ 2037.533956] ? sg_new_write.isra.0+0x770/0x770 [ 2037.534651] ? __lockdep_reset_lock+0x180/0x180 [ 2037.535350] ? perf_trace_lock+0xac/0x490 [ 2037.535976] ? lock_acquire+0x197/0x470 [ 2037.536572] ? find_held_lock+0x2c/0x110 [ 2037.537208] ? _cond_resched+0x12/0x80 [ 2037.537797] ? inode_security+0x107/0x140 [ 2037.538422] ? avc_policy_seqno+0x9/0x70 [ 2037.539029] ? selinux_file_permission+0x92/0x520 [ 2037.539761] sg_write+0x87/0x120 [ 2037.540275] ? sg_write.part.0+0xaa0/0xaa0 [ 2037.540919] vfs_write+0x29a/0xb10 [ 2037.541459] ksys_write+0x12d/0x260 [ 2037.542007] ? __ia32_sys_read+0xb0/0xb0 [ 2037.542618] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2037.543408] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2037.544185] do_syscall_64+0x33/0x40 [ 2037.544742] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2037.545523] RIP: 0033:0x7f5171091b19 [ 2037.546080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2037.548833] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2037.549974] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2037.550962] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2037.552026] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2037.553018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.554080] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:26:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 80) 03:26:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0xfffffdfd, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2037.593968] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.593968] program syz-executor.0 not setting count and/or reply_len properly [ 2037.612511] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.612511] program syz-executor.7 not setting count and/or reply_len properly [ 2037.623353] FAULT_INJECTION: forcing a failure. [ 2037.623353] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2037.625153] CPU: 0 PID: 34063 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2037.626155] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2037.627350] Call Trace: [ 2037.627732] dump_stack+0x107/0x167 [ 2037.628257] should_fail.cold+0x5/0xa [ 2037.628808] __alloc_pages_nodemask+0x182/0x600 [ 2037.629488] ? __kmalloc+0x16e/0x390 [ 2037.630023] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2037.630890] ? trace_hardirqs_on+0x5b/0x180 [ 2037.631515] alloc_pages_current+0x187/0x280 [ 2037.632148] sg_build_indirect.isra.0+0x2f5/0x710 [ 2037.632849] sg_common_write.constprop.0+0x992/0x1a30 [ 2037.633606] ? sg_build_indirect.isra.0+0x710/0x710 [ 2037.634324] ? vprintk_func+0x93/0x140 [ 2037.634884] ? printk+0xba/0xf1 [ 2037.635360] ? record_print_text.cold+0x16/0x16 [ 2037.636029] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2037.636750] ? trace_hardirqs_on+0x5b/0x180 [ 2037.637391] sg_write.part.0+0x69e/0xaa0 [ 2037.637973] ? sg_new_write.isra.0+0x770/0x770 [ 2037.638632] ? __lockdep_reset_lock+0x180/0x180 [ 2037.639295] ? perf_trace_lock+0xac/0x490 [ 2037.639890] ? lock_acquire+0x197/0x470 [ 2037.640456] ? find_held_lock+0x2c/0x110 [ 2037.641054] ? _cond_resched+0x12/0x80 [ 2037.641613] ? inode_security+0x107/0x140 [ 2037.642206] ? avc_policy_seqno+0x9/0x70 [ 2037.642783] ? selinux_file_permission+0x92/0x520 [ 2037.643478] sg_write+0x87/0x120 [ 2037.643963] ? sg_write.part.0+0xaa0/0xaa0 [ 2037.644568] vfs_write+0x29a/0xb10 [ 2037.645087] ksys_write+0x12d/0x260 [ 2037.645607] ? __ia32_sys_read+0xb0/0xb0 [ 2037.646192] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2037.646939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2037.647676] do_syscall_64+0x33/0x40 [ 2037.648212] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2037.648953] RIP: 0033:0x7f794b5b5b19 [ 2037.649483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2037.652108] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2037.653198] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2037.654208] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2037.655214] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2037.656226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.657263] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:26:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat2(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x418500, 0x8a, 0x6}, 0x18) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000140)={0x6, 0x2, 0x1, 'queue0\x00', 0x5}) r2 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x3, 0x0, @fd=r0, 0x5, {0x0, r0}, 0x8e5, 0x0, 0x0, {0x0, r6, r0}}, 0x5) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000200)={0x6, 0x0, {0x2, 0x1, 0x3, 0x3, 0x3}, 0x477580}) 03:26:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:26:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x74, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:26:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 76) 03:26:43 executing program 3: r0 = getpid() r1 = fork() kcmp(0x0, r1, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) r2 = fork() kcmp(r2, r1, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) rt_tgsigqueueinfo(r1, r0, 0x13, &(0x7f0000000040)={0x41, 0xa78, 0x7}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r5 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r4, r4) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r4, 0x128}, {0xffffffffffffffff, 0x2002}, {r5}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r9 = fork() kcmp(r6, r9, 0x6, 0xffffffffffffffff, r8) r10 = fork() kcmp(r10, r9, 0x6, r7, 0xffffffffffffffff) getpgrp(r9) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:26:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2037.788013] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.788013] program syz-executor.6 not setting count and/or reply_len properly [ 2037.795032] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2037.795032] program syz-executor.0 not setting count and/or reply_len properly [ 2037.804845] FAULT_INJECTION: forcing a failure. [ 2037.804845] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2037.806436] CPU: 0 PID: 34342 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2037.807345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2037.808447] Call Trace: [ 2037.808802] dump_stack+0x107/0x167 [ 2037.809287] should_fail.cold+0x5/0xa [ 2037.809794] __alloc_pages_nodemask+0x182/0x600 [ 2037.810407] ? __kmalloc+0x16e/0x390 [ 2037.810897] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2037.811694] ? trace_hardirqs_on+0x5b/0x180 [ 2037.812267] alloc_pages_current+0x187/0x280 [ 2037.812849] sg_build_indirect.isra.0+0x2f5/0x710 [ 2037.813498] sg_common_write.constprop.0+0x992/0x1a30 [ 2037.814180] ? sg_build_indirect.isra.0+0x710/0x710 [ 2037.814834] ? vprintk_func+0x93/0x140 [ 2037.815347] ? printk+0xba/0xf1 [ 2037.815778] ? record_print_text.cold+0x16/0x16 [ 2037.816391] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2037.817059] ? trace_hardirqs_on+0x5b/0x180 [ 2037.817632] sg_write.part.0+0x69e/0xaa0 [ 2037.818169] ? sg_new_write.isra.0+0x770/0x770 [ 2037.818776] ? __lockdep_reset_lock+0x180/0x180 [ 2037.819385] ? perf_trace_lock+0xac/0x490 [ 2037.819933] ? lock_acquire+0x197/0x470 [ 2037.820454] ? find_held_lock+0x2c/0x110 [ 2037.820999] ? _cond_resched+0x12/0x80 [ 2037.821506] ? inode_security+0x107/0x140 [ 2037.822044] ? avc_policy_seqno+0x9/0x70 [ 2037.822568] ? selinux_file_permission+0x92/0x520 [ 2037.823200] sg_write+0x87/0x120 [ 2037.823637] ? sg_write.part.0+0xaa0/0xaa0 [ 2037.824184] vfs_write+0x29a/0xb10 [ 2037.824650] ksys_write+0x12d/0x260 [ 2037.825129] ? __ia32_sys_read+0xb0/0xb0 [ 2037.825657] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2037.826340] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2037.827010] do_syscall_64+0x33/0x40 [ 2037.827494] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2037.828159] RIP: 0033:0x7f5171091b19 [ 2037.828644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2037.831046] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2037.832042] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2037.832981] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2037.833902] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2037.834819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.835744] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:26:58 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 81) 03:26:58 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f00000000c0)={0x5, 0x7, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r2 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r3 = fork() dup2(0xffffffffffffffff, 0xffffffffffffffff) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{0xffffffffffffffff, 0x128}, {0xffffffffffffffff, 0x2002}, {r2}, {0xffffffffffffffff, 0x6080}, {r2, 0x9200}, {r2, 0x62}, {r5, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r6 = fork() kcmp(r3, r6, 0x6, 0xffffffffffffffff, r5) r7 = fork() kcmp(r7, r6, 0x6, r4, 0xffffffffffffffff) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r9 = fcntl$dupfd(r8, 0x0, r8) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r9, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) clone3(&(0x7f0000000380)={0xa0000000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x1e}, &(0x7f0000000240)=""/192, 0xc0, &(0x7f0000000300)=""/53, &(0x7f0000000340)=[0x0, 0xffffffffffffffff, r7], 0x3, {r9}}, 0x58) 03:26:58 executing program 3: r0 = getpid() kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) r1 = fork() kcmp(r1, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r4 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r3, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(0x0, r7, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) r9 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) r10 = socket$nl_audit(0x10, 0x3, 0x9) kcmp$KCMP_EPOLL_TFD(0x0, r7, 0x7, 0xffffffffffffffff, &(0x7f0000000040)={r9, r10, 0x8}) clone3(&(0x7f00000003c0)={0x120000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:26:58 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 77) 03:26:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:26:58 executing program 2: r0 = getpid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000180)={{0x1, 0x1, 0x18, r3, @out_args}, './file0\x00'}) fsetxattr$security_selinux(r4, &(0x7f00000002c0), &(0x7f0000000300)='system_u:object_r:fuse_device_t:s0\x00', 0x23, 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) clone3(&(0x7f0000000100)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1, {r2}}, 0xd) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x802, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f00000001c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@version_L}, {@version_L}, {@cache_fscache}], [{@mask={'mask', 0x3d, 'MAY_READ'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x32, 0x31, 0x54, 0x62, 0x33, 0x62, 0x62, 0x35], 0x2d, [0x36, 0x65, 0x65, 0x31], 0x2d, [0x65, 0x36, 0x31, 0x32], 0x2d, [0x33, 0x39, 0x34, 0x37], 0x2d, [0x37, 0x61, 0x64, 0x65, 0x37, 0x30, 0x67, 0x30]}}}, {@measure}, {@subj_user}, {@measure}, {@fsname={'fsname', 0x3d, '@}!^j}'}}]}}) ioctl$BTRFS_IOC_BALANCE(r5, 0x5000940c, 0x0) 03:26:58 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0xbf, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:26:58 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2052.707783] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2052.707783] program syz-executor.7 not setting count and/or reply_len properly [ 2052.712216] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2052.712216] program syz-executor.0 not setting count and/or reply_len properly [ 2052.739991] FAULT_INJECTION: forcing a failure. [ 2052.739991] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2052.742917] CPU: 1 PID: 34620 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2052.744777] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2052.747022] Call Trace: [ 2052.747743] dump_stack+0x107/0x167 [ 2052.748730] should_fail.cold+0x5/0xa [ 2052.749777] __alloc_pages_nodemask+0x182/0x600 [ 2052.751038] ? __kmalloc+0x16e/0x390 [ 2052.752040] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2052.753699] ? trace_hardirqs_on+0x5b/0x180 [ 2052.754883] alloc_pages_current+0x187/0x280 [ 2052.756084] sg_build_indirect.isra.0+0x2f5/0x710 [ 2052.757423] sg_common_write.constprop.0+0x992/0x1a30 [ 2052.758836] ? sg_build_indirect.isra.0+0x710/0x710 [ 2052.759953] ? vprintk_func+0x93/0x140 [ 2052.761005] ? printk+0xba/0xf1 [ 2052.761911] ? record_print_text.cold+0x16/0x16 [ 2052.763169] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2052.764528] ? trace_hardirqs_on+0x5b/0x180 [ 2052.765722] sg_write.part.0+0x69e/0xaa0 [ 2052.766811] ? sg_new_write.isra.0+0x770/0x770 [ 2052.768048] ? __lockdep_reset_lock+0x180/0x180 [ 2052.769281] ? perf_trace_lock+0xac/0x490 [ 2052.770408] ? lock_acquire+0x197/0x470 [ 2052.771473] ? find_held_lock+0x2c/0x110 [ 2052.772577] ? _cond_resched+0x12/0x80 [ 2052.773607] ? inode_security+0x107/0x140 [ 2052.774718] ? avc_policy_seqno+0x9/0x70 [ 2052.775796] ? selinux_file_permission+0x92/0x520 [ 2052.777100] sg_write+0x87/0x120 [ 2052.778067] ? sg_write.part.0+0xaa0/0xaa0 [ 2052.779151] vfs_write+0x29a/0xb10 [ 2052.780070] ksys_write+0x12d/0x260 [ 2052.781000] ? __ia32_sys_read+0xb0/0xb0 [ 2052.782060] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2052.783201] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2052.783901] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2052.783901] program syz-executor.6 not setting count and/or reply_len properly [ 2052.784317] do_syscall_64+0x33/0x40 [ 2052.787470] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2052.788539] RIP: 0033:0x7f794b5b5b19 [ 2052.789339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2052.790031] FAULT_INJECTION: forcing a failure. [ 2052.790031] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2052.793234] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2052.793255] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2052.793267] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2052.793285] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2052.801029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2052.802565] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2052.804095] CPU: 0 PID: 34667 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2052.805119] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2052.806384] Call Trace: [ 2052.806782] dump_stack+0x107/0x167 [ 2052.807334] should_fail.cold+0x5/0xa [ 2052.807907] __alloc_pages_nodemask+0x182/0x600 [ 2052.808618] ? __kmalloc+0x16e/0x390 [ 2052.809175] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2052.810079] ? trace_hardirqs_on+0x5b/0x180 [ 2052.810724] alloc_pages_current+0x187/0x280 [ 2052.811382] sg_build_indirect.isra.0+0x2f5/0x710 [ 2052.812118] sg_common_write.constprop.0+0x992/0x1a30 [ 2052.812906] ? sg_build_indirect.isra.0+0x710/0x710 [ 2052.813659] ? vprintk_func+0x93/0x140 [ 2052.814242] ? printk+0xba/0xf1 [ 2052.814743] ? record_print_text.cold+0x16/0x16 [ 2052.815442] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2052.816192] ? trace_hardirqs_on+0x5b/0x180 [ 2052.816848] sg_write.part.0+0x69e/0xaa0 [ 2052.817466] ? sg_new_write.isra.0+0x770/0x770 [ 2052.818165] ? __lockdep_reset_lock+0x180/0x180 [ 2052.818859] ? perf_trace_lock+0xac/0x490 [ 2052.819476] ? lock_acquire+0x197/0x470 [ 2052.820070] ? find_held_lock+0x2c/0x110 [ 2052.820695] ? _cond_resched+0x12/0x80 [ 2052.821271] ? inode_security+0x107/0x140 [ 2052.821904] ? avc_policy_seqno+0x9/0x70 [ 2052.822509] ? selinux_file_permission+0x92/0x520 [ 2052.823292] sg_write+0x87/0x120 [ 2052.823788] ? sg_write.part.0+0xaa0/0xaa0 [ 2052.824399] vfs_write+0x29a/0xb10 [ 2052.824920] ksys_write+0x12d/0x260 [ 2052.825455] ? __ia32_sys_read+0xb0/0xb0 [ 2052.826105] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2052.826944] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2052.827762] do_syscall_64+0x33/0x40 [ 2052.828344] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2052.829139] RIP: 0033:0x7f5171091b19 [ 2052.829715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2052.832608] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2052.833821] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2052.834928] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2052.836056] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2052.837179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2052.838312] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:26:58 executing program 2: read(0xffffffffffffffff, &(0x7f0000000000)=""/23, 0x17) r0 = getpid() clone3(&(0x7f00000003c0)={0x20060200, 0x0, 0x0, 0x0, {0x2000000}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:26:58 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0xbf00, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:26:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x300, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2052.865892] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2052.865892] program syz-executor.0 not setting count and/or reply_len properly [ 2068.034320] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.034320] program syz-executor.7 not setting count and/or reply_len properly [ 2068.037335] FAULT_INJECTION: forcing a failure. [ 2068.037335] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2068.039177] CPU: 0 PID: 35016 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2068.040245] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2068.041534] Call Trace: [ 2068.041954] dump_stack+0x107/0x167 [ 2068.042522] should_fail.cold+0x5/0xa [ 2068.043117] __alloc_pages_nodemask+0x182/0x600 [ 2068.043837] ? __kmalloc+0x16e/0x390 [ 2068.044415] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2068.045350] ? trace_hardirqs_on+0x5b/0x180 [ 2068.046029] alloc_pages_current+0x187/0x280 [ 2068.046713] sg_build_indirect.isra.0+0x2f5/0x710 [ 2068.047468] sg_common_write.constprop.0+0x992/0x1a30 [ 2068.048273] ? sg_build_indirect.isra.0+0x710/0x710 [ 2068.049046] ? vprintk_func+0x93/0x140 [ 2068.049666] ? printk+0xba/0xf1 [ 2068.050186] ? record_print_text.cold+0x16/0x16 [ 2068.050910] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2068.051694] ? trace_hardirqs_on+0x5b/0x180 [ 2068.052375] sg_write.part.0+0x69e/0xaa0 [ 2068.053013] ? sg_new_write.isra.0+0x770/0x770 [ 2068.053733] ? __lockdep_reset_lock+0x180/0x180 [ 2068.054461] ? perf_trace_lock+0xac/0x490 [ 2068.055109] ? lock_acquire+0x197/0x470 [ 2068.055723] ? find_held_lock+0x2c/0x110 [ 2068.056364] ? _cond_resched+0x12/0x80 [ 2068.056971] ? inode_security+0x107/0x140 [ 2068.057612] ? avc_policy_seqno+0x9/0x70 [ 2068.058252] ? selinux_file_permission+0x92/0x520 [ 2068.059004] sg_write+0x87/0x120 [ 2068.059527] ? sg_write.part.0+0xaa0/0xaa0 [ 2068.060180] vfs_write+0x29a/0xb10 [ 2068.060736] ksys_write+0x12d/0x260 [ 2068.061295] ? __ia32_sys_read+0xb0/0xb0 [ 2068.061920] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2068.062730] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2068.063526] do_syscall_64+0x33/0x40 [ 2068.064095] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2068.064881] RIP: 0033:0x7f794b5b5b19 [ 2068.065452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2068.068286] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2068.069458] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2068.071346] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2068.072976] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2068.074621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2068.076266] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:27:13 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 78) 03:27:13 executing program 2: bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x4, @any, 0xcb, 0x3}, 0xe) r0 = getpid() r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x141000, 0x0) clone3(&(0x7f0000000040)={0x20000200, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1, {r1}}, 0x58) 03:27:13 executing program 3: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000640)={&(0x7f00000008c0)=ANY=[@ANYBLOB="3c010000fc3d078473d4ea3bc333bb3c26ad5187ad4856e81a5bee08facde3b85fa857744849d97150dc8c1535d89d0dc2263f5502564b528f1fc861a674068bfc3940188a06d78b40e140d314c8c424649c97048f3e7c07039f711f9686db07f9b71774b91cc6348ad809502944352d525a36ac5ab1c980498fd9a0f1256b79cd6ef41c97be43ba4c81cecb32bbde9b05ca66996833d348ce427e028fbfb4891c1410e9ebe970f71b570a3494e0da99dbcf237955aa9cd59b299366e1c0f6359db05c2a156a54f200952074b620471373e051a4accb5e5d79a9906af96b325340a7efd64fce0d2c9884e31add62fa5f8c5e05ef092fa7a8b703e481a5bf651efdd78d8d6e904eef19825149c8f2f21522d64c32961d089eb243cfd943fcf8b1f865b45c22b8ef05f845f35816b87a3d72c31a993b508fa8a13eee644a0284e34ec436192f530132a571ebdce5f1ad5776b4c96de3d466a793fbdc8552c5ffbcf4167efbb4c9af98f721b8c0fae8d28ff09a65c8394cc9c1ed63a4aded9501797d8f0200000000000000", @ANYRES16=0x0, @ANYRES64], 0x138}, 0x1, 0x0, 0x0, 0x20004004}, 0x4c004) r2 = getpid() open(&(0x7f0000000000)='./file0\x00', 0x630402, 0x56) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0x60730, 0x0, 0x7, 0x0, 0x8000000b7a, 0x11000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x2, 0x0, 'queue1\x00'}) r5 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r2], 0x17, {r4}}, 0x58) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r7 = fcntl$dupfd(r6, 0x0, r6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r8 = fork() kcmp(r8, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)=0x0) clone3(&(0x7f0000000840)={0x30008d00, &(0x7f0000000040), &(0x7f0000000500), &(0x7f0000000480), {0x12}, &(0x7f0000001e00)=""/102400, 0x19000, &(0x7f0000000540)=""/157, &(0x7f0000000800)=[0x0, r8, r5, r9], 0x4, {r1}}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x52dc, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0x40040, 0x0, 0x7, 0x5, 0x8000000b7a, 0x4, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendto$unix(r7, &(0x7f00000000c0)="dab05d6f3f774934963c8692d0c2c51fd93ebd84a8d3bd65e68569ea4e9adc3e339d542894ca32a7c256537f8301c649b9e36e5fd8504ec67b535e83aa76aa5c2e56d55d51dc635bc064722ed9bf6e1979c06ce094dc99e483ca07ac302bd842ddbc07092e936aba68ca0338345943771ea7d2a2bead68304b8239ed12fca4309a4ec79418a41e91300e54fa50c871f418eb76082c1d80a24f01ef9620402825f7686383d427f7d39801eb60cbaa952fe395b476691971bc36f977fde1924e2887ac850835719c642a015ac6d777e3fb89560165e5573c0af5c23928f678f2cf506944647dde9e843aa30c2070b460a445dd15e70ea8f137", 0xf8, 0x10, &(0x7f00000002c0)=@file={0x1, './file1\x00'}, 0x6e) 03:27:13 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x500, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:27:13 executing program 1: getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f00000000c0)={'nat\x00', 0x62, "ee2eef6d6d3be0f81e359fed67b0b3ee50a179340da02e312fc1e9f43c8dd021539871980042116187423dcf00e868c40e04524af8419f8b7ff0609dd990139bbcaf29af4f227fe93cb6b4100df9ba074a42e8d1fb35875a96c591c2f777c443d6a8"}, &(0x7f0000000180)=0x86) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000001c0)={0xff, 0x0, {0x1, 0x3, 0x3, 0x2, 0x40}, 0x8}) 03:27:13 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0xbf000000, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:27:13 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 82) 03:27:13 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xc02c2, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/stat\x00') openat$incfs(r3, &(0x7f0000000fc0)='.pending_reads\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000380), r2) write$sndseq(r1, &(0x7f00000004c0)=[{0x5, 0x40, 0xfc, 0x2, @tick=0x3, {0x2, 0xb7}, {0x2, 0x2}, @time=@time={0xff, 0xfffffff8}}, {0xb9, 0x9, 0x6, 0x8, @time={0x8, 0xfff}, {0x7f, 0x4}, {0x5, 0x5}, @raw8={"7e4588533659c8447855d446"}}, {0xc0, 0x8, 0xfb, 0x8, @time={0x1}, {0x1, 0x4}, {0x95, 0x5}, @ext={0x23, &(0x7f00000002c0)="39aafa494906dd03aac2a7811a20700005a29fd3064266b2421699dc57be3742e91c8d"}}, {0x0, 0x0, 0x7, 0x0, @time={0x80000000, 0x2}, {0x9, 0x20}, {0x7, 0x2}, @time=@time={0xd828, 0x401}}, {0x7, 0x3, 0x1f, 0x3, @tick=0x400, {0x5}, {0x1, 0x1}, @addr={0x2, 0x46}}], 0x8c) sendmsg$GTP_CMD_DELPDP(r3, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xf97a4e40a1251747}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="206c787bdbff32c41c93728a3dc6b32fc9040000000000", @ANYRES16=r4, @ANYBLOB="87ce2abd7000ffdbdf250100000008000800000000000800090001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4008421}, 0x4010) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@loopback, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8) sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r4, 0x20, 0x70bd2a, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_LINK={0x8, 0x1, r5}, @GTPA_I_TEI={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @empty}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004090}, 0x840) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2068.101882] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.101882] program syz-executor.0 not setting count and/or reply_len properly [ 2068.102783] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.102783] program syz-executor.6 not setting count and/or reply_len properly [ 2068.126673] FAULT_INJECTION: forcing a failure. [ 2068.126673] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2068.129566] CPU: 0 PID: 35029 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2068.131276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2068.133306] Call Trace: [ 2068.134002] dump_stack+0x107/0x167 [ 2068.134900] should_fail.cold+0x5/0xa [ 2068.135851] __alloc_pages_nodemask+0x182/0x600 [ 2068.137015] ? __kmalloc+0x16e/0x390 [ 2068.137962] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2068.139471] ? trace_hardirqs_on+0x5b/0x180 [ 2068.140559] alloc_pages_current+0x187/0x280 [ 2068.141663] sg_build_indirect.isra.0+0x2f5/0x710 [ 2068.142900] sg_common_write.constprop.0+0x992/0x1a30 [ 2068.144213] ? sg_build_indirect.isra.0+0x710/0x710 [ 2068.145471] ? vprintk_func+0x93/0x140 [ 2068.146461] ? printk+0xba/0xf1 [ 2068.147293] ? record_print_text.cold+0x16/0x16 [ 2068.148464] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2068.149733] ? trace_hardirqs_on+0x5b/0x180 [ 2068.150850] sg_write.part.0+0x69e/0xaa0 [ 2068.151890] ? sg_new_write.isra.0+0x770/0x770 [ 2068.153070] ? __lockdep_reset_lock+0x180/0x180 [ 2068.154260] ? perf_trace_lock+0xac/0x490 [ 2068.155321] ? lock_acquire+0x197/0x470 [ 2068.156333] ? find_held_lock+0x2c/0x110 [ 2068.157383] ? _cond_resched+0x12/0x80 [ 2068.158390] ? inode_security+0x107/0x140 [ 2068.159454] ? avc_policy_seqno+0x9/0x70 [ 2068.160493] ? selinux_file_permission+0x92/0x520 [ 2068.161748] sg_write+0x87/0x120 [ 2068.162631] ? sg_write.part.0+0xaa0/0xaa0 [ 2068.163715] vfs_write+0x29a/0xb10 [ 2068.164641] ksys_write+0x12d/0x260 [ 2068.165585] ? __ia32_sys_read+0xb0/0xb0 [ 2068.166651] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2068.168008] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2068.169353] do_syscall_64+0x33/0x40 [ 2068.170323] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2068.171656] RIP: 0033:0x7f5171091b19 [ 2068.172629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2068.177459] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2068.179480] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2068.181367] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2068.183263] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2068.185161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2068.187074] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:27:13 executing program 1: mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x2010, 0xffffffffffffffff, 0x10000000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000000)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = perf_event_open$cgroup(&(0x7f0000000140)={0x5, 0x80, 0x0, 0x1, 0x7, 0x4, 0x0, 0xb8, 0x90040, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, @perf_config_ext={0x1, 0x81}, 0x210, 0x3, 0x6, 0x6, 0x2, 0x3, 0x1f, 0x0, 0xc0000, 0x0, 0x20004}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x7) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x200080, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@dfltuid}], [{@seclabel}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, '\x00'}}, {@euid_eq}, {@smackfstransmute}, {@fsname={'fsname', 0x3d, '*/[+\x18#!'}}, {@smackfshat}, {@fsname={'fsname', 0x3d, '\x00'}}]}}) 03:27:13 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x600, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:27:13 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0xfdfdffff, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:27:13 executing program 2: r0 = getpid() r1 = openat2(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x64100, 0x8, 0x1c}, 0x18) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000001600)={0x1744, 0x31, 0x800, 0x70bd28, 0x25dfdbfc, {0x4}, [@generic="c8817b6435e3891938eee58b2f53c2e87ee6ca23aff4d49d650683f9d32609b04f06f25fa934b77494eb376f6fb4b070de97fbda439c54ca44d9406144c405645cf8ec78f7c0b6ba408ca3329d3778a49051890ea11acd7642b272bd38443635df883d68091fef47e763042cb91a8f498480cf860ea31644d109688d53485af49d6f1e627441bc125434f8c4b46c7639e70ddd744830bed5327ce6c5903f8d474c532c5a51cf4d7a8011a212d568e6", @nested={0x2d5, 0x34, 0x0, 0x1, [@generic="5808fb74a736ffbbe33deeedd916f56de46e45da38957a99f6a26c0a4525cf45c0eef33662c84d9d2d88781510288d0f4340ad66b1169c3b7b649f851d7182572ea4ccc785625a33b4741fcc77463a366bef6582febd4256aacd9af84019d43403549c7e108a9dbe52da13f2c498ed219fd97115a8d320c0ce8d40a2a12c5556b66b432d2cb265d06e43f3892f45cdb50d245f0efe560a94907528957f7d9607", @generic="663de65962d79c464352a9497bfca11649fc5b429c14f49ba5303c6897a79a6f2f32db740b628156f80f920fb99edf28895f43901e3c5ec86e32f1d8008a1a9061f0a87fd41851311c0d0773889c669647f3dbf40114ee2a49fca91f6e9718d3a4a3b3f4cfb1826144438ccc96a365c4b1e79b7185ce6103df89cd73a6b3662e2e87af90f92fe3c54d4dea862fe7d3d4523fabde3b17cfd10f8670e567aa0148f067e9a619bd46df5fe1f730433a3b7245525a9745fc074049174f7a616e8cdee819bec41019bd78b904d6847b22c96814859ac58eb93fe9b40d4ee3c231404d3674b50c6f64f89ad6", @typed={0x8, 0x86, 0x0, 0x0, @ipv4=@remote}, @typed={0x8, 0x8f, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x8a, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xb}}, @typed={0x1e, 0x29, 0x0, 0x0, @binary="6b1a7091c34c4b5a03a4da464caabe7cefd4affcfbe349fb522e"}, @generic="99a22bb1560a14838cc9d297d4268b40d4e2135bdc2d972295fba4", @generic="e09a730ca3d0e04fcf6260ab13de2a1476332600ac917a2cb597e073225cd9cbc7c084894fd5572c7d4e8d95fead97894b36af197c52167b83eaf41a5f0cbd5ecfb366167e9358bab386c8bdded41b456a1500cbdcd337f2163254f9dc9b5e2602dea6ff4d11f188d3037eb747bb95b56d92ad208502e05beeec3f5a7d06291dd3ca57a499b589e46148c1a427f5e3d3ad8dfc483d27ab2d08133066632a48702c9d6150ddc8665e87514b80fe6bf7a7844ab35e1d6e46e60dc9318bdc280964387d08d66b0dea94bc02126ae836d828a28d80a800caf49ae8919e554e24c1484bd5c5eb2ff19910d8", @typed={0xc, 0x73, 0x0, 0x0, @u64=0x2}]}, @generic="517206b4ca3326a47a198b6091c8ed7d3fc30370fc63b422a4f8a0007e6eb38666c77b0c7b1adca1928e1be0e1dd1c41ca70e49b65283c44a509aede93d121ca443aee10e796b4edd7e4dd86ca7ee7d2b370c4fee1eec60f8d879e78d315a8650303183e674076bb0e4ec1e741db69c20209284acf0de8f42bafceb3625fae78fed0f1dfd8ff7b1d47dd622f3556aaf76797a9b1b271625dc5a3a2d901c57aac70069d16a281e303b5656cf1c73eb546ec79b07ad4d605e938cb56222885bf8534bd8d206d5b0bc4e81459f0fffc7e8f0b6e3ade597b0aa4a0985d200f321ab98f", @nested={0x1258, 0x35, 0x0, 0x1, [@generic="5cdb7c1e78ee94f3df6e92beebaabab8b7b7235cf754f07a915342f56a9360e701d6efb4f6706cdec9cd8a2aeb549676cb329916cee3de6e8b6df5776ef053a3a559b4ff3125436ae02a16d785dc896d0f5793dff0818b7d3d90da934eb98d3ba76569f5f0cf7ac2f2fbf2911a6f0773826ebc20bb930b380b85bfa65e5ce9fe24e7f3d37979373f3e14d1", @generic="e6a25a6337438dcac9add31fe23f20a8fd5b48600d45014a06a0f954519199cbc8574995636756374a10c83105bb1779296a96e09996f1db1c9ee17e551af5cc97c1eaa4d9146dee58567921e7f7710cced4d97041553ba24f3b41f35dec1fd701994b7c03a7acdf399283f230948802e01ec53728fd8c3d56a2227f324208000709f1bf06c48fa58bf543bc36f81d73fc0539b6221a047b9ea3d9afc289dc775c9172defff9182fee75b534da74bfa856a8e0b469713f70715f178b37ea125781f2f9f3", @generic="7cfb0956101cb0e85dc12bf07a36e04a39a8d64abc31974cda2309d70447ba67f68345f618a06caaa6cf983b70ecfce4bf04089bc0a7639ffe5d686dd86e5a9af486b2591bb5637e02a4c77f77a502b372652ed610638749cf86912d6a2b5180ef5aee37ae422976775293d6306817d81a362cff8f409243b6f1fd7f3f469d990a1984de57396469b7b3d99d5467dc1d96392864611513a640bf313488e83f252d82273bbc11a5c9820637f0f5746b3e5691eb04e64ff6372adbe1e440e499042a54f9240582e8a775f1cf47a706f23e3f1f5fcc49a66fc37395248bf83c57d7929c0cffe473ab9d35685b8ef06e0a67530d47f0c0d87b0c1dc866dbfb6df83ae54bb26aae662fdeebe2decd7512f664dc70da77e8ce075ba21679e213d72d343ab33a298cb29b2aacc225e0c7b83e2bd4d44c1280438bc0401c9bcbd587bae0c22e8f7591371553f2a203c222d79f80de5f66dc70f23a40086fb31f125695833ff0a3bfb0a3b140d60a2ef7965f1b21fbb24cea2a3f5d997eead502935123abe35342b1be369eef2db516e47312c016d1495899af482128505a0e3cd597f5a7e7440d4747a135bba49b089242cee98a2bcd7b7c8d4eab7192d94fcc545dcaa389665a1d09a1676f609572c27ed6d57420c835787a2078b43f36dc7421bb74e197969881b341187b92486f94cc4d78fa27cddd005dd192829ecfb4d891971aeaa0e691392154617dec3c8e9e03f8fa3691886d329cf06f2fe5f4d49dd33aa29cf0d2b496aee1ec7a57a84f30042edba9d3de8de9ec158e13873e3404dfc0d16d19498a81ecf5023317e9fd503446c62b5121461bac7b4a6dd5e49bf74098201c7be8b677f820da980133602e55f2a1ce2c153a5ff048ef8c64e0e1333e51c611a440a8658a96ea0369172645ee8f35e2afecee025822d69d4d9622ee53ceacb59c83a3734e13c623cd17da85e1d74b670c161a1daaceea054235c872bd934ed8e51a052abeb7c522c325b080346b35e5d9b666e95d9ce41e615e15b1081b70df8ea4a78db1de8a2f6818d430dbfdd80a1abffafa97c6e7583bc47df77c0c73a57c4f089a12029a1489d5bfaa4dfcd6717c8cea7789188b8c58ce20ce829cfc248b8bad73b48597e421b53b7ba4c679e1bb509efe3d1da560107b33476c5c066d46e0dd725c97b2c47be3cc2572ea27257b603a4a5a67021ffc7dc4f8be2c81ab76048bf481db5a354fb3b2110a37fdfd8c555f9e46007b7dae7b1673058327db82673fc7118c739c4e8ac1a9eb7c7c9ae6f15229a816572a1f04e2fbcca86ff8113e6180396e75c83f515844c6f24e8b14036013668953cf938036ecdc775b8b57b0d5cac05c0fc10f712c5fd2d8b4498a32042f691c50430c982743d1581618381c672420fc8b11d3784388c3c9314129e73d56d5d306da8a7655a9c8d0a4c04e2806419bcd828cf44356bfc565979f73f8cb96e8bd732ceed8a2130717a05fd8d6a9f319f188ec21ca919fa557111dedc10327942c3ad61bfd295c3718a7107754d1523f559937a87f10ff95e5562e3b23e03a43ef1a51932fbb5dbd8dd5c80b0c9a5c9fbbe5ef5b8a1bc8f0b8631334e43628e4f00b3f292451864cacd3eecf41ec0e80327bd325fdab1ba2e12dfaba0f502bdca09ffada838fa069bdea95e471733f1faa496f131c55164193d4c01a57590dfc84db4badda4899dde60fc973cb7a593441225502f3af8bdf7d4587a0920fc612b0e874a1f1a46bb098ea598933978fc6531fb95a33de15d2073bc505271ec046f699d9a8f56696566f7ecec5cc5a8c6a9cf6d4f264fc36811437b1d66845b11086d2c4c1bdb61453143e7cb979228a4daddf37519e59d67e3cfc7a153ec0068ffe0fe94b377c9aba15379fc1944eb5051f5ca2efef2e045a1022c2cf724f691927add4fb26778c0c088ad37d44bdf33ddd04a32652da095a93ff5154f68423742a483dbd7c599d64edddef9ee157eaae7cd42cf4659ff54cc58d8f3e6e3f292c25928b4f58451877a84f73da9881adc38f641bdda7a8028b91e265f51fbbcda621ca46ecd8151343c33f4ac5a54bdbe956b92bff60ec52d1dbe39c1fd26ac059b0bed1d01967b40f0759c7eee05a2153854d37fe629a90e82c33d04bdc5d3fa51e7e3ebe3c2eabbe41004c0466a7582fbcbfd82a00392d89a5fa93d125e0c116be6b8a552851d8aedc9f8f61ab33060d1f48e235ee1c88ed075dc9aebea88ca69df0ecd078e12b2f955534967d62e0031b10e2628ebf3f63ec576186ffeb24880cfae6194499f7d4ffd071ead6b3ea369bb3a21852e63cf2a3a8fecb49daa5b0b10af27cc965e120fbf2d727fee99d15fc176a084f1bfef5760acbb0a108ec17e853ef291ec2d70df4d605e410c07e7ec55d3b0b5f58dbfdced68a97bbd3c49ddee1f74b990565906059ee71907b5a898b1025d008a006cca7d6732efbce2fccf496e34f51e638fea4c9b3dd0be1eaf2d483e3ce7c3409963c0113d73f0c37c1f28028ba8e03044dd2c21842be1b7ceaef8d925b1352703e92021aa35e74a4dc0b086db3739a1613986e6e5e4b7e140339136e7e04b43056f3634022717245b7f693e9d3da59cd21d761e7fd464d6fdfc6574b1faf8eb4326b5a5a5cb43ea9d79cf5b8d8c82416afe1ba1d2de18c55c07fe0ec4a157b1a0b0cb0a6d93087c471095f745fcf66395130206177eed3285390e95c90d59fe41d1d750815e705799c24e662a184e9d6142d15cc5ffe560e0b738b42df58221de730b6a578337ad9a62c9a596182eb65e488a154cf54ae11a2a181084925a260f88fb1aee4f6b4f085d1c9cea22aa605f3aa96755486e67caba1208b49ef4733fe8c3408221c350d0f8460d23c1494abb2e5b0dcac58edcfc6260d5dcf63908e953037b837fd8bc19db4357a6a702795337ddcc8bfef3a5dfb963707cd9fc56bf2f7348e41c80cd8c4c10ae487e6b9c438b0bb52207c93c5cb042d924c6e6a42fa55a8acc35a86f28d5e0415884d5a4cf632b75fc0040c6d66967520b811f5adbbaa758b420da3a3132c0935159bee29f6ab9c11520c3694e3b9eb95637c585440aeface1f1f7a7ac5447cb9d57200cf7972520b8678c80895ac0748f161c44dc26c8e9ccc4a23de1b055aa486784ff71cb7a1a17c2c1eb07559cfb3ab47bfdd088c866c9daafa5ec2ac93fed1af06c35beb66d9acce94c9ec9d3cd21dbd289b7bfe7546165d72fe64ff914aa90cc65428d4921919e29bb4d36dc06b3195f0917a897047977f1d8aaea81d59f6d4c820efee1fa948b258144dadda06820b76f43c0af00bc48e1e0652917a8659b4d8c410bbaa119922b2fead47a5d960bbf04f0139c492912db354b84c2de8205072b814bc6dea6bded670e21bf06029dabe98def94c5bbe34a8e9796e032893532809462a18d3d7c122a6dc279a883ac9cc451d5aebbf83c552ee8b77a3bf6fbc49792ca296f7156d8f5a401d8f9c696327333ad4ccaec0c4219fa48a64df111577732f7d89bc7e58a0e35dfbf1a4ba02925a04cc5e7bd103f08fb9d5ce2e821280100e29eefd5b70d24eefac0924d3719323e0d0f47bc0b24830eed300dd5707943dc991cbd5456d6b7e72ef4170a2cc29ae85df790a4c93bc41e06dc621ee1dfad4191bdd3f9c4690bf2c30b0677e9935c1afa09d049ffca2dee6177c7c3029106a9ed37f4591ab0acaa8731cc376a0e8d65144c3cc2ece2fc2830d1ae2edf467a234b11570eb7ffd7a7bc6a9fd4bb1df08e94c74a4e8f6a0742517965bd15170f116bbc10c4af892a37fb076d1c859be1a007ab8599be39ae668e60b216ef38d04f5d8ac0c3b168a1ef3b80af02ddaff43ced44e59529b601db8453217eac3b01d65f2338db2cc32883619aa1df106c3331da408ccca21fcb3106731063fa82b8905a0deb1880898d449a56a31abda67c1bf09f70e1dd5eb98926c65de97d4400c9633dc7af389baddddf51cf13f1b5456a9572d971f684c8784cc94c8e9f1c345662780f5376b43329ab0217269adfb0361a0887aea96a5536cbf2e8116845c90ad157949d333c58f7b23e9993a58c58b69141996a204a96fc939bdc6cf3cf510aae45edcafc983033043794c77de86e12ca5f9adef080aab23981fa0d214d1cef608f5bc57410bee22ff1d19664845adfc06c6859a69ffe435f937cf85a01eced6ab8c517b4ee2472e0ebf6cdd5e428f3eb96b3e39ef6b436a20a02b40a09213003cbfb938280b4238a9a65cf2a85c8e16b24ef1c15bb6acf63a423d701910095d3677e08eecc8d8daaaef6bd00cee48e3f15f6176dbf7234cec64daeef454936455000d7bac302cb52208ce41be077be062e19c3f15295f6741d52d06b68f83d33214abf0c04caa8376704eca7c4cc711c4a252f927fbfd0769dfa384eabd0a2c4f9de3ebbce494ff75e402f3aaa83d60a1903afb1b63b4637b0140a0ce958e1c34e95e040e831b5f0baa6092f8ea7aef24efaa6f6c0b6471f665686971b29ffd0ae595f380c836dbd3009d3a07d5806f940d95b8fa20f2059e7c4d4276b2e3807c4c5831a534a75752bdad6f6d776f129a78ba20ab11655549f0ad6045017740542957bd366ae609141decdc1fa87b6074e0a8b0d99d3159cf0477ad639a7249d8bf98e954ff355c6d0b0a972e341084158f13c328d230bfe6cc5d5f5e10e3218ffd9b7701f9eadc57dc91b4ed382367b2ae52a8dccae971e83af292f2dc6d6d14f09469719d5f79125fc634cae9ad28dcffdecdec735c11b47cb0f7f5055268ef762a5b92fc44a2719a8a7eecab7c13245dbbb9d754770065537cd633b73e703c1c84c4b6f940a97f6d405cf5253fe64acc09c7509507e8f3d39452553d51a1701a2616b39ea5149268ce15647414408585cf2c98d334f60955162296978396e9dde0c87e8a9b15ef38b7a507011cf79a13ef5dda14fee115188cea647e215370772884a3ae41a9cf95678be6272d1c3a011960c7e18d7e28b5f000aeee9f84563138e9bcc7bf3076e86abff2119679105e5902e839342f933c90abb5fd0abc10670b62a56f013e7f52aabca1ed4e9c8dce378be344640b7d821d324701385f276ce77bb41e039217442c9bee80f220bb06b1ef1f1d939abb50d0e044d347e3a0bc8dca95c54e0701204dbce53ee943c851ed0552b54831064c887ed37f0fd21431d968e90309990834953bdeaf97a151d95b99ed1561827eac73f7ec79f971faf5bdc913fb197d58429e109e1d4f1543c3134e11b1a60ff336edb8d36ea064dd68708b112dd2aadb0b48c1cad3f8242723d9fc2c32ed171630d8863b951e50e1f817fee0f674098b76aa85d4df6d45421be7958f071f380f37fed83e86243702cff59929febd607fc6eff7d62e5d3392ebe93309afcd5eadc42ae072d69113c5688fff36909086ec41acfe22240fa535cb88b7730bc44a2e2cb3efbd182ea2c6e58b6ef5c94e7829695f3cdac361ac40cf1dc019e578d2968ef2903560cacbdf54ef06ee557a01a5c6e7ff1455575c73b380b59dc68435d35f7faccdc960794163c8eeff3d929f0d980175b7f6e6c28067d9b532d274f1d3fbc687174b1dac91e642cc364c8f73e245e03de199a1d671d8c3aa3d700ccdfa093a9316f0853e8c6e1ea64a565318a97db4d9645082c4c2992148e0882d38fe57e27c7809443540abe790f56ddc6c84578dceac7a7b681deac06893e7de67dd1fc800c32580de6069329a33351bb2a0dd4d624d52c6a9bcd1fc8e6d5df4c7b695e9858f59c5471172b4", @generic="c5bd96646a32e28ece2c26b4c569143571a69e792b117c4478801c5d502b66b5b493df96b89a16ea3568a4df4553508248772d19690d2b7947b8dd79b9da88d916efba014ee5a1ccd9db293956d83f23840e3d36719cfc1f1168c37f1625249f0403887d1b21991c65ed4778eeab3363480f222aca4876ef560e2f67e38ed435648c360097b4080a6cd8b243d661eacae64bc3b3252411287d4193fea2596f8b770eee48c6", @typed={0x60, 0x1d, 0x0, 0x0, @binary="92875a6432fc8758742296f59b010b4be922366c9392c12b10aa950e9c45d5a657f05b19f84e7947a5ec755edab3d463ac6537aa7b30671d123bc4a174b7434bda440fe88e9621d1eeb7a4122d5d0dbb4008cfd3fe56b459877dec6b"}]}, @generic="eaa5c701dfaf243db2a660883efc1d49fffff0ea89bb9c03f2df3385edc3cbde6ef7213b22373899796e510de3c73e1c10403c89add9a3c7acc38a5537c3b3e5e1c0bb33df9e43b8388d69d0a9714fea3494c10cc446344b368930e9e933303b6dd83ac7bf2bd3d3e7e47582dc7179"]}, 0x1744}}, 0x800) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f00000000c0)={{'\x00', 0x3}, {0x1}, 0x0, 0x0, 0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)="41b22c8a3dc9e094d0c0a39916691b3590568c9052ec40a259edb9d92284ea1ac3759c13e327bbb3795b7aa9adc26e5bf32f25001e04e5a33e7af2da62bc9b", 0x3f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000ed100000010000000ce0000000ed5638875d463c1f720e16c552a21f14edc4b2bc9c95fdf81fed29f73b2cf24429d7dab51fb036c5858d6baed372f064a0f336db7a324297615ccea28fd7d767892bfc5d37d24e3b64f1ea7adc5d62d394812ae86b6c19910143582919a2572a98f6cb7cfff7812444ae8db11a48d7f5d34278ac826e37f8b25d490c2fb16f55b57899b1dedc402c34ea34250ed68bf1276c24d777c9a7cf02b59d17ddf0b8459e7147317f29ee4cb6822da9ee71977a379a0315b804ebe2d40b29d3af428a5531eb3f550dddac6e6f8bd5b87a6bc63aea197944debd24f0cc8b9ad49c6b86af0010000086851825cfcc83707f30f804bb93df3bea7f5dd74a3fed4c4a5487c20acccf5f7c1870b2738ebab6ed8e9509ba8a42868b6aeff27f64fee12c43b7b8fe6c945b8d4e4eb588d68fc7fb0ddf05d1518afd6e34c137563e992cf3f8bef6a6f3957bb65360690beafe95bce9319334db7a346b6e67e2f2954f0de0a324da2ca4e63d749bbb733e2c078b97263a793d6e88608ecc0394d7976676fe3d5f32eeb2edd9071e03efacdc85d3236b9964ed82688fcbc58378b68100d619fb159545cd20cb00eb46b8f58590be0b1b86a1732b43f932aba0243fcf1c618bcf0ac43cca7f2185e69e87e16f7b8bc396de463910a8786e3b8bc4f5f8d56c4ead534e200200a11380df85ccba7cfca2fe7fe16c8479a0e985d1fb2b17d6082739ff5d2a84de44b006cc0cc938d58c52e59e5c5bad4359ab5e388ec2ed07fc691919d3d29b1e13462f03055b9b998f38b8d40aa53f0fed484727703a73f1533d9821c22d8d050358e8dd6ef9c4998c5c18f8ddfb8b96d3f5a92dc226a752a8441762d7732132b3bcc8b5a40265a465d2334544ef1a6999fa1031b96c5e193082d3532cbd66466216ae7d39595d24d224d1af4f968ea623b5825045870e395375b34371cb76ae65ec0397d1b31b72eb50f6587869d94e4bb36c576049f6c8e8e724beddcc0b220e7632a22149837daa13a618e2ba0f0cf7cd0854d58093cdc597f2474e9cef88422a4d1824f02ae309925c84de3f486f24798a498754cf701a1380ee38270af6c1d169aec047e19904b216aa97d7611fe15a690ab7ee9d44fe5f022729b28c9883aeb93ce5fd3278dcb4e485df0dbcb4985725ed28f628263464d4245aba71829573606cf73dbde37083359ddc550dc8ef82b5bf27aee711e4e1e4da02a9cbea13ec665ba051e05e4037d9201d62b6a7be1eabba35090146d0a88aeb44b18375f6e748c5ba8ffb25153e61d9247e4864b596d7e5d378f38917cae3c856422c0a5c7615ec5c2f85a3f63ca746774d46ab19d354e689670328538e75d1841c5016c2e76ee0968c5081600e219efb4c546bb0db7ac67ab8affa7ce872d90694a7e91415d1f801b20567f130315634d1047e5407adc5cfa6f101fd04a8f2caab60137010bf423e0ce48d7b35992261636a04286c718dee8f644325d4bddbe6615683a5c7f8f1eb276a2907943e4961395a0507bf927d32ded29fc78a0732a5e20e5ec71937aabae27224c932e3b690df33116b1b445c980f14c60ba98393c761345279f54fc28960837364c9804036b0ed24967225f41d8e58ddc75a50acf3b880c9eeed22b116d0a3907f897c949183c071be3e0fb9ff2d804e63ae602406b2834bbd9d7446df981180e530c3c1c4e2d9ffff05a3d81203822ee80d9f7fba9980fa67e288f9e8ee0b68fa86d4bac09e85e910d319274cf4a6810434624e5c6293b6815f59b420d7dd821f4d97c26f943bcb9e9766167f0fec59dda473a322ab7f6a6b579e7f79ea18dc51f35c215ba3faacc7dc68208c35d5cd749ff377ee6c85797b5a0f93d6720c0f56ccec9f95f66e4e50ad1ccd727ff42fc1f9dc8de650c29d2f54d7b76e5cc1dc31240fe571ee5133d75263bfff89528c3749201bde9bd5f4e3d4c904a479a8197822541a6a298015ace20006b027a482d367f1a9f3c24870d350ae0af250073491abdf30bab06c192113db4aa83ff7d7f553aed74e020556e41fab07f6bd11f1d2994b3c7a137a73cd735d9cf4c6aaf561c90bc56b8fcdecec65604429f361c366c12ebce170413e18139cbd02e935dc118572186b44147cd15999d3b74719bcc0660d87cda4c6484d59452c2c1361f54d0316ee049b9e9742b484c24605b3e29684eaebf06956983dbf3d28e67c126c6bc7c4e13dabbabd9335bcfeacddb736dc963deec442d83655f5218a4b866d88f7c9a5f2343de0826322a51d8077e7e560f250105eebcf16a4dc1aa65d5f5dbee0da16d991d102c2439795a2cbe416cdc2d16b827e489ffd605462b89408bcceed35fd3b7cc1ac25dda4d3ec2d1a50ab1611b152e34ec8502f66cde0e9c4efcebe99de8513c90f343259be952c1a63c009d80a3eb681147172297b43160b831d9b562c129dae65f4691c35e6fc783a0fbee20a417658b4635e115a7ed281d0291db76e2275623a2f2c3bc4b38da67ab4668e19039c2cb5d2bae012990137967d6b208a133951ef83e6c19f24c53e94472510c4dad0dd9b9e9de58d96c6c9339bf03504a4847063bd7ac6b82616f2e50df23f818580c395cb90ad5d09f2535ebb6a3ee59a5157f95a95aea9426228088cd68f8c15866f087f1aca38252d6cd1c489d49573bbdd553a6e435b9390763cafb13dfb717d8b7dc99facb721d7a1b18b6db6485aee04c21a5870e7382aa018139bdad59232ea10fdd3f972466b224a11a5f29f97a3a5ebf7a5071e3c3caaa121f3ce7f4f7365fde7879518bd1f7fa79b0a2af4e8da8b75f7463c2d1fbcbf24fc3fef71973c1ec411d66923e60da1fa0d77af8cfe04bfc988b40c1c4cced9b662d5fce829d2e17b5c4207856cf2857e6f0814656706a2839af166e7085612296816b65c0427b4c4bdf7435e94ea7033f51131d62f6a9dca8704fe2ab68a288c9a5d1ff2e515c5af7cd01784bb0f4ccff6926558edca94406624298015510c101e2178c6b33e179f46b3dadbd656c31d558fec7d91b125064a339e8c7f2ae04e674874bf86dc127692f9ac6b4210a3e2a776761f391d384811ff5baa64fe8ed78e22aaa50d9dc73a171079fa33be97290fdd40cc09d0126d741f7917f2bd5207aa04f603fd8272bc90d4bfad7c9b9a6881fb09a710207527417e1c37e4a1354c6a6c76ac73317989d64ca8f4c228798d12323c2bed59e844a1b5aa5551015e4c111f28026f4ccd0ff8ee81ed0511bea875fbb381fbf3e216aeb5019db2875645884812531ce91a13f5c36ca9fe13da2fc4bf42c9fab38ca82eda2c295a0d2580f2d81c724c881e0128995f7cfc385a51a951cc41674850f5dbb795cb12628a003585ab68f41a7f66fb4737c2824ce7897b3fac8cff042e9b860853fea114ea0a436553c74e6f4cc3a430c03553495e7c3f9c4c1944f73fcff159b2d28234f5b0d5e7f8fb9ffdb203d9be5c659db85d4a42cd0845f6649621d0c5babb5c5cc724009e69565378d991873e589e445e8f17917e9a69bfdbd8ad2ad330533ef2d84a1abff67b259c9e3ec6ed363e0f8553c1b921b5d09b77f394e24634e01f62408d28ec07cf5dd769e5179b28f1c1734b6ff204bec0a61537c4b4000cbd29b0b2df9b437b02f460f0c99d43cebebc312ff14fb23cfb2da85f115a31f18c66bd38d66eb330da0519779e7f97fe1337fb0732f7a2641a770b51a6b535b6ac4bd6eebc27a539f51449c3ac38e33d02be97e0f90849eb136f969d1a57612e3f19947550a0329cb1b3b3c9ec92c966e8e91148df1c743c8331ec39d4c7a25b77bf7bd5f9d95e8f322f0aa6bba008dd6ee2ce03ec423a3fe5c6333d1828023f71b6a9c87c6cbb93bb840e04ddd5aaa09011207a1cb3ed1cfa07787e24c525cad7c924adf65f063e2145d1516ba7d63e7264e1d580c091df2f995de5af3e22979b3d9e5ce2e464c7c26d62b20ba55b41679fb68c4f6b69b8109f7044dd0491b21aaf147bf674e807bc4218d1c89974ae8859c41834daa5eb8b236a883147ba7bb360f27e9a5ec55faf2ca732355e0226b3b4e04a4a09abdf1d33ee5d19532aec4f149548185220a5d366441b4a953722bcbd0a7f64b8da2635e9f65f72623980f08914dc68411b9d07fd89aa93ddc40b2c53f3c4390fe2fb9664405bf7c7bff3c1f50f923ab838e7880b4fed616e261e58af19cd7f4aa59ff77a7fff817335d4efd06cce3971eea334ff469a395f5fc5c1be9d3243bb184792c0b2a98ae628a941a5fb2bbd8207b46b6a533c2254855a1e2128a0ec93ac1f821885a142c459a9c0a75a92aa67b98d7e2d4b61be6e9b8734539ae89fafeca9bd27048482d15f179dc466db8deed5bf0c897802cc1b5c2ff6793e2b0d740e52c7971bc6fc9bc9c7ec7b320e33f4d1211028c2a94e1e7ef88a38b3b438bb1496fb27203c147c92e34516f46e7337107a3df59cd375b47c1baec360053a1d10e04be99e09cf4aa2f54c6c70e91aa733dd1b95d9bffdb530f73d21b9062c1b7e16cab05c9b04c5ce5071e98cca33ed3fbc01b0dcdeda8ec5d22abdfc4189dd1c525f945cf6a39724d36a2e9ed6f425849bb3403e2b3865b0379287b166d7835d0213ca9d60f29b8e9fdf5634edd27557cafb468a9f3c544d109353eddb4732bf8be557a32803c5b0fc1a99f7217a4a22de4e8dbe41414ba1c88c8faa46d4e5a79e53b26a6489c1ad0d3dde1c16555a42a82dcc2be25a2d71f029be3e838f7a0bd0c684089cc8f1e634f91b26348a13b22f9798e9866dd2d93c2cce50b2cfc4d301ba6d0d72e771b61935289595989c82d7045ed92ce170befa82fca344d9dcf02119ae397ad7066696cac23e56792325cc2364ba66a243f82b4f1185a5c4c093bf01861d0b07b731e35830a05365f27b2e4372e292f907eb81045234d7d3decd5df0ef0df532057b15e7c0061594aa82f0b9a4afa78cdab9e19174ad028fcf4cb985a9a0b08d71e6a0c1a76319a8f32064ff9c75303db6a6bbf3d21a6efdb571ee2f3ca18166fc470e05a3e528947f194796354405962ae408ac3467766c20ea1959cd8d40b4771f9198f85de3b8c389db9e994ca4c4e9876ecbda1160d26ea1d569e075b6c882d7b39525e9fb06972e763a1ac02bf14e4c045522bb13c7373235481d392b4ac67c9ae38660fb1a8851522e06cfcce082f8eb6dd0103445854640fe08e25bfd41875bbee9d73033af9bfcaa92b1059534365d0f08ed4bcb8875ec643e2ab6026c0be5a7811fb99a95e1a3e7c42f6c2985afbb1c0be4d80f7988765564aef60f8cea3198f9c0a70ee4580a528cc282a9ae202ad848c54133a48aced957ad7ff12ed0054d025ec8aac2ad674f5e689e66be6923c27aad9035260aeb155b3879f60c0718a5809d4e5c3c72739e0b1a7c102cce72cc02e46f05b0d178dcf32ce89cbbfd4e364b0a5c9bf1bc9d5a98f9c5a665aeb218495f356715c59ca63bf93e3f538866c400c8e3d629389d1bf380b20a15936b078201302ec52214cddd43c4f0a14b669e4c43365dea1681c3065e7b77ec8f08298ecc35e1c127a404996a588d8d8f36c98ae7668e872e740c2aea3c896e32b11afc6c67aa3e7f6280b22f79f77c692f78363c785f7eb70d854dc49789dca937b4f733ef7d6e979b11f53617dde09fe5e3b1a17c7492518cd42f909066cd866d2d3b3e99837a9772b88c079a881045eaec179e3e645871ad3294be50c2ea5a1f16d3a722893d82afed6d696f5597a2c15363ce1382b0554d5df7ed3281e18e0c6ad957712c299a6262ab014c818c41b633d318791988a18b1c8b9ab9c3569c8fc3e44d9a2be7ab4147fb4986378c0670597c630728877ac4391b6c37f5e50e7c39de6fc699471867d9bd75e6ae5224990eecaa95b0470db94a12e2daefd4a9f79a05c3b0564704704f504713f2977d2701877285f86b9dc53d513d2f4115fb5b11dbeab9d4305d975582e0b3bf6022c7d603f872fed9b5b97c41de21c74480bf51344904b091b4ff2abf790e5e06768cbd14f34d78cfc0c5a2e0c11699d6cc0db6f4e5e701bbd34f95b78b8dd2ee294556056b71481ffab10569919dcfbe6d54f2da636ac7d945d6eb5c4ac0bccecfa0000000368c42b86ae169731dda93f50553becd383bdd8d0b26abb20beefdbe6b1226062a8165568533ecef252eaafba2b61afef8144b1ea4577ae3ca0a8ce8935cea9121adf85dd94ffa9faf99b045a1b0c9ea020c982e32728f2071956243fdfeb4fcd62dcb030cbbb673f43a85127dc5f19cf35cb04682c0e9ad77fb7f95ed22e042a5615fa112e55f084816ed79a149967160bdd99abe07430137907d82ca7bbf5c"], 0x1199}) [ 2068.343411] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.343411] program syz-executor.0 not setting count and/or reply_len properly 03:27:13 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_config_ext={0x6, 0x10001}, 0x69044, 0xfffffffffffffffd, 0xb9f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:27:13 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 83) 03:27:13 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000040)={0x1, @tick=0xffff, 0x76, {}, 0x3, 0x2, 0x1}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000000)) sendmsg$nl_netfilter(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x7, 0x3, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x6}, [@nested={0x5f, 0x10, 0x0, 0x1, [@typed={0xc, 0x8f, 0x0, 0x0, @u64=0x4}, @typed={0x4, 0x34}, @generic="ce72ce2985aa3be89a4338489db01c6ca03a08ed7e14c2fb4b73a000fdf7d3cb1f7917", @typed={0xc, 0x4f, 0x0, 0x0, @u64=0x8}, @typed={0x8, 0x30, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x4, 0x37}, @typed={0x8, 0x39, 0x0, 0x0, @pid}, @typed={0x8, 0x8e, 0x0, 0x0, @uid=0xee00}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x0) [ 2068.410570] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.410570] program syz-executor.7 not setting count and/or reply_len properly [ 2068.441051] FAULT_INJECTION: forcing a failure. [ 2068.441051] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2068.443779] CPU: 0 PID: 35347 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2068.445333] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2068.447198] Call Trace: [ 2068.447796] dump_stack+0x107/0x167 [ 2068.448623] should_fail.cold+0x5/0xa [ 2068.449490] __alloc_pages_nodemask+0x182/0x600 [ 2068.450547] ? __kmalloc+0x16e/0x390 [ 2068.451398] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2068.452755] ? trace_hardirqs_on+0x5b/0x180 [ 2068.453731] alloc_pages_current+0x187/0x280 [ 2068.454749] sg_build_indirect.isra.0+0x2f5/0x710 [ 2068.455847] sg_common_write.constprop.0+0x992/0x1a30 [ 2068.457022] ? sg_build_indirect.isra.0+0x710/0x710 [ 2068.458155] ? vprintk_func+0x93/0x140 [ 2068.459030] ? printk+0xba/0xf1 [ 2068.459776] ? record_print_text.cold+0x16/0x16 [ 2068.460823] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2068.461966] ? trace_hardirqs_on+0x5b/0x180 [ 2068.462952] sg_write.part.0+0x69e/0xaa0 [ 2068.463871] ? sg_new_write.isra.0+0x770/0x770 [ 2068.464912] ? __lockdep_reset_lock+0x180/0x180 [ 2068.465970] ? perf_trace_lock+0xac/0x490 [ 2068.466908] ? lock_acquire+0x197/0x470 [ 2068.467805] ? find_held_lock+0x2c/0x110 [ 2068.468733] ? _cond_resched+0x12/0x80 [ 2068.469619] ? inode_security+0x107/0x140 [ 2068.470571] ? avc_policy_seqno+0x9/0x70 [ 2068.471484] ? selinux_file_permission+0x92/0x520 [ 2068.472579] sg_write+0x87/0x120 [ 2068.473348] ? sg_write.part.0+0xaa0/0xaa0 [ 2068.474307] vfs_write+0x29a/0xb10 [ 2068.475123] ksys_write+0x12d/0x260 [ 2068.475942] ? __ia32_sys_read+0xb0/0xb0 [ 2068.476857] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2068.478049] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2068.479213] do_syscall_64+0x33/0x40 [ 2068.480048] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2068.481211] RIP: 0033:0x7f794b5b5b19 [ 2068.482055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2068.486189] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2068.487898] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2068.489495] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2068.491107] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2068.492715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2068.494323] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:27:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x700, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2068.529416] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.529416] program syz-executor.0 not setting count and/or reply_len properly 03:27:14 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 79) 03:27:14 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000180)=@sco}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r3, 0x0, 0x3) syz_io_uring_submit(0x0, r3, &(0x7f0000000140)=@IORING_OP_WRITEV={0x2, 0x1, 0x6000, @fd, 0x4, &(0x7f0000000100)=[{&(0x7f0000000000)="40f092e751bd7d4673ef0920add2247b1e849e33f1edca1f246b5ea88669044cef3ec862e876e00bb8e235c7789b4630e33d4f6677b02ae9533f6675e1ef9276dc0b26af55ab55b9efb4b7887a43155d37831f90aeee4a5d86da7b5815ba36e107beb2a73f75034b75e6e00ee744f306ceaf2d88c520e86d1b610dbdb34ada81c7dda4f43e66b4da504e89f930ae5a0c97137f05819bb74d6eb2afd68612f1ef4e1bd821b47e3edc3530c74c3f5eb081ef8a74d5b55c860a95f1eca1222716b6bd27f52331ad61d46a25a801", 0xcc}], 0x1, 0x1e, 0x0, {0x2}}, 0x8) 03:27:14 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0xffff, 0x0, 0x0, {0x1}, 0x1}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000140)={0x5, 0x1, {0x2, 0x3, 0x0, 0x1, 0x7ff}, 0x6}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000100)={0x4, @time={0xfff, 0x8}, 0xd4, {0xc4, 0x5}, 0x65, 0x2}) sync_file_range(r0, 0x7, 0x4, 0x2) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f00000001c0)) 03:27:14 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0xfffffdfd, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2068.647463] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.647463] program syz-executor.6 not setting count and/or reply_len properly 03:27:14 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_mr_cache\x00') getsockopt$inet_int(r0, 0x0, 0x21, &(0x7f00000000c0), &(0x7f00000001c0)=0x4) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x100000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000380)=ANY=[]}) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r1, 0x89f5, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x2f, 0x9, 0x8, 0xffffa0a5, 0x1, @local, @private0, 0x10, 0x8, 0x4, 0x7fff}}) 03:27:14 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x3c34c1) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f0000000040)={0xffff0000, 0x9, 0x1, 'queue1\x00'}) fcntl$setsig(r0, 0xa, 0x31) 03:27:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2068.668937] FAULT_INJECTION: forcing a failure. [ 2068.668937] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2068.671685] CPU: 1 PID: 35647 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2068.673184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2068.674977] Call Trace: [ 2068.675553] dump_stack+0x107/0x167 [ 2068.676342] should_fail.cold+0x5/0xa [ 2068.677173] __alloc_pages_nodemask+0x182/0x600 [ 2068.678192] ? __kmalloc+0x16e/0x390 [ 2068.678998] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2068.680302] ? trace_hardirqs_on+0x5b/0x180 [ 2068.681239] alloc_pages_current+0x187/0x280 [ 2068.682201] sg_build_indirect.isra.0+0x2f5/0x710 [ 2068.683259] sg_common_write.constprop.0+0x992/0x1a30 [ 2068.684384] ? sg_build_indirect.isra.0+0x710/0x710 [ 2068.685459] ? vprintk_func+0x93/0x140 [ 2068.686309] ? printk+0xba/0xf1 [ 2068.687022] ? record_print_text.cold+0x16/0x16 [ 2068.688026] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2068.689116] ? trace_hardirqs_on+0x5b/0x180 [ 2068.690070] sg_write.part.0+0x69e/0xaa0 [ 2068.690950] ? sg_new_write.isra.0+0x770/0x770 [ 2068.691953] ? __lockdep_reset_lock+0x180/0x180 [ 2068.692954] ? perf_trace_lock+0xac/0x490 [ 2068.693854] ? lock_acquire+0x197/0x470 [ 2068.694717] ? find_held_lock+0x2c/0x110 [ 2068.695612] ? _cond_resched+0x12/0x80 [ 2068.696452] ? inode_security+0x107/0x140 [ 2068.697345] ? avc_policy_seqno+0x9/0x70 [ 2068.698227] ? selinux_file_permission+0x92/0x520 [ 2068.699278] sg_write+0x87/0x120 [ 2068.700015] ? sg_write.part.0+0xaa0/0xaa0 [ 2068.700925] vfs_write+0x29a/0xb10 [ 2068.701705] ksys_write+0x12d/0x260 [ 2068.702499] ? __ia32_sys_read+0xb0/0xb0 [ 2068.703380] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2068.704509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2068.705627] do_syscall_64+0x33/0x40 [ 2068.706435] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2068.707537] RIP: 0033:0x7f5171091b19 [ 2068.708340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2068.712311] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2068.713954] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2068.715499] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2068.717042] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2068.718585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2068.720119] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:27:14 executing program 2: r0 = getpid() ptrace$setopts(0x4206, r0, 0x2, 0x2) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:27:14 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000100)={0x4, 0x2, {0x0, 0x0, 0x659, 0x1, 0x2}, 0x9}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r5, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$LOOP_SET_FD(r3, 0x4c00, r5) [ 2068.781365] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2068.781365] program syz-executor.0 not setting count and/or reply_len properly [ 2085.311674] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2085.311674] program syz-executor.7 not setting count and/or reply_len properly 03:27:30 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 84) 03:27:30 executing program 3: r0 = getpid() kcmp(r0, r0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000140)=0xc) ptrace$getregs(0xc, r3, 0x6, &(0x7f00000000c0)=""/77) 03:27:30 executing program 2: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r7, 0x0, r7) write$sndseq(r7, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x201, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x4000) signalfd(r7, &(0x7f00000000c0)={[0x7fffffff]}, 0x8) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r4, r8, 0x6, 0xffffffffffffffff, r6) r9 = fork() kcmp(r9, r8, 0x6, r5, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xff, 0x5, 0x1, 0x40, 0x0, 0x7, 0x8010, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x6, 0x2, @perf_bp, 0x0, 0x1f, 0x0, 0x1, 0x2, 0x1, 0x5, 0x0, 0x9, 0x0, 0x5}, r9, 0x6, 0xffffffffffffffff, 0xa) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:27:30 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 80) 03:27:30 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffebf, 0x74c5c6e6}) 03:27:30 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x11e900) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000002, 0x1010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x7f) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100)=0x5, 0x4) io_setup(0x80000000, &(0x7f0000000140)=0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r4 = openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x4040, 0x40, 0x12}, 0x18) io_submit(r2, 0x2, &(0x7f0000000400)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x2, r0, &(0x7f0000000180)="2ccf530230e87d329d7fc19a54ab53d938eebc16bbcd0d89a972b709bd7e0bf9c8ef40346feaf3896d31fc020861c682e8c3e036d65d9472ce76f23c519c5642e606f2d73764c0f715070efb6ba1dbc2f93716e376d7c40e79ff63388adf6506e8c3b61b7071ec8dd90593c1dcb273fbf88c043bcf086a5b6bb6b41cac267192bfbfb715dc78699e057952b4729e7fbb4f1dd813a25334d59a24cfae197609b57ecd136194a5ffcfe301df6ec916a3d4eeb837c9ff", 0xb5, 0x8, 0x0, 0x1}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x3, 0xbb7, r3, &(0x7f0000000280)="0ed3aa68c0e6585efd65615c8111d968d6ee8b9e177dc3d9a2c54d0dc10fd9219bca7bc965c3730e998bb64c5dbc612fc811f432c35cc9a81a199406fa9e309eb5a7a00fae51238de4b780fc03cc154414f5c543a9514020b8d3c5c6de2c465fc5b87e8c3fb87ea435387af2f882c238dcf84ce46f475ecfb8c1e433fdec83237f5d1d1f381585638772a3ffb9", 0x8d, 0x91aa, 0x0, 0x1, r4}]) pipe2(&(0x7f0000000440), 0x84800) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x200, 0x0, 0x40000}) 03:27:30 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) fcntl$dupfd(r0, 0x0, r0) write$sndseq(r0, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) fsetxattr$security_capability(r0, &(0x7f0000000000), &(0x7f0000000040)=@v2={0x2000000, [{0x81, 0x7f}, {0x3, 0x3}]}, 0x14, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) 03:27:30 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2085.316627] FAULT_INJECTION: forcing a failure. [ 2085.316627] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2085.318521] CPU: 0 PID: 35986 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2085.319607] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2085.320871] Call Trace: [ 2085.321274] dump_stack+0x107/0x167 [ 2085.321843] should_fail.cold+0x5/0xa [ 2085.322428] __alloc_pages_nodemask+0x182/0x600 [ 2085.323149] ? __kmalloc+0x16e/0x390 [ 2085.323716] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2085.324657] ? trace_hardirqs_on+0x5b/0x180 [ 2085.325324] alloc_pages_current+0x187/0x280 [ 2085.325994] sg_build_indirect.isra.0+0x2f5/0x710 [ 2085.326752] sg_common_write.constprop.0+0x992/0x1a30 [ 2085.327549] ? sg_build_indirect.isra.0+0x710/0x710 [ 2085.328321] ? vprintk_func+0x93/0x140 [ 2085.328930] ? printk+0xba/0xf1 [ 2085.329447] ? record_print_text.cold+0x16/0x16 [ 2085.330149] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2085.330922] ? trace_hardirqs_on+0x5b/0x180 [ 2085.331584] sg_write.part.0+0x69e/0xaa0 [ 2085.332205] ? sg_new_write.isra.0+0x770/0x770 [ 2085.332925] ? __lockdep_reset_lock+0x180/0x180 [ 2085.333625] ? perf_trace_lock+0xac/0x490 [ 2085.334263] ? lock_acquire+0x197/0x470 [ 2085.334888] ? find_held_lock+0x2c/0x110 [ 2085.335531] ? _cond_resched+0x12/0x80 [ 2085.336118] ? inode_security+0x107/0x140 [ 2085.336739] ? avc_policy_seqno+0x9/0x70 [ 2085.337354] ? selinux_file_permission+0x92/0x520 [ 2085.338088] sg_write+0x87/0x120 [ 2085.338607] ? sg_write.part.0+0xaa0/0xaa0 [ 2085.339249] vfs_write+0x29a/0xb10 [ 2085.339800] ksys_write+0x12d/0x260 [ 2085.340348] ? __ia32_sys_read+0xb0/0xb0 [ 2085.340977] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2085.341761] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2085.342562] do_syscall_64+0x33/0x40 [ 2085.343142] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2085.343941] RIP: 0033:0x7f794b5b5b19 [ 2085.344504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2085.347294] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2085.348444] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2085.349525] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2085.350605] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2085.351671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2085.352739] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2085.359343] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2085.359343] program syz-executor.6 not setting count and/or reply_len properly [ 2085.363006] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2085.363006] program syz-executor.0 not setting count and/or reply_len properly [ 2085.368019] FAULT_INJECTION: forcing a failure. [ 2085.368019] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2085.369847] CPU: 0 PID: 36001 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2085.370895] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2085.372119] Call Trace: [ 2085.372512] dump_stack+0x107/0x167 [ 2085.373050] should_fail.cold+0x5/0xa [ 2085.373617] __alloc_pages_nodemask+0x182/0x600 [ 2085.374305] ? __kmalloc+0x16e/0x390 [ 2085.374864] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2085.375757] ? trace_hardirqs_on+0x5b/0x180 [ 2085.376413] alloc_pages_current+0x187/0x280 [ 2085.377072] sg_build_indirect.isra.0+0x2f5/0x710 [ 2085.377803] sg_common_write.constprop.0+0x992/0x1a30 [ 2085.378597] ? sg_build_indirect.isra.0+0x710/0x710 [ 2085.379334] ? vprintk_func+0x93/0x140 [ 2085.379908] ? printk+0xba/0xf1 [ 2085.380400] ? record_print_text.cold+0x16/0x16 [ 2085.381095] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2085.381872] ? trace_hardirqs_on+0x5b/0x180 [ 2085.382521] sg_write.part.0+0x69e/0xaa0 [ 2085.383141] ? sg_new_write.isra.0+0x770/0x770 [ 2085.383832] ? __lockdep_reset_lock+0x180/0x180 [ 2085.384531] ? perf_trace_lock+0xac/0x490 [ 2085.385146] ? lock_acquire+0x197/0x470 [ 2085.385735] ? find_held_lock+0x2c/0x110 [ 2085.386351] ? _cond_resched+0x12/0x80 [ 2085.386935] ? inode_security+0x107/0x140 [ 2085.387553] ? avc_policy_seqno+0x9/0x70 [ 2085.388164] ? selinux_file_permission+0x92/0x520 [ 2085.388880] sg_write+0x87/0x120 [ 2085.389384] ? sg_write.part.0+0xaa0/0xaa0 [ 2085.390007] vfs_write+0x29a/0xb10 [ 2085.390562] ksys_write+0x12d/0x260 [ 2085.391096] ? __ia32_sys_read+0xb0/0xb0 [ 2085.391697] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2085.392468] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2085.393227] do_syscall_64+0x33/0x40 [ 2085.393769] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2085.394540] RIP: 0033:0x7f5171091b19 [ 2085.395096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2085.397798] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2085.398913] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2085.399965] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2085.401006] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2085.402096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2085.403152] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:27:31 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:27:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 85) 03:27:31 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) write$sndseq(r0, &(0x7f00000001c0)=[{0x81, 0x0, 0x6, 0x3, @tick=0x7245, {0x8, 0x4}, {0x0, 0xff}, @control={0x20, 0x81cb, 0x3}}, {0x3, 0x2, 0x2b, 0x1, @tick=0x1, {0x3f, 0x75}, {0x2, 0x2}, @connect={{0x1f, 0xe9}, {0x7, 0x7}}}], 0x38) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x101900) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000000c0)={0x3, 0x1, 'client0\x00', 0x2, "9469c463ee00f4b3", "1fbe145237b00fd7cde24c8a6a6e73884fb9f70925b05efde142fc0014198622", 0x9, 0x7fff}) socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000200)={0x3, 0x54, 0x80000001, 0x5f, 0x7f, 0x4}) 03:27:31 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 81) [ 2085.529928] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2085.529928] program syz-executor.0 not setting count and/or reply_len properly [ 2085.536918] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2085.536918] program syz-executor.7 not setting count and/or reply_len properly [ 2085.546242] FAULT_INJECTION: forcing a failure. [ 2085.546242] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2085.547991] CPU: 0 PID: 36257 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2085.548982] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2085.550167] Call Trace: [ 2085.550544] dump_stack+0x107/0x167 [ 2085.551076] should_fail.cold+0x5/0xa [ 2085.551618] __alloc_pages_nodemask+0x182/0x600 [ 2085.552281] ? __kmalloc+0x16e/0x390 [ 2085.552818] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2085.553681] ? trace_hardirqs_on+0x5b/0x180 [ 2085.554298] alloc_pages_current+0x187/0x280 [ 2085.554943] sg_build_indirect.isra.0+0x2f5/0x710 [ 2085.555637] sg_common_write.constprop.0+0x992/0x1a30 [ 2085.556382] ? sg_build_indirect.isra.0+0x710/0x710 [ 2085.557094] ? vprintk_func+0x93/0x140 [ 2085.557648] ? printk+0xba/0xf1 [ 2085.558118] ? record_print_text.cold+0x16/0x16 [ 2085.558826] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2085.559543] ? trace_hardirqs_on+0x5b/0x180 [ 2085.560168] sg_write.part.0+0x69e/0xaa0 [ 2085.560748] ? sg_new_write.isra.0+0x770/0x770 [ 2085.561406] ? __lockdep_reset_lock+0x180/0x180 [ 2085.562073] ? perf_trace_lock+0xac/0x490 [ 2085.562674] ? lock_acquire+0x197/0x470 [ 2085.563238] ? find_held_lock+0x2c/0x110 [ 2085.563828] ? _cond_resched+0x12/0x80 [ 2085.564384] ? inode_security+0x107/0x140 [ 2085.564979] ? avc_policy_seqno+0x9/0x70 [ 2085.565555] ? selinux_file_permission+0x92/0x520 [ 2085.566246] sg_write+0x87/0x120 [ 2085.566736] ? sg_write.part.0+0xaa0/0xaa0 [ 2085.567336] vfs_write+0x29a/0xb10 [ 2085.567850] ksys_write+0x12d/0x260 [ 2085.568369] ? __ia32_sys_read+0xb0/0xb0 [ 2085.568953] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2085.569691] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2085.570419] do_syscall_64+0x33/0x40 [ 2085.570950] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2085.571677] RIP: 0033:0x7f794b5b5b19 [ 2085.572203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2085.574805] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2085.575873] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2085.576876] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2085.577884] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2085.578899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2085.579909] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2085.631852] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2085.631852] program syz-executor.6 not setting count and/or reply_len properly [ 2085.636854] FAULT_INJECTION: forcing a failure. [ 2085.636854] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2085.638510] CPU: 0 PID: 36354 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2085.639466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2085.640605] Call Trace: [ 2085.640971] dump_stack+0x107/0x167 [ 2085.641467] should_fail.cold+0x5/0xa [ 2085.641992] __alloc_pages_nodemask+0x182/0x600 [ 2085.642650] ? __kmalloc+0x16e/0x390 [ 2085.643161] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2085.643982] ? trace_hardirqs_on+0x5b/0x180 [ 2085.644572] alloc_pages_current+0x187/0x280 [ 2085.645166] sg_build_indirect.isra.0+0x2f5/0x710 [ 2085.645829] sg_common_write.constprop.0+0x992/0x1a30 [ 2085.646540] ? sg_build_indirect.isra.0+0x710/0x710 [ 2085.647229] ? vprintk_func+0x93/0x140 [ 2085.647758] ? printk+0xba/0xf1 [ 2085.648205] ? record_print_text.cold+0x16/0x16 [ 2085.648840] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2085.649525] ? trace_hardirqs_on+0x5b/0x180 [ 2085.650125] sg_write.part.0+0x69e/0xaa0 [ 2085.650685] ? sg_new_write.isra.0+0x770/0x770 [ 2085.651314] ? __lockdep_reset_lock+0x180/0x180 [ 2085.651945] ? perf_trace_lock+0xac/0x490 [ 2085.652512] ? lock_acquire+0x197/0x470 [ 2085.653047] ? find_held_lock+0x2c/0x110 [ 2085.653605] ? _cond_resched+0x12/0x80 [ 2085.654132] ? inode_security+0x107/0x140 [ 2085.654704] ? avc_policy_seqno+0x9/0x70 [ 2085.655247] ? selinux_file_permission+0x92/0x520 [ 2085.655906] sg_write+0x87/0x120 [ 2085.656365] ? sg_write.part.0+0xaa0/0xaa0 [ 2085.656934] vfs_write+0x29a/0xb10 [ 2085.657423] ksys_write+0x12d/0x260 [ 2085.657916] ? __ia32_sys_read+0xb0/0xb0 [ 2085.658461] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2085.659174] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2085.659863] do_syscall_64+0x33/0x40 [ 2085.660358] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2085.661051] RIP: 0033:0x7f5171091b19 [ 2085.661550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2085.664016] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2085.665033] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2085.665982] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2085.666942] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2085.667905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2085.668862] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:27:44 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 82) 03:27:44 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x5214000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[r0], 0x1}, 0x58) [ 2099.367725] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2099.367725] program syz-executor.7 not setting count and/or reply_len properly 03:27:44 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000180)=@sco}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(r4, 0x0, &(0x7f0000000040)=@IORING_OP_READ_FIXED={0x4, 0x5, 0x4004, @fd_index=0x5, 0x1, 0x0, 0x1, 0x2, 0x1, {0x2}}, 0x8000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:27:44 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x41) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f00000000c0)={0xc0, @time={0x7838, 0x392a}, 0x1f, {0x3f, 0xa3}, 0x6, 0x0, 0x1f}) 03:27:44 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:27:44 executing program 3: r0 = getpid() getpid() r1 = getpid() r2 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0xfc, 0x0, 0x45, 0x8, 0x0, 0xa00000000000000, 0x8008, 0x4, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x4, @perf_config_ext={0x7, 0x9}, 0x0, 0x3, 0x6, 0x2, 0x3, 0x2, 0x101, 0x0, 0x6, 0x0, 0x1000}, r2, 0x1, 0xffffffffffffffff, 0x9) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000002c0)=0x0) r4 = getpgid(r1) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$TIOCGSID(r6, 0x5429, &(0x7f0000000340)) clone3(&(0x7f0000000440)={0x2000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x23}, &(0x7f0000000140)=""/72, 0x48, &(0x7f00000001c0)=""/219, &(0x7f0000000300)=[r1, r0, r3, r4], 0x4}, 0x58) 03:27:44 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 86) [ 2099.372977] FAULT_INJECTION: forcing a failure. [ 2099.372977] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2099.374789] CPU: 0 PID: 36421 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2099.375809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2099.377013] Call Trace: [ 2099.377444] dump_stack+0x107/0x167 [ 2099.377977] should_fail.cold+0x5/0xa [ 2099.378565] __alloc_pages_nodemask+0x182/0x600 [ 2099.379262] ? __kmalloc+0x16e/0x390 [ 2099.379817] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2099.380723] ? trace_hardirqs_on+0x5b/0x180 [ 2099.381357] alloc_pages_current+0x187/0x280 [ 2099.382042] sg_build_indirect.isra.0+0x2f5/0x710 [ 2099.382773] sg_common_write.constprop.0+0x992/0x1a30 [ 2099.383570] ? sg_build_indirect.isra.0+0x710/0x710 [ 2099.384299] ? vprintk_func+0x93/0x140 [ 2099.384873] ? printk+0xba/0xf1 [ 2099.385355] ? record_print_text.cold+0x16/0x16 [ 2099.386068] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2099.386804] ? trace_hardirqs_on+0x5b/0x180 [ 2099.387462] sg_write.part.0+0x69e/0xaa0 [ 2099.388056] ? sg_new_write.isra.0+0x770/0x770 [ 2099.388726] ? __lockdep_reset_lock+0x180/0x180 [ 2099.389421] ? perf_trace_lock+0xac/0x490 [ 2099.390049] ? lock_acquire+0x197/0x470 [ 2099.390630] ? find_held_lock+0x2c/0x110 [ 2099.391238] ? _cond_resched+0x12/0x80 [ 2099.391804] ? inode_security+0x107/0x140 [ 2099.392405] ? avc_policy_seqno+0x9/0x70 [ 2099.392996] ? selinux_file_permission+0x92/0x520 [ 2099.393728] sg_write+0x87/0x120 [ 2099.394238] ? sg_write.part.0+0xaa0/0xaa0 [ 2099.394872] vfs_write+0x29a/0xb10 [ 2099.395402] ksys_write+0x12d/0x260 [ 2099.395939] ? __ia32_sys_read+0xb0/0xb0 [ 2099.396542] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2099.397303] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2099.398054] do_syscall_64+0x33/0x40 [ 2099.398593] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2099.399369] RIP: 0033:0x7f794b5b5b19 [ 2099.399918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2099.402619] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2099.403730] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2099.404042] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2099.404042] program syz-executor.0 not setting count and/or reply_len properly [ 2099.404783] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2099.404791] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2099.404799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2099.404807] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2099.428357] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2099.428357] program syz-executor.6 not setting count and/or reply_len properly 03:27:45 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x3, 0x0) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000100)) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r5 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r4, r4) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f00000002c0)={0x9, 0x80000001, 0x0, 'queue1\x00', 0x395ed524}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r4, 0x128}, {0xffffffffffffffff, 0x2002}, {r5}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r6, r8, 0x6, 0xffffffffffffffff, r7) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x3, 0x6, 0x9, 0x6f, 0x0, 0x1, 0x50000, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000140)}, 0x52291, 0x5db4010e, 0x6, 0x9, 0x5, 0xd5, 0x7, 0x0, 0x4, 0x0, 0x101}, r6, 0xe, r0, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r2, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2099.448313] FAULT_INJECTION: forcing a failure. [ 2099.448313] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2099.451186] CPU: 1 PID: 36444 Comm: syz-executor.6 Not tainted 5.10.230 #1 03:27:45 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f00000000c0)={0x3, 0x1, 'client1\x00', 0x8000000040000006, "701c8546f6f2ea1e", "7b08e590c6317a4b10b7a10c49c1e30199eef48e76616aed3de7b5ef0d4c4269", 0x0, 0x7}) [ 2099.452815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2099.454906] Call Trace: [ 2099.455547] dump_stack+0x107/0x167 [ 2099.456403] should_fail.cold+0x5/0xa [ 2099.457306] __alloc_pages_nodemask+0x182/0x600 [ 2099.458407] ? __kmalloc+0x16e/0x390 [ 2099.459292] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2099.460720] ? trace_hardirqs_on+0x5b/0x180 [ 2099.461749] alloc_pages_current+0x187/0x280 [ 2099.462792] sg_build_indirect.isra.0+0x2f5/0x710 [ 2099.463956] sg_common_write.constprop.0+0x992/0x1a30 [ 2099.465181] ? sg_build_indirect.isra.0+0x710/0x710 [ 2099.466348] ? vprintk_func+0x93/0x140 [ 2099.467272] ? printk+0xba/0xf1 [ 2099.468045] ? record_print_text.cold+0x16/0x16 [ 2099.469145] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2099.470334] ? trace_hardirqs_on+0x5b/0x180 [ 2099.471383] sg_write.part.0+0x69e/0xaa0 [ 2099.472331] ? sg_new_write.isra.0+0x770/0x770 [ 2099.473402] ? __lockdep_reset_lock+0x180/0x180 [ 2099.474472] ? perf_trace_lock+0xac/0x490 [ 2099.475448] ? lock_acquire+0x197/0x470 [ 2099.476377] ? find_held_lock+0x2c/0x110 [ 2099.477338] ? _cond_resched+0x12/0x80 [ 2099.478241] ? inode_security+0x107/0x140 [ 2099.479207] ? avc_policy_seqno+0x9/0x70 [ 2099.480144] ? selinux_file_permission+0x92/0x520 [ 2099.481295] sg_write+0x87/0x120 [ 2099.482085] ? sg_write.part.0+0xaa0/0xaa0 [ 2099.483073] vfs_write+0x29a/0xb10 [ 2099.483905] ksys_write+0x12d/0x260 [ 2099.484751] ? __ia32_sys_read+0xb0/0xb0 [ 2099.485694] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2099.486910] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2099.488107] do_syscall_64+0x33/0x40 [ 2099.488967] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2099.490146] RIP: 0033:0x7f5171091b19 [ 2099.491011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2099.495248] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2099.496999] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2099.498634] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2099.500289] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2099.501928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2099.503572] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:27:45 executing program 5: perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000100)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ptrace$getenv(0x4201, 0xffffffffffffffff, 0x2, &(0x7f0000000040)) [ 2114.522947] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2114.522947] program syz-executor.0 not setting count and/or reply_len properly [ 2114.529162] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2114.529162] program syz-executor.7 not setting count and/or reply_len properly [ 2114.536564] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2114.536564] program syz-executor.6 not setting count and/or reply_len properly 03:28:00 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) clock_getres(0x4, &(0x7f0000000040)) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x3, 0x4, 0x80, 0x7, 0x0, 0x10000, 0x2290, 0xf, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x4, @perf_config_ext={0xfffffffffffffc01, 0x6}, 0x10404, 0x5, 0x9a8, 0x7, 0x8, 0x0, 0x401, 0x0, 0x6}, 0xffffffffffffffff, 0x10, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:28:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x20000, 0x80, 0x2c87, {0x200, 0x3}, 0x10003, 0x9}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x680001, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0xfffffffc, 0x400, 0x1, 'queue0\x00'}) 03:28:00 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000600), 0x220200, 0x0) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_open_dev$mouse(&(0x7f00000005c0), 0x4, 0x40) r4 = syz_io_uring_setup(0x794d, &(0x7f0000000300)={0x0, 0x9592, 0x10, 0x0, 0x151, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000000)) fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) pwritev2(r4, &(0x7f0000000140)=[{&(0x7f00000000c0)="ac6b135d805d2201725eb5d3d475280fa09b1fcffa4a300a710e8d470e2c197d99482723046cbd241b687cf4be8f556e8ce8ee90f138", 0x36}], 0x1, 0x101, 0x4, 0x11) r8 = fork() r9 = fork() r10 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x2010, r2, 0x10000000) syz_io_uring_submit(r5, r10, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0x2, 0x4000, @fd=r0, 0x8, &(0x7f00000004c0)="e23943c9e702fd80b148874c3460b8d5dc5fc292cba4980f220c0cdfc5f4d5126ca008fd7749b076963795ba04a5947f32e252d62856449097e69f50acb704b9958c8980672fda52746d33c642f9741cdfd7ffc235af1e6afcb042d5372e3dd02bc637a4d5b4a0f6ce26fce337083dedd24186524c2e377c9006f1ccf1f51448108015acfa22c084bab3882ac58614fe2e6dcebff058e0074f4f919c688cb78adfc57db9f6db148f32d1a00e3a7f549bf1b5876c808d85cdfce1cbafcccec77ffe89e46fa942cfd26e347aa4f120b8cf6ea0e9b29be3dc52034e0aa3075f8fa4d3946c3bc3847615", 0xe8, 0x2, 0x1}, 0x1) kcmp(r9, r8, 0x6, r6, 0xffffffffffffffff) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x47a76c9e41c3591d, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, r9, 0x0, 0xffffffffffffffff, 0x0) r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r11, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:28:00 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = syz_open_procfs(r1, &(0x7f0000000000)='attr/exec\x00') ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000000c0)=0x0) r4 = perf_event_open$cgroup(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x12, 0xfb, 0x80, 0x0, 0x7, 0x2000, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5, 0x1, @perf_bp={&(0x7f0000000100), 0x6}, 0x4e42, 0x1f, 0x56, 0x5, 0x0, 0x81, 0x8ff, 0x0, 0xffffffa0, 0x0, 0x40}, r2, 0x6, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x80, 0x2, 0x82, 0x1f, 0x0, 0xf8, 0x0, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3f, 0x2, @perf_config_ext={0x6, 0x7}, 0x0, 0x7fff, 0x7, 0x0, 0x3, 0xfff, 0x5, 0x0, 0x7af1, 0x0, 0x7}, r3, 0x8, r4, 0x0) 03:28:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 87) 03:28:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:00 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 83) 03:28:00 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) timer_create(0x881d825a985b0a6f, &(0x7f0000000000)={0x0, 0x39, 0x4, @tid=r0}, &(0x7f0000000040)) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000cc0)=0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r5 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r4, r4) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r4, 0x128}, {0xffffffffffffffff, 0x2002}, {r5}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r9 = fork() kcmp(r6, r9, 0x6, 0xffffffffffffffff, r8) r10 = fork() kcmp(r10, r9, 0x6, r7, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000d00)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff, 0xee01}}, './file0\x00'}) r12 = getgid() setxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="02000000010006000000000002000600", @ANYRES32=0xee01, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000700", @ANYRES32=0x0, @ANYBLOB="02000300", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040002000000000008000100", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r12, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\a\x00', @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="10e3ffffff00020000f6a065f1070d9c"], 0x7c, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e00)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f00000009c0)=[{&(0x7f0000000100)="d3f127fbed412ad9afd40703db535c3608ac81e5b5394781dce326b1f594be43968b78e3915361a99514193b313dcc8e0b76d01cef51890fc78c7aa0797e84bf5e8aa108ce52c2f35c68a20d1a20a24ddcc662b1877a815b89c71cc3161a84dadf2110c3ce1c7e13b28d29ac09ffe934a7727e50a420c81994b36b18971fc7626aacf70057eb2a81358806ae2601bf1d742d2142fadfb05a619a96a70d89039638e67ca5237f54a5729d6697a70a02e78abbb32229271b5f9a67eb88cec297387f5c8a62ee8b7b5df9", 0xc9}, {&(0x7f0000000200)="6929e7982cd3d7505609a2fb9f1860ddfada12c367db6b8374b2d486c3dea0fd921ac18f4b79c6357f9c646e368f57d09da24f5183503ac72fe7c8bb7473dbe2d7d982d65298ebb704ebd08653c99603387ea312c001a9bd0d8a60610be7d7a5c0ca2fdb7e5b20983624974fa5aa8ec0b2de3e11f9bf064a4113986099e2d3af0d7093ca86c6e9c6eda9dd51bbdc0cf1060d78b67855c7ac73577486eeb4d849e366160211a7d20713fe8427a6525b2264952d82ad06e649034997f4a17ebbe13a70ec4916fe1bb283326f83774686079ec1d6e6e659ea8d67ecf9e5cc3f5877fecd0d058b2e31772560", 0xea}, {&(0x7f0000000440)="60fcbafd2bd6abf3d85cf909919c7ab1064b6d6d6801a4475971279193bbf2678849c0779baa2a0c871c2eda4ca524824a306cdc5b68674d581a9ad6398e886a958d0c051b8d34dab712b85cf80c85cf147681d39a8c49b35550974b4e31ed1ff5e74cbb6b68055bcc7eef7db687b00fae8c6b92900ad39d30bd9bb0f5abb7cd38aea14208b23038a012df5a1c68544cddb1809884118d36699ecd938addd2f44012c068c93967bbaec1d60818838d26c2e0e84562438163f9", 0xb9}, {&(0x7f0000000500)="bbd851691566cedea2aaad8d898a645a74a81a3bbf8e8d5f302339f97e23d69a8c585f811c1e355fbf2f4bd4b707e9054626cbeb1953a028400fb3ac480a7108e94783ace9026e9282a7ec269bf10093a47339c2e20c05b9e6607d1e72290019d2aa312e1c1ee38d34ca6c513f59c913bb15f17a6d3670c136b91e582eca160d8ba707be19f23df5e0f1a14ecafe3d1a2adf0025d12d3417080217f08dda3be07858a7ecbb9c45446bd20ba63eb83f23c7ab2b3dc5e05076a30395d9321dd4f81fb226c96f8b8745a45471af08b3324e847b6e966d3641bc0397fdaaffd6927cbf8a9ee4a3ae", 0xe6}, {&(0x7f0000000600)="d595de7031ceb55c465246cf22ea99ea9f8c00a765c6c2d99fd757bcc51966e97504820cb74807471ce43840ba26980e7e2909ae22c188f2c44dc5c97f406c9d411df900c865ea33ecf24154cb2ca5f389b611bd7ef493e398e1a8f80b5aaea0f7870873f57ec87d6f36388532e6d5a984b893f9a204fe18cb1a8c1e05709be7690e8404bb2c4ab1c74bafeafe59547a7ee16b6cf1ddfb823f8c370075d531981d9f7742bc3102077073461691f00b02e57ccf8041249da1609860218b2a60edb3f6ef4c86e3cc7cf20aad38290aad460f1a64176549d2dfba13b4878557ec20cd101cf561f721", 0xe7}, {&(0x7f0000000300)="70fadb67e2ae0ca2cac9a38a6cdc0ce604237a3b5c493872b5bcb8338b88445ab25b2581e9af3189eb2f087d1ce74965472d1bde55", 0x35}, {&(0x7f0000000700)="597e96e27c4989af85e32857a970bc123540a8673db2feea1de7e2fd2f4b3eb6ca1b8d7dddf147112a774a17c47e2b788798ce5cefc805e133531534f5df5b4564d394860d1770bea389e150bcf2225a8143f0db39a1ced84b9f5311887f5612421d5dfd79a73306d91aab65a0be21628da7db56b9a3104868ce1f5e1884c552997255f623214e2aa68ba19d16404bcae782b3c41a4a8b1c5c49852372b2ee0c18c180d4c811db237b6c274511c16bd168194da0b576ad2126cc1bb63e78b36059bee07905e8d13581ebf7478ea53f263ee60c6f83c8a5024e6338d148d34f5b6cc806bdb54bdc31b7315791445e6029ff8ff898abe42f31154fa0", 0xfb}, {&(0x7f0000000800)="bbd7c8a36e2c44c813872a287e92815897c92e76538f022e70531e116a6efcfee26c1be872f6ebb921955754299f01c748e8b6a0ae0a3c678f2bb5d9c66dff9a130ae8b86683b9361a4bb0553daf1e956b5cecca99565faceec87b69a2473931f6a467388cf8225686071906c5ec1f06a860c064dfe6ef3ef4f8d0595a1802e2dc1a63560cc58aa696519d34fac552a23ad7101766e9dabc02f623b1e5503d0dc7543ddd017c418a80c4a28f2f5acdf76b8205bbc57fed932b6741", 0xbb}, {&(0x7f00000008c0)="2c7acfefd6244597517cc25c0b25267030bd591ecd4a9bdbfb44740936f6c028dfab44b768fa180f77f33cec19e05343d32d501edbadeca45f16e43c53425cb87ff75550758673c5149eeedd693e594eb0fcd520ee2eed410bffdbc70eaf806ab34f69b4bf8f6e742d4663e04dfa794c1c08a0ac36bf73dfd2f8a026b8d29085e83939fea56ed4399381c14186da5aaf1d3124fe39f135836b039b6279cb3393b20e90c5db83ac15a0e95b74aba3c14bb8f6442be50f9fcaab2140a4effc03f5375e", 0xc2}], 0x9, &(0x7f0000000d40)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r1}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r0, r2, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r9, r11, r12}}}], 0xb8, 0xc5}, 0x4000) [ 2114.560173] FAULT_INJECTION: forcing a failure. [ 2114.560173] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2114.563050] CPU: 0 PID: 36856 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2114.564727] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2114.566714] Call Trace: [ 2114.567350] dump_stack+0x107/0x167 [ 2114.568244] should_fail.cold+0x5/0xa [ 2114.569165] __alloc_pages_nodemask+0x182/0x600 [ 2114.570299] ? __kmalloc+0x16e/0x390 [ 2114.571192] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2114.572656] ? trace_hardirqs_on+0x5b/0x180 [ 2114.573706] alloc_pages_current+0x187/0x280 [ 2114.574770] sg_build_indirect.isra.0+0x2f5/0x710 [ 2114.575955] sg_common_write.constprop.0+0x992/0x1a30 [ 2114.577223] ? sg_build_indirect.isra.0+0x710/0x710 [ 2114.578424] ? vprintk_func+0x93/0x140 [ 2114.579356] ? printk+0xba/0xf1 [ 2114.580168] ? record_print_text.cold+0x16/0x16 [ 2114.581285] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2114.582485] ? trace_hardirqs_on+0x5b/0x180 [ 2114.583546] sg_write.part.0+0x69e/0xaa0 [ 2114.584547] ? sg_new_write.isra.0+0x770/0x770 [ 2114.585652] ? __lockdep_reset_lock+0x180/0x180 [ 2114.586767] ? perf_trace_lock+0xac/0x490 [ 2114.587783] ? lock_acquire+0x197/0x470 [ 2114.588735] ? find_held_lock+0x2c/0x110 [ 2114.589720] ? _cond_resched+0x12/0x80 [ 2114.590648] ? inode_security+0x107/0x140 [ 2114.591643] ? avc_policy_seqno+0x9/0x70 [ 2114.592610] ? selinux_file_permission+0x92/0x520 [ 2114.593501] FAULT_INJECTION: forcing a failure. [ 2114.593501] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2114.593764] sg_write+0x87/0x120 [ 2114.595886] ? sg_write.part.0+0xaa0/0xaa0 [ 2114.596926] vfs_write+0x29a/0xb10 [ 2114.597811] ksys_write+0x12d/0x260 [ 2114.598704] ? __ia32_sys_read+0xb0/0xb0 [ 2114.599714] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2114.600998] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2114.602268] do_syscall_64+0x33/0x40 [ 2114.603182] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2114.604446] RIP: 0033:0x7f5171091b19 [ 2114.605363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2114.609900] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2114.611777] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2114.613533] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2114.615288] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.617059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2114.618815] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2114.620604] CPU: 1 PID: 36854 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2114.621427] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2114.622412] Call Trace: [ 2114.622723] dump_stack+0x107/0x167 [ 2114.623157] should_fail.cold+0x5/0xa [ 2114.623620] __alloc_pages_nodemask+0x182/0x600 [ 2114.624173] ? __kmalloc+0x16e/0x390 [ 2114.624614] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2114.625330] ? trace_hardirqs_on+0x5b/0x180 [ 2114.625850] alloc_pages_current+0x187/0x280 [ 2114.626377] sg_build_indirect.isra.0+0x2f5/0x710 [ 2114.626955] sg_common_write.constprop.0+0x992/0x1a30 [ 2114.627580] ? sg_build_indirect.isra.0+0x710/0x710 [ 2114.628174] ? vprintk_func+0x93/0x140 [ 2114.628636] ? printk+0xba/0xf1 [ 2114.629030] ? record_print_text.cold+0x16/0x16 [ 2114.629582] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2114.630183] ? trace_hardirqs_on+0x5b/0x180 [ 2114.630700] sg_write.part.0+0x69e/0xaa0 [ 2114.631185] ? sg_new_write.isra.0+0x770/0x770 [ 2114.631742] ? __lockdep_reset_lock+0x180/0x180 [ 2114.632290] ? perf_trace_lock+0xac/0x490 [ 2114.632783] ? lock_acquire+0x197/0x470 [ 2114.633254] ? find_held_lock+0x2c/0x110 [ 2114.633740] ? _cond_resched+0x12/0x80 [ 2114.634206] ? inode_security+0x107/0x140 [ 2114.634693] ? avc_policy_seqno+0x9/0x70 [ 2114.635174] ? selinux_file_permission+0x92/0x520 [ 2114.635754] sg_write+0x87/0x120 [ 2114.636159] ? sg_write.part.0+0xaa0/0xaa0 [ 2114.636658] vfs_write+0x29a/0xb10 [ 2114.637085] ksys_write+0x12d/0x260 [ 2114.637518] ? __ia32_sys_read+0xb0/0xb0 [ 2114.638006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2114.638627] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2114.639239] do_syscall_64+0x33/0x40 [ 2114.639688] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2114.640293] RIP: 0033:0x7f794b5b5b19 [ 2114.640732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2114.642893] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2114.643801] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2114.644645] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2114.645489] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.646334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2114.647178] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:28:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x8, 0x101, {}, 0x200000, 0x401}) 03:28:00 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) syz_io_uring_setup(0x74a3, &(0x7f0000000040)={0x0, 0x57ea, 0x8, 0x2, 0x1b1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000100)=0x0) syz_io_uring_submit(0x0, r0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000140)=0x80, &(0x7f0000000180)=@qipcrtr, 0x0, 0x80800}, 0x9) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x3) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:28:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 88) 03:28:00 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 84) 03:28:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2114.771086] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2114.771086] program syz-executor.6 not setting count and/or reply_len properly 03:28:00 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r4 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r5 = fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r3, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r5, r8, 0x6, 0xffffffffffffffff, r7) r9 = fork() kcmp(r9, r8, 0x6, r6, 0xffffffffffffffff) r10 = getpgrp(r1) clone3(&(0x7f0000000540)={0xa0000000, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0, {0x28}, &(0x7f00000002c0)=""/153, 0x99, &(0x7f0000000440)=""/185, &(0x7f0000000500)=[r1, r1, r1, r1, r0], 0x5}, 0x58) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000005c0)=0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000600)={0x0, 0x0}) r14 = openat$zero(0xffffffffffffff9c, &(0x7f00000006c0), 0x801, 0x0) clone3(&(0x7f0000000700)={0x800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x27}, &(0x7f00000000c0)=""/211, 0xd3, &(0x7f00000001c0)=""/23, &(0x7f0000000680)=[r0, r8, r0, r10, r11, r12, r13], 0x7, {r14}}, 0x58) [ 2114.783326] FAULT_INJECTION: forcing a failure. [ 2114.783326] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2114.784781] CPU: 1 PID: 37216 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2114.785599] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2114.786532] Call Trace: [ 2114.786850] dump_stack+0x107/0x167 [ 2114.787281] should_fail.cold+0x5/0xa [ 2114.787737] __alloc_pages_nodemask+0x182/0x600 [ 2114.788287] ? __kmalloc+0x16e/0x390 [ 2114.788724] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2114.789432] ? trace_hardirqs_on+0x5b/0x180 [ 2114.789946] alloc_pages_current+0x187/0x280 [ 2114.790468] sg_build_indirect.isra.0+0x2f5/0x710 [ 2114.791043] sg_common_write.constprop.0+0x992/0x1a30 [ 2114.791068] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2114.791068] program syz-executor.7 not setting count and/or reply_len properly [ 2114.791666] ? sg_build_indirect.isra.0+0x710/0x710 [ 2114.791678] ? vprintk_func+0x93/0x140 [ 2114.791698] ? printk+0xba/0xf1 [ 2114.796972] ? record_print_text.cold+0x16/0x16 [ 2114.797532] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2114.798134] ? trace_hardirqs_on+0x5b/0x180 [ 2114.798645] sg_write.part.0+0x69e/0xaa0 [ 2114.799122] ? sg_new_write.isra.0+0x770/0x770 [ 2114.799669] ? __lockdep_reset_lock+0x180/0x180 [ 2114.800216] ? perf_trace_lock+0xac/0x490 [ 2114.800704] ? lock_acquire+0x197/0x470 [ 2114.801176] ? find_held_lock+0x2c/0x110 [ 2114.801663] ? _cond_resched+0x12/0x80 [ 2114.802125] ? inode_security+0x107/0x140 [ 2114.802616] ? avc_policy_seqno+0x9/0x70 [ 2114.803094] ? selinux_file_permission+0x92/0x520 [ 2114.803676] sg_write+0x87/0x120 [ 2114.804071] ? sg_write.part.0+0xaa0/0xaa0 [ 2114.804563] vfs_write+0x29a/0xb10 [ 2114.804982] ksys_write+0x12d/0x260 [ 2114.805408] ? __ia32_sys_read+0xb0/0xb0 [ 2114.805888] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2114.806507] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2114.807115] do_syscall_64+0x33/0x40 [ 2114.807556] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2114.808160] RIP: 0033:0x7f5171091b19 [ 2114.808594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2114.810762] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2114.811672] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2114.812507] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2114.813353] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.814195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2114.815041] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2114.828788] FAULT_INJECTION: forcing a failure. [ 2114.828788] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2114.831844] CPU: 0 PID: 37235 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2114.833543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2114.835595] Call Trace: [ 2114.836248] dump_stack+0x107/0x167 [ 2114.837148] should_fail.cold+0x5/0xa [ 2114.838093] __alloc_pages_nodemask+0x182/0x600 [ 2114.839241] ? __kmalloc+0x16e/0x390 [ 2114.840169] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2114.841666] ? trace_hardirqs_on+0x5b/0x180 [ 2114.842737] alloc_pages_current+0x187/0x280 [ 2114.843837] sg_build_indirect.isra.0+0x2f5/0x710 [ 2114.845038] sg_common_write.constprop.0+0x992/0x1a30 [ 2114.846324] ? sg_build_indirect.isra.0+0x710/0x710 [ 2114.847555] ? vprintk_func+0x93/0x140 [ 2114.848524] ? printk+0xba/0xf1 [ 2114.849339] ? record_print_text.cold+0x16/0x16 [ 2114.850491] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2114.851746] ? trace_hardirqs_on+0x5b/0x180 [ 2114.852827] sg_write.part.0+0x69e/0xaa0 [ 2114.853834] ? sg_new_write.isra.0+0x770/0x770 [ 2114.854978] ? __lockdep_reset_lock+0x180/0x180 [ 2114.856137] ? perf_trace_lock+0xac/0x490 [ 2114.857163] ? lock_acquire+0x197/0x470 [ 2114.858140] ? find_held_lock+0x2c/0x110 [ 2114.859156] ? _cond_resched+0x12/0x80 [ 2114.860121] ? inode_security+0x107/0x140 [ 2114.861120] ? avc_policy_seqno+0x9/0x70 [ 2114.862087] ? selinux_file_permission+0x92/0x520 [ 2114.863254] sg_write+0x87/0x120 [ 2114.864089] ? sg_write.part.0+0xaa0/0xaa0 [ 2114.865100] vfs_write+0x29a/0xb10 [ 2114.865958] ksys_write+0x12d/0x260 [ 2114.866831] ? __ia32_sys_read+0xb0/0xb0 [ 2114.867815] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2114.869072] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2114.870311] do_syscall_64+0x33/0x40 [ 2114.871201] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2114.872435] RIP: 0033:0x7f794b5b5b19 [ 2114.873323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2114.877760] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2114.879609] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2114.881329] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2114.883046] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.884773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2114.886508] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:28:00 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 85) 03:28:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r2, 0xc0bc5310, &(0x7f00000000c0)) 03:28:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:00 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = clone3(&(0x7f0000000140)={0x7040100, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x23}, &(0x7f0000000440)=""/4096, 0x1000, &(0x7f00000000c0)=""/45, &(0x7f0000000100)=[r0, r0], 0x2}, 0x58) r2 = syz_open_dev$sg(&(0x7f00000001c0), 0x1, 0x108a00) kcmp(r0, r1, 0x6, 0xffffffffffffffff, r2) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340)}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/class/spi_transport', 0x942c2, 0x8) ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000300)=0x9) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SG_SET_FORCE_PACK_ID(r4, 0x227b, &(0x7f0000000200)=0x1) [ 2114.979638] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2114.979638] program syz-executor.0 not setting count and/or reply_len properly 03:28:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000004180)={0x0, 0x0}) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004040)=[{{&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000001540)=[{&(0x7f00000001c0)=""/214, 0xd6}, {&(0x7f00000002c0)=""/211, 0xd3}, {&(0x7f00000003c0)=""/74, 0x4a}, {&(0x7f0000000440)=""/184, 0xb8}, {&(0x7f0000000540)=""/4096, 0x1000}], 0x5, &(0x7f0000004340)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="080000001800000200000000010000003756e9c1ebcf0300000000000000afb300e2ca75c63feb64ec2ddf9721c23c96c4b683839c6e829541", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x98}}, {{&(0x7f0000001680)=@abs, 0x6e, &(0x7f00000018c0)=[{&(0x7f0000001700)=""/224, 0xe0}, {&(0x7f0000001800)=""/168, 0xa8}], 0x2, &(0x7f0000001900)=ANY=[@ANYBLOB="1c000000000000000100000002d98b00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000010000000000000000100000001000000"], 0x30}}, {{&(0x7f0000001940), 0x6e, &(0x7f0000002d00)=[{&(0x7f00000019c0)=""/236, 0xec}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000002ac0)=""/41, 0x29}, {&(0x7f0000002b00)=""/213, 0xd5}, {&(0x7f0000002c00)=""/83, 0x53}, {&(0x7f00000042c0)=""/109, 0x6d}], 0x6}}, {{&(0x7f0000002d80)=@abs, 0x6e, &(0x7f0000003e80)=[{&(0x7f0000002e00)=""/61, 0x3d}, {&(0x7f0000002e40)=""/4095, 0xfff}, {&(0x7f0000003e40)=""/10, 0xa}], 0x3}}, {{&(0x7f0000003ec0), 0x6e, &(0x7f0000003fc0)=[{&(0x7f0000003f40)=""/26, 0x1a}, {&(0x7f0000003f80)=""/53, 0x35}], 0x2, &(0x7f0000004000)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x40}}], 0x5, 0x2022, &(0x7f00000041c0)={r1, r2+60000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000004200)={0x1, 0x1, {0x3, 0x2, 0x3, 0x0, 0x100}, 0x3ff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000000c0)={0x1, 0x1, {0x1, 0x0, 0x9, 0x3, 0x100}, 0x40}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r9 = fcntl$dupfd(r8, 0x0, r8) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r9, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000015c0)=@IORING_OP_OPENAT={0x12, 0x2, 0x0, r9, 0x0, &(0x7f0000000500)='./file1\x00', 0x0, 0x800, 0x12345}, 0x80) r10 = fcntl$dupfd(r7, 0x0, r7) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001600), 0xa}, 0x44840, 0xfffffffffffffffc, 0x113, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r10, 0x0) r11 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002c80), 0x4000, 0x0) ioctl$SG_IO(r11, 0x2285, &(0x7f00000057c0)={0x0, 0xffffffffffffffff, 0xb5, 0x9, @scatter={0x4, 0x0, &(0x7f0000004280)=[{&(0x7f0000004500)=""/71, 0x47}, {&(0x7f0000002cc0)=""/63, 0x3f}, {&(0x7f0000004580)=""/176, 0xb0}, {&(0x7f0000004640)=""/123, 0x7b}]}, &(0x7f00000046c0)="1abb09f15741f195f300bf4949419b1dc2a39455ec30580b31e30e4b4981dd519448f193c72f65db1a1de5c553b9936db1210fa68278a210be06b82c80258e3ddc7697ae0e475bc3577ad2e17afe2360ee6f234ffe8fe734a1f74bd1185e9246f80446ea1e18883df710ac396244026001df3baa29c1cff8fa5fea2b7ad221f12ab4895d2e95a78b1d2a45a0c5ab8ac22542e87c1403336f2106cc8f6381b9c33b53206cd0c4c698db424d31ad9b8e992b436f3b11", &(0x7f0000004780)=""/4096, 0x9, 0x14, 0x2, &(0x7f0000005780)}) fcntl$setownex(r5, 0xf, &(0x7f0000001640)={0x1, r6}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f0000004400)=ANY=[@ANYBLOB="010000000100000018000000ce2209a4dcdb9987f43f579806fa6a8ae6817816893e0975ac1b3f3e49cef8023621f0e94282c2d8299b1a15d9092552e97eb42f7ca470c1a9d23d349a348801f0c1d8a053047bb39fd7f50e7273e3d75163512edce1cbb0a85654936d8ae64ea591bea34458c213bee84ebe78e885c1fbb7fac5c5ce2f85e74ee96e7c5a08327d081b65b3bfacab56e48c37d8c9955afad766790122bc117ed3f3a11140db55cfd32c7f8631450c235b86609af95fed3476a822368a7e955b727443c691c99e93fb2b6150687bc6fd5f26f4fb18dc97c43537d26c0c61", @ANYRES32=r10, @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) [ 2115.008114] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2115.008114] program syz-executor.6 not setting count and/or reply_len properly [ 2115.030612] FAULT_INJECTION: forcing a failure. [ 2115.030612] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2115.033546] CPU: 0 PID: 37494 Comm: syz-executor.6 Not tainted 5.10.230 #1 03:28:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 89) [ 2115.035227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2115.037408] Call Trace: [ 2115.038049] dump_stack+0x107/0x167 [ 2115.038931] should_fail.cold+0x5/0xa 03:28:00 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) process_madvise(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)="90c2b4ac81041282aaebe04e3516303ae9656f3778b6296828cd5db5e8d2e2c1f565c641d2249f7602d02e8df863dddb01b749c2d0c95d185df5fdfa446a65f77e3dde3358be74ed81d427a2296c1324d89f6bf7d0f6031e6a60cbf839cabef0b4b434acf53f08e03fcde50eaf79024523ed0a5a2a192a1760b5d7eb7f529789e6d2c7b63d3a73f408398b6b909c0e7f9cbc24656d909f1dec9be617ea8492bab3d0688cf970531c7bb84b9810f2de3993e3525561bf", 0xb6}], 0x1, 0x12, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {r3}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000140)={0x2, 0x0, {0x3, 0x2, 0x3, 0x3, 0x1}, 0xa72f}) [ 2115.039870] __alloc_pages_nodemask+0x182/0x600 [ 2115.041030] ? __kmalloc+0x16e/0x390 [ 2115.041939] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2115.043404] ? trace_hardirqs_on+0x5b/0x180 [ 2115.044482] alloc_pages_current+0x187/0x280 [ 2115.045557] sg_build_indirect.isra.0+0x2f5/0x710 [ 2115.046738] sg_common_write.constprop.0+0x992/0x1a30 [ 2115.048010] ? sg_build_indirect.isra.0+0x710/0x710 [ 2115.049219] ? vprintk_func+0x93/0x140 [ 2115.050159] ? printk+0xba/0xf1 [ 2115.050963] ? record_print_text.cold+0x16/0x16 [ 2115.052102] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2115.053325] ? trace_hardirqs_on+0x5b/0x180 [ 2115.054386] sg_write.part.0+0x69e/0xaa0 [ 2115.055373] ? sg_new_write.isra.0+0x770/0x770 [ 2115.056499] ? __lockdep_reset_lock+0x180/0x180 [ 2115.057619] ? perf_trace_lock+0xac/0x490 [ 2115.058629] ? lock_acquire+0x197/0x470 [ 2115.059600] ? find_held_lock+0x2c/0x110 [ 2115.060601] ? _cond_resched+0x12/0x80 [ 2115.061544] ? inode_security+0x107/0x140 [ 2115.062533] ? avc_policy_seqno+0x9/0x70 [ 2115.063517] ? selinux_file_permission+0x92/0x520 [ 2115.064694] sg_write+0x87/0x120 [ 2115.065514] ? sg_write.part.0+0xaa0/0xaa0 [ 2115.066522] vfs_write+0x29a/0xb10 [ 2115.067391] ksys_write+0x12d/0x260 [ 2115.068279] ? __ia32_sys_read+0xb0/0xb0 [ 2115.069266] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2115.070515] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2115.071769] do_syscall_64+0x33/0x40 [ 2115.072653] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2115.073884] RIP: 0033:0x7f5171091b19 [ 2115.074779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2115.079215] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2115.081036] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2115.082737] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2115.083146] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; 03:28:00 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x141440) [ 2115.083146] program syz-executor.7 not setting count and/or reply_len properly [ 2115.084448] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2115.084462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2115.084475] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2115.118290] FAULT_INJECTION: forcing a failure. [ 2115.118290] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2115.119741] CPU: 1 PID: 37591 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2115.120534] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2115.121488] Call Trace: [ 2115.121795] dump_stack+0x107/0x167 [ 2115.122214] should_fail.cold+0x5/0xa [ 2115.122653] __alloc_pages_nodemask+0x182/0x600 [ 2115.123190] ? __kmalloc+0x16e/0x390 [ 2115.123625] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2115.124317] ? trace_hardirqs_on+0x5b/0x180 [ 2115.124816] alloc_pages_current+0x187/0x280 [ 2115.125325] sg_build_indirect.isra.0+0x2f5/0x710 [ 2115.125880] sg_common_write.constprop.0+0x992/0x1a30 [ 2115.126477] ? sg_build_indirect.isra.0+0x710/0x710 [ 2115.127052] ? vprintk_func+0x93/0x140 [ 2115.127496] ? printk+0xba/0xf1 [ 2115.127878] ? record_print_text.cold+0x16/0x16 [ 2115.128409] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2115.128982] ? trace_hardirqs_on+0x5b/0x180 [ 2115.129488] sg_write.part.0+0x69e/0xaa0 [ 2115.129958] ? sg_new_write.isra.0+0x770/0x770 [ 2115.130490] ? __lockdep_reset_lock+0x180/0x180 [ 2115.131026] ? perf_trace_lock+0xac/0x490 [ 2115.131512] ? lock_acquire+0x197/0x470 [ 2115.131973] ? find_held_lock+0x2c/0x110 [ 2115.132446] ? _cond_resched+0x12/0x80 [ 2115.132889] ? inode_security+0x107/0x140 [ 2115.133364] ? avc_policy_seqno+0x9/0x70 [ 2115.133826] ? selinux_file_permission+0x92/0x520 [ 2115.134386] sg_write+0x87/0x120 [ 2115.134779] ? sg_write.part.0+0xaa0/0xaa0 [ 2115.135264] vfs_write+0x29a/0xb10 [ 2115.135680] ksys_write+0x12d/0x260 [ 2115.136100] ? __ia32_sys_read+0xb0/0xb0 [ 2115.136569] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2115.137169] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2115.137763] do_syscall_64+0x33/0x40 [ 2115.138194] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2115.138782] RIP: 0033:0x7f794b5b5b19 [ 2115.139204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2115.141303] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2115.142167] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2115.142976] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2115.143792] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2115.144597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2115.145412] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:28:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = syz_io_uring_complete(0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000100)={0xfffffc01, 0x0, {0x2, 0x3, 0xfffffffa, 0x1, 0x1}, 0x42c7}) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f00000000c0)={0x0, 0x784, 0xfffffffffffffff9}) [ 2115.169667] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2115.169667] program syz-executor.0 not setting count and/or reply_len properly 03:28:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000180)={0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f00000005c0)={0x0, 0x1, 0xd, 0x1b, 0x193, &(0x7f00000001c0)="396e12628369dd340461ef95e94d1214c93136c88dda92bb887ff5314d8f4f82735864df6b97f6148f6b9df690fc2aa5f4fd300da27a3288ab423c341e01e1330bcc0313d70446c45db79415b49c6015f6883ab4b24f0920881aad0ed04eb29274cd42ca753bbc0866cc5a73c2ebe79d97930f63572b4a84fb82ee14968dea27bf98eb5e7434af75866dcc9ee200428e41a7cf0567ee39a61a4022f655e3cd5f6292ec6969d34b49d44a4b154d1f44239df0e3447f16f50b94026c159fbc317e2addccbe94ffd5b8985c0beeb2c1d23ac1ec66393cb567fbe7ff7fe2a9ff49c292e0677cb7244772d0b24ceed67641230d4ad2a9b4c5c2b10320f763fc8f0958e8244eb5acf55997d4eadbca00ce5076af57879aa07b7a896d67a6f2f6eb2d4dbef2f206c188397ce7025217227744d9dfa1ed0b6a88c23bb5551728b9b53e12220900637dc481fe180fc4f5f7595501a0dc91c9abb24694f50a5322aedfe0d051071b4f81a0a8032e6b7ecee2f7b8d8784b1d740dca1f7d4f78d01fc59e4a89d3ced01094be1b7c415bad4ee489bd615bff426f1e074c5be6409b0864ff96dd937fb1fdd8fdf9bdf8b69d2de2568efc0e31dcc6d609be51a6e8e64200d2db416dcb103c22f8af4cc9aed83b813c74e9a3157cbaef2a04fc110876c79c8063426bf7665e371a33505e2f08c9f0891a53e0bcc58916c380169e2b495277f122dac46035f59e00117bdc7da2f1f1e765faf44ead1da757426b21e54c085449fd76ad84b723e5b69d264fbca3f41aa9d78a3c989958477b2c6ba4479bece1aed680642d925b5449ab6834f4f2b8c2ee4d64d2f08155c6c9c7537c4fc99a41281e8e70b33e153388e64bf5e5a03d70c1f3aa0288cfa82a145b3183239dcb5d31792b30dd2a880c03deafe9ed6f601cf0443f8703db728bc647c6bf7d90cb50c5bdc82e5e12197464cca9127a554fa4c5158c65cd34644de11d82d8a6c56e7b94e903ca51fc51029311251d015ba92ee76f73d47d2f68676d7cabceb7c26fc96c6334818e73f0ef9fa08b6adda659c8df0ea5e93bfccd4d70c14d9081265dadbde87ce6cd262e5c610c5561e9419672bb14bfcba7a4b50b930ba67e489241ad22658fd8c00c411c7c10dbc82dd3ffca2783bf6313bdf3d94db18425cf9e4df4646c6a6aa414507d8eeefd1df035726323d1e3cb37d7472016fbaf892b58ef47cb46358921a52e4a1f619c3e5819c968929ecee6f74ede91ae1254b29bd797299d0fb29df48f903063914333d53bbf43a10b59cd1de89511ce3f9404001628155b026648886758370dc55fd683728725a5c75ea4c028beccbaf8c2b4659d042f85966693811cb504f5e44bee5774a766346c624ee7c50a1b2210619eee21214879714241a48ec32782e9be067c06a7f986cdbe33c4fe91f83bfa87cb05e60a585ebda1"}) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f00000000c0)={0x0, 0x7}) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000100), 0x20000, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000140)={0x7e6, @tick=0x5, 0x8, {0x1, 0x3}, 0x6, 0x2, 0x8}) 03:28:00 executing program 2: r0 = getpid() ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x9, 0x2, 0x401}) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x20, 0x6, 0x6, 0x0, 0x0, 0x200, 0xc0000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x4, 0x4}, 0x30000, 0x3, 0x81, 0x5, 0x5, 0x400, 0x7, 0x0, 0x8, 0x0, 0x8}, 0xffffffffffffffff, 0x5, r1, 0x0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:28:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2115.268585] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2115.268585] program syz-executor.0 not setting count and/or reply_len properly 03:28:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f00000000c0)={0x7, 0x991a, 0x1, 'queue0\x00', 0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:28:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 90) 03:28:00 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x84280, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) fcntl$dupfd(r1, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0x6, 0x80, 0x0, 'queue0\x00', 0x400006}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 2115.308322] FAULT_INJECTION: forcing a failure. [ 2115.308322] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2115.309716] CPU: 1 PID: 37921 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2115.310509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2115.311453] Call Trace: [ 2115.312036] dump_stack+0x107/0x167 [ 2115.312810] should_fail.cold+0x5/0xa [ 2115.313608] __alloc_pages_nodemask+0x182/0x600 [ 2115.314567] ? __kmalloc+0x16e/0x390 [ 2115.315340] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2115.316621] ? trace_hardirqs_on+0x5b/0x180 [ 2115.317523] alloc_pages_current+0x187/0x280 [ 2115.318437] sg_build_indirect.isra.0+0x2f5/0x710 [ 2115.319457] sg_common_write.constprop.0+0x992/0x1a30 [ 2115.320546] ? sg_build_indirect.isra.0+0x710/0x710 [ 2115.321578] ? lock_downgrade+0x6d0/0x6d0 [ 2115.322433] ? do_raw_spin_trylock+0xad/0x180 [ 2115.323365] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2115.324465] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2115.325506] ? trace_hardirqs_on+0x5b/0x180 [ 2115.326406] ? ___ratelimit+0x1fc/0x440 [ 2115.327232] sg_write.part.0+0x69e/0xaa0 [ 2115.328091] ? sg_new_write.isra.0+0x770/0x770 [ 2115.329044] ? __lockdep_reset_lock+0x180/0x180 [ 2115.330002] ? perf_trace_lock+0xac/0x490 [ 2115.330863] ? lock_acquire+0x197/0x470 [ 2115.331693] ? find_held_lock+0x2c/0x110 [ 2115.332544] ? _cond_resched+0x12/0x80 [ 2115.333346] ? inode_security+0x107/0x140 [ 2115.334208] ? avc_policy_seqno+0x9/0x70 [ 2115.335041] ? selinux_file_permission+0x92/0x520 [ 2115.336058] sg_write+0x87/0x120 [ 2115.336765] ? sg_write.part.0+0xaa0/0xaa0 [ 2115.337640] vfs_write+0x29a/0xb10 [ 2115.338385] ksys_write+0x12d/0x260 [ 2115.339147] ? __ia32_sys_read+0xb0/0xb0 [ 2115.340003] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2115.341094] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2115.342166] do_syscall_64+0x33/0x40 [ 2115.342933] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2115.344015] RIP: 0033:0x7f794b5b5b19 [ 2115.344786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2115.348600] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2115.350177] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2115.351662] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2115.353131] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2115.354611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2115.356097] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:28:16 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 86) 03:28:16 executing program 3: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001e00)=[{{&(0x7f0000000780)={0xa, 0x4e23, 0x57f, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8}, 0x1c, &(0x7f00000008c0)=[{&(0x7f00000007c0)="36e03a22f4bf39c12fbf09e3e3a6aa075bcdebcc1f7cce970c91251ba26dbce6a0af39b6c2b83def6cf688b4162eb65b5a21f9351a7f563e3a6016b47151478c731df5522109e2a23ea05442b5ce79c5dd4a1246a16373efc6fdf016ef547a9bdc5da1b097958eb941d012e04fac8ad20f90615371328e0666f3bd30ae3a55c0fbc630d0f44f98dd58fceb935d694263e86efc0905310fcb68c53388f480b72e01fc3e96a91d9b7778c4fe7d399aa871cc645db5707f0576fe6c6b00910c0db2a8996379a69c803d9bc46c0740599aba7762cafd97b85f6dce", 0xd9}], 0x1, &(0x7f0000000900)=[@dontfrag={{0x14, 0x29, 0x3e, 0x80}}, @flowinfo={{0x14}}, @tclass={{0x14, 0x29, 0x43, 0x4}}], 0x48}}, {{&(0x7f0000000980)={0xa, 0x4e23, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xe7}, 0x1c, &(0x7f0000000c00)=[{&(0x7f00000009c0)="cbdf619621769388950363ad3ff5d5ee263fccf364d72523c548e3f9fa7abe0120c34cd60798c99d07982981fbfc795afb170bc1fb96e7415dc7eb6a45d270bbb291b8ae6929578118d6ac190765f12a00ed360dc603b1c277ab41d194d7613dd23afca70db420ecff", 0x69}, {&(0x7f0000000a40)="05f4855b3975574e5087b1c66524cae258ee597b3d1d0bc98f2a27e94f0d9618aa6b1b631b4ce16c92c5e73de5c03f3457ee0d92993d34e4f781b0b12c3d8581793af31e323637e798aed6fd55867a949a95d82c911def3104dc590b49d5f718e1443e8440ba64d41a1ade683e8937f8cb8799624d3b1a87103b3647e002405403f0c9bf32f0ff9f8370584812382e0de1a9c301bb2caae4e5f3b9d55d04595e32e25e0dae1cfd7269ead0335d97b8edc2fcb6e85aeaca67edde8954199dc3", 0xbf}, {&(0x7f0000000b00)="a2bd95eb0ebb9f8dc0fdc760c65ece990d7e63635265082a9b7d492aa1224a7ff5657aec53e76e730c3a28c2dd08e7f23210a7ce84429fec1e53303391e281ce8d23f60f29689e9568371ab65779e1ff299fda90b391af673c2218adb03d004d417a8520bf496ae46cddb8c9d37362bcb1bcc68e3ca76a82dbd7925f5b1c92f89fa52828f775b50962ff5db70f9411db8e6450c03d9ddb56de8537aa46765bcb65cc7c29fb482def6fb7748b38e087de4e43b54f86cd994da3d3e9f6b839f50a1e437fe9b2924c0fb96fe189730db960a6393e3866fe0bef70ea5520ead6a645236a9d3b6946a852faf92ff7bed0c1fce0f6c50e89cce65449c063997730", 0xfe}], 0x3, &(0x7f0000000c40)=[@rthdr_2292={{0x78, 0x29, 0x39, {0x1d, 0xc, 0x1, 0x3, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02']}}}, @tclass={{0x14, 0x29, 0x43, 0x3a}}, @dstopts_2292={{0x1050, 0x29, 0x4, {0x67, 0x206, '\x00', [@hao={0xc9, 0x10, @remote}, @jumbo={0xc2, 0x4, 0x2}, @generic={0x2, 0x1000, "e49c132d8c5d3fcfade742e5300067336fcf443853755a5924b7e651af2797a899ea0417f6107009f40c3dcf2973c16584b464e3dad954e7b2a9fd9c02ab1b455283d330f0f3f33671e025d0052ad5f562fc7c7714889736c7d9a70f8d258c1d44a9028d9f64b547a3ea88f38a7255d8bfc40aa4e34ca2416a9097bc1892818b8893292b0f28039db881b3cda914fcc0e5ad660bed48ac7ed8707620ffade2ecc570d0b4856c7e71b4888d6d6d23025d44ce2710a014008120b12ae2a4e6c5bd88499b9242b8831a5f2c9a0f2218474df95626c8c3df1578cb52f5e2d829a350e3ab89033a6423142577c3d67104f134f33fdb0468489b1098dd424eeb5f2e34593af6793319b4a43b431bdaafc8a3182882605a2e8afffd6499f5fd85bec164fad096a307ed83d8bd88094b5ad9c315f2c48b26627606d683e05f253d9c80fc8e47916ccacd0b658e802e3f3befc96f758615b6b1be80172c810a8e6e9b920d101854f65814b23710578d39bff561af35f25a408deca62fcdc4aad25d6edf339088977e07a0fe5f08f9cc3f269a6e581de7ef45bd08c7a8c5e0792983b377fc1e9dbcfb1dc9d710cf99ad13fb568c672470b7461051d14beede83d59a5d92b9d1d00707977e6344377037f87cf18a98a67e02d4874cd6c69948df2d5b32d1b62f83ca338124864fb704b9f4edc79a8da6049560a97f878eb261e0097fc3ffeb63ebfeabc5652891d6a6660f353fa8ee98f3b12762ea2aa424c254f9ebb5e1f7fd9c424fa6e72361f3a7edaf488d9033bff12950031a57cef1af141a84b86ffe9797faf163655fc71b6062d4833f99223a1ab7ae6987ae63b60142185afffeae0c89b4a113f18d2eff6f673b8fd5ce02dc5451a76cb36dd7eef7a93c61569dfb99390a5050fef69a3b0b93d4451fd464e7f56b72575c87b0090595cfea42e0c1dcf018e038b03f3889ebb07e5458a8d9f99a14d184b4ff9eea77a83b398873d01126fd57abc599753676d10e48f036527edc74ea533abfcdd4cf2c4f8bfd7c122cd0aa11fd8ae98e474d16884158f3b763968fb87c2ea25ec02e24b8a1d0b460fe77b91bcc28f13b163fce4e2c822043ba8bfb9ec0c6e6494201890bf5fafc31383485f4dfe5048ad1bfd177113203db4e2365062fbc60efb4e989c6d8ebde74de49f464b4272f7c46b486851f76ed623e739c6239fe76f7a45eaf4e33b173f25d3193eac71d2ce9a6d2dcf1e0fd1827306de3e22c12eef2c7f56cecf9503ac9d372f75894ef8c2b60f7420315246b90bf24606cc657d47a7a9b30d071c51c63ab7961363f62c216303845d1beb4b15548f1a7ca9eb9c86cba93791e1ae665b9f24d916ce537eb10f677b068309a37a8c36b668a4351f56639e0492f7d2823c6da165b7c8a519ac7c6a10e53eaf9569afa1b15671ac433af6fc077993bb85411542091ac81533e72f76e411f0e2d38d8d0b6bec96d9e73e01a991568abbf3bf214c192931c230a1eb97af906fd7f93a3b03a090c41b6ac9ed2b0ec2da9e3e9325e1957e62ab50b18f36ddd778e7379847874aa9ee43bb5e1dd26be06481f61514d3c1e62c762904d9e0b6de48ddc9f0ce60f59f6d5f2c250acfbcbc8a6c1f516c472bc8aca5074e299b5a4b4798a84fabafcc2fb72ebbe7ddb7512c6bc85230327b915c3d2261fefdadc6fb4100ae8577d6327cbbdeec6781772509fd0bd62bedffc93babc2ce8c7db21ce09f4e8e9420d43f4fd20530fd907a0b312bece96d1e2cdbcb7883aeb3072cdb48e4f518c0abc4689b3d81202a4cd5c71f895cbba328b12fb4e185afdbc9b203fcbf2e4924eab68f1166080f129e9a0a97ba782fe49fecd0d698e0614a957eca75d59e111bacf88ace6cedcf1deede6ca84037a92bf735a4c06972a45f3ece9392e859c9b4cc9edd1d314cd13cc4617267f4742d377fb319076c6d577cb20ab74ea8869631cdc49dadf28aeabd24e281662df8a0dd8406c0339dbd97c940f7e73ddfaaa9c443a2979eb462a3f29cb237b7da058fe6243af617722a167043161fa323da9e76177c41c4fc1481dc34d8a2aa36584fd4588104eefe9e9d76d4bf464319ce8e5922bc2debfcdaa1eb0bc470dc8592eb2bdb4059b88edac7e6fd14aa3c9362a5e55f54239830e5db465cca39e25546bb538841d7cc8169a2832dc122d30ad4720022332dd9a08e0c6b750143f59b2589d849b3dd5d74d4c91e8a19a09da16df2bc1b5655851bb836d4d8aa01c24857ca8ecd02b04373868a4b880fb39b47d5a148cda89c266cacadab5b4648375e7daadf06d5b995326533f0b3a883635ac7f1aa42eb9fafd153ab6926535141faac35c77de6fdcf70332cd654c482e13e2722dbe12497944ef87774f44fcab1dc1e3ddfb5d910fa3a151433296a89a09f019dc76d7ee4d45b2d782452bef6743519efa359d9626e4b25196bccfba6fb87f0590e354e20623e2ac39846916bc0bf392fea905e74ca80f428cb86560fc8752dd286cba77000e74ac2959e4e3105f4e5a2e860f0b050ca92d4d8e423c57ae303cc2329bace939b6dd1340a52db1feed0f0500feb6ec99c7f1a8a1d81f1d33419c9babc78f3af62b5c25988954acc7a9acb00d8f711ce18ba7b4df1b3e2e6b761287643259dedd4a3a0c7114f1f4cf80388c9f9fd6d8dac0c88775d5f32f7659792859595e71fad4187d29ace403deb7aac919723c23890429e30d7e0d936d01bc7e2c008b55aad3f511ba4c16cc328d7531a1185e4f106f357b64397e2a30b95c30a6e92f652470b51d8949bd27e14cc491d8a76764141b2aa3a3f0a0daefadb5bad67e78754e925e24e5e4e61d4e438dddd14f581be2fd5f404902dcf3b7b58fd639d27ed392d34e6b58dbe1de9cdf51406c1b1bee23b0dbb15bbbdf164d0936bca54a2b5bc755c6f19a186ddfbc322d824b43ea9cd2238e4a5e35095f4ee7d3a230c2dd76ba44e5a164e9e6e87762f35950b0631828a2aaccf6e22c1ee3f20701a650c8f42b3e3f0d8183b96483d62b4a0b82af22f477736de9834221a116a03bb0d17c71e0bb877fd88a144ce2cff7fec3962f36be4665011ec4b5be19bde26c7e7eca8dde0d72776dad9a3119eaa9a84e5705c28e1377ad91b686cb4a8ca2010c2adbc51adb4aea30c8bcf3120b674d9d0283828b78b0c1581180f2d4616769bf91a2657a4ed1bc09d904c085b3092c99455b6f788160c3712d13f900c1714cf01bc89c0b6a75af8546adf9b49b928b34cae22274e41681020175ebceb5bcc7175a6960a1fb3221dc4b232367ec036b593b700f0d19eb83c05587265fc2c211d62d4a0e7e7e5d12b474f21452e0e67ca8180f8685fcd09d07c5e66e3b558b6013c7b1718cd4cc03b0daf38c6d3e208e11b156d59d598bce4fbdda6795bf995ee5b86be8d9d28bb3131734410fb11ba03a66be1538d1632858f7a8478e7f6aa2c552d125611a6cfe8a72717d68c66ef0fbf09bac1985c15292acdc05a82b720ddaa836e20dc920e8c283ab554b831841a0e302b686e262bfbf23f8334d8c33c1a6fc737d56a4f5da6d3c155fa97f2a80dbfcb52b69a331df3a166c72c14131362c249b05426d921a1088fa458775f212654f6ad90c40e6d9e80371deb311cc3974632f07932a02a0cabf2957379347946e7fbf7d7ccb9fd6117d2513d01da7daead2b1bfa26b3dd067a673d669eda094602e492d0bdebea6149068a9cae2b71f4f27eba25ad4672879e9a3824e8c95f87c2fb6d521688527bf90f04196a3fac6d83c0c1d2a644a26e7bd9c9799c241e4a1d0543d0b681ce9e81c768328e2544c6318dd79591e73c8123fe01faa82d8ba53296af9c70be663e0b791556f6fc71440c4e5c6ea599242d54b1160dcd4767e8f89cb2b5a80370a6c04a44d6cecbec8131d54e3710d623b4ad370da02448af658d53231c4bba6139f23fb2f1c8ceca8ffa6899338db1a9f8dd548865d6ae9808d32e62a19ba1b24d1965445d12977ff3d401585b4562b16a2a5f683e91b5e693bf7e5bb8044eb5ab24bb2fdb89efc072611e43acc4d88a8af163daac7da49402045412a40032faffe7aa07497db3990af29cb5497818d44edc28a1d445c6debea3249608671556a29eed472380a53ad53e58f58d054896272e2b3582e9a0f5402494c1a3616e70b7c6fe4fc595cd31812ecded3bc687ad05edb31c8630e5ffc64739e62762abc7a8df8ad1b7536e3ec82059bf7ce930f973dd443fe9390fed9c69699821f7627e200afb2a61f75325c36fb72a4fde5334a21a145b4fe878df92fd2328cb5d536ba33f21bff596ce750492afa944c31b9308610a163f58b7ce7989a52a319fa2dad4c6adbf0b2cf78c429c314f4f339a3dda77ceba0c8ea6b17e240f69b671716eb399ad8440f1cdd0566af753c60751e5996c7aa5b7de21fd703dc3c4eddfd2dc3be1b89feebf9107665bc4b8498d31d3f37f8c028e98aee9edf1a03d8957e5b76475ea13e2f1096e14e193add8a8911202952450b057f9fc22d12630b24702a9adf98f68475d674f926b308ef8574e74fb2ef454ee9f9f034475b19eab17b0f8f61c784fbaa1a2eaf234f15f937dd533564317bfca70b2e5f1b39dbbc5f54bbce272e16daa28e57d616d3b4c4e7699c0ea09c474c69615ad42c8a397e0c19cf1c6797246e9653d4f1110c4b8caa289d49fa1312c68132263a79b423c29f33949ae7186611d2bd9fbcac7d603dfcac3d03f85dcab8c5284d084ef4ee6f742b430fe24cca578d87b37f34362468a9ca5260beaa75da889a1335db99e139f80689bd7c91f7c7e8698b1e7e8d70742af89dba9807a2e669d5799ea84ce6643fb3f8efd58b3d9152608a2cdff59fb72fc094fd1b3ee28a5a8e7ad2d934d5ba2175e3c36cdb50feaa0286c6d3114d2f59ac18d9b11d42bd5ebf17953f68dd49f2b523e5ca5364dd29238a9f5e13afb06b3ebffd51ece5c958170618e26db09c6a8d487d2338a3b306fbb98145ab91ac11e8b72db1db874574b1e2592062edebdacf75197d8499a1a83c7a6dc10b5df5e787ea2ef89960877cf64f3864b06fc1b767a32b41a72e87fc641fa94014abf255aecbd26f2b16faa2d196665345007fb3248f3db3ab04ea2ef8848303c199ec55a87665b02800c9df1b80e25167c3d93de0858553daa9ce4670ea5c5fd52d2d6ab23710ce1ef4ed52645024b9d030896f58a6e92474f854b5e199a362bd40da9ee2919f6cc12b067cbe786c6cd59007cf45abce97f382f2a73793e1824e70363040ce7a8b1737cde1c9da89a20f602a2d866fd7f53a1b2eb66f357c518aed751c10f45bde8a7b4d6817c16ab961eb452fc6b4075bf32b14daeff954321c4a3a257bae71d06943a933a6bde694a9b7b51c3c8297c5a75ffc1be8ab090c2852735fc11f2709c3d2829b9871c1c8daf50e71f7164cf67c940ba2aba5738879a9a79f0a9c075cbca3d5922ac43ae21bd10a46117df2018605b988f9a7ac39070ae8e950322fdafaf76d4b88cdb00d3c3fa60525c5ddfdd596971cb30c92ef9df46e02da297f9965a02a016dab63118398cc61ff4d1f28342fc7abf221fda21a0d2d36ac5b9e47ee2cbd7c02e9e897512db405e1f273ec3619b88d2f3dada3913d3ad122a66a780ccd0b8cbb6c6e7a6387693db9fd4b0c83de1f376de8581612848a23cb4008df97208504300ddec838ef2c2814ffcae61b1ccdaef243a15f59191a06c3c4d0453e7d85a255c1d28907d76cb0093f1a4d2168eeabb96d91f7e1d81162351634b40865bebc327dea71"}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @calipso={0x7, 0x10, {0x1, 0x2, 0x2, 0x6, [0x8000]}}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}, @pktinfo={{0x24, 0x29, 0x32, {@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}], 0x1120}}], 0x2, 0x15) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f00000001c0)) r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xf516}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000200)) r4 = signalfd(r2, &(0x7f00000002c0)={[0x52]}, 0x8) ioctl$GIO_FONT(r4, 0x4b60, &(0x7f0000000300)=""/103) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000740)) fcntl$setstatus(r5, 0x4, 0x2400) ioctl$VFAT_IOCTL_READDIR_BOTH(r5, 0x82307201, &(0x7f0000000440)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)={'U+', 0xfff}, 0x16, 0x2) write(r5, &(0x7f0000000680)="7b44874a4b72d62befa7ff940a70cc0ecafd06db81593123f8fbd280743febabbedbeffbc28317c54d870ac28af93116fc65121fc33bcdb01fe4f2ac7e3cc3b37154b65eee0c0c81e9639b0c59ca6ed10b398fafc852b3534f9d3faa06a5d3921c1c6d408a4cd82b530308af08c7fddc87326bce823abd6dce28497939eddd90d92612d9cd0ee0e57130471cb51ce5191d65815557f0f53120f0e4ab5a0a075f93dc32da4bf4a274ffa79cc570b8277177", 0xb1) dup2(r1, r3) pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/245, 0xf5, 0x7) [ 2131.003792] sg_write: 1 callbacks suppressed [ 2131.003811] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2131.003811] program syz-executor.7 not setting count and/or reply_len properly [ 2131.008080] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2131.008080] program syz-executor.6 not setting count and/or reply_len properly [ 2131.017913] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2131.017913] program syz-executor.0 not setting count and/or reply_len properly [ 2131.025992] FAULT_INJECTION: forcing a failure. [ 2131.025992] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2131.027822] CPU: 0 PID: 38132 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2131.028683] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2131.029713] Call Trace: [ 2131.030043] dump_stack+0x107/0x167 [ 2131.030505] should_fail.cold+0x5/0xa [ 2131.030980] __alloc_pages_nodemask+0x182/0x600 [ 2131.031552] ? __kmalloc+0x16e/0x390 [ 2131.032014] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2131.032698] FAULT_INJECTION: forcing a failure. [ 2131.032698] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2131.032776] ? trace_hardirqs_on+0x5b/0x180 [ 2131.035937] alloc_pages_current+0x187/0x280 [ 2131.036495] sg_build_indirect.isra.0+0x2f5/0x710 [ 2131.037100] sg_common_write.constprop.0+0x992/0x1a30 [ 2131.037741] ? sg_build_indirect.isra.0+0x710/0x710 [ 2131.038354] ? vprintk_func+0x93/0x140 [ 2131.038837] ? printk+0xba/0xf1 [ 2131.039243] ? record_print_text.cold+0x16/0x16 [ 2131.039823] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2131.040451] ? trace_hardirqs_on+0x5b/0x180 [ 2131.040995] sg_write.part.0+0x69e/0xaa0 [ 2131.041498] ? sg_new_write.isra.0+0x770/0x770 [ 2131.042069] ? __lockdep_reset_lock+0x180/0x180 [ 2131.042643] ? perf_trace_lock+0xac/0x490 [ 2131.043156] ? lock_acquire+0x197/0x470 [ 2131.043644] ? find_held_lock+0x2c/0x110 [ 2131.044158] ? _cond_resched+0x12/0x80 [ 2131.044640] ? inode_security+0x107/0x140 [ 2131.045155] ? avc_policy_seqno+0x9/0x70 [ 2131.045652] ? selinux_file_permission+0x92/0x520 [ 2131.046253] sg_write+0x87/0x120 [ 2131.046671] ? sg_write.part.0+0xaa0/0xaa0 [ 2131.047192] vfs_write+0x29a/0xb10 [ 2131.047633] ksys_write+0x12d/0x260 [ 2131.048082] ? __ia32_sys_read+0xb0/0xb0 [ 2131.048596] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2131.049239] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2131.049876] do_syscall_64+0x33/0x40 [ 2131.050333] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2131.050966] RIP: 0033:0x7f5171091b19 [ 2131.051424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2131.053708] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2131.054648] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2131.055533] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2131.056420] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2131.057302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2131.058178] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2131.059075] CPU: 1 PID: 38129 Comm: syz-executor.7 Not tainted 5.10.230 #1 03:28:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:16 executing program 2: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r5, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r6 = fork() kcmp(r4, r6, 0x6, 0xffffffffffffffff, r5) perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x20, 0x4, 0x40, 0x20, 0x0, 0x8, 0x201, 0x9, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000000), 0x2}, 0x48, 0xe6, 0x3ff, 0x1, 0x3, 0x4, 0x2, 0x0, 0x9d5c0000, 0x0, 0x5b53}, r4, 0x5, 0xffffffffffffffff, 0x9) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:28:16 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 91) 03:28:16 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:28:16 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f00000000c0)={0x1, 0x73, 0x1, 'queue0\x00', 0x2}) 03:28:16 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000002e00)={0x7, [{}, {}, {0x0, r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r0}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {0x0, r3}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {}, {r0}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {}, {}, {}, {}, {}, {r1, r2}, {}, {}, {}, {}, {}, {}, {}, {r0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {0x0, r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {r1}], 0x4, "9755154351ac9a"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000002e00)={0x7, [{}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {0x0, r8}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {r6, r7}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {r6}], 0x4, "9755154351ac9a"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000002e00)={0x7, [{}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {}, {r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {0x0, r13}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {r11, r12}, {}, {}, {}, {}, {}, {}, {}, {r10}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r14}, {r11}], 0x4, "9755154351ac9a"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) [ 2131.060943] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000002e00)={0x7, [{}, {}, {0x0, r18}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r16}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r19}, {}, {}, {}, {}, {}, {}, {}, {}, {r20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r18}, {0x0, r19}, {}, {}, {}, {}, {0x0, r19}, {}, {}, {}, {0x0, r19}, {}, {}, {}, {}, {}, {}, {}, {0x0, r19}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r18}, {}, {r16}, {}, {}, {}, {}, {}, {}, {}, {0x0, r19}, {}, {}, {r20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r18}, {}, {}, {}, {}, {}, {r17, r18}, {}, {}, {}, {}, {}, {}, {}, {r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r19}, {}, {}, {}, {}, {0x0, r18}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r20}, {r17}], 0x4, "9755154351ac9a"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c280)={0x7, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r15}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {0x0, r7}, {r11, r18}], 0xc, "25b42fb32e6167"}) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2131.063476] Call Trace: [ 2131.064227] dump_stack+0x107/0x167 [ 2131.065070] should_fail.cold+0x5/0xa [ 2131.065942] __alloc_pages_nodemask+0x182/0x600 [ 2131.066999] ? __kmalloc+0x16e/0x390 [ 2131.067847] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2131.069233] ? trace_hardirqs_on+0x5b/0x180 [ 2131.070223] alloc_pages_current+0x187/0x280 [ 2131.071229] sg_build_indirect.isra.0+0x2f5/0x710 [ 2131.072354] sg_common_write.constprop.0+0x992/0x1a30 [ 2131.073551] ? sg_build_indirect.isra.0+0x710/0x710 [ 2131.074694] ? vprintk_func+0x93/0x140 [ 2131.075583] ? printk+0xba/0xf1 [ 2131.076348] ? record_print_text.cold+0x16/0x16 [ 2131.077410] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2131.078563] ? trace_hardirqs_on+0x5b/0x180 [ 2131.079565] sg_write.part.0+0x69e/0xaa0 [ 2131.080502] ? sg_new_write.isra.0+0x770/0x770 [ 2131.081555] ? __lockdep_reset_lock+0x180/0x180 [ 2131.082614] ? perf_trace_lock+0xac/0x490 [ 2131.083570] ? lock_acquire+0x197/0x470 [ 2131.084479] ? find_held_lock+0x2c/0x110 [ 2131.085421] ? _cond_resched+0x12/0x80 [ 2131.086305] ? inode_security+0x107/0x140 [ 2131.087248] ? avc_policy_seqno+0x9/0x70 [ 2131.088178] ? selinux_file_permission+0x92/0x520 [ 2131.089291] sg_write+0x87/0x120 [ 2131.090063] ? sg_write.part.0+0xaa0/0xaa0 [ 2131.091024] vfs_write+0x29a/0xb10 [ 2131.091844] ksys_write+0x12d/0x260 [ 2131.092685] ? __ia32_sys_read+0xb0/0xb0 [ 2131.093616] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2131.094809] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2131.095984] do_syscall_64+0x33/0x40 [ 2131.096838] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2131.098001] RIP: 0033:0x7f794b5b5b19 [ 2131.098844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2131.103032] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2131.104766] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2131.106388] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2131.108005] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2131.109637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2131.111261] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:28:16 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x811e) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:28:16 executing program 1: r0 = socket$nl_audit(0x10, 0x3, 0x9) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f00000000c0)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x7f, 0x100, 0x0, 'queue0\x00', 0x15d}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000000)) 03:28:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 92) 03:28:32 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000040)=ANY=[@ANYBLOB="0118000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="31ff1d00ffffb0ff2e2f66696c653000"]) write$cgroup_pid(r2, &(0x7f0000000080)=r1, 0x12) sched_setattr(r0, &(0x7f00000000c0)={0x14, 0x1, 0x10000000, 0xfffff752, 0x5, 0x8, 0x7b, 0x47, 0x627e, 0x9}, 0x0) 03:28:32 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) 03:28:32 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:32 executing program 4: times(&(0x7f0000000100)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RSTATFS(r1, &(0x7f0000000140)={0x43, 0x9, 0x1, {0x5, 0x9, 0x8, 0x7, 0xabbf, 0x4, 0x7fff, 0xffffffffffffffff, 0x400}}, 0x43) r2 = syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x80, 0x5, &(0x7f0000001600)=[{&(0x7f0000000340)="4def4d2b49b794d6c19075b4c432e5f4e474b4e3ce55fe206861461c11fc68e80d8409541e45e862ee9a35897792bbd0d3e694018d1eb9a896aa3a8d49eedc48094e6e899fcb46c0b5a95be60453695f0f535f629e661988c0352cd8a92af52859bd560110fb5f1e10b46e0f38a8b6c6e2744d1c120a198f43232a835bf87cd5a93cdd2f725360b26c9ace11aaf72c7253d5e877f1511e5c307760517950f5a8af9de4b22723c7aa4a0b476e8080b818f308b4d5abe1f98f1853f2739f0cb8fa18e241ed2c72703d32959b4af13f094c21d3183ab9b058ddfc4558ca944a6e849eb5", 0xe2, 0x8}, {&(0x7f00000004c0)="5a2e3435118b702f489047128a23ec455892adff", 0x14, 0x1000}, {&(0x7f0000000500)="1c26a780b057f27695f6ad5be33a3b588f56b3a66d05fad17b53bfd6630afd4b0ddc2008c5752e8db5e5eff3f368d6c2b26d459cc8752472a37def1c21f083569b0f93730c7cb47c0fa7dffa0c0c8f8543f7f2d2b7460b7658c25d6f2bd16683700024e34587b1c723d25bb99c93c17e4ae3a2dfde905a63215b327bc5bb9743ddededf48854f65e09cb2d8afe3f540f", 0x90, 0x100000001}, {&(0x7f00000005c0)="48a90fc68b08712924eb0fde5c1a6cb7e35926871eb690c0a374741326ae75d47d06844f4953cc81d7c0e342f8253cf3550ae9e2da447d4527e344cfe6ba", 0x3e, 0x80}, {&(0x7f0000000600)="f1b362d299223a99840254caf9be0057a455ce7f8cbf2d7bff5c86be8efcf853765c462d4121250eb6e5e2e0db1ff09b727d245455e7f1f393e42088d24b836c040d3f80b0b861154d685988e060aeac11c3e4af06969d29ea28d727275ec470aba87596650e38848e645f5eb4fd7a4fe95eea81360c08cb5f5d962d2556c3245c058767877c79f16a3c371253fa2764a3d8626b0057841ab03157650ebad9a9e1387dd86955231634f441c77d53da51eb73982882d243d2a6131a9c139d0b9ad08cc98101d9f96deb4e9c087265f221f9e95918e887870f9511a1af28971916aed057e3834bcf643bb6f154a061546d5bc5faea679df1a2129d91e719552da42fb1c1b25679dde6079623ea65db52dbfb222bc2231373304234a0387d20e1c701ee6016ed0c3fe594f3653a9439def1e28faf38a0e02ddd08cfc723cd079261d8a512bf9e4627fb40b5b739c28bfbdb4a0153984b4503d09aec1e14fbcec77c9c251d13e33ba828991a70686e39e9e75cf101074365987641e16ffbc48c8e967590df9ad928829ec20db8796860ae527b0facf56d814df44429139a1d51463541c3e027e12fe43affa0244acde47d8c1726d4464e8dc7c793241163b800aa76607ee6a4a4364e527a850d26a8a3234f92c25f81c80c4f512f49bdc8dad8e962221dcd9ea0994fabe2f0ca3e43e91663f951b03574deaef0bf6e32b71038a4315b49ba833f5efbfa6e3f2890276d6405c556cd96585a051c2fb0a5ea766e4c7cffe632091f3e802a139b5b275734b1a26a7662733c9b8213639b77b484e70660c8a272f231c61d213313b8aafe1285d788bceae2a658db6a4942a3a13a8029ed8fadd3edbb85df88d3eeb617d3fb256cd26aa5aad211b6a78520d9fe65678d5f44a31e422869734f5b23c14a1ab52700149ae53482cb1c1582e3968bc4ebcdb360bb905dadcf979a5c9db2f3fbcbfe57f82573e6be7e59cf63d6c74ca9925428348cbc3a558611562cf282c560324f93d44a001db0ad02aeb010b3337d6cc77f541a2ae6fd41feb98e675b11c2023d8d3b8489cef524b400dc3956d9f81d93f79c7729198b97f4e3e50135af0bea8a8fa5f3713c558231a20e88db3c2e330835918ed7ce7051c7f16acbb91850688f456659ff1a91a64e153cb54b83bf714a6072c259e5bf0c00bdca54ef1816d9556126c38dda8f23682fbfc5fbd1ff2bb7b4894a6f405c843fe3006c2d097c8d5c250fba70f6002eb521bc73273438b4c3275a328193b612f64a9bea5b6d3844586feef3dbbf2356467c1e23478f52ac1700a5275a837baac75dca3a1c5916c0c718b4b353dba3b19f31867ab2adc1c3479a7d1639562266a6f3e9d33f3685937ab11a3694009feefd53379bee4752eec8c524b4e5da45324cc4bb698a1b932cbe438e010f98674b3542e2a101786209377e511cac6afdda5fb3a0018423bd76a9aa1e71be77a7535f8807f764edafb560ea0e8b981672a4d5ab281caf83df52829af8f010a0dbbfa3f73a289494f039cbb26333f89fb3e152300607f38f6dd6d544b123f8cdc36efdbf2bfc0cff51ba0bb0abe046cc398b1ed76fe755223f64307c0a56e1c79a62a06e93a656a377c8095c0b41c48f358059c9bd179b7f68e9562d9ebda6be2e38265ae5139fdf553ea5211261e50d8540787a8fd6cd45a2d784a0bd8f0900dc571410a06edc56d940ad56c587a10e60823972203d9285a8e72f1a0522c00c68d90e2c13c2d2a49d12f2be543878bc69133d5976f9e509fd7aefdd5f09e967a66248cfa751f44f0661df1ffe1f5ebc67fee692df9495fd43606130a4c4036ae856a9c28a684d2eb6129ede37dbab14feb9a98b7b8abcc51ffe4935350fa949c4745286bcdb4f2cefa7d1d7b422d70de1d979315e953957962ec60636ec01eec468e12e6a5ce0ecac00ce71bbdb3c8365b851e3c161ab17e9db4ab0a41d1c9c4f6b2d2c5f4b2384564799c20be225511862530a3a4cbea70c060e6fb50b5b56368396957f089a5bf0b249c9f0f7a365ca2ef6f1aed52bb5b9aaa0cbe49f3c7530ee70373f8aa8cc71598c0eeb2cd066841b3a157dcd7758e33565bd11357ea13d16a3f5e64871ca396b0f8a4c86b5771e5e23a9166e300be9f682e1b230f89b13b08f5b7cbe8938b6147a9405b98c65126dc0130ac4aa0b10ce7994d351fa016e07306d0c914257c08bfbde47dd1b25d18f499296c99ed3c130c4b914cbdc4b02fc0ce0266ad10fb4e8c36de91ae9ef7c10390def47f6e358aeea60d8c3ba3e58171c5bd3600d9c60ceac1722e256ffc8231b822fef809e6255abece27a53e3d6c44059da254f5bcd4ac5583c3c348f41241756480fce02d6d8e191b31b820111bb598d33cee1afe0d7b871a3aeab0f3888b49c9d73980732c5f6fbece8c566d4c7ee22eebbd47d70c45b4cac2b6b76004ec5df1e94ade731a2d59764ccf46bc8258acdbbd371ee21ed9171ffd6c5b42296df610c82c7dab49099ae48f344e4b045b909bcb64e864a8e179442983e7ddc8b2a1e314a042b0f3bb537240eb968bc267d6081e61a844cbd243f1c74605a84a77951aa9f16ea3ff0a5000107e983fedfbb5d55696e3ce6b4ee19f18d88465e3f5583da0c74ce89a3c62377d3828f51c5e0e05fe497fd4438cee97f3780223d3ea9fcf0695d51fdc1fe50dc254d3f5571e5a5eb7d1d36b10134e2c88e8e519c804fbbe397eb6e59167ffa67e586f80493aad331973bbeaaa8b096b48a2864da8aedb7226c2677dda7ddef5ea59c6f781ab71ef87d5f44080036b2d7296c2b1f25abaf839ad2be58ba75ff6ac8c7bae12e7b242a4219032eca65e079891e0ccd1b30c41a7a7b7df52f5d477d5b2cfb37b82c5f69a7ddb88cfe5a89a6eb590f13a63767dfe86b0731eb59fc337f0d6f6b4dc269a9da1775849c49a064f4743e84f73bfa2ef93efeb9b17b36759b159d71289c609a1c6950564e7bf287b77e08e22289d1cb867457326895a14aea299cf6ed9ad14163442ae30338cbdc043894fc11d8eaa509efa7cbbecca13a7939ee296dabb68e32c01edcf8a0452df74b1ece9f047c6f8a50df6775bb48aea4d9904ea9617626b5a69f571d84691551d502093da19a1b287a946d9408895a6fc9817cf6e6c1183008864589bf00d2b4a46493939ce70e791cc29ab3ed192c2a0d43ef607f85d5d2f59f081e13b23c9e5809dff884c334f945f0db105c19fcfc8a2fc827a86393fc295b55aea000f5286b6584ec54c9d202af0f7d83f947726b522dd702c82523b365dccc8c3705279ff50ebd312de1fe56c148185a33ae6d585f3d630ec5f7cea0e75fec4b237a0c3a4f38335189a9e261f61ee1effdc3e5cc9b2e4e9b2c46881a0cbee649fcd83989670527210ccc1c458e5466983b5cda966df5bb7a725ad0bf8e3b64f0fde8159bd4be95a3bf5655a51dff0f82f9a24d177b49fe89fc5ae5dec63693558fadd537ea37cfa32c3b829a8330431d40fb3c97e026c7e91e017eb225bfcc3c7e88c0da9106c025f3d62a7681064844da9b251ff4fad6793988642bafcdc4ce96b5a8ba7ca9c33f1b621cc0414fb688197b98c2975c9c8accb65b6fb8ef988ca710a4256165bab6decbcfb9730603329efea59297e37f3b0a4d473246b810b435d070de96715382b14cc0f572be96428ba1ceef5ad63d395657231859f0137e3bad388b652c5894d3e071491ddd8f4993a0d5393687f060b0f351c01a831c3b79a3ae3fdbafd585030b2ff4223ea94045305747f8d353ea8bb6a633bb13f0b038a0504fd4f1ecf675a1530fbe47ede02672842b3846e632035973bff5734e8a748159cc205d6c885bc8e05936f99f28f7da97fed3e1256a756e9fc7c566347be91dff752cdd38a0d4c30b6d59f07d99ddb901f9c8ba746cdc8109eb945efee98a0893703ec29adaf5a812b50a16437f16445a814bca5224b54218c360996d3af12ecc6dc5a09a3e24e7ded6042684a11501806da6dd5ca077f7fbd840b990c23370b349f72b761c2219c664f5e06bfdce62fb7d2186d1d207871fb6957adcaaf4c74026f839cec1fc8a51680835006f9737a9c3bb2d5301f766dc9aa5738b2f4988c8409eba73452a83f501d097071683eb0e006cb2b19eab26bf94d0efcae1456dcf4c55b60580cb8a0c687bd46d245ea5f9af8c38ffb1ee44413b6faa93105a32add3646c9770dce6bb6aded7634b4e5a4df5fb6ef998cee3e3ed181c429c003063ff04fa03323691b42e1b2bff6fd7c3b36c6be758abfaa48399a9bee07a81f354d6b75e5d33c2322627eaa3e0f88bd71f0eba3c4b9634da87d9eb9e6cd32cec7b45b91a6d7f6037dc9bf3a3b6ae362ec6ad948d8ab83fa29a0395d0620229d5db117366024f77a26d7cde89fd6a5d5890a844cda4b0a487447531b9af01b3761d7727e5c5ed35244760054c03f6258c8ad78395c39a7758f90a57a1c1a7803b5c0a2975e432ccc7204fa1a8a6292eee1b60241df67e9272b53cb9e04c3de7f4c9a572c03463ea6c1c315366315682145c292292ef5bd7efa366588e52a8d197315edce4ccd3915f8e5f18fef326b1306be35a54cc48632ea7d5edfb13dceefc9a29a4d0f3fca4fdd7052bc25c88cc58775bd257e48fe8ddc46f410cdb37102712885e57dece4c4eb441e0969f07ed051f8c1c9e91618c35f11b9b382e5579e4a33f6c26c4a75f1534bdd28bc663adc4eb4f26de84e3edfffea102271ea0cb35a4f28bcc2d5e7c4a10f4f4126940bb2acfa4cce7d2dfd0818d02dadd728872f1c9ce6adea89a58b73c4f8c7439c6460df868417a097a2f4de7a7f97287f524f1f94f781dd4e882552efd30dc42d7a900a802e785155c2ac89f6008326bd99ae238128b9a39199758d6aa1d25de1a9fe272eb2c43933cea0922b2ac2f10251ec23b5563f154ece52957ac9c59feeadf7a5aed8c30e5c4396dfa33d2a42e3daf7a710a9dcd99f7cb5930776df51196c7fdfd06db566e9f236392a7f4f6a3a2f69ca4cd12d7d7b01af4453f44af303add09d79fc15e09cc128d8924ec74a7f93a9ad983f8b30e6e48479fd0f3fe847cb0c6d99ead65bf938a42034dd91527c79411c3ef492a11bb74a12d1acd0197f5637ea20fdae4782803ffe4b9b3d48deb330f0187022a1a9511f6a878a6bbd5fd5f92ff840ab675dd75df9028edf94866b2c152b183aff96ab20be9da4bb020bd23eb9f8ddd02d6148b1d59c3ce93de6bac84121c69ead58cff97447eea069cc9322a8b7ce0304adda0dcce0764cc269191bd5a99d0f131c860326a27feaf2636b2a89abeeb278ccc44df33af4d5e017f253c8583627063b28b5abd9cdc78cd5d2bcadb9527944b2c698095ea58b932f98a90a370c710b9590b4095e50e254c26b653c5c7600133af9fbd5b9dce975802d10f67b3838e319a2ca0eca222e09a592aa67d33d8c5fb729cef1c8dcb06da72794aef7d6fa162649162482e10369df3200c6c96472eb9f99838116f27a939a71c76070167b8b2c476b841c45052dc7bf1539c1d26948ba7cb031243b0d4104ee103d16caacf5dd4f2a99d62b3b45df52a9d1079900792e66ab0adeb016950ecf3c8de2a5a0a61525f9b114dd638d39a967c28de043ccaa60d8c991f5c5c8e0fbafbf8f55b88caa394dd2b5b7c9d926c9f89259c14da6c601647da649a85a44b27abf812dcbf0f0f2272dd648c8f35aa80ce3f6d0978cd8d7a2abbc5ce4751674064dc673061ade2843f2ab20f37d4d2dcfd7bcfb45a4da4632df241151f4b6ae9f2", 0x1000, 0x1}], 0xa2000, &(0x7f0000001680)={[{@data_err_ignore}], [{@uid_lt={'uid<', 0xffffffffffffffff}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}]}) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r2, 0x8010661b, &(0x7f0000001700)) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x504}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r3, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) pipe2$9p(&(0x7f00000001c0), 0x84800) 03:28:32 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 87) 03:28:32 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) getsockname$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000300)=0x1c) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) perf_event_open$cgroup(&(0x7f0000000440)={0x3, 0x80, 0x0, 0x4, 0xa9, 0x1, 0x0, 0x6, 0x83, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9cae, 0x0, @perf_bp={&(0x7f0000000400), 0x8}, 0x80, 0x6, 0x8, 0x5, 0x4, 0x5, 0x4, 0x0, 0x200, 0x0, 0x4686}, 0xffffffffffffffff, 0x6, r1, 0x1) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r2, 0x0, r2) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) flistxattr(r3, &(0x7f0000000340)=""/169, 0xa9) r4 = fcntl$dupfd(r3, 0x0, r3) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_generic(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x11, 0x800, 0x70bd29, 0x25dfdbfd, {0x12}, [@typed={0x8, 0x5e, 0x0, 0x0, @str='\xaf@.\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0) write$sndseq(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000000)={0x7fffffff, 0x80000000, 0x0, {0x82, 0x5}}) 03:28:32 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x40012041}, 0x7f) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000180)=@sco}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r2, 0x0, 0x3) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x4000, @fd=r6, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/186, 0xba}, {&(0x7f0000000100)=""/174, 0xae}], 0x2, 0x7, 0x1, {0x0, r7}}, 0x0) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2147.269219] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2147.269219] program syz-executor.6 not setting count and/or reply_len properly [ 2147.272803] FAULT_INJECTION: forcing a failure. [ 2147.272803] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2147.274899] CPU: 1 PID: 38557 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2147.276095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2147.277562] Call Trace: [ 2147.278028] dump_stack+0x107/0x167 [ 2147.278665] should_fail.cold+0x5/0xa [ 2147.279332] __alloc_pages_nodemask+0x182/0x600 [ 2147.280142] ? __kmalloc+0x16e/0x390 [ 2147.280800] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2147.281851] ? trace_hardirqs_on+0x5b/0x180 [ 2147.282613] alloc_pages_current+0x187/0x280 [ 2147.283382] sg_build_indirect.isra.0+0x2f5/0x710 [ 2147.284227] sg_common_write.constprop.0+0x992/0x1a30 [ 2147.285134] ? sg_build_indirect.isra.0+0x710/0x710 [ 2147.286000] ? vprintk_func+0x93/0x140 [ 2147.286673] ? printk+0xba/0xf1 [ 2147.287242] ? record_print_text.cold+0x16/0x16 [ 2147.288044] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2147.288926] ? trace_hardirqs_on+0x5b/0x180 [ 2147.289686] sg_write.part.0+0x69e/0xaa0 [ 2147.290397] ? sg_new_write.isra.0+0x770/0x770 [ 2147.291202] ? __lockdep_reset_lock+0x180/0x180 [ 2147.292004] ? perf_trace_lock+0xac/0x490 [ 2147.292731] ? lock_acquire+0x197/0x470 [ 2147.293419] ? find_held_lock+0x2c/0x110 [ 2147.294135] ? _cond_resched+0x12/0x80 [ 2147.294803] ? inode_security+0x107/0x140 [ 2147.295515] ? avc_policy_seqno+0x9/0x70 [ 2147.296229] ? selinux_file_permission+0x92/0x520 [ 2147.297076] sg_write+0x87/0x120 [ 2147.297668] ? sg_write.part.0+0xaa0/0xaa0 [ 2147.298396] vfs_write+0x29a/0xb10 [ 2147.299013] ksys_write+0x12d/0x260 [ 2147.299644] ? __ia32_sys_read+0xb0/0xb0 [ 2147.300354] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2147.301269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2147.302160] do_syscall_64+0x33/0x40 [ 2147.302808] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2147.303682] RIP: 0033:0x7f5171091b19 [ 2147.304323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2147.305729] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2147.305729] program syz-executor.0 not setting count and/or reply_len properly [ 2147.307484] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2147.307502] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2147.307511] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2147.307520] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2147.307538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2147.317290] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2147.323652] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2147.323652] program syz-executor.7 not setting count and/or reply_len properly [ 2147.326989] FAULT_INJECTION: forcing a failure. [ 2147.326989] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2147.329113] CPU: 1 PID: 38566 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2147.330283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2147.331689] Call Trace: [ 2147.332137] dump_stack+0x107/0x167 [ 2147.332769] should_fail.cold+0x5/0xa [ 2147.333419] __alloc_pages_nodemask+0x182/0x600 [ 2147.334213] ? __kmalloc+0x16e/0x390 [ 2147.334856] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2147.335886] ? trace_hardirqs_on+0x5b/0x180 [ 2147.336623] alloc_pages_current+0x187/0x280 [ 2147.337378] sg_build_indirect.isra.0+0x2f5/0x710 [ 2147.338205] sg_common_write.constprop.0+0x992/0x1a30 [ 2147.339089] ? sg_build_indirect.isra.0+0x710/0x710 [ 2147.339935] ? vprintk_func+0x93/0x140 [ 2147.340602] ? printk+0xba/0xf1 [ 2147.341169] ? record_print_text.cold+0x16/0x16 [ 2147.341957] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2147.342811] ? trace_hardirqs_on+0x5b/0x180 [ 2147.343556] sg_write.part.0+0x69e/0xaa0 [ 2147.344256] ? sg_new_write.isra.0+0x770/0x770 [ 2147.345048] ? __lockdep_reset_lock+0x180/0x180 [ 2147.345840] ? perf_trace_lock+0xac/0x490 [ 2147.346543] ? lock_acquire+0x197/0x470 [ 2147.347214] ? find_held_lock+0x2c/0x110 [ 2147.347907] ? _cond_resched+0x12/0x80 [ 2147.348563] ? inode_security+0x107/0x140 [ 2147.349271] ? avc_policy_seqno+0x9/0x70 [ 2147.349953] ? selinux_file_permission+0x92/0x520 [ 2147.350774] sg_write+0x87/0x120 [ 2147.351347] ? sg_write.part.0+0xaa0/0xaa0 [ 2147.352060] vfs_write+0x29a/0xb10 [ 2147.352657] ksys_write+0x12d/0x260 [ 2147.353282] ? __ia32_sys_read+0xb0/0xb0 [ 2147.353971] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2147.354850] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2147.355726] do_syscall_64+0x33/0x40 [ 2147.356353] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2147.357228] RIP: 0033:0x7f794b5b5b19 [ 2147.357854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2147.360935] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2147.362219] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2147.363426] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2147.364624] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2147.365835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2147.367032] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:28:48 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x22300, 0x0) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x41020, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@mmap}, {@nodevmap}, {@version_u}, {@debug={'debug', 0x3d, 0xf1cc}}, {@version_L}, {@posixacl}, {@version_L}], [{@euid_gt={'euid>', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '+({(-[@-}'}}, {@fowner_eq={'fowner', 0x3d, r2}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]}}) 03:28:48 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r0, 0x7fff, 0x3) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:28:48 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r5, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r6 = fork() kcmp(r4, r6, 0x6, 0xffffffffffffffff, r5) rt_sigqueueinfo(r4, 0x28, &(0x7f0000000000)={0x23, 0x5, 0x4}) 03:28:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:48 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 88) 03:28:48 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 93) 03:28:48 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x26963feddf7c2602, 0x10, r0, 0x329b7000) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x100000) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:28:48 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x101005) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 2163.040222] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2163.040222] program syz-executor.7 not setting count and/or reply_len properly [ 2163.063675] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2163.063675] program syz-executor.0 not setting count and/or reply_len properly [ 2163.067707] FAULT_INJECTION: forcing a failure. [ 2163.067707] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2163.070274] CPU: 1 PID: 38982 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2163.071761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2163.073542] Call Trace: [ 2163.074112] dump_stack+0x107/0x167 [ 2163.074898] should_fail.cold+0x5/0xa [ 2163.075724] __alloc_pages_nodemask+0x182/0x600 [ 2163.076721] ? __kmalloc+0x16e/0x390 [ 2163.077531] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2163.078832] ? trace_hardirqs_on+0x5b/0x180 [ 2163.079762] alloc_pages_current+0x187/0x280 [ 2163.080713] sg_build_indirect.isra.0+0x2f5/0x710 [ 2163.081777] sg_common_write.constprop.0+0x992/0x1a30 [ 2163.082901] ? sg_build_indirect.isra.0+0x710/0x710 [ 2163.083971] ? vprintk_func+0x93/0x140 [ 2163.084812] ? printk+0xba/0xf1 [ 2163.085531] ? record_print_text.cold+0x16/0x16 [ 2163.086533] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2163.087620] ? trace_hardirqs_on+0x5b/0x180 [ 2163.088559] sg_write.part.0+0x69e/0xaa0 [ 2163.089443] ? sg_new_write.isra.0+0x770/0x770 [ 2163.090433] ? __lockdep_reset_lock+0x180/0x180 [ 2163.091426] ? perf_trace_lock+0xac/0x490 [ 2163.092319] ? lock_acquire+0x197/0x470 [ 2163.093171] ? find_held_lock+0x2c/0x110 [ 2163.094071] ? _cond_resched+0x12/0x80 [ 2163.094907] ? inode_security+0x107/0x140 [ 2163.095797] ? avc_policy_seqno+0x9/0x70 [ 2163.096672] ? selinux_file_permission+0x92/0x520 [ 2163.097726] sg_write+0x87/0x120 [ 2163.098457] ? sg_write.part.0+0xaa0/0xaa0 [ 2163.099361] vfs_write+0x29a/0xb10 [ 2163.100133] ksys_write+0x12d/0x260 [ 2163.100916] ? __ia32_sys_read+0xb0/0xb0 [ 2163.101802] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2163.102927] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2163.104036] do_syscall_64+0x33/0x40 [ 2163.104836] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2163.105948] RIP: 0033:0x7f794b5b5b19 [ 2163.106748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2163.110700] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2163.112330] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2163.114103] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 03:28:48 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) perf_event_open(&(0x7f0000001280)={0x2, 0x80, 0x81, 0x21, 0x7f, 0x80, 0x0, 0x3, 0x4020, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xd4, 0x0, @perf_bp={&(0x7f00000001c0), 0x5}, 0x43200, 0x0, 0x0, 0x4, 0x8000000000, 0x40, 0x80, 0x0, 0x4, 0x0, 0x20000000000000}, 0x0, 0x10, r3, 0x3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) stat(&(0x7f0000001340)='./file0\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) readv(r4, &(0x7f00000011c0)=[{&(0x7f00000002c0)=""/78, 0x4e}, {&(0x7f0000000340)=""/214, 0xd6}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000e00)=""/223, 0xdf}, {&(0x7f0000000f00)=""/238, 0xee}, {&(0x7f0000001000)=""/157, 0x9d}, {&(0x7f0000002e00)=""/4096, 0x1000}, {&(0x7f00000010c0)=""/78, 0x4e}, {&(0x7f0000001140)=""/100, 0x64}], 0x9) setresuid(0xffffffffffffffff, r6, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r7, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)={0x92c, 0x1, 0x4, 0x401, 0x70bd25, 0x25dfdbfd, {0x3, 0x0, 0x3}, [@generic="81a76992e43279159ca22a", @nested={0x17b, 0x81, 0x0, 0x1, [@typed={0x8, 0x64, 0x0, 0x0, @fd=r4}, @typed={0x8, 0x68, 0x0, 0x0, @uid=r5}, @generic="7384d3f404a5e413bb29b58a2c4ae5414ea6b4f679f98d55dd3e69957d19056d48fae13b9110d304fbed357e0fcc59ebf5b4b00bd18c21bd0ca1dc1b024bf5b3d6bdb991c3a4413b07e7531ae500f2cd673ca2a919e8b21c592d46f034572bf1fb8ecfa920b3d057a2f7779506d8fcc57cf3afd117527262b6a2b129ee1a836c42b5475be0b2f5ac4641d514a231f91ff8904190c553df1bbb8524d3a2ca54226b6bb480db", @generic="8edee586a4c083919d06a26ff97a1c65b6e8605fa18696dd050d808da3109518cebf3fff448054fe9615f0132035981bf73b9e14a59fd6", @typed={0xc, 0x27, 0x0, 0x0, @u64=0x10000}, @generic="5213ac6b2b0aebfcb01abdd9fc4106e30936366793c3ef6f231458324369c01f3bc0042a902f427968660847d40569a6d12f31731bd51c3d5c478a08a94ad55ece4ece44c1d1e1d0c5109e3996fa70ae463e06cbcfdf1faff0b57118c9de4050c4af15d530de0352959c250c159d7dd96af40f628b9f016d964c16b342ab90"]}, @generic="8f3eead4582f2719cfa2c36124", @nested={0x243, 0x84, 0x0, 0x1, [@generic="28c5e1941c36f731d6eab2b55a7c03523dba4f9964fb425f14dd350f07c2322a3873443b0a7633cc953686fa5dd8c11ccda3658eec2f2edb50630f8c9c27cab2258ae9dcd94119d56f65f7d36af56f9bd44f3e8525d657d020f034b37b45b54918f38b0bfa216ef13393ffff85c1869ec575384a92e270ce", @typed={0x14, 0x32, 0x0, 0x0, @ipv6=@mcast2}, @typed={0x11, 0x26, 0x0, 0x0, @str='/dev/snd/seq\x00'}, @generic="92227461a2455dd7dd82019ef808d89c5d670c49c2c3e176cb2a448ad4d93367aebb9b811fbb57b04dfd90621769a93a4a9528f5ebbee2e534d86b3f8bba0a4e38d7eaccc10b167766c0d24dcc211d1a72049510957e3ca041ae2d205b8c9e0a44c04ee3d825a02fe41e31382263e3f93d5cff786909eb6922d0231e4a4bbceba483c2b9a6fb57a302b6bd29885049356100035101d459261592ad6eab629c0e83bfd9cb70ede5f6d8f0a2d1df053f7d93f8dfdd120e063cdf891f82efe91196f0f26386b12c9aa21ea0e05b7ba3c3ba88d5e7b169caf3ad1c4288005477d754829122c8280ebe", @generic="49cbd02e426bbb544bef541de727d88026a41992967502a803b9741e1a13325bc0813526293bbd53d5af440f45cea115fea2ba1ca6f25fad39b9181c43338a77967095c0d6e3826c9598c2269f60e68365242607d9cd4ea3c76c5facdd1ea53903fb6ecd3473b4401ebfd12bb1e8a69734ee23e85e7962fd0c3e5b6adc0bef0ff3eef13d5c641ae3f9e4de49d3e76eebe900184213d3afae74c956a959b01838a554fc4e9e5288c98fd75623d4c29711", @typed={0x8, 0x41, 0x0, 0x0, @uid=r6}]}, @nested={0x13e, 0x29, 0x0, 0x1, [@typed={0x5, 0x58, 0x0, 0x0, @str='\x00'}, @generic="97ed2bb5ca24d695ee178eec2cae57629cdcd0b9c295f8d040f7b2039f26f456b9c7efd5836500d3b053864822737185c2254dd3", @typed={0x4, 0x55}, @typed={0xc, 0x4, 0x0, 0x0, @u64=0x5}, @typed={0x8, 0x3a, 0x0, 0x0, @ipv4=@remote}, @generic="224c97f4481cfaffd07583cfedf85169616323b880791c6675187822b2abf0970b82e531043ead23c61652dee6563954e1a6ef647c434935873dfda9b51607e58bbc5f9734135e6358e846afdffc53317ec61e0ab50283d51577f0f216c69b6ca521aa2621981917fa7b2eb6bd56079696af83e53df75aa35f683e8457e3c1a329c1c3dbc3fd4933376f509a56609831be7818eef77066dc28d7f7924a8fe807f043935ddf299371396835c8668b272608d773565e3b5435a56618a0f5a650f295169b03e21c55c25cd125e6be21fb9e6b811f389f8234841e54faeba8845c0a8ee9", @typed={0x4, 0x77}]}, @nested={0x3c0, 0x6c, 0x0, 0x1, [@generic="368802eef44822da4a8a0dcc6ccdad0928cc6b50576adf69bf8f59f4c0e656acc3c4369e623e1047c9d416caaeb622bfe8252c398743024c658d0697fe1f8e46fb209a354f9baae0290aa21d16dcec8a4756a99ab62cfb10ee272538feb818bd3c858531eb243e8391ccbede4c155087117a9f1f2f1358f0332e", @generic="83660d2dba5445b94d0a003464f811fa9f029275650d0fd0b288b4225a38356860660e6d92a46a61e2a1e2e02e8e8504faa883a3a160869a91d2ce691960439cb6ebac747e9ec664453dd56ffb1c41deb3a4ca7699d31760d62453f66a818e9b75035c3906b913b90252e004", @generic="ca2fe10e84c9d598a40c2b66bcddc3c02d45cc50491e26d9e6a526bb65c5cb51d88d325abb2d3a058e1b3c7993127ae250d1cd81ba7c53b472cbdc652be4dc2c978ceba323456c9f2e880a6b05bdf4da1cb89965d5daef9f66cf79c565f9023e91c33da446f0d7a126cd232ebfcf8c83ebf8fe38223c9ec694b6fc7093be141e89671a7ce1f506ff4e529956fbb37e69cee321d36d427edecc52d96e4211159005c0650dfc92", @generic="efd447fdde190e19e02bbef20d99216e330a70fbd13a34889ade2d2d7748a6ed37f719d3d344552170a0c92dc9c3f9a0b18c4efd20d7b74b324d9b3059bc952008a4a613f453000281dd658d525dd160930d94a491c1e227cd337b7527fd2a79952a29d79763848fd12025a2e2a9ff2b1645949b84434fe7534da4c39f7c612d1b4b8dd305bb72a2ca2248f6be0f57", @typed={0x14, 0x4d, 0x0, 0x0, @ipv6=@private2}, @generic="8c6188a21ad456399f14f060adfa04102015d0d712a0fd", @generic="6ebf9763c0fe0efa781b3e732d49dfcbea49a76eb9cc9cf950990227058d8cf6317420bc00ecb2d505df14de411793683e5e99632b117e2c20f0a30af8997c0521ce9e3efc49a913b09407612d97c886333ad0fd52a0fb30ea056b73159ca7504d6943f998200a38eda0571bb3b3a933cb2bba89e591b1906b71f8b244cde8f20cf8a1bf7c37ec433ab2407b56849f76e32b08d90a0c064e9f051452ca9a622d83e94830efdcc629428ddca00e1a915f0c1b780b58651d677f3754c4c702694491fde5afaefbc8e006d200c2236266e1a66bf0bb88f0479925469499e2cad6702d80a56f7820", @typed={0x8, 0x5a, 0x0, 0x0, @uid=r7}, @typed={0x4, 0x18}, @generic="872766872862137bddb8f2bca41c63868c461a4c740946b5747cb75c0474cd92d56443c1270b57afe563b0d9afaa5cfbd2fd2df8639718da1da842f5d7a10e711f284b93758bb0100d31c3b780b825c3994ba71456f78ec467dfc21ce42803f52a906dffcfa76e273c481b16ec549a3495d906ad8be27f745d49fbbb24b942729f58ac96"]}, @typed={0x36, 0x15, 0x0, 0x0, @binary="a51f6675d19bf7d0bcef53dd40963cc4a3794ee4b7387d865dbd27a4b0d262a096befaf81c386433a65f6fc45f95076deae3"}, @typed={0x8, 0xb, 0x0, 0x0, @pid=0xffffffffffffffff}]}, 0x92c}, 0x1, 0x0, 0x0, 0x20008015}, 0x40800) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) splice(r4, &(0x7f0000001300)=0x9, r0, &(0x7f0000001380)=0x7ff, 0x100, 0x9) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r8, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2163.115628] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2163.117258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2163.118797] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2163.135577] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2163.135577] program syz-executor.6 not setting count and/or reply_len properly [ 2163.138484] FAULT_INJECTION: forcing a failure. [ 2163.138484] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2163.140016] CPU: 0 PID: 39054 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2163.140890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2163.141850] Call Trace: [ 2163.142195] dump_stack+0x107/0x167 [ 2163.142665] should_fail.cold+0x5/0xa [ 2163.143159] __alloc_pages_nodemask+0x182/0x600 [ 2163.143766] ? __kmalloc+0x16e/0x390 [ 2163.144252] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2163.145047] ? trace_hardirqs_on+0x5b/0x180 [ 2163.145618] alloc_pages_current+0x187/0x280 [ 2163.146190] sg_build_indirect.isra.0+0x2f5/0x710 [ 2163.146822] sg_common_write.constprop.0+0x992/0x1a30 [ 2163.147496] ? sg_build_indirect.isra.0+0x710/0x710 [ 2163.148144] ? vprintk_func+0x93/0x140 [ 2163.148651] ? printk+0xba/0xf1 [ 2163.149076] ? record_print_text.cold+0x16/0x16 [ 2163.149626] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2163.150280] ? trace_hardirqs_on+0x5b/0x180 [ 2163.150846] sg_write.part.0+0x69e/0xaa0 [ 2163.151373] ? sg_new_write.isra.0+0x770/0x770 [ 2163.151975] ? __lockdep_reset_lock+0x180/0x180 [ 2163.152575] ? perf_trace_lock+0xac/0x490 [ 2163.153119] ? lock_acquire+0x197/0x470 [ 2163.153636] ? find_held_lock+0x2c/0x110 [ 2163.154162] ? _cond_resched+0x12/0x80 [ 2163.154658] ? inode_security+0x107/0x140 [ 2163.155182] ? avc_policy_seqno+0x9/0x70 [ 2163.155697] ? selinux_file_permission+0x92/0x520 [ 2163.156316] sg_write+0x87/0x120 [ 2163.156750] ? sg_write.part.0+0xaa0/0xaa0 [ 2163.157261] vfs_write+0x29a/0xb10 [ 2163.157724] ksys_write+0x12d/0x260 [ 2163.158188] ? __ia32_sys_read+0xb0/0xb0 [ 2163.158706] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2163.159371] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2163.160037] do_syscall_64+0x33/0x40 [ 2163.160514] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2163.161182] RIP: 0033:0x7f5171091b19 [ 2163.161669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2163.164061] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2163.165052] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2163.165987] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2163.166907] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2163.167832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2163.168756] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:28:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:48 executing program 1: recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004e00)=[{{&(0x7f00000000c0), 0x6e, &(0x7f00000012c0)=[{&(0x7f0000000140)=""/197, 0xc5}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/127, 0x7f}], 0x3, &(0x7f0000001300)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f00000013c0), 0x6e, &(0x7f0000002780)=[{&(0x7f0000001440)=""/242, 0xf2}, {&(0x7f0000001540)=""/77, 0x4d}, {&(0x7f00000015c0)=""/178, 0xb2}, {&(0x7f0000001680)=""/123, 0x7b}, {&(0x7f0000001700)=""/4096, 0x1000}, {&(0x7f0000002700)=""/18, 0x12}, {&(0x7f0000002740)=""/28, 0x1c}], 0x7, &(0x7f0000002800)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x88}}, {{&(0x7f00000028c0)=@abs, 0x6e, &(0x7f0000003b40)=[{&(0x7f0000002940)=""/191, 0xbf}, {&(0x7f0000002a00)=""/4096, 0x1000}, {&(0x7f0000003a00)=""/12, 0xc}, {&(0x7f0000003a40)=""/61, 0x3d}, {&(0x7f0000003a80)=""/154, 0x9a}], 0x5, &(0x7f0000003bc0)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000003c00), 0x6e, &(0x7f0000004d00)=[{&(0x7f0000003c80)=""/4096, 0x1000}, {&(0x7f0000004c80)=""/120, 0x78}], 0x2, &(0x7f0000004d40)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}], 0x4, 0x0, &(0x7f0000004f00)={0x0, 0x3938700}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000004f40), 0x101080, 0x0) fdatasync(r2) mknodat$null(r0, &(0x7f0000004f80)='./file0\x00', 0x1, 0x103) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r3, 0x0, r3) write$sndseq(r3, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r4, 0x0, r4) write$sndseq(r4, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$BTRFS_IOC_RM_DEV(r3, 0x5000940b, &(0x7f0000004fc0)={{r4}, "961bd7c74b919bb8010b19d6159b24603e50b7a9f0cbe6525a018f34583e27ab2d30517b135a7a6c604da306628618cfc662f57198685a3c171f47720d4869196d578854018c3af6cb218d084614b99788127817e3505d4110db9a83d82df47bc1df29bfb4d1a399675febd99f6645083b50a5381c2368bdb0c42a915b2b0cde14bae42f8717f0c5c272e79eb8e27102312897fa01a72dfb7c8577bedc78e3674db2198d1226daa85d846ce34ae4c8e92dfe3c7cc5582a1ef2995998157c3877ea78781de0b58e6f51ab00bab229dbe25d7b785f580beaafdfed3373b338dfa447c6af505e13558db03f7591526bbfcf2da6bf29cbb8f5ff159639641fef683e4a93c03a536508784080b878fdb94b31b33e26971b48b4b17216fee1f69d3fa5bc70178556fd4c563ae6072241152f97757dbd91095b8b6fd46447cc6bfe962e8bfdadb9569b8313b763de9540ec2c626b6db3910777aa6a9f94900defbe5731a9d23a6947ec21b9ba48f910598fdefd670241d1329f4fe55729420b6acc53518f1aeffa9fa57501035a5372120950de39306c280e1efb5aa7cd132ff32a860295d5a7aab1628496f66371a3ccf7100ff29ee5a4c6aa2a53341b1d66415c852ddf0a22256edb1a21b4901162368a709287ddc9e63bfd4ccfd102fa2334023ccb96d2d30365d40de374d04b270fff926c0b5a4cffa7a87643d079c64e24eef92601fb4247fa12b2db1517879e5f0119073489ce67b4b194db5a4ce4ef56064d719543b11ff87d05fb02207840f208c8ac488080860c4b26be5ed4cf9a4da42fb8a1bc22bb2bccd7602d8bdd2b364784b3b9d4fa10a657507a975f5490151376c37e4234fe23a330ac76b86ba6a8141f9582617c2a352e3e7bba497c524e803a0c2eb87d552bac0bb033fb2fa592839b1ab4848c8862fae28c204acc60ba7b23bd36c2856eb44814c67b35d55944acc20f150eec8afb0fa3957191e749d1c172d1ef1b5e9a766a4491b21ff4bdcd8765c17e84433e49d799cbe5de226d8d4268844c6c0c51fd2cc30f41b9a1b205a6056df32dccd4ab92cf8968ec8f27a0f366e01f24e85e268150d3c83d5d1032edd827253e77079f2431a4746faf9c1a9878037fada6af1d4221e5865b06961931e8abed0da30a2ae22ce5e836942b79d2ad0f73f8d1df9961d9d6fdd46621050d735c5f60e6ee7321cbedf666effd1a9f85cf47790f4e75aed090fa4fd7524960452a02a5d95046d854a3c2759a6243e8b9dc0699e7d22881847961c26cbe687e18b089ec4a87b0b71ce0157ac89ba329b12717613ee323e60d99f0ffe00d4de7de8e2be9538ce55fb2b45b0c42c5189bde6be1507734771cc85dde6ba140d9afbfdad430ed903ac64f9bbbf52b5f8920d8f4dc6d7fe2e4bed89c2539513477dd21a1b5b9951a70f9866add54e994dd8ca99a429ad87d362f28c6edda8f5c1fb102597e04c9af0951d584eee5a39e6db81ab7314764e5e3ba46e53586d1e5268a2a00e04993e2ac6911f3e8807e3b9855fc7e7dc01108de37c5a1b5335ea42a0b3fb86abff778870fa4aa4fc4228a10fe337558a1a8e10126fce0057d044eff34a6ba5815e1c3000a8a2bddde3f2e5897d2da6db3c4d1cd4cd356c43ab58c6a0c95015d861ff31e4e40e34e315cb9629736ba6caca775538817496bf3a6ffe328dc6afc1271e53b7360a4f9448ff521c3aa5cd05fe8762f160b296cc7b2ebd9373160cd5d7bac62b69782a75abef0c113bced935185193d46768297eb9bbde3253a8c7969f5e2ddc64bf9e7f2990caf9a9b57633a274a6385bf02a0b3ae2d419f9bbea92f25d38cdac59a57d423611d9282f274dd9f3f194de387a4e3a37025d27a983b7486adbc7c852bc457f35e278f0e766ced9b900f6f7852ad893384e19ec3efac4995bc9aaec12d8d445bfe9791eb5edc531e1dfad7e36ce7acd45577e82658b3d0a8480632cb714fb41a1ee677372667ffc4fe0521ef1186e375585f4142c0e811bdefb3fa31bc8d58662f5e181c08f92e66b954f7253eb7b45262c6d6f4951b539a1b961e760eb05af1c19e68f723e40b60e7930b045bf4d196d95666eeac02a9af2f4f83b9cd9e0729f6d4921438f9b430a42ee72ff9441319276ed9c445d9ddd936d059268cfc5f873ee6944c51eeb74d18c8ea603bf8c7ffe6f38e28c741b7c70da916391b0ee378c7c91f0b7d0e20639cef5438a306f814fc11dc6d5622626dda0568e99e7dcf422c91fec65605bb576a6c9519ab64168b6a3c4930c33001080b8996da55a7961e10108a39058984c6ccecc375ae071da17aaf9aea6a62a503276ecf5cd2528a4b410e92a057a017b58c034c1800f7219a41a91177186ffbe171681614d791041f0eae5bc0bf81f9199c26799be7efecfd903a9dd086c8f1a6eec8f9a27502da3f6261fa4b4d37c3349b4193ff7b8bb4a8f0f545234f39c6ce60f11e36e13a33ffef7128415c5fc67b7d7c22da7d08549394026a9471be19a74ff26eca7e2aa1cc7cbfa59331f181532cbee7a3917fa35f6a66c3ff48635f9c888c298f598087bd21aa9eeaf8262a2ef623b43fa6e2c1cf51fefb7fd8db8acdc55386d7e0fec5e9d510cdca01a8a87bab207ceb818a188d2652cb8a40bffb9d3431b88e009dfe223b04d8a094fd574c6b9049987b0856c45fafac49e235af5753a6b15ecc822b7ebe0d328c5f4802e51c75515700b5f6fb7113882adccc26c572098877dc57eb7fc2d0b787e4060a8bf0e1e169c161c58800ac714a6c0916b6b44be8a7292c4bea942226fbaddae60fa0c5ac668922d630b64b8752ff1ddf0c3ace0c044f30a6d38f672c6c8b4efec5d481e12fbcc5af8b5e30b3e9296d1db52f77aedf68d66e83f2ac1f728e9f24d2fc4718ad82337c049352b43aae848c9ce94b34f653eb7064fed35ee7e454c44730949084832a16611388984aeda2d65a7d7adc82ddad0cb7a3e41333798c0c2efcad837f1cf317ec58afd512a4de82de4b044608e8e1125773bb9e1d78f80c13651f92f386c79de416c92d9fe24cc464f581ca64a75e811d8e7fba2a5802984c46a8df5464c59728909b7b89aec1b5dceb855ef0d4cff8228c6fdade3097249132082233dbf3e355bc0b017bb8e60e161586bc37115880d5998be577d4f0d0e2a278c096af46cdc69a2f0c915e52dd0e7e70227fb9146d183e49ebdff316d36c0f86e70cfc70cae77ca0df45dc8630702dea96b9c1c1e4be3abaf1736a2387badca81295ce54d3ffbe8f7ca63b8046129bf6e98daf5d72df658d9e017172b928de7d4bb0820894605944f7ae21ab2324394ecb71bfb62a06d23cc9f5aab41d53d6a0555a8b3241a0ba0d7984f293345b216a7701a9bec093acfd4306042532ae9c33a8d8888b407cbe37bbe781d89595a08faeec730e85bf8fb4b425c50c7bbb88aac07047682ed31c8afe9305e2d05e9fcc80bf532aae6d395d657c32573c60fd6770df7bed5c1e7458fa1b9e2b3458c2ea9622d1da151e5a94ac95790f327aa65f1f3740671ce08545d4c7ac8447248954d68c19dac58cd3cdbb6cda6138fa83d0c72234af10de2cc673c7ab19dc467598fec464e7f08db73428c34be61221520f54571b8649e56aab045d7d80d93b05c44f3bc21a3f6821e58b2980228fe7d8485c72af868d292bede09d1e517ff3f7ea819ae128dc24c886b082fd1f70f7a61a7e88366e4288378625f262c8694cca857fbe30fab5334cd9800824176530a23918fa3426c254e56037f18b91c21cfad129fcc3f9ef3e501c1e9f3b451fc629301431178a6f984728ffa1c89c67f836652d9e1e5320d1b82fbe78201111cc0b224c9cb36a16071c0e70095bb4358765437059c08d45d0d913757213aa3f9a7755de1cea6ebf2ce887338ee23e7428fb71c4c696c185aa5f3f6f2dca44d08dcc68a93b52b00355274e576a2d903e237fe1c19cf22dd29c4e07a5a35fcfaa0e4e98ccdab7473cad98b8afe0a95afd28a80e4666af9b5be2705023d94d4d627cb4c55bfe828fe0da972e77e97c5e300e58fbc716871d9ecc7216ccd3b4f1be8f7adef77e0bac0f59c4a7cb8c092d909ee13cd43f491b2d7c4228f98f15e98246f4dd1a4e1304f974c2c980bc886b2a01278bc7c758a70627e18461a96444b9a0994582ab05585a488247cb404a5e695915f4a1d3e8419142d5101daa55e5ef3e998cbfb8d05ff4dbdf31b3b00b546d32378324f65b74fdc3045f14752f8d63d2ba0e1bf8e40009030894faf64ba940df292641512b6f2d4ee19cadf99b5dfafdd2bce20b2fc495a1355dd2750f9aa36f5a4c27fc65011d3cb38ccb89c169f13b8af0c13c8a4f4c47f4482243cf93286cf9e4ba9eb4cd669741454e29f0dcd4a487c74687cecc7ce1284517cf5d9571ebd08a5274d9481bb4a7529b514ab558b3de1f1dfcc597fccb93e6de78ec9037332878a25c65fc39c78ded6a17731b4ee2ad3694f0c59300972847857610ef25870b4419dd68526c1b594df300de1853034983fe764de6d03114c12180fbe438b08b1be063d3e17c22ce32cac860bb550f74937cd8422ac9c8c8fb037f72bf31bac3184bf0b2869340b5603ad8c870850f6c4f7e581c1dc8e3233c519f06f1a95da4e40adff1d33f5a202734363b6b6f690f3d5758dc9a087577e13e759502563162ff5b005f50964dd1f3d5f2872066ae92a7e9db677c083a4a2395263ef6f1567ffb4982c9cf1f265b6abb36ee0e2ea0c1d701a50d73f94f1e75d331676504d0154b8edd485377db219872e1142e223e547ac5a424dc9e4303ffbdc8e189d8d8959fbc102998344ad238893d48979f86cbf45259a4a2a9d27f3dcd14727043f6f0f49c438c217570e74b21d3c4726bda4d66439c6c492d044ad037705f0e26abfe109a8694ecb24348e195d671b973b28e8399ec0fe33b41ca9abfd3f5f059374c48d2c6f36fa70cf1c18b1969f5062698de675ef4acfa560a351dc343f272ac9b3316d6002245a96884e5b6e3c09242a3268f0f384b1cc1a1eb677f95a5c4845eb1103f996ddcdd85948b945a8540efbd21b72c60532b767f84a4e047f4539d31b69d444f643f0c9a5e98c4b4a1c8ac649af32d82d3d227bb566006df2eee57c603292c143bc2dbeccc6e6f8e6162d68cf756bda2ddf5ac38f30d827cb89e7d8b7b762ba6421951cfce887e32d2c463c956dc465f76df2993f47b59d17004986a869206260a39eb17ce66bef04614cbbe377b6a1008029eb6ff1b7f68355e3b649fda1ce488fdd557e5218225b8c105ca1c0d5f1e90b7462926598267a9ec9b2b31dffee949aac82e35b232ef44d2076ee0389759f306cf5477389b088f7c116bb1bbd0b161c854a4fe35fbdb96f6bb3099aa64bdd154596b8905e09a1c701d5e848a63f1b46eebf46cb3c73aebb53818db89536a6336a5d98814fe548c40030808116ab2f494e0d7b95d6c51cd04bfedb00fba6217486248ecfe9eb65dff6c906f7ae501c22df34ff08c9c714e98fe951d5b05c71cb039bc2a410471e493c4d6e8f8b60d392bc69f0ee694a2e36630257457dda7ae7d637465f5c6742429435e12d8a5157f9d3b934e2a6968ff10c6706b2ba07a205a5860ebffce23f4172a164c14c4be87e3233628e130ad8b73b2b62a44fff983cb00d414ae020bfe9056a5862c37f852da8a7eb364a119062fb8907d8a83a1921c2a06fc4924a3333bc3fb0a24c4b9ce64ee1b754afd0e7369c978ae4e2719de651224db6e95090241f4ccca203e51"}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000000)) 03:28:48 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000040)) ptrace(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000100)=0x3) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0x8fe) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2163.236307] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2163.236307] program syz-executor.0 not setting count and/or reply_len properly 03:28:48 executing program 2: r0 = getpid() perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x40, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0xa96c, 0x401}, 0x46004, 0x0, 0xd8ce, 0x6, 0x401, 0x3f, 0x8000, 0x0, 0x8f1, 0x0, 0x4}, r0, 0xf, 0xffffffffffffffff, 0xb) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) read(r2, &(0x7f0000000080)=""/78, 0x4e) 03:28:48 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='projid_map\x00') sendmsg$NL80211_CMD_LEAVE_OCB(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x0, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x1f}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x50}, 0x4c880) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000000)) 03:28:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:28:48 executing program 3: prctl$PR_GET_CHILD_SUBREAPER(0x25) r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:28:48 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 89) [ 2163.347724] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2163.347724] program syz-executor.0 not setting count and/or reply_len properly 03:28:48 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000000c0)={0x36c3ee0a, 0x1, 'client0\x00', 0x4, "90e504df6b36b837", "325734b421bf420454dec575bf18caef6fd088beb0056b9dcb5293110f992587", 0xe41, 0x8}) [ 2163.381272] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2163.381272] program syz-executor.6 not setting count and/or reply_len properly 03:28:49 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 94) 03:28:49 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x7, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r2 = accept$inet(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000180)) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r1, 0x93e0}, {r2, 0x280}, {r0, 0x100}], 0x3, &(0x7f00000000c0)={r3, r4+60000000}, &(0x7f0000000100)={[0xfffffffffffffff7]}, 0x3) close(0xffffffffffffffff) r5 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x0, 0x1000}], 0x1, &(0x7f00000001c0)={0x0, 0x989680}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, 0x0, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r5}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r5}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x14) [ 2163.407736] FAULT_INJECTION: forcing a failure. [ 2163.407736] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2163.410304] CPU: 1 PID: 39649 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2163.411748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2163.413484] Call Trace: [ 2163.414041] dump_stack+0x107/0x167 [ 2163.414806] should_fail.cold+0x5/0xa [ 2163.415611] __alloc_pages_nodemask+0x182/0x600 [ 2163.416585] ? __kmalloc+0x16e/0x390 [ 2163.417374] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2163.418641] ? trace_hardirqs_on+0x5b/0x180 [ 2163.419553] alloc_pages_current+0x187/0x280 [ 2163.420484] sg_build_indirect.isra.0+0x2f5/0x710 [ 2163.421524] sg_common_write.constprop.0+0x992/0x1a30 [ 2163.422622] ? sg_build_indirect.isra.0+0x710/0x710 [ 2163.423671] ? vprintk_func+0x93/0x140 [ 2163.424489] ? printk+0xba/0xf1 [ 2163.425188] ? record_print_text.cold+0x16/0x16 [ 2163.426177] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2163.427235] ? trace_hardirqs_on+0x5b/0x180 [ 2163.428162] sg_write.part.0+0x69e/0xaa0 [ 2163.429020] ? sg_new_write.isra.0+0x770/0x770 [ 2163.430000] ? __lockdep_reset_lock+0x180/0x180 [ 2163.430975] ? perf_trace_lock+0xac/0x490 [ 2163.431851] ? lock_acquire+0x197/0x470 [ 2163.432684] ? find_held_lock+0x2c/0x110 [ 2163.433560] ? _cond_resched+0x12/0x80 [ 2163.434378] ? inode_security+0x107/0x140 [ 2163.435247] ? avc_policy_seqno+0x9/0x70 [ 2163.436096] ? selinux_file_permission+0x92/0x520 [ 2163.437120] sg_write+0x87/0x120 [ 2163.437839] ? sg_write.part.0+0xaa0/0xaa0 [ 2163.438723] vfs_write+0x29a/0xb10 [ 2163.439478] ksys_write+0x12d/0x260 [ 2163.440242] ? __ia32_sys_read+0xb0/0xb0 [ 2163.441097] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2163.441213] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2163.441213] program syz-executor.7 not setting count and/or reply_len properly [ 2163.442198] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2163.442223] do_syscall_64+0x33/0x40 [ 2163.442246] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2163.446314] FAULT_INJECTION: forcing a failure. [ 2163.446314] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2163.447069] RIP: 0033:0x7f5171091b19 [ 2163.447090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2163.447105] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2163.454708] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2163.456194] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2163.457697] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2163.459185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2163.460677] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2163.462203] CPU: 0 PID: 39817 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2163.463045] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2163.464065] Call Trace: [ 2163.464389] dump_stack+0x107/0x167 [ 2163.464830] should_fail.cold+0x5/0xa [ 2163.465308] __alloc_pages_nodemask+0x182/0x600 [ 2163.465879] ? __kmalloc+0x16e/0x390 [ 2163.466329] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2163.467056] ? trace_hardirqs_on+0x5b/0x180 [ 2163.467581] alloc_pages_current+0x187/0x280 [ 2163.468113] sg_build_indirect.isra.0+0x2f5/0x710 [ 2163.468701] sg_common_write.constprop.0+0x992/0x1a30 [ 2163.469333] ? sg_build_indirect.isra.0+0x710/0x710 [ 2163.469934] ? vprintk_func+0x93/0x140 [ 2163.470404] ? printk+0xba/0xf1 [ 2163.470802] ? record_print_text.cold+0x16/0x16 [ 2163.471363] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2163.471968] ? trace_hardirqs_on+0x5b/0x180 [ 2163.472495] sg_write.part.0+0x69e/0xaa0 [ 2163.472986] ? sg_new_write.isra.0+0x770/0x770 [ 2163.473552] ? __lockdep_reset_lock+0x180/0x180 [ 2163.474111] ? perf_trace_lock+0xac/0x490 [ 2163.474619] ? lock_acquire+0x197/0x470 [ 2163.475105] ? find_held_lock+0x2c/0x110 [ 2163.475601] ? _cond_resched+0x12/0x80 [ 2163.476076] ? inode_security+0x107/0x140 [ 2163.476575] ? avc_policy_seqno+0x9/0x70 [ 2163.477065] ? selinux_file_permission+0x92/0x520 [ 2163.477656] sg_write+0x87/0x120 [ 2163.478066] ? sg_write.part.0+0xaa0/0xaa0 [ 2163.478573] vfs_write+0x29a/0xb10 [ 2163.479007] ksys_write+0x12d/0x260 [ 2163.479445] ? __ia32_sys_read+0xb0/0xb0 [ 2163.479938] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2163.480572] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2163.481194] do_syscall_64+0x33/0x40 [ 2163.481649] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2163.482271] RIP: 0033:0x7f794b5b5b19 [ 2163.482720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2163.484934] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2163.485853] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2163.486702] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2163.487553] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2163.488403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2163.489252] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:29:05 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 90) [ 2179.994464] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2179.994464] program syz-executor.6 not setting count and/or reply_len properly [ 2180.003937] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2180.003937] program syz-executor.0 not setting count and/or reply_len properly 03:29:05 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x5, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) close_range(r0, r1, 0x0) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:29:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:05 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x6440) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:29:05 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x200000}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[r0], 0x1}, 0x58) 03:29:05 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x4f81}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) socket$nl_generic(0x10, 0x3, 0x10) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe7, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r2) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f00000000c0)={0x1, 0x8, 0x0, 0x3, 0x4, [{0x6, 0x3, 0x1000, '\x00', 0xc}, {0x10000, 0x3, 0x80, '\x00', 0x100}, {0x9, 0x5, 0xffffffffffffff69, '\x00', 0x8}, {0x1ff, 0x100000001, 0x6, '\x00', 0x2}]}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r4, 0x0, r4) write$sndseq(r4, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f00000001c0)={0x40, @tick=0xfffffffe, 0x7, {0x0, 0x4}, 0x2, 0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r3, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) pread64(r6, &(0x7f0000000300)=""/168, 0xa8, 0x3) 03:29:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 95) [ 2180.015685] FAULT_INJECTION: forcing a failure. [ 2180.015685] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2180.017307] CPU: 0 PID: 40026 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2180.018267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2180.019398] Call Trace: [ 2180.019762] dump_stack+0x107/0x167 [ 2180.020257] should_fail.cold+0x5/0xa [ 2180.020780] __alloc_pages_nodemask+0x182/0x600 [ 2180.021411] ? __kmalloc+0x16e/0x390 [ 2180.021925] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2180.022743] ? trace_hardirqs_on+0x5b/0x180 [ 2180.023330] alloc_pages_current+0x187/0x280 [ 2180.023930] sg_build_indirect.isra.0+0x2f5/0x710 [ 2180.024588] sg_common_write.constprop.0+0x992/0x1a30 [ 2180.024672] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2180.024672] program syz-executor.7 not setting count and/or reply_len properly [ 2180.025293] ? sg_build_indirect.isra.0+0x710/0x710 [ 2180.025308] ? vprintk_func+0x93/0x140 [ 2180.025330] ? printk+0xba/0xf1 [ 2180.030332] ? record_print_text.cold+0x16/0x16 [ 2180.030975] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2180.031656] ? trace_hardirqs_on+0x5b/0x180 [ 2180.032263] sg_write.part.0+0x69e/0xaa0 [ 2180.032816] ? sg_new_write.isra.0+0x770/0x770 [ 2180.033444] ? __lockdep_reset_lock+0x180/0x180 [ 2180.034091] ? perf_trace_lock+0xac/0x490 [ 2180.034655] ? lock_acquire+0x197/0x470 [ 2180.035200] ? find_held_lock+0x2c/0x110 [ 2180.035755] ? _cond_resched+0x12/0x80 [ 2180.036278] ? inode_security+0x107/0x140 [ 2180.036835] ? avc_policy_seqno+0x9/0x70 [ 2180.037376] ? selinux_file_permission+0x92/0x520 [ 2180.038039] sg_write+0x87/0x120 [ 2180.038494] ? sg_write.part.0+0xaa0/0xaa0 [ 2180.039067] vfs_write+0x29a/0xb10 [ 2180.039547] ksys_write+0x12d/0x260 [ 2180.040034] ? __ia32_sys_read+0xb0/0xb0 [ 2180.040585] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2180.041286] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2180.041991] do_syscall_64+0x33/0x40 [ 2180.042488] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2180.043337] RIP: 0033:0x7f5171091b19 [ 2180.043915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2180.046458] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2180.047476] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2180.048434] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2180.049390] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2180.050351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2180.051304] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2180.056275] FAULT_INJECTION: forcing a failure. [ 2180.056275] name fail_page_alloc, interval 1, probability 0, space 0, times 0 03:29:05 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ppoll(&(0x7f0000000380)=[{0xffffffffffffffff, 0x128}, {0xffffffffffffffff, 0x2002}, {}, {0xffffffffffffffff, 0x6080}, {0xffffffffffffffff, 0x9200}, {0xffffffffffffffff, 0x62}, {0xffffffffffffffff, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r1 = fork() kcmp(0x0, r1, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) r2 = fork() kcmp(r2, r1, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r5 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r4, r4) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r4, 0x8308}, {0xffffffffffffffff, 0x2002}, {}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400)={[0x80]}, 0x8) r9 = fork() kcmp(r6, r9, 0x6, 0xffffffffffffffff, r8) r10 = fork() kcmp(r10, r9, 0x6, r7, 0xffffffffffffffff) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0x0, 0x0, 0xee00}, 0x0, 0x0, 0x1, 0x200, 0x7fffffff, 0x2, 0x1, 0x1, 0x2, 0x2, r2, r10}) [ 2180.058829] CPU: 1 PID: 40035 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2180.060423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2180.062182] Call Trace: [ 2180.062743] dump_stack+0x107/0x167 [ 2180.063518] should_fail.cold+0x5/0xa [ 2180.064329] __alloc_pages_nodemask+0x182/0x600 [ 2180.065313] ? __kmalloc+0x16e/0x390 [ 2180.066101] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2180.067380] ? trace_hardirqs_on+0x5b/0x180 [ 2180.068295] alloc_pages_current+0x187/0x280 [ 2180.069225] sg_build_indirect.isra.0+0x2f5/0x710 [ 2180.070270] sg_common_write.constprop.0+0x992/0x1a30 [ 2180.071378] ? sg_build_indirect.isra.0+0x710/0x710 [ 2180.072429] ? vprintk_func+0x93/0x140 [ 2180.073254] ? printk+0xba/0xf1 [ 2180.073959] ? record_print_text.cold+0x16/0x16 [ 2180.074937] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2180.075999] ? trace_hardirqs_on+0x5b/0x180 [ 2180.076924] sg_write.part.0+0x69e/0xaa0 [ 2180.077782] ? sg_new_write.isra.0+0x770/0x770 [ 2180.078762] ? __lockdep_reset_lock+0x180/0x180 [ 2180.079738] ? perf_trace_lock+0xac/0x490 [ 2180.080612] ? lock_acquire+0x197/0x470 [ 2180.081446] ? find_held_lock+0x2c/0x110 [ 2180.082325] ? _cond_resched+0x12/0x80 [ 2180.083145] ? inode_security+0x107/0x140 [ 2180.084014] ? avc_policy_seqno+0x9/0x70 [ 2180.084863] ? selinux_file_permission+0x92/0x520 [ 2180.085892] sg_write+0x87/0x120 [ 2180.086605] ? sg_write.part.0+0xaa0/0xaa0 [ 2180.087496] vfs_write+0x29a/0xb10 [ 2180.088255] ksys_write+0x12d/0x260 [ 2180.089017] ? __ia32_sys_read+0xb0/0xb0 [ 2180.089882] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2180.090979] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2180.092062] do_syscall_64+0x33/0x40 [ 2180.092846] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2180.093926] RIP: 0033:0x7f794b5b5b19 [ 2180.094713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2180.098564] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2180.100159] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2180.101641] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2180.103149] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2180.104635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2180.106126] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:29:05 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 91) 03:29:05 executing program 2: r0 = getpid() r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x4, 0xfe, 0xfb, 0x4, 0x0, 0x6, 0x0, 0xf, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1000, 0x2, @perf_config_ext={0x2, 0x40}, 0x54062, 0x4, 0x6, 0x7, 0x7, 0x6, 0x3, 0x0, 0x6, 0x0, 0x8}, r0, 0x10, r1, 0xb) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:29:05 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r2 = perf_event_open$cgroup(&(0x7f00000000c0)={0x4, 0x80, 0x6, 0x1, 0x6, 0x7, 0x0, 0x4, 0x4, 0x7, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x6, 0x4}, 0x0, 0x68, 0xdf3c, 0x5, 0x6, 0x200, 0xfffe, 0x0, 0x3, 0x0, 0x3ff}, 0xffffffffffffffff, 0x3, r0, 0x2) dup(r2) 03:29:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:05 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) write$sndseq(r0, &(0x7f00000000c0)=[{0x5, 0x8, 0x1, 0x19, @tick=0x10000, {0x1, 0x3}, {0x2, 0x2}, @control={0x1f, 0x3, 0x3}}, {0x7, 0x4, 0x3, 0x6, @time={0xfffffff9, 0x7}, {0x7, 0x20}, {0xf8, 0x7f}, @connect={{0x6, 0xe1}, {0xe1, 0x9}}}], 0x38) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x181102) fcntl$dupfd(r1, 0x0, r1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000280), 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4ea0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xffffffff}, 0x1c) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x1149}, 0x1}, 0x6) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1000}, 0x4) ptrace$getregset(0x4204, 0x0, 0x6, &(0x7f0000000240)={&(0x7f00000001c0)=""/75, 0x4b}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r4, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)="10", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000002c0)="7fc454367fce6adc72e04fde2deea495afde381abd1161a6bcc26bc1943d6fb59baa3284bd3288c4a36e5305a1bb5e85d4d83edaff4ae938c109cac3b532fb8830bed4a3e9f8d0b0890291df781f51b3cd0bc4f77a05cc2ec097e44e7801a717d22b31b75c2d78ab3a911adfe9e5ff9f64f8430bf5363e282a089d62290f668cedfdd2b9141d8995d35642f9c00db961c3aaefe4d4f859a16e700c6b30ebbff0cda280ec43bc70b24b67eafd7e416dcf57515e9605f9497a9eceb46f71b4d15ac16e04b1aab5a98a15d439176f5c37852b8bfb15db89e7e0d61494c6b147e17884306b152cfff9879ae7692e481d295ce1d29cfd233349b49ab15f16dcd79710f847634b2929954ed04117f9db3e0272aaf193f54e01510ccd79acc27da8143103f6b4341c1b767b6c9c", 0x12a}], 0x1}}], 0x3, 0x8080) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000680)=ANY=[@ANYBLOB="010000000100000038000000587105000000ee000000f1daea2d97174edeaa140050a29df69cf380b74041e1756411d5a1c1a9314b4fa1227ee345b532ec7d16e263a41c4fcdd9c24928a883e39d64cd20e31e6d05a3d2c40b90f4680d86223ad4c722546ccbe375baede4fd001bad5c85a31b008370feb9ac00603e5c829205e222091919f95c9cf9d97c5e5a066c16842ca35dedbf4f69f12c9afae78a61cf0b2c8f3b257dcc8eae09792fc0dc8944f1473ee5ca8b907404c4cd5d268bd0d3e97835a5d45ac7dd1f5e09b71813c4ab98b378e3e04e76b2902a48e6a53f784050c6fa2cbf8b2e6f6709a4be0668aa761d07e22f52de426e263249e9ebc03f354f28024111d3f4e959aea9be994d091698099fc85c5ab684ad84d1c7bfc0161ce320594afedd945c08bbac696cd3292b062f120129139fb7cb49e8de4a0b7454b6f84ae576f0901970ccf4b974a2e6a3e5e901c2e32253e3bb97160192ece7b609976a7f230332c2d88fe6d9b5f0343ce2b4d3c844fe8c59bc57464faeaff7d737ac584da5723794e29a4c41e6dca25826707b34fafeb682f52d06000000000000009fa62e4542856a410767adfa931330cb99b91fc6e3c894281e73990690a2c32f531ec353608767afce49251e83c4b168199956dbb480b8419e03950bc4a50ce543573a2c78bbdd8415a008c47bf487b464030231c47974c5ca7af7a55d57f50e6a21f58d095b85e172", @ANYRESDEC, @ANYRES64]) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) [ 2180.183586] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2180.183586] program syz-executor.6 not setting count and/or reply_len properly [ 2180.186500] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2180.186500] program syz-executor.0 not setting count and/or reply_len properly [ 2180.204342] FAULT_INJECTION: forcing a failure. [ 2180.204342] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2180.206765] CPU: 1 PID: 40202 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2180.208316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2180.210037] Call Trace: [ 2180.210593] dump_stack+0x107/0x167 [ 2180.211351] should_fail.cold+0x5/0xa [ 2180.212154] __alloc_pages_nodemask+0x182/0x600 [ 2180.213127] ? __kmalloc+0x16e/0x390 [ 2180.213917] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2180.215173] ? trace_hardirqs_on+0x5b/0x180 [ 2180.216078] alloc_pages_current+0x187/0x280 [ 2180.216997] sg_build_indirect.isra.0+0x2f5/0x710 [ 2180.218020] sg_common_write.constprop.0+0x992/0x1a30 [ 2180.219106] ? sg_build_indirect.isra.0+0x710/0x710 [ 2180.220140] ? vprintk_func+0x93/0x140 [ 2180.220959] ? printk+0xba/0xf1 [ 2180.221648] ? record_print_text.cold+0x16/0x16 [ 2180.222629] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2180.223683] ? trace_hardirqs_on+0x5b/0x180 [ 2180.224596] sg_write.part.0+0x69e/0xaa0 [ 2180.225447] ? sg_new_write.isra.0+0x770/0x770 [ 2180.226418] ? __lockdep_reset_lock+0x180/0x180 [ 2180.227383] ? perf_trace_lock+0xac/0x490 [ 2180.228245] ? lock_acquire+0x197/0x470 [ 2180.229071] ? find_held_lock+0x2c/0x110 [ 2180.229941] ? _cond_resched+0x12/0x80 [ 2180.230748] ? inode_security+0x107/0x140 [ 2180.231611] ? avc_policy_seqno+0x9/0x70 [ 2180.232450] ? selinux_file_permission+0x92/0x520 [ 2180.233464] sg_write+0x87/0x120 [ 2180.234178] ? sg_write.part.0+0xaa0/0xaa0 [ 2180.235057] vfs_write+0x29a/0xb10 [ 2180.235807] ksys_write+0x12d/0x260 [ 2180.236564] ? __ia32_sys_read+0xb0/0xb0 [ 2180.237419] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2180.238527] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2180.239597] do_syscall_64+0x33/0x40 [ 2180.240368] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2180.241435] RIP: 0033:0x7f5171091b19 [ 2180.242214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2180.246042] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2180.247603] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2180.249059] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2180.250534] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2180.251996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2180.253472] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2180.286130] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2180.286130] program syz-executor.7 not setting count and/or reply_len properly 03:29:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 96) 03:29:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2180.295867] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2180.295867] program syz-executor.0 not setting count and/or reply_len properly [ 2180.300012] FAULT_INJECTION: forcing a failure. [ 2180.300012] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2180.301553] CPU: 0 PID: 40286 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2180.302452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2180.303517] Call Trace: [ 2180.303842] dump_stack+0x107/0x167 [ 2180.304303] should_fail.cold+0x5/0xa [ 2180.304786] __alloc_pages_nodemask+0x182/0x600 [ 2180.305363] ? __kmalloc+0x16e/0x390 [ 2180.305830] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2180.306590] ? trace_hardirqs_on+0x5b/0x180 [ 2180.307138] alloc_pages_current+0x187/0x280 [ 2180.307692] sg_build_indirect.isra.0+0x2f5/0x710 [ 2180.308293] sg_common_write.constprop.0+0x992/0x1a30 [ 2180.308950] ? sg_build_indirect.isra.0+0x710/0x710 [ 2180.309578] ? vprintk_func+0x93/0x140 [ 2180.310069] ? printk+0xba/0xf1 [ 2180.310478] ? record_print_text.cold+0x16/0x16 [ 2180.311069] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2180.311698] ? trace_hardirqs_on+0x5b/0x180 [ 2180.312248] sg_write.part.0+0x69e/0xaa0 [ 2180.312773] ? sg_new_write.isra.0+0x770/0x770 [ 2180.313351] ? __lockdep_reset_lock+0x180/0x180 [ 2180.313939] ? perf_trace_lock+0xac/0x490 [ 2180.314432] ? lock_acquire+0x197/0x470 [ 2180.314931] ? find_held_lock+0x2c/0x110 [ 2180.315450] ? _cond_resched+0x12/0x80 [ 2180.315955] ? inode_security+0x107/0x140 [ 2180.316470] ? avc_policy_seqno+0x9/0x70 [ 2180.316986] ? selinux_file_permission+0x92/0x520 [ 2180.317594] sg_write+0x87/0x120 [ 2180.318018] ? sg_write.part.0+0xaa0/0xaa0 [ 2180.318538] vfs_write+0x29a/0xb10 [ 2180.318977] ksys_write+0x12d/0x260 [ 2180.319428] ? __ia32_sys_read+0xb0/0xb0 [ 2180.319934] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2180.320590] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2180.321229] do_syscall_64+0x33/0x40 [ 2180.321688] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2180.322305] RIP: 0033:0x7f794b5b5b19 [ 2180.322767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2180.325044] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2180.326095] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2180.326962] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2180.327835] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2180.328696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2180.329600] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:29:05 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x10400) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:29:05 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) perf_event_open(&(0x7f00000000c0)={0x3, 0x80, 0xe1, 0xc2, 0x20, 0x80, 0x0, 0x7fffffff, 0x590, 0x5, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x4, 0x2}, 0x4, 0x0, 0x1, 0x7, 0x3d1, 0xa5, 0x7f, 0x0, 0xff}, 0x0, 0x7, r0, 0xa) close(0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fork() waitid(0x1, r1, &(0x7f0000000040), 0x2, 0x0) 03:29:06 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f00000000c0)={0x0, 0xffffffff, 0x81e, {0x3}}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000440)={[0x1000]}, 0x8, 0x80000) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f0000000480)={{r2}, "4acdbcc1738e3ba5f2cd70a03e6fe9e0fa2fca52567969cdf45d48b92fad50a700137ba2c2bf7e41bf673f0939a2b89ba65695c2b40762bc1ae033d065961f537940f4067d04aae67a07f3f92fa07d72f418780f8e9c4cbb2bd480367be81b86a18270dc2ce2d349f044aa807e6ebc5cf28f69c98256cef0f156cc1ea70f01744fe31e534c9002600695b8cabbe58283222497909676ba1036db45ea4c39c3a77bec88579ca2a89948596e4d81219635d59582ee6b61f979db9d7081ed4fc0ff641db32859352f449c73babb1f51700dbb5ffe1511793bcb459e5f4ce2bbb2ecb3074b01d35be1013b004723bea8d7b149ac8fc741b62ce9e6fd2a3f3fa28d22d4b69c245813f07f6c3cefd6851c04177d9e66bc0a5d123e5b248d5d4991a5ba4c82ca91f29dd1c63b19f12d84e9c0f0fc6917f2741411c3c692eb68af8fdc5693be9510bfd71a7e3e3e954d0ab9ab7ae874c9e367a0642479e0b99c85168179c8638ca2f02c330972254fd0811de43dd5c78a48b81545997932d91cf3ce753f5f4b2a37ef534231ee411c27bd63673b8f4410f3649336b0163879a730303d7b115c8c50af4a9055b95172065b98d81a3064de0b956d9720e6480f72fac6bcf6df83e5af2549aeb406a2012195b3e5843fc3a41bf092fbf6e61be290a1c3a00252b4d9654f25da0b4684ad9da26190036c9ff734718706d9a7371ae2044f5cbe12aeefccdd3187efd0f1aa913f14bff73adc169cc24dc4470ce7653ff7bb01806af063b749f08d81c55aa1a6b645fc0aa56b4345c0c4cabf7a4ff5fc9a149b5e1313d37d4dc0cb7a89cda140a569e20f68dbc5ef51f530c49bca70db4e5cc6f648a5363d72a34656f1e981f70b6ef77ca993b6e31b5afa2767badf7e7ed1c4e55151694d0837570500b93c13bfab691b96f50edf3e520f5c11211182bedcb7e07c844a8ef80e79b1b80932a848ada33293896c1becfc05bb293988eeee761f799ca0410bee68b7876591c88de1b623ae86484c6806f43aa00bd2c0a930962734685e16f0abf2f3028c9ee59d752446c226ea456fdc0a3510e68c6efad765080bf0f4f693d61a214f3315849b049b843153949c5a2dd7aa628c407397e000142414ed0570d1f19261bbc6a2859068c8bde06806743085bbd21f24a683616832af12f06d17a1a1c605bfc172b3a471c6e50ba2db14337aa9b277b40de1e2338bb7c605001e0341759d008aa1f5f752734395ae61419a84e1a17b7f47ca88b02943ff7325a880ec20364058e864683fc2c04e6843de611afa1e97ec22eca29c02fdda2c05cdb758d04e9ba76f1b3b6a579f554668b22e5c33f39271a5b8bfca276c96202b5c48200577e1790a090bd3b4f54127e9fa21340231ba3fadbc5c56f683fab1803bbc482528e128fa7d0c97d2b77878527b83e2a3093a054616ceb39f571fb33af4ba6c5fee625992ca93af803970ce008b016e3a089742887f62c09263b43944c2a4dc8bb0058e61084ac58454e7b808f602cde8797c9d574448306a1a72b9ce55990b900256cdc248e4f16c9e4e0924de9ea77b6d3cd9a376020130d893fa6fb846bb6a79a422454cf5a12ac593dda1c26cc789818466ca98b1f9d3de34f865aa312806a6fb1c25fe1085bbceae43b9e56d4bac9a8536558278049ed5d322e5909e2d9484eb392cc85584ac6bd99f1c57c3e71c6c190c83bd7702619f458b84da5574b225dd1369b027b646d0ff4d0347b643476c32c1f888dbcfb90546ab74f131793902eaf7526d68c5728d790891be8dcba5374af2aab85ac3784e3cc3064a89fd935c126dae8ec471e633e18bcf27f1bf288927eb478140b2291dd9b1daeef4b9f5a09960d06935866f19ac01a24ab7de7c9683c537929f72faecb2fea8b4e9f5cf7518623bcc688ff39104b729aa60ce1c778ec5c799aeedfd5d93459dfbf8bff6af83c175a8118732836c30559c8ff11df7ba17b9264c09c63fb3994d73b4ff28444827eb5a0179b7b3463a6c9630edfa25cba19f86674235cdbf1b5a5a8733506b5bf7e9f9f33ee9a978ae37190a47df0c39f81a0efbe13b7270d9be1f9939841cf7ba027b0feb46f64ea6cc1f5f37152da424ddf26151f9464424f68434d77988c51a2560c79d90076d898ad60b2c97d1ee0de4f5096bc34cb97ed648175e1a41dfb90ee522b162cd95a47634a7bdf026ceb7256d58ebdd7d530de81747f6360a0332f55355f4a86b44c2abfb23f6eab0df471d2cc02c096aca2c3d5e93dd075dbe7d43432a7129726504792c968cfe0a7b5e78098008e712443face317c0bd7ed0218f5b492f266e2b93d19f6a33c88df10b40d769a4ebe7bdb1f3f9781aa222851c1f04ecd15daef7bc8f50409d78a5e29f6c338b6c93296d158f06a1c0ef51f28dea8478d4e184d6e4f9f80203a18d45ff6eecfb23177da4e7677ed474c1842e7f4510b025a7cf4f129c2ae622bb0983c153b375e2c97aefb351fe4765dd114ac923ee781c1fa889fd0a63cfe071febe1a9c9d646573642a521a2803a0b1820a1ad5397ab5d69cecd5d69a3033ca334d627686e88451a859197fcba859e2cd3937684d249fbbddca57549f5b8e6268cbfbbad0230efaee16b9b4dd755df9d5a731b485f232b982735cebcb293814515068369e07a2c066366b4f032a2ae911782aec3c7b663cc89e14669da34049e56a18a3d00e734c001f0681c65860d361eec275765ed8bd97e95ffbaad8f5b126e8bdaebf76e7be10aca0707846101290071d6cd5c37ffd98e097c0f0d5bd377e16ba279972763174c973e0f2b8f8b2244ebba880742da783adf984f66ff26c7c9be8a5921977645a689d85502a0f6703316e1c552c2c9610b45c4981eb428ba8b3ea508b30adeadfc3e3589197204bcdf6a8148fdc4e0fec13616c2570e3acea7b2529d11bb6274775abf470d3b550c1ee4fde86722e7a9f4e2538df02be8787f2172aca9e1ee5ff02c0db8876d4162883f05c826eb4166778a18fc00a0c2ee7e28b27bdf0b57f730149a402294479f30b5e4e594f6a70560aac9ff6c11b50b7c99d98452859e390d6872cae93d94a4d175f6cf8c5b6de91c3cb02a4bd4210b2a90bee35a2674388c426bd8e87df5270a32b01d930a059231526cd0705441a8eef8026ecddaa9242d78c7ad8b0923c079fa61671c999e45d079b124a258186a4308e9311245f156434a0f3fd111215f198bbed926377255c16f7edc5eea2b549a39da2a8c1c05504264462eb42db937d369e6ec95f1231c0c4bddc5a9438ad91cd64940fb3f3cbb3d47adf419a3267db6ac035daf6c285765911d6db928ebed382420253693ba96a52a0247f44e0d0d2511605a2e6bec66efd0c23ab69e8d3d5431f8ec1e8e21840ba93ca9260bb8f3902b8c5a172c7516c48d8e3d436f477c75682e537dda112c96f8a784850a3e98aef31eabce4e436aee72a26873cf6421648d22f8f07bfa5f54a77a87702b617b7e45d91e1675ceab6e4aff2e7c79c31a2d9d9c9087bf106908e6529f831ee5692b8dcbda1531a7231563e2a1d18fa78a620427624e41699046389616babf8e27466a505f1eae2f7fec4304accf2c338fdaf477a64792288d1fd877033d50033bd660f726527be58359be63437a8795aaa385e38e1409186fb34a4af9553475dfb4c75e4083d5a7779ad58714f3306ae02c310524f515b1cee14de6200ebf992f0429e972f7f004c5dc69c2110c1cf8983bca2a1364fd19d8a51569dbbcbb4b6c97d57af6b10f7ce2ba226b83a760ca60b5f2c89e0579a0ec7173d48b78987b5651634085765584060efa8697b07d82bdca119fc89dac9e3386ec3b39c5b531fc607a5549e431d261e96da37b284309efa430b1b8297e6cfec0088b21b2b40903c0128321972eb47113c2e5bea1382a61f305021e5fa37aa48b882ecbef763478f058c3b3bdbc3a75ccf662e1fadbbaa8c8055daa7592d6abb2582bfd2ab4533dc29b020ab04d3459df8ca8e7578f08f223d8dfc500fb90030c216bee4cae581fa504ecf017a25ef8e9747efd416daeb8d8adf87096852bfac19a056836248f846beb0a2b6c776b833e601a450a3a043358ee44658efd40472a2288864eb554dbf222b6b0148819162472db132f37846842e1167625edbaba3a68267536ddee710cc940780a2dd1168d9ed19da46485a38a8198771920ec293011327ad5bd8aa7cf2a6bce247a137e144926e1c852f2862e596663d805c5ee0b1606c976e136aa1b209ad8d49e85218c4e45de80fa307e6bee65f10ba84b5b79bb577ac8efc0c95511b0c05c931e59273de0929b43a799061351c42fa80b8f2d478dd30d6c5738ee91136410443e34e6b176a866edde70db6f2b89c9c0b63d40221c2c063ce8247fffb2f4f6b82ea576fed34d7de428ba23dc673b41714295317f9b29accf94e51328fd171eb5f5183dd646d48479a46a78e38141cd84f48b5ba56357a51d65eaa44004a6e16480aa059d66031de46ff861e5a0cac93cf7cc507f6c3047a517493f9131aa5bdd65458fc18d29b591be1ab201fe458dbbfcc25473ced05d4d8389dd73f480771df6c88302223e97de55c671e93dc0bb3e52b8938e24d3ad13bf8a6ba950176354f8701076a9be3a4141ec9ce3be9052758b06a560d9be76fc5091e1bc73dc568fae5a45f04307f85bad8adaf4da4e7cfad695456277b657dd4008135b6d35f5f219e4fcc0b2b616174bfb79a0493cd28d330e4d71e3296c7fe1ae935e90c2a87e41da0025e0cd5420aeeb39820e12a8715cba2d95bab2b3a26d2912e78024e77bf71f9b946185f567785cea70c372a9f551b76069c37198d7a776f57aee319f01eed407f48cbad6ae1f99b37415159271779cdb618bb2b165f4050d5ed5b87d1825d130df6cbd9de65defe72811c82f87c836ef8529b34e452629f5cc3d5abcf93f2b226eb8d90a6180dc7811e9738dc76520eb1b8870f3ecba57e928a95258d454772b7e91441b218bf27b721f86052e0f22e836fbd08c18b25ea5ed5bc8ce338c18a576fe8e12fcafdb138a338d0d42a8de6b887b28c572f36cb546b30eb88068faee7c5440094a536e6179cf354bbbe0250af39a39975cb1672c04892dcb67becf4c835064239cfe5d9d094f9c6af3d9bb8567a0a9bd24e9f3fcea526ab5b6da83f81e3845f65b4b634c64abafdcf2fb245729676ee25c9066fdfdd4e3b6d83a4878d7023a5f675882d620f4a7f2554f2ef6242092f7ced28f8976691bcdb126ee8baeaef9a6da1027d1749a2739bfbd5750cbf9197d22db7108e43f208e2490060d3659ae2cf2af9f0d770e0aefb1849ad095c65df6704c252c7cb8cad81e716abe511e965563e52c3d89f3628f40a0b4e697aee8f9326abb93ad2c7b536a738ee46560b1724a2374609432d974baf5e08c64475bcb96867d4f080aaaab040b2bd09dc703072b396555f3177e4d1b390c89035ff163c8d4bf07b181329a343bf0aba4b1c47ae9495e4aea94dba3566e54201631c760743ee01a00e5961c194e1fabd87f98f55abfc4f8c738cf559c5c1fe66fd4901346636ebea9aaa1a1f6e7f7f519df8d863e580a07372aa760f9d677ca5c006eaa4115fbd166e3ad26442f4f54e6f184b396aa1c119789018d2a7b5484466162ac03f3330f5199819330df58fbb251fe80e57fc5e1cc66e915dfdc006fc0a7e285d4699509fba8ad0cce859c8f6d409d0c061a0f9931925b4c5fab5ccc3a13cffc5968e27b1342608ab521d18453453cdf471251e"}) r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x9, 0x800) write$sndseq(r3, &(0x7f0000000340)=[{0x5, 0x96, 0xc4, 0x0, @time={0x23d0, 0x7}, {0x40, 0x1}, {0x0, 0x1f}, @addr={0x81, 0x7}}, {0x3, 0x6, 0x8, 0x8c, @tick=0xc0000000, {0x29, 0x2}, {0x6, 0xff}, @quote={{0x2, 0x76}, 0x800, &(0x7f0000000040)={0x7, 0x1, 0x9, 0x0, @time={0xfff}, {0x4, 0x81}, {0x4, 0x9}, @result={0x8, 0x6}}}}, {0x81, 0x5, 0x4, 0x1, @time={0x6, 0x80000001}, {0x2, 0x7}, {0x81, 0x5}, @time=@time={0x800}}, {0x1f, 0x2e, 0x81, 0x80, @time={0x3, 0xe62}, {0x80, 0x7f}, {0xc4, 0x40}, @connect={{0xd8, 0x1}, {0x1, 0x5}}}, {0x80, 0x0, 0x80, 0x1f, @time={0x4, 0x7}, {0xc1}, {0x1f, 0x6}, @ext={0xd9, &(0x7f0000000140)="25cebe50e1939395ae4279346cd4d40778bfcd201da77ff0bbf397a24340783f95b6b66dc14d6e9fa643908009de3d6defd2fee5090577a5993c8027d42bdccccea794aabf456447df200f37930260dfbc189b33e134d27b672bd955c96af05f41a8f01bf449eaecd482d304477edf5dc67e83dbb5aec40513b654fcb88a35bb2b3b1adfd90d44a1d3b0b2a34bf7d93e7824da09c418a43ee045617b83e192bdd7b499d3c77d98f98cb3d2c25143eb7c3e5bcd910713eda580b655913ac98434ac911a59ca99cb3624fecd9d43ee9a7645ae271c22de58bb16"}}, {0x4, 0x57, 0x1, 0x5, @time={0x9, 0x22}, {0x81, 0x1f}, {0xb1, 0xfd}, @connect={{0x6}, {0x1f, 0xe1}}}, {0x9, 0xa0, 0x9, 0x9, @tick=0x4, {0x80, 0x7}, {0x2, 0x81}, @ext={0xe2, &(0x7f0000000240)="774b7f729a737aba9f01a825764cea0cf9181d5889b565db9bf232be29642b646875b9228c539e0bab1e2713466933f0b8394b31de5c5d59dda1fb2b7338dfddb5755ffe77f433353003f66a003cdf2eed74de336b53384572fdd213207cb6b10c1886eb4373296714411f03e5137dfdbee2c88b90f55a905e8e151a788c5617992ae7ae2574a0080601d88befbb50da332adf297faeb8b34e189511ea60ab20422d4ac271c7922acd562ce9d68de5470d67b9525be18f567c4bb5ac1dc6d14456b3ef0bfcf193444d1aecd892a636063cda2a134ea2e2804c21995061e66ed63ce9"}}], 0xc4) 03:29:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2180.455000] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2180.455000] program syz-executor.0 not setting count and/or reply_len properly 03:29:20 executing program 3: r0 = getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000080)={0x0, 0x0}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r5 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r4, r4) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r4, 0x128}, {0xffffffffffffffff, 0x2002}, {r5}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r9 = fork() kcmp(r6, r9, 0x6, 0xffffffffffffffff, r8) r10 = fork() kcmp(r10, r9, 0x6, r7, 0xffffffffffffffff) clone3(&(0x7f0000001a40)={0x100000, &(0x7f0000001880), &(0x7f00000018c0)=0x0, &(0x7f0000001900), {0x3e}, &(0x7f0000001940)=""/89, 0x59, &(0x7f00000019c0)=""/2, &(0x7f0000001a00)=[0xffffffffffffffff, r1, r10], 0x3, {r4}}, 0x58) clone3(&(0x7f00000003c0)={0x20000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[r0, r9, r2, r11, r1], 0x5}, 0x58) 03:29:20 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x400400, 0x0) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000100)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x8502) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000000)) [ 2194.547289] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2194.547289] program syz-executor.0 not setting count and/or reply_len properly [ 2194.564163] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2194.564163] program syz-executor.6 not setting count and/or reply_len properly [ 2194.571283] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; 03:29:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 97) 03:29:20 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 92) 03:29:20 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) ioctl$BTRFS_IOC_SNAP_CREATE(r3, 0x50009401, &(0x7f0000000440)={{r5}, "1168a1333b71e2a62cf93fe14a96967dbfca2b1cff4485a2b57e325958e38135329225489863b23278b5912c4c2a1c893db7b70d5a291ae869ea207d698d0531df7b8ce786162160dabb543eb977e81d39e4b86e1167c29bdf95ad87a5bf90faa312590d91401e6369bcc34f7354ce5a795e179f406d83b460ad3acd19265fb73b87037685552f9b19eac0c51876399e00f6e212eea6e3b1fe784734c09d7838bf0c0d0fcf134bc5a081f8752eb6bfcd22c8c85acb1efedf14b047d0fb3683ec6e3a3759e4fc53122eee44b53187e79306385f8d7fb8c812805be8f10e80d8ac91b31fbc72ed29f12a0211414fc42ceb49dcf2f3815846518cb9515912ff4ac44dec8ba58a672434741e14655ef9ecfd1c184cd010cc8744ca9fc2b4f4ed5cccafe9b82239adad6c096434780a1d77477c5f4ea7923f3b27ee11c968d3ca948ede1b0db84c435bdde2677c664884dcce8c59247705fc38d2b0aea8277adc10eeb0f007d14bea4d473807e5073bed045dadce41c199252cb85adb79a2dd3ca9d26e4e4c91297743a9563649d34ed11fa49c13e7105596528f348086556bacbc7c8227a51929d03cb5201f41de4df2a742b41cf0d2069de8dce038250010095bcfdf4e5f5dc6c01066539ef6d1c79b0f2a6dacb404f2f2486dfb83c313618f8481061a494e202660dc808ae2bb131b8bacdb8418b1254f7e4070a9dd2d2fa9165eb697aaf4ce3f4103370222bce20abe29627b7dd9bcf6be8f732feaca01d4bf4df3548b7b641ad2273eca6ac2014155420bc3e88df031d73187d3a10df8e6aa6bea2903dbd6ed6138eae56cbe4d9698c3f46676f8714600865cc977dac54a42ed362e8d60e8e8a365cbf08ff2be105acfb8dc0c0715d08c03c56a603debbd2337efd317da244b58a46dec08c5cdf9c5e78a255ba7ba4360ad9477b4b2615402ff2029fb6e2677f62d4b89be40cc54c9f6603b96b781eb6c1b4bcda6e79ddded4b550d2a821225005298a4889955df64d52ef6ee9fcb497570148e6b0ff726524ab170223a59228d6258bc48db899b2d8478e92d37f404d75e54c8bea2598b534bb8e893e7c571141ec2681f0be3ef7738267ff27612cd1e56b47ed21ef266f72d6399d561d51008ec7db8e51b51e968c58653e10a342c2c538226bc7843daeee6f62b805a7a192201339814f1d124d2f447dc1d85331d3eedf13b3e7fbe985be5af7f0c015f957a74a5712fd6d4b2475f0683fe9e2d702d6d048ea583e01add0ab871ff45b5c23d9667fae36a5a6205a0973e7ba91a607347b63754db906187a30298dea8ea1621431410ddfc373d228f5945a0016a5f49a7dbf3b1381ddc427ae6680ce1a2cf33a52330d5e2d4a13b9a1996cfc3a73fde5b2d124765d5ffb1d3237b8818170ef3cca65d62bae117cbee5e998078d0acb2c1e2de11b4884617b0ac1e02560830b9f87d96a60b9501ce0868a9ba9a85ae4df556e8692f153fbf568786dcb837223472f4ab5099b9019064d9189dc7541d7d047041cc47abd66a6fe0cfa102309409addd65e2cf93ce86c96b0edda6aaf95a93aa11c6449be883888bf2d1ebc4742076f014f8218a7cc1bd612c58c8f71d25eea48f3b30aa94003bb491ff62b8ff976b386f51a7c4355de9cda1feef778cf4c5690907db5105ceefca9a1951967b995d2c23f6a27228247c0979904feeeb9c7e0c8ceba3467a2b59bee6a589e90ec415986ae66f4977acfa57f37022b22ed2f810836ec09ff8d92b6e3071f40f00e44c4736d7145f9be63bf87f22435b77bc88435a10c30ee416eb175a07a7efc7d9fe4ba11fde08513c78eb42d58441744b05c5247d43e9834c2316922bcdbf8500e69adf81bf0e7a15ed4d7526a802ac93480160bb47c00b4c41d5fc53f7eae17fd5c1b91d56e2d95be3580d07950608f35e759c083b5be71a3fb1fef6a317bf171cfcca1da9341221a9077e69e4b9e3cbd5f4c232eb8881a92556368e2ed9000aa2a789ab8d1a135a868e969c338fe5521a92f5e79481b31c53144efc7909998e285d7efbd80024f915cce7204c6fd5698a996ba2b43acd0ed4fc157af0e5695f42ef3b62c0558eda32dcbc84d3f9167cc9a33dedc68a2781656c563925e4f0c53af2f3eec823a4987069e9d98b5582479a849c116876e73ee9d3d6280c597dbbd1992057480131746f30b85b7206396fb5f1fcda3cbb4acc23e0f8247753741a6f359a0652e5241e65bae556d30c9ee02ef8e14557bebf4d3868d58d3db7f6783aa6631a9c5e8bf9abdb557423a39da362b4d36da59cf98907015b640fc6c00070f51ba89e3c2aef83e96c997b5164b56e0565fa33e9f369a830e436a006ed56bf80445cebed18e6823df4fee24b56057ae473d1566385833b563098ccc89992307f74c57b63087c8762f2f4a772632d383923c296c183ac85089dd3e4c1904b599e928d2c31fc8a700155de720e0a5804d12a6c0d5555c98ec3db1e3cd29182b438f4e4b2fce7104f076a46b0b1d9b52f44f9cf40cef294620b833b7006eee074bd7a3e83919b634862632616f8f6fbc75d84c49ec22d8a3255d6414580ca4e071fd86b23b467452416511ad6a6266d2af2a45ba64abe508c962cd965d3f0ea2864d0f6a4f2a5fb45b88a18e9b5737ebb94b727288174771105e2fd64eb7d9bee03d3b175f7d872754ad6dfa58412c5c594735f9221884d0615153a5801524b4f4d862508adffe1b71d568c394d9a3557203b8c1cf6395abb7f91ebe9c4cb2cc63401c9b330be68dc485dc69fd4bbf708cc88b020627d482d8558950c678980290356cdf6a8e22db40371818cc78c65401bd07d16aeda21e1a78f83b77218adff8d7db88621b0dc5824600fae2125ab15a91f896665183b259e03e34f4a400112ad40d2d064c707604a2bcfaa456f7879e0602f79509f6f5f5edc540c805738ea03c0451a2c9c5f67eedaa93a5cfc93f1450d9ef54a35ccb17a5076ffc76b61601ee16d7f4ae32fb9766fb72ee71a8b6ec476386d8b318ece1ce0977266704417dcecff295af5e3a8c96055039d5b328ceadd106cc0c3fc536d6f4e331a9f81fb609bc544b73fee08eb6be846f7e180433192dee4c8fa37498daa94442fc6d4dcba3ad8eba8f0e53511f3b58f86682de19aa1a666adb9c66937ad6d8c5fd42ced247426ec4a5200319a1ed4e7701cf8858efd8ab7ea128b5d983a1288791d4ce68577bb6a2e945d5fd5a572cf0e789392725ed41b0ba4eb3288bc2cd747b4552a896e9bec6ee19f9d1792ab56b377793a3570d69453104d0ffd1d0f913a90c9160b6e8c6075db1070b43c4f6217d85b0a1570ce9b6ff62b23430d167ccbdeb1cce629bf9add5b85d31bc10028d87c9ba65aee213b71df463a3cb2e0be1cc78f49e803fac908ef79f13243f78f686138a29ca08ac256e527397f0ba6d5ceeb6351655601c4d405e712a48746f55988c9739fbc41100307cc8434c5d1bc37e10ae5142837d189c340f0d4a5944ab7ad826993e2635a5f2001ea180e58a00c225730b54b179d3f1f2e10401753f19f259ac0608306487598581647d477d539bc6c460cb40637b6cbc9a8b425736022af746c221194b2a4894fdcf0c18f379b3b3fc7933c1204d97480348f4f5c01933fbc22b33a8ffd6ab70f25f6ad9f12df34a07c9103677f7781c551817faad71ea0d0e4e789843b3b97bcb70038f4c17ac5d7e988cdf7ef4b4c4e4f8352bc38a277f45bec6f9025b3188023d7ff104b68d98f48e62dbe8503793f90660c5c252e95416fa9177c4a69774fd7cd865078e7a04c3b63e2bbb75fb64c1614284603d262dda85f044c4cf9a0b662621a870d61bae8e8540d3c8cf432c043f4ecf4b8d7c34fce5b4c95c20218925dd16b18fabbfcc55e55920bbd4f43c8cb4b6d12f5fc3fae420ec5b8d7613b729c7f8e4a6d902021fb5c26c8be8864a143822f1b6eb7baff9dd8eb98ce31ee155653496aa226f78c2fa7fbfc3da289be60d0a551169fc81cd9693aa2bfbe9fddb8e1fcdbbbd5bf2ce097d927da4f6ae9aa44ca95102fd8ba2f7a1bba519102df5e8b930724f46b86555ca3f4b2cf98f6925d7307023a0e574a485ce90393367ed70cb02a03ecf8a27dc9875bfe0752b698b68355c4c2e114c5b9bcc1119651893dae759e97b6f7ac4ddd3677f2267ae804141ce8675042ab62ac317d2bad8ada90242aa512e2832ec3d21e9f2aa77e74d22363435f89fc6043d67648ae6b3a6dfdf5d4ab1180660c38d255169db27b09c5a0c9fb805bf39e61ffdf5562a3777d47d7f143e0e05f9014980f898cdc494d1724c584a3f65a94c1b79d37ccc554e9d50953eb5350c1a013c610bc229272dee9fce7932150a8601f110a555c5ea474d76e28465d38f7f9d12480d7e2dfedb01ecf34ee7be170808c649e229d73a781307ebc9fcfcc9b1ec7e38053701d5bab9384fff42ad469d7a967f155993c1e75e753ecaba23e79d6ea875a61c377146b0e2668b1bd42a91a55b75984c5b61777ac46559535f9625da6c8203b38925ba20bbd594cbc3886dc93d66171b38ae231e83c08de632c282c3330a320c877fbd95ee3e0634789d6de1a326244524327a24cd234aeab391944467094fb4c27abcbd30a51fadaa6c2d5b64f4ea080150153d74bf141e221a82f0143ba97b418f08e91701df41543be08ef18e55b822d93acb031abd3e55edf43e9cef32a2bff8597dec1fd0cc3169f90fb605bd2be3a25cfb05514e24e1e1507b5b21dc8a5a02770bf45801e429de7390796dd57391d528930ad19a27f9b026bdcb22c5caa0114eb0460992b578acc39f7b27c4f855e32b2feddeea11a2160987fa4632ef722fb7e468da4024b6b5a533f242a1a206355cc4c0b0224877d6e8ab22fde34d4309fc1bc77db65c40db392d7c28272cd3b71b92e9fc47d4127bfdc3936ca14414c80748e5b440b19728373759019a6b4fff6d3e60e0de3503f2b53a8a18e614ba4f9c058cf28f9718c4edefe0332a6929db1e87a49a8e9b0d2520fb3edc741c6fafd0568f434589225cc0adb33c0e6443ef280b2bc162fd6997181da0eb70f0201a266cf14750a5ce1bf22195f16a195666c838cb26d0e8d2922d8625177f9843a44ea707951953e42bd760795077f6b1c1d6f47b18961ffa22dfbd1171f6933826b69adf631bd98da2fc3237ae9f821ffebe9f4574cec7b182ae0ff076f9ee2f73c1cafe67110f2c38180aa89f9c08c9c97d2ed6fd3023a42652c78bffc0cf90d13739c81f97d05f7fdfbee50517ca77bb2cf407817aa31602c7b755815f29029e6053d2d93ef51aaff68442a8c64505fc268c87b06e74a93486efacff1dc1dc96b04f94ebfcb26fa5a800b01265417631ca606ae655ef2d4eaf4a61f3f6b39ed3fbca6d396652137aee5e6145e7acba92be54171d39885bb51ff3a7e54895d4018506392205db8ac778cb43d5309522aa4ee3804c2204476260693ae5b63c94031408edead47b44fffd927b1f1f70e868e1b3661bb33b6e671bfbac22cbb975baaafdf65a59ea4bdaa1d13b772a296c72e1b9b58c9161c771d199216a415f8a797c9abf1640f031ba925405bda2ed807c6ed71c4c8c02e07ca3732c7529e60b40c56186d8d169f217b6dc3551636294b964420b62379180863daad1bacfc7dbb67b62fd9a36e34fd99232ef2a79a51c2dce5e22ccfad11b2437e0ca85983864bde08f56c7e5153a4e6889324ea113f7395b80ffb72474995840cb0ea36fa84b624d91de213296ba666c2b7"}) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000000)={0x2, 0x2, 0x9c77, 0x800, r8}) [ 2194.571283] program syz-executor.7 not setting count and/or reply_len properly 03:29:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x9, 0x9, 0x5, 0x0, 0x0, 0x9, 0x400, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffff49, 0x2, @perf_config_ext={0x2, 0x3ff}, 0x1a0, 0x6, 0x10c, 0x8, 0x8, 0x9, 0x4cb, 0x0, 0x8, 0x0, 0x80000001}, 0x0, 0xc, 0xffffffffffffffff, 0x2) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000180)=0x15, 0x4) perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x80, 0x1, 0xfd, 0x9, 0x0, 0x0, 0x1, 0x20000, 0xa, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_config_ext={0x3, 0x5}, 0x40, 0x43c8, 0x3, 0x1, 0xfffffffffffffff9, 0x3, 0xdb, 0x0, 0x0, 0x0, 0x6762}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000001c0)={0x0, @can={0x1d, r3}, @vsock={0x28, 0x0, 0x0, @my=0x0}, @can, 0x401, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffe, 0x7, 0x3}) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2194.578746] FAULT_INJECTION: forcing a failure. [ 2194.578746] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2194.581503] CPU: 0 PID: 40681 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2194.583069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2194.584926] Call Trace: [ 2194.585521] dump_stack+0x107/0x167 [ 2194.586339] should_fail.cold+0x5/0xa [ 2194.587209] __alloc_pages_nodemask+0x182/0x600 [ 2194.588249] ? __kmalloc+0x16e/0x390 [ 2194.589086] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2194.590459] ? trace_hardirqs_on+0x5b/0x180 [ 2194.591435] alloc_pages_current+0x187/0x280 [ 2194.592427] sg_build_indirect.isra.0+0x2f5/0x710 [ 2194.593542] sg_common_write.constprop.0+0x992/0x1a30 [ 2194.594721] ? sg_build_indirect.isra.0+0x710/0x710 [ 2194.595842] ? vprintk_func+0x93/0x140 [ 2194.596710] ? printk+0xba/0xf1 [ 2194.597451] ? record_print_text.cold+0x16/0x16 [ 2194.597748] FAULT_INJECTION: forcing a failure. [ 2194.597748] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2194.598504] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2194.598520] ? trace_hardirqs_on+0x5b/0x180 [ 2194.598558] sg_write.part.0+0x69e/0xaa0 [ 2194.603932] ? sg_new_write.isra.0+0x770/0x770 [ 2194.604967] ? __lockdep_reset_lock+0x180/0x180 [ 2194.606005] ? perf_trace_lock+0xac/0x490 [ 2194.606946] ? lock_acquire+0x197/0x470 [ 2194.607834] ? find_held_lock+0x2c/0x110 [ 2194.608759] ? _cond_resched+0x12/0x80 [ 2194.609630] ? inode_security+0x107/0x140 [ 2194.610567] ? avc_policy_seqno+0x9/0x70 [ 2194.611472] ? selinux_file_permission+0x92/0x520 [ 2194.612562] sg_write+0x87/0x120 [ 2194.613321] ? sg_write.part.0+0xaa0/0xaa0 [ 2194.614264] vfs_write+0x29a/0xb10 [ 2194.615088] ksys_write+0x12d/0x260 [ 2194.615904] ? __ia32_sys_read+0xb0/0xb0 [ 2194.616823] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2194.617994] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2194.619157] do_syscall_64+0x33/0x40 [ 2194.619990] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2194.621141] RIP: 0033:0x7f5171091b19 [ 2194.621975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2194.626094] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2194.627807] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2194.629401] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2194.630998] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2194.632586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2194.634178] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2194.635816] CPU: 1 PID: 40682 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2194.637273] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2194.639038] Call Trace: [ 2194.639600] dump_stack+0x107/0x167 [ 2194.640365] should_fail.cold+0x5/0xa [ 2194.641169] __alloc_pages_nodemask+0x182/0x600 [ 2194.642158] ? __kmalloc+0x16e/0x390 [ 2194.642948] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 03:29:20 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) fsetxattr$trusted_overlay_opaque(r1, &(0x7f00000000c0), &(0x7f0000000100), 0x2, 0x3) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r4 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) preadv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f00000002c0)=""/85, 0x55}], 0x1, 0xe8e, 0x3ff) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) r5 = fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r3, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r5, r8, 0x6, 0xffffffffffffffff, r7) r9 = fork() kcmp(r9, r8, 0x6, r6, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0xce, 0x5d, 0x8, 0x0, 0x0, 0x6, 0x240, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x58e, 0x4, @perf_bp={&(0x7f0000000140), 0x4}, 0x10000, 0x8, 0x8000, 0x1, 0x4a55, 0x3b, 0x5, 0x0, 0x5260, 0x0, 0x7}, r9, 0x0, r0, 0x0) [ 2194.644218] ? trace_hardirqs_on+0x5b/0x180 [ 2194.645366] alloc_pages_current+0x187/0x280 [ 2194.646320] sg_build_indirect.isra.0+0x2f5/0x710 [ 2194.647354] sg_common_write.constprop.0+0x992/0x1a30 [ 2194.648482] ? sg_build_indirect.isra.0+0x710/0x710 [ 2194.649557] ? vprintk_func+0x93/0x140 [ 2194.650404] ? printk+0xba/0xf1 [ 2194.651119] ? record_print_text.cold+0x16/0x16 [ 2194.652120] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2194.653205] ? trace_hardirqs_on+0x5b/0x180 [ 2194.654148] sg_write.part.0+0x69e/0xaa0 [ 2194.655036] ? sg_new_write.isra.0+0x770/0x770 [ 2194.656034] ? __lockdep_reset_lock+0x180/0x180 [ 2194.657034] ? perf_trace_lock+0xac/0x490 [ 2194.657934] ? lock_acquire+0x197/0x470 [ 2194.658792] ? find_held_lock+0x2c/0x110 [ 2194.659684] ? _cond_resched+0x12/0x80 [ 2194.660519] ? inode_security+0x107/0x140 [ 2194.661414] ? avc_policy_seqno+0x9/0x70 [ 2194.662285] ? selinux_file_permission+0x92/0x520 [ 2194.663342] sg_write+0x87/0x120 [ 2194.664071] ? sg_write.part.0+0xaa0/0xaa0 [ 2194.664979] vfs_write+0x29a/0xb10 [ 2194.665753] ksys_write+0x12d/0x260 [ 2194.666542] ? __ia32_sys_read+0xb0/0xb0 [ 2194.667420] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2194.668546] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2194.669659] do_syscall_64+0x33/0x40 [ 2194.670464] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2194.671564] RIP: 0033:0x7f794b5b5b19 [ 2194.672361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2194.676313] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2194.677958] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2194.679503] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2194.681044] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2194.682586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2194.684123] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:29:20 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x200, 0x60000, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x9, 0x4, 0x1, 'queue0\x00', 0x8001}) 03:29:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2194.780733] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2194.780733] program syz-executor.0 not setting count and/or reply_len properly 03:29:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0xbfffffff, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:20 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f00000000c0)={{0x2, 0x20}, {0x2, 0x1}, 0xcf42, 0x5, 0x4}) 03:29:20 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 93) [ 2194.927223] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2194.927223] program syz-executor.0 not setting count and/or reply_len properly 03:29:20 executing program 3: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)=0x0) r5 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r5, r8, 0x6, 0xffffffffffffffff, r7) r9 = fork() kcmp(r9, r8, 0x6, r6, 0xffffffffffffffff) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r11 = fcntl$dupfd(r10, 0x0, r10) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r11, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r11, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) syz_io_uring_submit(0x0, r4, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x10}, 0x4) kcmp(r9, r0, 0x3, 0xffffffffffffffff, r11) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 2194.992313] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2194.992313] program syz-executor.6 not setting count and/or reply_len properly 03:29:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 98) 03:29:20 executing program 5: ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f0000000200)={0x2, 0x3f, 0x6}) r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xb04b, 0x0, 0x0, 0x0, 0x0, 0xd1}, r0, 0x0, 0xffffffffffffffff, 0x2) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x5108, 0x7}}, './file0\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r4, 0xc0182101, &(0x7f00000001c0)={r5, 0x0, 0x4}) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2195.009505] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2195.009505] program syz-executor.7 not setting count and/or reply_len properly [ 2195.025196] FAULT_INJECTION: forcing a failure. [ 2195.025196] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2195.028429] CPU: 0 PID: 41101 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2195.030285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2195.032517] Call Trace: 03:29:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2195.033225] dump_stack+0x107/0x167 [ 2195.034413] should_fail.cold+0x5/0xa [ 2195.035446] __alloc_pages_nodemask+0x182/0x600 [ 2195.036703] ? __kmalloc+0x16e/0x390 [ 2195.037713] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2195.039355] ? trace_hardirqs_on+0x5b/0x180 [ 2195.040524] alloc_pages_current+0x187/0x280 [ 2195.041715] sg_build_indirect.isra.0+0x2f5/0x710 [ 2195.043044] sg_common_write.constprop.0+0x992/0x1a30 [ 2195.044447] ? sg_build_indirect.isra.0+0x710/0x710 [ 2195.045790] ? vprintk_func+0x93/0x140 [ 2195.046846] ? printk+0xba/0xf1 [ 2195.047735] ? record_print_text.cold+0x16/0x16 [ 2195.048996] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2195.050362] ? trace_hardirqs_on+0x5b/0x180 [ 2195.051550] sg_write.part.0+0x69e/0xaa0 [ 2195.052637] ? sg_new_write.isra.0+0x770/0x770 [ 2195.053877] ? __lockdep_reset_lock+0x180/0x180 [ 2195.055123] ? perf_trace_lock+0xac/0x490 [ 2195.056231] ? lock_acquire+0x197/0x470 [ 2195.057281] ? find_held_lock+0x2c/0x110 [ 2195.058368] ? _cond_resched+0x12/0x80 [ 2195.059387] ? inode_security+0x107/0x140 [ 2195.060487] ? avc_policy_seqno+0x9/0x70 [ 2195.061556] ? selinux_file_permission+0x92/0x520 [ 2195.062846] sg_write+0x87/0x120 [ 2195.063737] ? sg_write.part.0+0xaa0/0xaa0 [ 2195.064846] vfs_write+0x29a/0xb10 [ 2195.065793] ksys_write+0x12d/0x260 [ 2195.066765] ? __ia32_sys_read+0xb0/0xb0 [ 2195.067840] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2195.069218] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2195.070598] do_syscall_64+0x33/0x40 [ 2195.071588] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2195.072939] RIP: 0033:0x7f5171091b19 [ 2195.073935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2195.078787] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2195.080804] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2195.082705] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2195.084609] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2195.086502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2195.088376] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2195.093319] FAULT_INJECTION: forcing a failure. [ 2195.093319] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2195.096479] CPU: 0 PID: 41104 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2195.098123] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2195.098123] program syz-executor.0 not setting count and/or reply_len properly [ 2195.098294] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2195.098302] Call Trace: [ 2195.098338] dump_stack+0x107/0x167 [ 2195.105424] should_fail.cold+0x5/0xa [ 2195.106423] __alloc_pages_nodemask+0x182/0x600 [ 2195.107645] ? __kmalloc+0x16e/0x390 [ 2195.108630] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2195.110226] ? trace_hardirqs_on+0x5b/0x180 [ 2195.111366] alloc_pages_current+0x187/0x280 [ 2195.112531] sg_build_indirect.isra.0+0x2f5/0x710 [ 2195.113804] sg_common_write.constprop.0+0x992/0x1a30 [ 2195.115175] ? sg_build_indirect.isra.0+0x710/0x710 [ 2195.116463] ? vprintk_func+0x93/0x140 [ 2195.117478] ? printk+0xba/0xf1 [ 2195.118329] ? record_print_text.cold+0x16/0x16 [ 2195.119545] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2195.120844] ? trace_hardirqs_on+0x5b/0x180 [ 2195.121981] sg_write.part.0+0x69e/0xaa0 [ 2195.123041] ? sg_new_write.isra.0+0x770/0x770 [ 2195.124247] ? __lockdep_reset_lock+0x180/0x180 [ 2195.125438] ? perf_trace_lock+0xac/0x490 [ 2195.126528] ? lock_acquire+0x197/0x470 [ 2195.127544] ? find_held_lock+0x2c/0x110 [ 2195.128613] ? _cond_resched+0x12/0x80 [ 2195.129633] ? inode_security+0x107/0x140 [ 2195.130720] ? avc_policy_seqno+0x9/0x70 [ 2195.131770] ? selinux_file_permission+0x92/0x520 [ 2195.133041] sg_write+0x87/0x120 [ 2195.133921] ? sg_write.part.0+0xaa0/0xaa0 [ 2195.135026] vfs_write+0x29a/0xb10 [ 2195.135960] ksys_write+0x12d/0x260 [ 2195.136905] ? __ia32_sys_read+0xb0/0xb0 [ 2195.137974] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2195.139345] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2195.140690] do_syscall_64+0x33/0x40 [ 2195.141658] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2195.142984] RIP: 0033:0x7f794b5b5b19 [ 2195.143938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2195.148675] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2195.150640] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2195.152465] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2195.154290] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2195.156129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2195.157954] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2214.549350] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2214.549350] program syz-executor.7 not setting count and/or reply_len properly [ 2214.553922] FAULT_INJECTION: forcing a failure. [ 2214.553922] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2214.556586] CPU: 0 PID: 41321 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2214.558108] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2214.559957] Call Trace: [ 2214.560540] dump_stack+0x107/0x167 [ 2214.561342] should_fail.cold+0x5/0xa [ 2214.562189] __alloc_pages_nodemask+0x182/0x600 [ 2214.563234] ? __kmalloc+0x16e/0x390 [ 2214.564065] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2214.565398] ? trace_hardirqs_on+0x5b/0x180 [ 2214.566353] alloc_pages_current+0x187/0x280 [ 2214.567345] sg_build_indirect.isra.0+0x2f5/0x710 [ 2214.568422] sg_common_write.constprop.0+0x992/0x1a30 [ 2214.569587] ? sg_build_indirect.isra.0+0x710/0x710 [ 2214.570694] ? vprintk_func+0x93/0x140 [ 2214.571551] ? printk+0xba/0xf1 [ 2214.572282] ? record_print_text.cold+0x16/0x16 [ 2214.573321] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2214.574442] ? trace_hardirqs_on+0x5b/0x180 [ 2214.575426] sg_write.part.0+0x69e/0xaa0 [ 2214.576327] ? sg_new_write.isra.0+0x770/0x770 [ 2214.577347] ? __lockdep_reset_lock+0x180/0x180 [ 2214.578370] ? perf_trace_lock+0xac/0x490 [ 2214.579301] ? lock_acquire+0x197/0x470 [ 2214.580177] ? find_held_lock+0x2c/0x110 [ 2214.581089] ? _cond_resched+0x12/0x80 03:29:40 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 94) 03:29:40 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0x15df, 0xbb1, 0x1, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x109, 0x9, 0x74c5c6e6}) 03:29:40 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 99) [ 2214.581952] ? inode_security+0x107/0x140 03:29:40 executing program 1: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, 0x0, &(0x7f0000000040)=0x2700) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000140)={0x4000200d}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x0, 0x1000}, 0x8}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000100)={0x51, @tick=0x528c, 0x6, {0x5, 0x1}, 0xff, 0x0, 0x4}) [ 2214.583120] ? avc_policy_seqno+0x9/0x70 [ 2214.584115] ? selinux_file_permission+0x92/0x520 [ 2214.585191] sg_write+0x87/0x120 [ 2214.585947] ? sg_write.part.0+0xaa0/0xaa0 [ 2214.586890] vfs_write+0x29a/0xb10 [ 2214.587701] ksys_write+0x12d/0x260 [ 2214.588521] ? __ia32_sys_read+0xb0/0xb0 [ 2214.589431] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2214.590611] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2214.590688] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2214.590688] program syz-executor.0 not setting count and/or reply_len properly [ 2214.591767] do_syscall_64+0x33/0x40 [ 2214.591787] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2214.591801] RIP: 0033:0x7f794b5b5b19 [ 2214.591830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2214.602714] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2214.604411] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2214.606020] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2214.607612] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2214.609218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2214.610803] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 03:29:40 executing program 2: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2002) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) ptrace$poke(0x5, r7, &(0x7f0000000000), 0x0) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r10 = fcntl$dupfd(r9, 0x0, r9) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r10, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) io_uring_enter(r10, 0x7799, 0xdacc, 0x2, &(0x7f0000000080)={[0x5]}, 0x8) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:29:40 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:29:40 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:40 executing program 3: r0 = getpid() getpgrp(r0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 2214.638666] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2214.638666] program syz-executor.6 not setting count and/or reply_len properly [ 2214.647831] FAULT_INJECTION: forcing a failure. [ 2214.647831] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2214.650362] CPU: 1 PID: 41371 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2214.651826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2214.653549] Call Trace: [ 2214.654121] dump_stack+0x107/0x167 [ 2214.654893] should_fail.cold+0x5/0xa [ 2214.655707] __alloc_pages_nodemask+0x182/0x600 [ 2214.656685] ? __kmalloc+0x16e/0x390 [ 2214.657481] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2214.658736] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2214.659848] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2214.660999] alloc_pages_current+0x187/0x280 [ 2214.661925] ? __sanitizer_cov_trace_pc+0x4/0x60 [ 2214.662912] sg_build_indirect.isra.0+0x2f5/0x710 [ 2214.663947] sg_common_write.constprop.0+0x992/0x1a30 [ 2214.665043] ? sg_build_indirect.isra.0+0x710/0x710 [ 2214.666094] ? vprintk_func+0x93/0x140 [ 2214.666913] ? printk+0xba/0xf1 [ 2214.667617] ? record_print_text.cold+0x16/0x16 [ 2214.668591] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2214.669656] ? trace_hardirqs_on+0x5b/0x180 [ 2214.670575] sg_write.part.0+0x69e/0xaa0 [ 2214.671438] ? sg_new_write.isra.0+0x770/0x770 [ 2214.672414] ? __lockdep_reset_lock+0x180/0x180 [ 2214.673381] ? perf_trace_lock+0xac/0x490 [ 2214.674258] ? lock_acquire+0x197/0x470 [ 2214.675106] ? find_held_lock+0x2c/0x110 [ 2214.675965] ? _cond_resched+0x12/0x80 [ 2214.676785] ? inode_security+0x107/0x140 [ 2214.677643] ? avc_policy_seqno+0x9/0x70 [ 2214.678493] ? selinux_file_permission+0x92/0x520 [ 2214.679513] sg_write+0x87/0x120 [ 2214.680219] ? sg_write.part.0+0xaa0/0xaa0 [ 2214.681101] vfs_write+0x29a/0xb10 [ 2214.681862] ksys_write+0x12d/0x260 [ 2214.682639] ? __ia32_sys_read+0xb0/0xb0 [ 2214.683497] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2214.684592] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2214.685674] do_syscall_64+0x33/0x40 [ 2214.686452] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2214.687537] RIP: 0033:0x7f5171091b19 [ 2214.688328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2214.692148] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2214.693733] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2214.695249] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2214.696742] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2214.698231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2214.699726] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:29:40 executing program 1: fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) fcntl$getown(0xffffffffffffffff, 0x9) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='status\x00') perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x4, 0x8, 0x6, 0x0, 0x0, 0x6, 0x11021, 0x6, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x80}, 0x0, 0xd5, 0x9, 0x6, 0xfffffffffffffff8, 0x5, 0x8, 0x0, 0x307, 0x0, 0x1f}, r0, 0x8, r1, 0x7) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x90200) r2 = syz_open_dev$vcsa(&(0x7f0000000140), 0x6, 0x18002) setsockopt$inet6_int(r2, 0x29, 0x3e, &(0x7f0000000180), 0x4) 03:29:58 executing program 2: clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1}, 0x58) 03:29:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:58 executing program 3: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x4) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f0000000140)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) r5 = syz_io_uring_setup(0x794a, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r5}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r6, r8, 0x6, 0xffffffffffffffff, r7) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x8, 0x3, 0x9, 0x3f, 0x0, 0x80, 0x21011, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7ed611a6, 0x0, @perf_config_ext={0x5, 0x10000}, 0x400, 0x20, 0xfffffffd, 0x9, 0x8, 0x200, 0x3, 0x0, 0x2, 0x0, 0x6d8}, r6, 0xa, 0xffffffffffffffff, 0x9) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:29:58 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0x3107]}, &(0x7f0000000080), &(0x7f0000000100)={0x0, 0x989680}, 0x8) r0 = syz_open_dev$vcsa(&(0x7f0000000140), 0xffffffffffffffc1, 0x200040) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000180)=0x2) socket$inet6_tcp(0xa, 0x1, 0x0) 03:29:58 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 100) 03:29:58 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'ip6gre0\x00', 0x0, 0x29, 0x1f, 0x9, 0x6e27, 0x40, @local, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x700, 0x7800, 0xfffffff8, 0x6}}) bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0xf8, r1, 0x1, 0x1, 0x6, @local}, 0x14) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:29:58 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 95) 03:29:58 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f00000000c0)={{0x4, 0xa3}, 0x0, 0x10000, 0x3, {0x7f, 0x7}, 0xff, 0x3}) [ 2232.442859] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2232.442859] program syz-executor.7 not setting count and/or reply_len properly [ 2232.478928] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2232.478928] program syz-executor.0 not setting count and/or reply_len properly [ 2232.490166] FAULT_INJECTION: forcing a failure. [ 2232.490166] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2232.493506] CPU: 0 PID: 41751 Comm: syz-executor.7 Not tainted 5.10.230 #1 [ 2232.495517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2232.498195] Call Trace: [ 2232.499064] dump_stack+0x107/0x167 [ 2232.500232] should_fail.cold+0x5/0xa [ 2232.501270] __alloc_pages_nodemask+0x182/0x600 [ 2232.502504] ? __kmalloc+0x16e/0x390 [ 2232.503494] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2232.505103] ? trace_hardirqs_on+0x5b/0x180 [ 2232.506251] alloc_pages_current+0x187/0x280 [ 2232.507432] sg_build_indirect.isra.0+0x2f5/0x710 [ 2232.508734] sg_common_write.constprop.0+0x992/0x1a30 [ 2232.510134] ? sg_build_indirect.isra.0+0x710/0x710 [ 2232.511479] ? vprintk_func+0x93/0x140 [ 2232.512539] ? printk+0xba/0xf1 [ 2232.513420] ? record_print_text.cold+0x16/0x16 [ 2232.514652] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2232.516013] ? trace_hardirqs_on+0x5b/0x180 [ 2232.517189] sg_write.part.0+0x69e/0xaa0 [ 2232.518259] ? sg_new_write.isra.0+0x770/0x770 [ 2232.519488] ? __lockdep_reset_lock+0x180/0x180 [ 2232.520718] ? perf_trace_lock+0xac/0x490 [ 2232.521799] ? lock_acquire+0x197/0x470 [ 2232.522833] ? find_held_lock+0x2c/0x110 [ 2232.524035] ? _cond_resched+0x12/0x80 [ 2232.525261] ? inode_security+0x107/0x140 [ 2232.526487] ? avc_policy_seqno+0x9/0x70 [ 2232.527594] ? selinux_file_permission+0x92/0x520 [ 2232.528959] sg_write+0x87/0x120 [ 2232.529987] ? sg_write.part.0+0xaa0/0xaa0 [ 2232.531168] vfs_write+0x29a/0xb10 [ 2232.532126] ksys_write+0x12d/0x260 [ 2232.533088] ? __ia32_sys_read+0xb0/0xb0 [ 2232.534187] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 03:29:58 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$KDDELIO(r1, 0x4b35, 0xe90) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000000)) [ 2232.535539] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2232.537119] do_syscall_64+0x33/0x40 [ 2232.538106] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2232.539462] RIP: 0033:0x7f794b5b5b19 [ 2232.540554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2232.545255] RSP: 002b:00007f7948b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2232.547203] RAX: ffffffffffffffda RBX: 00007f794b6c8f60 RCX: 00007f794b5b5b19 [ 2232.549042] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2232.550864] RBP: 00007f7948b2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2232.552725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2232.554540] R13: 00007fffb7628ddf R14: 00007f7948b2b300 R15: 0000000000022000 [ 2232.567662] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2232.567662] program syz-executor.6 not setting count and/or reply_len properly [ 2232.580935] FAULT_INJECTION: forcing a failure. [ 2232.580935] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2232.583747] CPU: 1 PID: 41800 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2232.585416] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2232.587475] Call Trace: [ 2232.588086] dump_stack+0x107/0x167 [ 2232.589015] should_fail.cold+0x5/0xa [ 2232.589888] __alloc_pages_nodemask+0x182/0x600 [ 2232.590930] ? __kmalloc+0x16e/0x390 [ 2232.591915] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2232.593386] ? trace_hardirqs_on+0x5b/0x180 [ 2232.594357] alloc_pages_current+0x187/0x280 [ 2232.595533] sg_build_indirect.isra.0+0x2f5/0x710 [ 2232.596642] sg_common_write.constprop.0+0x992/0x1a30 [ 2232.598106] ? sg_build_indirect.isra.0+0x710/0x710 [ 2232.599386] ? vprintk_func+0x93/0x140 [ 2232.600445] ? printk+0xba/0xf1 [ 2232.601361] ? record_print_text.cold+0x16/0x16 [ 2232.602408] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2232.603553] ? trace_hardirqs_on+0x5b/0x180 [ 2232.604555] sg_write.part.0+0x69e/0xaa0 [ 2232.605453] ? sg_new_write.isra.0+0x770/0x770 [ 2232.606474] ? __lockdep_reset_lock+0x180/0x180 [ 2232.607522] ? perf_trace_lock+0xac/0x490 [ 2232.608470] ? lock_acquire+0x197/0x470 [ 2232.609365] ? find_held_lock+0x2c/0x110 [ 2232.610413] ? _cond_resched+0x12/0x80 [ 2232.611428] ? inode_security+0x107/0x140 [ 2232.612371] ? avc_policy_seqno+0x9/0x70 [ 2232.613449] ? selinux_file_permission+0x92/0x520 [ 2232.614523] sg_write+0x87/0x120 [ 2232.615276] ? sg_write.part.0+0xaa0/0xaa0 [ 2232.616214] vfs_write+0x29a/0xb10 [ 2232.617015] ksys_write+0x12d/0x260 [ 2232.617829] ? __ia32_sys_read+0xb0/0xb0 [ 2232.618732] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2232.620097] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2232.621287] do_syscall_64+0x33/0x40 [ 2232.622323] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2232.623618] RIP: 0033:0x7f5171091b19 [ 2232.624666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2232.629092] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2232.630915] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2232.632580] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2232.634287] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2232.635899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2232.637730] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:29:58 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x800, 0x41) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x4, 0xff, 0x6f, 0x40, 0x0, 0x3, 0x80001, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x400, 0x2, @perf_config_ext={0x9, 0x10000}, 0x0, 0x8, 0xfffffffc, 0x4, 0x6, 0xfffffff7, 0x7ff, 0x0, 0x8, 0x0, 0x3}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x8) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) r9 = perf_event_open$cgroup(&(0x7f0000000180)={0x3, 0x80, 0x51, 0x15, 0x53, 0x2d, 0x0, 0x10001, 0xa84c0, 0x9, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, @perf_config_ext={0x9, 0x6}, 0x8a0, 0x7, 0x100, 0x1, 0x80, 0x8, 0x3, 0x0, 0x9, 0x0, 0x2000000100000001}, 0xffffffffffffffff, 0x10, r0, 0xc) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0xff, 0x40, 0x81, 0x1, 0x0, 0x4, 0x20084, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2040, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x400, 0x0, 0x3, 0x0, 0x8}, r8, 0x2, r9, 0x1) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r10, 0xc058534b, &(0x7f0000000000)={0x8000000, 0x0, 0x0, 0x101, 0x7fffffff, 0x74c5c6e2}) 03:29:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:58 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000180)=@sco}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(r4, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:29:58 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x100, 0x0, 0x8000, {0x0, 0xfffffff}, 0x5}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000000c0)={0x4, 0x2, 'client1\x00', 0xffffffff00000000, "830c5c733b3d10b1", "6b740207a64af9ff97251c6ddabf2628fbedd89d79e77c44fa39e931e1100220", 0x10001, 0xf6b}) r1 = signalfd4(r0, &(0x7f0000000280)={[0x1000]}, 0x8, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000002c0)={0x4, 0x2, {0x3, 0x0, 0x7cc4, 0x0, 0x5}, 0x4416fcb3}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000200)={0xffff, 0x2, {0x3, 0x3, 0xa6b}, 0xfffffffd}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180)={0x5, 0x0, {0xffffffffffffffff, 0x3, 0xfff, 0x3, 0xfff}, 0x5}) socket$nl_generic(0x10, 0x3, 0x10) [ 2232.809940] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2232.809940] program syz-executor.0 not setting count and/or reply_len properly 03:29:58 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 96) 03:29:58 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xe000000000000000}}, './file0\x00'}) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x2, 0x9, 0x1f, 0x0, 0x80000000, 0x22, 0x4, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1d46, 0x4, @perf_config_ext={0x6}, 0x9, 0x7, 0x10000, 0x3, 0x0, 0x4, 0x2, 0x0, 0x1, 0x0, 0x9}, 0xffffffffffffffff, 0x5, r1, 0x1) 03:29:58 executing program 2: r0 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x9, 0x7, 0x0, 0x0, 0x0, 0x40, 0x4000, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f0000000000), 0x3}, 0x86, 0x2, 0x6, 0xa, 0x4, 0x7f, 0xbb5, 0x0, 0xbd20, 0x0, 0xfffffffffffffffd}, 0x0, 0x4, 0xffffffffffffffff, 0x1) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendfile(r1, r2, &(0x7f00000000c0)=0x5, 0xbb52) 03:29:58 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2232.931097] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2232.931097] program syz-executor.6 not setting count and/or reply_len properly [ 2232.953058] FAULT_INJECTION: forcing a failure. [ 2232.953058] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2232.956166] CPU: 0 PID: 42242 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2232.957906] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2232.959992] Call Trace: [ 2232.960660] dump_stack+0x107/0x167 [ 2232.961565] should_fail.cold+0x5/0xa [ 2232.962540] __alloc_pages_nodemask+0x182/0x600 [ 2232.963728] ? __kmalloc+0x16e/0x390 [ 2232.964685] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2232.966239] ? trace_hardirqs_on+0x5b/0x180 [ 2232.967361] alloc_pages_current+0x187/0x280 [ 2232.968516] sg_build_indirect.isra.0+0x2f5/0x710 [ 2232.969781] sg_common_write.constprop.0+0x992/0x1a30 [ 2232.971110] ? sg_build_indirect.isra.0+0x710/0x710 [ 2232.972396] ? vprintk_func+0x93/0x140 [ 2232.973377] ? printk+0xba/0xf1 [ 2232.974186] ? record_print_text.cold+0x16/0x16 [ 2232.975355] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2232.976618] ? trace_hardirqs_on+0x5b/0x180 [ 2232.977696] sg_write.part.0+0x69e/0xaa0 [ 2232.978722] ? sg_new_write.isra.0+0x770/0x770 [ 2232.979880] ? __lockdep_reset_lock+0x180/0x180 [ 2232.981027] ? perf_trace_lock+0xac/0x490 [ 2232.982065] ? lock_acquire+0x197/0x470 [ 2232.983050] ? find_held_lock+0x2c/0x110 [ 2232.984093] ? _cond_resched+0x12/0x80 [ 2232.985052] ? inode_security+0x107/0x140 [ 2232.986119] ? avc_policy_seqno+0x9/0x70 [ 2232.987139] ? selinux_file_permission+0x92/0x520 [ 2232.988384] sg_write+0x87/0x120 03:29:58 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000001, 0x110, r1, 0x0) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2232.989254] ? sg_write.part.0+0xaa0/0xaa0 [ 2232.990519] vfs_write+0x29a/0xb10 [ 2232.991447] ksys_write+0x12d/0x260 [ 2232.992389] ? __ia32_sys_read+0xb0/0xb0 [ 2232.993426] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2232.994760] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2232.996087] do_syscall_64+0x33/0x40 [ 2232.997036] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2232.998355] RIP: 0033:0x7f5171091b19 03:29:58 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000000c0)) [ 2232.999319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2233.004118] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2233.006097] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2233.007971] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2233.009830] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2233.011691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2233.013573] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 [ 2233.016937] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2233.016937] program syz-executor.7 not setting count and/or reply_len properly [ 2233.042502] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2233.042502] program syz-executor.0 not setting count and/or reply_len properly 03:29:58 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0xb6, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:58 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x4805c3) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0x1, 0x0, 0x0, 0x20, 0x0, 0xdec, 0x41218, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, @perf_config_ext={0xff, 0x80000000}, 0x102, 0x40, 0xffffffff, 0x6, 0x0, 0x81, 0x7, 0x0, 0xffffffb5}, 0x0, 0xffffffffffffffff, r0, 0x8) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1, {0xff0}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r2, 0xc058534b, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:29:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:58 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f00000000c0)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000000140)={0xf29, 0x0, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 2233.184233] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2233.184233] program syz-executor.7 not setting count and/or reply_len properly [ 2233.198064] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2233.198064] program syz-executor.0 not setting count and/or reply_len properly 03:29:58 executing program 3: r0 = getpid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x86, 0x0, 0x40, 0x5, 0x0, 0x0, 0x41002, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0x5}, 0x44d8, 0x19c9, 0x101, 0x3, 0x522, 0x5, 0x7, 0x0, 0x1, 0x0, 0x3}, r1, 0xe, 0xffffffffffffffff, 0x0) r2 = getpgrp(r1) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r5, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r6 = fcntl$dupfd(r3, 0x406, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) perf_event_open(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x4, 0x6b, 0xc0, 0x0, 0x1f, 0x802, 0x5, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x8, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x1402, 0x9, 0x7ff, 0x0, 0x1, 0x2, 0x101, 0x0, 0x1000, 0x0, 0x4}, 0x0, 0xc, r6, 0x11) perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x1, 0x80, 0x6, 0x3f, 0x0, 0x6, 0x2000, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7fff, 0x2, @perf_bp={&(0x7f0000000180), 0xc}, 0xc442, 0x0, 0x4, 0x3, 0x15c8, 0x8, 0x5, 0x0, 0x7ff, 0x0, 0x7}, r2, 0xa, r6, 0x9) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000000)=0x5) 03:29:58 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff4000/0x9000)=nil, 0x9000, 0xa, 0x10, r0, 0x8000000) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) write$P9_RRENAME(r0, &(0x7f0000000140)={0x7, 0x15, 0x1}, 0x7) ptrace(0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000040)="0ccf992d8bcd8d76d29f48c2565419b754789f2059a645fb0568e76b379f74dd619ec0f789b896f90b1eab4a5237c502b14f7e82365af0563b30e2695f76a9e453330f65ceb202c7afbc72bb8f67d322d8abfbdbd5a613eccafca6cf2417f23124eb14a14bc3b492ae6d162e6a0c21e7d2c96ecc1ce4412ba9310f254a3b26ed0d808fa32c6eaac8cddddf5953bd01b5c817ae6f602541d452914e5156b844cb463d6fbbd2f86c62778f436e7e7b440d43555ce9b28efde94af7a5bdbdcc9982d235d0199810864530303cb8fdc13fc85368f2dee2c1e67c2eb2e135809db3", 0xdf) socket$inet6_tcp(0xa, 0x1, 0x0) 03:29:58 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0xb6, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:29:58 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) execveat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=[&(0x7f0000000040)='1&\x00', &(0x7f0000000080)='\x00', &(0x7f00000000c0)='\x00', &(0x7f0000000100)='\'@\xa1/-\\(!\'\x00', &(0x7f0000000140)='!\x00', &(0x7f0000000180)='\\_,O[.-*+)@.-)\\\x00', &(0x7f00000001c0)='%*k*\x00'], &(0x7f00000002c0)=[&(0x7f0000000240)='\x00', &(0x7f0000000280)='\x00'], 0x1000) [ 2233.289110] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2233.289110] program syz-executor.7 not setting count and/or reply_len properly 03:30:15 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 97) 03:30:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0xb6, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:15 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000040)={0x224, 0x39, 0x1, 0x70bd26, 0x25dfdbfc, {0x16}, [@nested={0xd7, 0x90, 0x0, 0x1, [@typed={0x14, 0x78, 0x0, 0x0, @ipv6=@local}, @generic="0c3403c5268d65ff90b960a156c7a487638a3592d950189c04ed95ffbf05c2590d7fd496375aeaeca5", @typed={0x8, 0x36, 0x0, 0x0, @uid}, @generic="ea7e3d35787d5faa6ce5cef2f5df6227fcdc2333e68711d906a0738ce756c87e8fdaef52dafe83ec4a4f25b34eece52e49cdec43fb8ea5aa185c6707d420ac5a4d0e41a96e48a5f1f9f494d10f1a9d8f8ec2515e26bfa0fa68459e3601963cfca4d535ad3e4cc2086fa3663608a715a658481eb08158c269fadc2ea66b38cfda08e37cc6e1df", @typed={0x7, 0x68, 0x0, 0x0, @str='#\'\x00'}]}, @generic="31bbf2f370b8faa012fa39ad6bd313db20a1adf4454eb331147b52f2fa6ef7a91bf43673820d40fe2a913f12ad272ea7d25aba5583e7b1d2e7fc37e73b996c4515e7257765b82426e9edff1436502d6a793e2de6255e363429db643ab6dda24fee6c86c84b76a0367336a31ee9330cae9960adc0cc8aeeff94be3c491c9bfc5d0e3aad28f635d4f1848f60d191c97e93443f976ff48b9b79b65027ae5e4a03de77", @typed={0x8, 0x4e, 0x0, 0x0, @uid}, @generic="6d26165552132c3479ef4a8643c9890e51e668511690e050d763b01b4054f44e28539a3e87e3884ffe4a5acec280ecc19bb88da9ef60188a58d88d3ed1bcf6eb528703d1b8521f44947a4fbc8ad001b4835e7a364db4df8cf9517d88669b6fa201ebb7017aa4010cdb07f0cadbf0e018958296c1c549aeab604fbce412e9e5dd36ae6c08f63149f75c4419748044"]}, 0x224}, 0x1, 0x0, 0x0, 0x40048}, 0x40) 03:30:15 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x8020, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {}, 0x2c, {[{@version_9p2000}, {@afid={'afid', 0x3d, 0x8}}, {@loose}, {@cache_none}, {@afid={'afid', 0x3d, 0x2}}, {@fscache}], [{@euid_eq}, {@fowner_gt={'fowner>', 0xee01}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x100}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@dont_appraise}, {@appraise}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}]}}) 03:30:15 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000100)={{r1}, 0x3, &(0x7f00000000c0)=[0x2, 0x177, 0x0], 0xfffffffffffeffff, 0x4, [0x3, 0x546, 0x8, 0x3ff]}) 03:30:15 executing program 1: ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0x3, 0x8001, 0x63}) sendmsg$inet6(r0, &(0x7f0000000640)={&(0x7f0000000100)={0xa, 0x4e24, 0x401, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3ff}, 0x1c, &(0x7f00000005c0)=[{&(0x7f0000000140)="ceaaf0076a3cc484e47381ab7aca7ef07e5b6ab1ecada644d818c6b5da45bb638b8b5a697d0cec08b32d3b9c54ade6dd62c0256d060a52f0f12abcf0463c2c8a99dc", 0x42}, {&(0x7f00000001c0)="01f718e2004c6a728632bfb9c49113061e9c428ded13e3379d3da99a83a2ba7b0131aeae5af948a87951c3e592b6812bb95243754612f70874c93cd005ebc9dcee885906bd8cd10954b8ddfe7bac553664653b41d216f09b0d8a73cc9144bebbf816e53414421d8e5284f64a67c467d43ea2198bf3844b8a608e3bd0a2cd7a4a81d57d5770757e3bd45f55bedc18e5dd0b34a4a7403372e106a97f2b3501ded77a10d1", 0xa3}, {&(0x7f0000000280)="0d2836fd7ebcb876c53fdfec57d7ccf753e1e2b7", 0x14}, {&(0x7f00000002c0)="ef618b8f3d0485c6902d7af01daca3190e157ddaf7dc54bf48e987812c70951fb0e4ed9a1bd1b289b5e67480f2b31843d68bbb81e2faf5ef4354c83c67a532bf4b29b8cbf20eaf44e9c62a28506ac490846397d4f77ff02f3032e52848f838b5db82d2ca7fe71e613b76ca98a011740c01a91354955f28fd6b5f6d5000cdb98a", 0x80}, {&(0x7f0000000340)="9444aa728d2b51f31fab25b470a65339eec76ad6ed5dc57af440e7189a4cb56fecc0706314d42654c92dd7e7fda0", 0x2e}, {&(0x7f0000000380)="e1eef39113edc64adb2e8f2f", 0xc}, {&(0x7f00000003c0)="c5012899e5560cf98b5e2b0e58f350e72203e932138bc872add74524dbb461c8887d8db17217a943fad2b4a7dcf8998a8c27709b700fc40a852d20dfcf222b5f8b47f2db1937dcdeed97c25e70fa47111037f1bb2faeb6b2b3910c1891bc9a51e59315563ad5e414d38b25b3bf150b4fa498490ce599997b5398996dea3b9f638dd8a73188c54f26c6134ae7714f2ceeaada51378ea568a21c6a1f15b498ef9f5c58dcf271daaafc6318c654a266c830790f5800e51715bc85fc2b9ccf767fb5005d488d639abf0c532d628ddef855fc818436d52f7d718d1fa9440176f14a553106a96a2257d04bacb4f9aba9ad53d30b2e4e5d77", 0xf5}, {&(0x7f00000004c0)="9273c85a89b81c0ec3ba9048edd9bc66180dc0c146b1f2144808766eacdd5f80c3c82e30f922d03f707c09a6bee5941d2a8ad6c1d031ebc52dc4be5fc762b2b7cd6e9e45eb9ab492a0725b85de8d9e168e7c7887a336f76a02a4d3e66064c23c6d2968652beb45c9e78d8f6230aee98b11094fe931779aa6858a3b5589adb7eabe53b75bb59ded866075ebd120f2c1d078d15551e4af7a7e4fe4af7428dca632ddba02cbd6d3dabb2bae6017c7bb1f58bfc90e3923ca15ca9739ad9c3b5b622c28d4aee6", 0xc4}], 0x8}, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000000)) 03:30:15 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=0x0) ptrace(0xffffffffffffffff, r1) socket$inet6_tcp(0xa, 0x1, 0x0) 03:30:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2250.090432] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2250.090432] program syz-executor.0 not setting count and/or reply_len properly [ 2250.097505] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2250.097505] program syz-executor.7 not setting count and/or reply_len properly [ 2250.106023] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2250.106023] program syz-executor.6 not setting count and/or reply_len properly [ 2250.127593] FAULT_INJECTION: forcing a failure. [ 2250.127593] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2250.130133] CPU: 1 PID: 43017 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2250.131583] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2250.133283] Call Trace: [ 2250.133827] dump_stack+0x107/0x167 [ 2250.134567] should_fail.cold+0x5/0xa [ 2250.135346] __alloc_pages_nodemask+0x182/0x600 [ 2250.136310] ? __kmalloc+0x16e/0x390 [ 2250.137083] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2250.138309] ? trace_hardirqs_on+0x5b/0x180 [ 2250.139193] alloc_pages_current+0x187/0x280 [ 2250.140091] sg_build_indirect.isra.0+0x2f5/0x710 [ 2250.141094] sg_common_write.constprop.0+0x992/0x1a30 [ 2250.142151] ? sg_build_indirect.isra.0+0x710/0x710 [ 2250.143193] ? vprintk_func+0x93/0x140 [ 2250.143990] ? printk+0xba/0xf1 [ 2250.144673] ? record_print_text.cold+0x16/0x16 [ 2250.145638] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2250.146657] ? trace_hardirqs_on+0x5b/0x180 [ 2250.147568] sg_write.part.0+0x69e/0xaa0 [ 2250.148406] ? sg_new_write.isra.0+0x770/0x770 [ 2250.149342] ? __lockdep_reset_lock+0x180/0x180 [ 2250.150280] ? perf_trace_lock+0xac/0x490 [ 2250.151148] ? lock_acquire+0x197/0x470 [ 2250.151949] ? find_held_lock+0x2c/0x110 [ 2250.152796] ? _cond_resched+0x12/0x80 [ 2250.153618] ? inode_security+0x107/0x140 [ 2250.154457] ? avc_policy_seqno+0x9/0x70 [ 2250.155307] ? selinux_file_permission+0x92/0x520 [ 2250.156295] sg_write+0x87/0x120 03:30:15 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x460, 0x9, 0x0, 'queue1\x00', 0x8}) [ 2250.157007] ? sg_write.part.0+0xaa0/0xaa0 [ 2250.158094] vfs_write+0x29a/0xb10 [ 2250.158832] ksys_write+0x12d/0x260 [ 2250.159571] ? __ia32_sys_read+0xb0/0xb0 [ 2250.160420] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2250.161487] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2250.162546] do_syscall_64+0x33/0x40 [ 2250.163301] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2250.164353] RIP: 0033:0x7f5171091b19 [ 2250.165119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2250.168865] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2250.170413] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2250.171864] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2250.173320] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2250.174769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2250.176222] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:30:15 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x444002) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000100)={0x3, 0x2, {0x0, 0x1, 0x37b00867, 0x1, 0x6}, 0x7}) 03:30:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2250.315237] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2250.315237] program syz-executor.0 not setting count and/or reply_len properly 03:30:30 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x1000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:30 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0xb6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2265.388647] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2265.388647] program syz-executor.7 not setting count and/or reply_len properly [ 2265.395547] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2265.395547] program syz-executor.0 not setting count and/or reply_len properly [ 2265.399456] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2265.399456] program syz-executor.6 not setting count and/or reply_len properly [ 2265.419788] FAULT_INJECTION: forcing a failure. [ 2265.419788] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2265.422341] CPU: 1 PID: 43553 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2265.423780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2265.425832] Call Trace: [ 2265.426377] dump_stack+0x107/0x167 [ 2265.427133] should_fail.cold+0x5/0xa [ 2265.427937] __alloc_pages_nodemask+0x182/0x600 [ 2265.428894] ? __kmalloc+0x16e/0x390 [ 2265.429679] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2265.430963] ? trace_hardirqs_on+0x5b/0x180 [ 2265.432068] alloc_pages_current+0x187/0x280 [ 2265.433014] sg_build_indirect.isra.0+0x2f5/0x710 [ 2265.434034] sg_common_write.constprop.0+0x992/0x1a30 [ 2265.435134] ? sg_build_indirect.isra.0+0x710/0x710 [ 2265.436179] ? vprintk_func+0x93/0x140 [ 2265.437000] ? printk+0xba/0xf1 [ 2265.437699] ? record_print_text.cold+0x16/0x16 [ 2265.438683] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2265.439721] ? trace_hardirqs_on+0x5b/0x180 03:30:30 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) ptrace$peeksig(0x4209, r1, &(0x7f0000000000)={0x4, 0x1, 0x2}, &(0x7f0000000040)=[{}, {}]) 03:30:30 executing program 1: r0 = eventfd2(0x8, 0x800) ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f0000000180)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0xff]}, 0x8, 0x800) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000100)={{0x1f, 0x3}, {0x20, 0x4}, 0x8, 0x0, 0x81}) fallocate(r1, 0x24, 0x1f, 0x10000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000000)={0x1, 0x0, 0xfffffffc}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f00000001c0)={0x8, @time={0x5, 0x7ff}, 0xf8, {0x6, 0x5}, 0x2, 0x1, 0x81}) ioctl$FS_IOC_MEASURE_VERITY(r2, 0xc0046686, &(0x7f00000002c0)=ANY=[@ANYBLOB="030000109e4cfa05d1e6bcbcebb00d1c7f3e5312f19dd36aaba1b581f690131c121ea3745039508ebadfe54a87c9bdd731320818865dbc08a5819b1b8a2fc583904dd9c19a4fba8db0c52ca00523d023dd564067a85debc547423f6dbba538dba578e88c57943477248a3e751b8208b05224298d64f4b408a032edd730c12c1ac374ea6166d885918e0c7314acce7e5dddbda74f729a94d2b89f8c44ac68a4e9b74a76b24fec2a8fe0565701c7ee2696dc8761984f31e815df4e780bc1760cd39b2c2bba553ebcef3021005935d81eb5435b0a83020ed8509524751b00550c5a564e72473d1d423c3e9a5edead1e5effa5014d8d3412189defcd01f846ecec04c2e7031bd408ae579b5196cf28af38877095764084a7e7695966a4ea6cdc98422809e3102a86e530a78d8764753580408c90c74fdb75891dd86dca8ba893edc0effa7e6157bcce0c163a8cb8fb0c919c1ed226fd5179a4e563100afe41e92bc4a86ba6be58fe9281297154e5ddefe6cc74dc518eff7994184ad0fdcfdb0b564ebd45f36c1504094c083af3d4c1fa58f5d79a8159685a53c883df81286d71293955ef16c18eb055d6ef20a4da1a097a9c6cada88d2240f8e1bcad8ea8b0f5433b1519bc00fc30ae7468bbe885f4eae5aa9b805653ccb910b3311c2c433938b2b9b815d467ed09d6098748aa2aabdb04b861e4d1187674fa84891ab6fa25314dfed4391523f85621da2d868d268599832ea69d1feec10d8b8f23e5c0defa0feda1581a9f272cefae6670500a5168c6a52abfc4c05147bd0490236887a78fd65890173319881c75a14de3dfd37ac037466911bdcea9d47bda5fda72bfabfd9082dad4d6f4c5494c7e76cc1fccf6ae4e06ab02fc7e985c2c683e22dff34a75f10cf9eb1850a1c84f084ef7301a859898e28780c65e7ac9d10cafcea3557e04877ee843b15c1ba822e8038daf7f874c3e95078f9557be1f7a769d182f8d607f53e420145539ff2256b71d6bfb22aa2bb9a6955f3fa621f4b0394ea7559319462004a91f86e2bc2b524a9fc0a530d811b89590776065470181db8fa8138c56924fc5bb02d7972004a003dbdbe01c7ee84cc82a8636d26454e06b0128a5914e9d916d1e5bd157752c7efcbcb1233ef5b618c530fd629da235043f438ae56b0aa77421fc78320bfd6f8afa422a824735c5eed6fd9165c04e9b3513901be5d71967ad3b095115d8a3b182d376b17142e75b3518f26f4a16786d30b5d8dc700a39d247912fb4e60ca81e415d10ccaa446880f632998ab2672b17516de0bcc2bbc3198658d182ff27b63698de23e95b5c508b96249dba69afad954d074b1498adc17178033d733654afbdb2fb9f0f6d156b50662059fc66e43879b66f02ed69cafdb5810864db53abbb25fdfd41899b2a55149e16dc43a0df4a167f1ace7e41ce9e4a3bf1eb7f8e21f3f75757cbaf4deda7600dec3269aa64b961fd81c0886989cd732b87dd434337ce940354d4bd112a8639833c089fb124232e3d322ed8dd66782e69d27d46d2c98aab0c0ec68b350f16e6ab2c82e14a4a81716a0e835de07c6c6713ecab36a788b8a4bc0f4017a80b5cb3eadce1a670039ab13d12f75c714f3df749d7700c0e7242671b962528e6c27200787151f37538536623d281785351d43fd98649cda33a84a0b89f51bf903c7cfa5fef6a8e51a8fb3211f7b996a80759e10d70f873af2ef8fa13c3d46be18e5c1077230639f1ceb0dc26f01e7f02b88a5d5c600b724c07ac888205673208ee63969709882a3acd758d32adcbe5de192fdd92865a8e9fbc876cfe83a77dfec91bdcdf428081d74c416d6ef470fb3dad6dfb452d0187a3aa8610191bedbbab14b48619c1e71cea642b7fce52fc2a512a71a63d2c5b8e816d507578dcf2d309b67730c3f949deac1acb0c869cb6da188ca265ab672f5a786b4f227545e964795e64b92f3d73e2080bdc9910be38e6a9f6a9ee200837b3fde53019adfac31a9b670655bc7ad5d2aab0a847a75e210a93f169e72175ea83ff72a8de6066fc04c08917c216d618af8ef2d6bab449ba3697a9a3293668418067f55a7e0587a92bd890638ffa00df438a279b29afeca044751b61a3a2a6d8ed469aedf13a36bcc8c36b39808ff6eabdd9781ffef662c229eecb07e9ef698b8851f0040d6c559627412fa5c5013041c33d4d51d57449973f2bbf3a93e01db5b7d5870af3690e03de10a9fdd41b9e29676bdc243d7f1b095686a9ca368e7d9c3ac8a68a297c10db9754a63e0fbd1a70fb6dcb83cf90475b34a2a700b221af79d800a0112264524c03c8c0ecaf51ddd1dabe32cc4da435cd53ed46d290410d81b619d7a0e0ede47b49112f2f2c2a29a8e8d721136e4bdbd3a18113956f283ac1a79c345cb5556dea571aa9d71514a45635ce81e412ece4c3dd802cf02bafc20dbf37469793caf4616342f35d8e05180eb28402a69891fce31a7a1588ac666a0ceeb5cd8eb7c0d5148607e81bd915f3994d25990110c3bbaf101a97aa1207d9c38ef85e19d89d472252666ac667d959f8dc314d23150525ec3f2f9b11b235faa3f0f23648659948b479ce88d0b1b7e657a785856330e3878d06969b065a352610766e1864a642e74e1145e93f623f17a8d6083d33bcd648f5b9b18484d19617a90fb8f538825237c459febd84e0f5a2305124410d7f16d54d8ab036bb31dd536574844543e56891f07968a2cdec5128296b1b45566e32ea0fcc7482d66d5886b7295628968c4a3eafdc57f943596972186dc16741e3510c4803e3bd0f827d43fecfa01ea35957d6493d3ce5e6206822a416ca14e0a75102da0a5aebe27e973dcb0c97b41b539254177f81816b44273b3db69e5d153516e2e0a87770d03d4f007798c0cd786276c0bf6f9a3159c1e91f885180ce18cd21587db9fb0a93fccf1ad95fd18bcc299dae51c5d0922a0bb3153d2e178e5ff851398d2a952f2c72588fd39d4272779d66a0505172cf1c955020e4eaef8e165a0904113cdd4cd22ecbca9ffac70c4ba0126d6f37e956498501d7dbe65d09caadccea77f019385164feaa5905d82f34778e1ab35e33ad0bd6d006bad150a982c20171e8772233d95c6aee62f211a56ed27e0d816373b3919388c88225f5daf827d4a573518358ac6508e34a190dd389a5359d0f10c3d06d61604e1dbd026d6b478f252a37840e75272dead9bdee6bf4cd8ccd4ceb3a8a170da73f26a32dab22672f65f6999217f1947fe8e3d9ebfb136aa30139fb514f86e4e2a635461aa5df64473a9e409c8b5c0983f7dfc0981761e3c282bcc0ad59989914decc5e6177245d2681c9ccdb583f9076bf03f2fba64520cd66bf9412b0094165f2ddf93743833b5916b16be91de2236f13aedd480866b4a22b5677a6a4b4ac88c4a7d147eb2251c6fead9ed2fa097f80a5c8cd1da56f64f681644678e9ea084b5551df8b3b5f18ff1b214af93a0740fde17d29e9b44fc5aa50832d606295187412c56b304561451a74c732e8f78527ab31d83a1b2e5c4b5e98ff710f0739a10838346f5a1b53a07a8327c0467e024ab4c6c2a2034553d3d9809e93d952fbc74f5756f50344d927b89b9ac16e10f770935f697ccbc4386da5df414e92d6705a069856a5412cde6476eb041cb861d20327e076d564bdfe373b9078da2582abc52b270eaad478bfb3e69d8d16ab8fd730d7e0eb64127dcbb6b13e004b4d469d66ccb476a25011dc5c02ae0e3705e2ee5941dd8b9ec6afa6f9fb19854b9d43decb43f7642fab61d6870c1fe452823aa083c76224785c1314bf0017c37d31fd06bc95bdd4e05c7d9dc09d83abf976a45c42981ef2935102d9c6b8506d931915d05861e1cb6cb7000f58c9bb8d607a339161e3130c8d777ce574b38aacb189327d87ff86183644e6dc2936d68918a9606b374b623e0c9e8e93e1bb2ee15b6d5155d2516e97124b86085544c1f7c0c6b3ae65b6b249679a7216583539ff0d75ffa4803816855f57c3eb0c131831c5a63e3c783e51b16478cbd2130286fcc7ed25c33251459e7842cf058d5c66c7fce99baad8b005e5fc15c9464b803289c7a0c39c7f6ffd83181035e4fb1ca8d792623edb1d4faf8d619d647b805d3ba960868bc7d0ff7623a543a614ed349a5921d7f94c61c222b7fd470d44990ac8e092ab1ad4b56293c086f081703b40c9e39fd6708d7d7c98b0d087a19d6b265d18beaa80e6c234761829d7d53d33dc6abb56b0fb383f6b0fbe14751db4b184203333052edf19258ae4547899cdab7260297fac92b1fd2cc85436dcb34ad2aa9a1c02029369b68c9d41c948fea692fddc78da95759252b4ce9781c79b4bb2a5c8ef57235bcb22787b1d7aadfcb731ccfc6ce705fa2750b21150a08eb40f4aa5128940ccdfdf44b173c00c7fcc6c4d972a464246ef6f78f814e7a1be96a3de0dfaf9a14fe463fa3006fae840eef0fee71af4f7d7983330dfd97a4fdc48a289db5ef66969d299e1b5a554cf8e7bc8f26c615861c1588eeeb1754c876242dd4f7dac747fa482bf7889d0cc8c7507c12a3698de8b21834aab954df8d303bc372279411430e673d75a31f23a01e163fd9f1934941da198d9289fc014dfd87dce394c61b658998fc77c36d03f6a754ca4c0d16972b56ea6b2a67c490341678d59cdc236de5b7cb24f47bb01a8b0b37a74e756559493a75ed602d57e3193cc22c45fe26a7092ef65cef3347f3b4f81d7f3156e32296a8bb4bdaf36840995f692706bbc79aef519838127d7cb4795876add45212e2b33a138172ba6ef805f9a13ae277b7985b4949cc2c1e790273227c6ebe8a005bbc054fe4a19ac796e945a57472538e62869f77c186c466438d113c854b6a20c239da8a54bd7336709cd9a618fca7968294586858be0334fee8f5767cf39b645a85e1b4e5b6f7d6fcde155bb53415dc05f7f4fbe03baa919660808e7b854ca50d3766fc1902609bf54d8655de45adbc3951ba86869d99ec2655885ec6b02d3a6838d52e6f18a9feecd8778bae5af89b1fb1ecf435b153a3dcff4c2d8c89997a6d5b4cb0a30cbdf6bd12f5250e59a446e133e138d200b78eea808680a55a1c99ec1218e28a43903f294b16c36897835a1662e996bcee23a1bd8812fc33ee3cce6f85a88cb80aeef2b012448d13c87df3d312dc70befa3c9e8b9c85d41a5ab04f3531b2a27ee768f7f12efcd737990b08f5cde1c2021c295caf31b9112891322a4ce2d641ecccb7d9705c6852212fac82c4df07d88e9fc4bf473899a06ae26f5bfab6f35f6fd84f41bf0ac25fa46dd34b0e6f8437e488b7678570dd046ba3a5c51b7371782eee29324684350ab7193b2c1ba3c4908a346cb5e8ee3532e5050bc3324567437571a4feb4ac89a633ce8ae48262710125e7a5b6b7a438f39e51c48683d1ca11aeff1623210d2b0fafb42dbabd6bc27a26461bd1a6cb29350f0ffcfd98cb5d7edb5c0cb8dcd81863744a2027ff75bb055a4db0a435c09fe11f65ae1a756d5d44b114a2c3e5d400f88910119aa41740dd7123bb097dcb49ebcb892dd73d1d88c9e0dc422fa7c85eb22a1881680f81b22f6cbce93c6c188e8c3d9fae892d9cf57479e60eaae017e468dd19ae8b1e545a396c52c8c3062673329f45fef2894b490ebcb530d9c482e2a9f7a733f0cf7b7e4141b4d177311e2e6e2ef703af68d98f505e40cb265176cf22184bbaeb430ee3547ccf57c0ba562139fd65e63e294e0d6add52c2944e2f9c9b8e578abdbff178a693d7aa12f6a9df32d57a641766c82dce9284dcfffe27b"]) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) fcntl$setlease(r4, 0x400, 0x1) 03:30:30 executing program 5: perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x14300}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x6, 0x8, 0x1, 0x7, 0x0, 0x0, 0x4000, 0x7, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x2, @perf_config_ext={0x4, 0x4}, 0x1000, 0x80000000, 0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x8, 0xffffffffffffffff, 0x8) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x80, 0x13) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) recvmmsg$unix(r0, &(0x7f0000007a40)=[{{&(0x7f00000009c0)=@abs, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000a40)=""/121, 0x79}, {&(0x7f0000000ac0)=""/164, 0xa4}, {&(0x7f0000000b80)=""/51, 0x33}, {&(0x7f0000000bc0)=""/4, 0x4}], 0x4}}, {{&(0x7f0000000c40), 0x6e, &(0x7f0000001e00)=[{&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000001cc0)}, {&(0x7f0000001d00)=""/211, 0xd3}], 0x3, &(0x7f0000001e40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000001e80)=@abs, 0x6e, &(0x7f0000003480)=[{&(0x7f0000001f00)=""/4096, 0x1000}, {&(0x7f0000002f00)=""/161, 0xa1}, {&(0x7f0000002fc0)=""/210, 0xd2}, {&(0x7f00000030c0)=""/201, 0xc9}, {&(0x7f00000031c0)=""/251, 0xfb}, {&(0x7f00000032c0)=""/181, 0xb5}, {&(0x7f0000003380)=""/195, 0xc3}], 0x7, &(0x7f0000003500)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000003540), 0x6e, &(0x7f0000004880)=[{&(0x7f00000035c0)=""/41, 0x29}, {&(0x7f0000003600)=""/193, 0xc1}, {&(0x7f0000003700)=""/218, 0xda}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000004800)=""/66, 0x42}], 0x5}}, {{&(0x7f0000004900)=@abs, 0x6e, &(0x7f0000005b00)=[{&(0x7f0000004980)=""/145, 0x91}, {&(0x7f0000004a40)=""/5, 0x5}, {&(0x7f0000004a80)=""/19, 0x13}, {&(0x7f0000004ac0)=""/54, 0x36}, {&(0x7f0000004b00)=""/4096, 0x1000}], 0x5, &(0x7f0000005b80)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb0}}, {{&(0x7f0000005c40), 0x6e, &(0x7f0000005dc0)=[{&(0x7f0000005cc0)=""/114, 0x72}, {&(0x7f0000005d40)=""/114, 0x72}], 0x2}}, {{&(0x7f0000005e00)=@abs, 0x6e, &(0x7f0000006040)=[{&(0x7f0000005e80)=""/94, 0x5e}, {&(0x7f0000005f00)=""/144, 0x90}, {&(0x7f0000005fc0)=""/2, 0x2}, {&(0x7f0000006000)=""/57, 0x39}], 0x4, &(0x7f0000006080)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f0000006180), 0x6e, &(0x7f0000006380)=[{&(0x7f0000006200)=""/50, 0x32}, {&(0x7f0000006240)=""/39, 0x27}, {&(0x7f0000006280)=""/205, 0xcd}], 0x3, &(0x7f00000063c0)}}, {{&(0x7f0000006400)=@abs, 0x6e, &(0x7f0000007880)=[{&(0x7f0000006480)=""/159, 0x9f}, {&(0x7f0000006540)=""/60, 0x3c}, {&(0x7f0000006580)=""/176, 0xb0}, {&(0x7f0000006640)=""/27, 0x1b}, {&(0x7f0000006680)=""/115, 0x73}, {&(0x7f0000006700)=""/18, 0x12}, {&(0x7f0000006740)=""/4096, 0x1000}, {&(0x7f0000007740)=""/152, 0x98}, {&(0x7f0000007800)=""/74, 0x4a}], 0x9, &(0x7f0000007940)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}}], 0x9, 0x42, &(0x7f0000007c80)) fchownat(r3, &(0x7f0000007cc0)='./file0\x00', 0x0, 0xee01, 0x400) mq_timedsend(r0, &(0x7f0000000100)="4f4ec87bab1e4993f04166a5ebb727c4003b6175762854e8884f95bf7fe723dc93558ee58239cd5c84d55c1e5ac5d1deaa29fed5af1fe0aae045428c5bf67effa86b9003fd499591fbabc5b05f2722ea66998da3728a82eae1ff5e60816e64a9266396f75b5df7760aa04acd48ea5f551c0ca3c2fe7c5995607aa09390fc230f69a129a98c665af9060443b0", 0x8c, 0x1, &(0x7f0000000200)={r1, r2+10000000}) ptrace(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) getpriority(0x2, r4) 03:30:30 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) creat(&(0x7f0000000300)='./file0\x00', 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000001c0)={0x0, 0x0}) r3 = getpgrp(r0) clone3(&(0x7f0000000240)={0x80400, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0xf}, &(0x7f00000000c0)=""/22, 0x16, &(0x7f0000000100)=""/139, &(0x7f0000000200)=[r0, r1, r2, r0, r3], 0x5}, 0x58) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) 03:30:30 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 98) 03:30:30 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2265.440799] sg_write.part.0+0x69e/0xaa0 [ 2265.441856] ? sg_new_write.isra.0+0x770/0x770 [ 2265.442830] ? __lockdep_reset_lock+0x180/0x180 [ 2265.443814] ? perf_trace_lock+0xac/0x490 [ 2265.444690] ? lock_acquire+0x197/0x470 [ 2265.445518] ? find_held_lock+0x2c/0x110 [ 2265.446373] ? _cond_resched+0x12/0x80 r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) preadv(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/153, 0x99}, {&(0x7f0000000180)=""/128, 0x80}, {&(0x7f0000000200)=""/99, 0x63}, {&(0x7f0000000280)=""/176, 0xb0}], 0x4, 0x9, 0x400) [ 2265.447192] ? inode_security+0x107/0x140 [ 2265.448167] ? avc_policy_seqno+0x9/0x70 [ 2265.449038] ? selinux_file_permission+0x92/0x520 [ 2265.450058] sg_write+0x87/0x120 [ 2265.450771] ? sg_write.part.0+0xaa0/0xaa0 [ 2265.451648] vfs_write+0x29a/0xb10 [ 2265.452409] ksys_write+0x12d/0x260 [ 2265.453189] ? __ia32_sys_read+0xb0/0xb0 [ 2265.454051] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2265.455129] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2265.456212] do_syscall_64+0x33/0x40 [ 2265.457010] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2265.458081] RIP: 0033:0x7f5171091b19 [ 2265.459602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2265.465534] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2265.467891] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2265.470181] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2265.472499] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2265.474663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2265.476793] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:30:45 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 99) 03:30:45 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:45 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:45 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7155925, 0x0, @perf_config_ext={0x3, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x1) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000)=0x4300, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000900)={{}, 0x0, 0x4, @inherit={0x60, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000000100f076d9f90e79ec65cd8071541e41ff00000003fcffff"]}, @devid}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = dup2(r4, r3) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r6, r5, 0x0, 0x7ffffff9) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000006280)={{{@in=@rand_addr=0x64010102, @in=@multicast1, 0x4e22, 0x3, 0x4e24, 0x0, 0x0, 0x0, 0xa0, 0x3b}, {0x0, 0x0, 0x3, 0x8, 0xfffffffffffffff8, 0x0, 0x0, 0x487}, {0x5, 0xfff, 0x3, 0x1}, 0x0, 0x30, 0x3, 0x1, 0x0, 0xf60dea7448723268}, {{@in=@dev={0xac, 0x14, 0x14, 0x2d}}, 0x2, @in=@local, 0x0, 0x2, 0x1, 0x7e, 0x10000, 0x5, 0x3f}}, 0xe8) sendmmsg$inet6(r2, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1, 0x0, 0x0, 0x3}, 0x200000}], 0x7ffff000, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) 03:30:45 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x40) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) fcntl$dupfd(r0, 0x0, r0) 03:30:45 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x95) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'veth1_virt_wifi\x00'}) inotify_add_watch(r3, &(0x7f0000000140)='./file0\x00', 0x10000002) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:30:45 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000180)=@sco}, 0x0) r4 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f0000000180)=@sco}, 0x0) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) syz_io_uring_submit(r8, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r6, 0x0, 0x3) bind$bt_l2cap(r0, &(0x7f0000000140)={0x1f, 0x3ff, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x401, 0x2}, 0xe) syz_io_uring_submit(r1, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x8400}}, 0x1000) socket$inet6_tcp(0xa, 0x1, 0x0) 03:30:45 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r3, 0x0, r3) write$sndseq(r3, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) fcntl$setstatus(r3, 0x4, 0x2400) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000000)={r2, 0x376, 0x1, 0x1}) [ 2279.938916] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2279.938916] program syz-executor.6 not setting count and/or reply_len properly [ 2279.968257] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2279.968257] program syz-executor.7 not setting count and/or reply_len properly [ 2279.972251] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2279.972251] program syz-executor.0 not setting count and/or reply_len properly [ 2279.975003] FAULT_INJECTION: forcing a failure. [ 2279.975003] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2279.977536] CPU: 1 PID: 43969 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2279.979006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2279.980764] Call Trace: [ 2279.981330] dump_stack+0x107/0x167 [ 2279.982116] should_fail.cold+0x5/0xa [ 2279.982934] __alloc_pages_nodemask+0x182/0x600 [ 2279.983924] ? __kmalloc+0x16e/0x390 [ 2279.984714] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2279.986006] ? trace_hardirqs_on+0x5b/0x180 [ 2279.986929] alloc_pages_current+0x187/0x280 [ 2279.987874] sg_build_indirect.isra.0+0x2f5/0x710 [ 2279.988916] sg_common_write.constprop.0+0x992/0x1a30 [ 2279.990039] ? sg_build_indirect.isra.0+0x710/0x710 [ 2279.991092] ? vprintk_func+0x93/0x140 [ 2279.991919] ? printk+0xba/0xf1 [ 2279.992624] ? record_print_text.cold+0x16/0x16 [ 2279.993625] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2279.994701] ? trace_hardirqs_on+0x5b/0x180 [ 2279.995636] sg_write.part.0+0x69e/0xaa0 [ 2279.996513] ? sg_new_write.isra.0+0x770/0x770 [ 2279.997513] ? __lockdep_reset_lock+0x180/0x180 [ 2279.998508] ? perf_trace_lock+0xac/0x490 [ 2279.999401] ? lock_acquire+0x197/0x470 [ 2280.000247] ? find_held_lock+0x2c/0x110 [ 2280.001118] ? _cond_resched+0x12/0x80 [ 2280.001958] ? inode_security+0x107/0x140 [ 2280.002837] ? avc_policy_seqno+0x9/0x70 [ 2280.003700] ? selinux_file_permission+0x92/0x520 [ 2280.004732] sg_write+0x87/0x120 [ 2280.005459] ? sg_write.part.0+0xaa0/0xaa0 [ 2280.006356] vfs_write+0x29a/0xb10 [ 2280.007116] ksys_write+0x12d/0x260 [ 2280.007882] ? __ia32_sys_read+0xb0/0xb0 [ 2280.008745] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2280.009849] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2280.010935] do_syscall_64+0x33/0x40 [ 2280.011723] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2280.012792] RIP: 0033:0x7f5171091b19 [ 2280.013592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2280.017443] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2280.019052] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2280.020539] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2280.022033] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2280.023525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2280.025013] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:30:45 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x1ff, 0x1, 0x1, 'queue1\x00', 0x39eb}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:30:45 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) dup(r0) 03:30:45 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2280.130847] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2280.130847] program syz-executor.0 not setting count and/or reply_len properly 03:30:45 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:45 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x2, &(0x7f0000000000)) close(0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) ptrace$cont(0x20, 0x0, 0x5, 0x40) r0 = syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2, 0x7, &(0x7f0000001380)=[{&(0x7f00000000c0)="2ecea3c31ffeda0965586ed0160fb927fb01df17235934b75ba726adf3a407b43dcfcd65caaedc794987d91de27f57f838fc0e403fe9488f4c1780b52991069240f367210eb77ee72dd2c4bae6f2c58b90276ef1e5bddb2a4d2a04ebefb758f344d09af8da233f11fb8fed", 0x6b, 0x800}, {&(0x7f0000000140)="c046b38e6509f2d4ad9d9aecdb5eafbdcac9e5f4574baa016189836e3619ad060f118a0aeb038793cc58427fa8f456f978e05e30f01d64a7f84fe667da6ca8e6c3d027e0b29b0e3fb8bce4a9451976082307d2a32740dc0b7fab81d47c04576ad09a16b423801a990abfcae033286631569c79f8b5a4e3531b77e9b215014f86680ebaa307ff6f76defbaa564eb19a8a03c6caf424e5799d013c18cdd72dd9108a1efe28e6febfcdf9f0f4eae033bbb158", 0xb1, 0x9}, {&(0x7f0000000200)="f2d5818dc4416c2dceb2853baa3012430de3f4041310447a029bda07a304f303ae530253a6c728d3281f853cdce05cd1d3cb95cae18979", 0x37, 0x95}, {&(0x7f0000000240)="0a41c5717cb15f39e372d2bcbe981cebd22d279e76ae9ec3183da3a24620fd7d17cc2e6697872d67e7d83361ea45a56c4e9c2cef3688a0efe429d9acd85562", 0x3f}, {&(0x7f0000000280)="76fef33ae8d343e7cec6113b3ebeb335d8f39496842c10565a7867f37edc2ef2308738d9cf4ee8700c02bef907319a5ffa4659dcb1b9851b0126527dc90cc83e59876703cac2213a2208c29167421c18c41dee5800096d50c95956f4706b", 0x5e, 0x400}, {&(0x7f0000000300)="ae7e48a5460fd77eeeb6fcf72b21fc73ab7932106557c8d04fa15c0c5f831020f2ac050ea4f9c6e54739a0c4971521f2918511e9009c1967327b8112a3bc1c27367c91941bbf3022498a47d10228eb954bb172e08df291cbc0a19d6d5ac3774b73ec37e412f50340491629e8bfeb1c4497b6fe6a2925609b85efddad61cdefbac6d6270f1d5f6f5affa93c1e65bf6133ae008b5f1327bc16a57985adc05326d6dd4052defefee09630565122324ce4623140c98e6cd8282c2ce799394825ea36032a081601e0593addb0fa501dce269a93716e8c41673d4a48660958e4e69dbd0cafce7f95fd72001f38d268c634bae085e21a58a9f841afc5fe88ee1639b2a47b9081163a9db684e741fc1fb7677fa713b9fef3261a8bdcd65987960de0447c8d4484f2db458af03780f7f8855739b50446c87df8560fc835cda2ae7f3a1d216107640d9357ebca02bc7e47dd98e102a0d47eceade8975efb5a1566d02b0fe95419aa63d578d2c48772f99f14a439632cabde0d659fb945ad76e4dc6efb964c56dbc4e25f2e3870dffff179886870f4adca847b1171053682d2d15ba3a19c42907fd456f4dd08458fb9a090c964a1641a1d4b93a4707b91f66a3ac3f4ef0a7c7e1c12f7b60b4fd6caf0ffd6dcea6c0b338142d5456777e1684497d3847fb86c3fffc00bb8319ec6ea384b323190bff21f3455da1b5b93d0771d2b0c519978a2ae4bf3569667ac7788b8931f73434a08fff4f7759417cba9b56e79d6ee054ff0b41578f8fb58b4ebd61cb36348c765607eb49701bce70ec949bfe7fbc3487974d70d0859e43a72288d52bcfaaf88a76eebbb5e587dffc824a419a1419f45cf8f81e97ac4dd85678614f7514087cc9ebb63872910bb9d492265e37e582324c52c0f32b982072c85007e4d3b7bf190ee27d168c4c47f78966beb60129536a590a7713e5ea03a41934fc0caa4d4838f37e7f30360624985a9c9e62d27fa5341af155052015d88a7b1c4a82052f9ae1133a2337d873c1d16a6d4c5a89d60a3cca433e15b906034b4c2778aa463fc92e5b2676dca5ed4327547434070e50b8657669d33711254d8fcf2c427c8405e5835fca9e278d9602ebe93d95e21f1db445e794d33080af955ee52a959b0bf97a515a0e26223a1b96039a3fd52e075974ae684720f4c332cff2ee82d011b27ae2f7d28fe56f165b25225ea38271541d234612d23fe6cd198f53483af65a13858a91fece2487fdda0de68613ddf9b8e5f21cc492bffe7790456468d80a25ddc04b05ddac972d8afb1d816f4bace21fcbab60eb14f2f3575581b6a4398276aa7ef2e17a7307bef0c0c89d1a08fa9d63174ff93788b009d6635da1b4a303be0cd3b9f8da4dcc02f5f66fd42ec5e3b8cfcc1f5445d8a7df760e66b568686d4b72125c914c152fd65d6a1d13aea45495bff079e2e2742e7422153b23bbad7fde001af6f28bc81ba7e05b7c4548de92e618b344e63b27bc6f56f8f6c7e955ec95df7cec6b169adcf75dd4f61cdcfbaeef18344165d81dfe1222e5aeafeff8e369d13a62809d9a4a665274f8892fe5f4b2d287848a720d74a4a47fb19fe9d72f1ba34b5157e6a2c17f6e265b0c1de391edf77275ef80fa1f8c077d8f99354385a92fed727872dc8df96e935ec640fd7408a589f4d29d1b1d67b3193ec4b3e820d8a1cab435e7c9c0a8d8df357e38ee7b2c9ac4734fda6281af6b3e991f157b486fb17b9419e4edb122aae21d3243eaf14ba39f06064b9b40e7ab2669382436bab7608ed51e36b2ff342bbdf5f01c172e7e64c57ca59bb32905c0610e36589ab0fee2f8396d6161a4647a46ad85b04a10424db55f01f3d0dd3bbdb8d5e76193509815b3a468105e5f94d318ca513535b0666be9b9b6ae44a085fd512042344595f51ee1629c9c5efaa40f761cf32423ffe1ba999fe8fa60c16b9b9ff4b7b5726288b8c80ae4450034f23ab76baadd8fb94e29579138fcb9e3522ef3853026a38e9de771d3cfeda71c59a7ad8119c90a619cf2a48beabf93d1513c3e864d49111f36738881d752828a23b2d83b9d78466974e5d500d70817b09dc268328db93f489eb22556621e0eea7f7969252f32f374f155a38868bca4ec38c2f046861a5e00df0bfe94d3a2d2b8cbd2c8b7d873c118da831befc02339a65699ad74aa39ae8dc8ed67a6e728a37229d688fe283f4328241632f170e6116b8ac7d7f86228c3f82d15f7ae294fbfe3d3322d8cf4bd454c20542507fa30c82dc59349ce22c9a2712288c87af5cbce2b0de00a74def688eb55f588d44510cac31cb93a99c8a093f20ffcb19c2ba10608a1b707e54d9648587b4c0dae460bf16f9bfb318f4500ca1598bb15b2a7d3c9a131372500523bd58296d228e7bbedebc94f3f465d6102bc6432c7652529750a0a23c634b7b6234dc3f1be0802f3e4d7273ea37478256497520cc0473ce789d9971ec42d6440614b1d40112804d76c3d8af1fcf9025a72c89c94eed81bfb353aae4acc11b687738e56a66900c131feb04a7bd5118d7bc0a499ca953741d789f3e28f35cf2bad88b4cb288d60a77159aa42dd687f9803a377b2d99fba5ce65ea744166ce50a3c4d2a0f9bbc2c0de9b480978ef9ab55b12b780cbcaf39334ebd3ffc49839949ea39e810d5e8057e16b8e4d3eb6efe40cd69a787de5e3ef635a6c52f4d6356c05a12c0e63fb55bc38ffc8e41c66a8cff46d0f6d07e3ef065ce945b8642b4c592c47ab120817274cc60fc744fae92676744a7c1caa18834c5740ad88fd8b54c397195029e2edc674e1f8a3665a5c3cafc6d2895d68cb9c8ec580419c961f61f1f45a52dd58b54618029a16d2bb612495d8af3efe904b1e4e7f28e7887329f7e02db64d4559f397ab2db9f169bea89425effa892c4da3eead823b488e3fd5410bf05b22a198f9fa61e59ef3a91a4e7685cd4ecd1437d4de3c2c5703429cc468d9edaf71879088d1813198b3ad00706b36b148a4df91b8a510fa0cc7d4c7a57a173d97244428fd89ef96678538685f6f8337388c7a10e3d9efc96ba3b0eaa746d16700091cbae015fafdc47124ff7155bc8f91e1aedfc375375133fe05173e3e781bc9c2d27249336ea9686c221299c72e85c66fbe3b949fd6a883f17822fb917365dcd9327c03a5c79d63eddf549035f14ea1587029ae06882ff2592e82cada90882b58111128a580ef84963a5c4937564100fcac69091171953e352ae62db22ab99508686bb2da990c5ee57c7b678fcef1587c9172d046e9427d5994a521f40f8824d7c8482d241debcfaebb79771cc36239d0426e9d6dc8d9823765955c25bb8ce2ffa21549552cb3ef30b3626b558d8019393bd67e0a913585429859c18bd4aeea2d0f4521c5b92fe6106f9218be51d347e1c0ee7c71a66836a6ae2bc5512a5cc2843e03e6ee50046310d08771a0c70c9f7c37b6b586e35fe838b38bcdc2f8806132db6aa18354d3993d76f4b1f4998bd24a8e9d65dd68597c6731ba4b2d66d223477c1dbbeb814237d02f2f12df9d49005556175ff2092209b6e1b58afd3a937aafbc6b7e6a3e88f7d675942a9acffd98985ff4002e016a343dfb65a8a3649eed1304c39156d7805d822f140ca3267435b2b280eefe31d9bae6e207d02b27e741825f7e384427e2e6e4b4f0e1d0bbe212814093e5bce99d2d6c44dada68111eb41728f8b4b56f63f055f2c6baf2fd6acae090ee3398d4549b78a3dd5a4c8243ce5e932f6d29384a26ee0040eee77bcf37177ab333ce47f577745044d324aeacf6e97abae8de56455cdfc0fca24a1f782ad6bc12e1221ba807a6ac95ef4b8e777d260dc08736b77b13963923f70473412541c39310b17e619a6e041c6fc93231af17738b265573d0dfb5d09029cf649e5f9e5760f6aab5ede5e8bbd675e4479e531c0f372c59f0cd942eb5520a468ccc74288f7fe1b6bb7286fceeb4d3a3b599c06a0aa9276fd86ad6564f942dd7282a0dac4f996368ff5b72d5a52aa57f09034e682eb526b69b95c7993a733cc279c840b2ab0d84c173193b15667fcb7159e63a2393683966ab6e3467c88e1230aa111a60813209254bad981b3b2078e4ab9373334c42c8cca4323a17f40a6c283edac05fd06375566cb5a4ba932235fe70a0a6ff5fa8d751ba16a333eec8609686e87d38581827b1b7d97dc1751d215ed70178cceb05670dd50bd8bb0818ea7dcca7b0b9fc8bca196b3cbeabf0faafcbb25e6f3487e459cae1647209001ddac09d79137006f0fdcdbdaa768de195e2532b26239ea13d4e47ae18feb66f2d773df0e61a8ad2c4bd10b9d80648ba821403c6eefe4f933103358955affdf0a0a86d2e88e44e07708790c855d107109ac194aa4c7289c90b84e5aa362ca104b70a43c90958a47f8da82fd9a54ba84fc4707755f378fc1d2a77c34a6bf0b0a991199b6ff27e9a1793973bd0e0ab2fcd713176ce97251e241289e1a6a82fc82f48c39f59e14625b43a41f9a65e191c1ec4369410805d1fde09a89d38539a58aa75f2f0e08221e7934565c1efe783e70dc83071b53bffa6310ccd9715a82f70882f101fc9a1e208ba1f9d3c6271837c9863656dc19a0544e86ab40264922abfecdee22b9aea75eae8bbb3a0bf58d9c34ed442896d93638e2beece5312198a378a84e001cc55fddfb1836069efb6bfaa4b5f7805b46e0d284a5afb758ccc6f3f6bb1878845ec30c1e3a4e2829723c3b4195f69da9edea057d92ec6fa61a80ba1983a6a25330aebc9e9c0b539d28f1fe7787a9c51e21c2668dcace798fd6ed300fb590bfc43ca1c087cffe03335d067de657c35cf342f5d89443f026fa5a736fbc4fb495aa1db4374b7887b883c187dd5f3d5c7cca2a74975dbdaf1dc8e6df8548f5b87b05d5032082d62cb1cb6736800d876e74cd61ba5b44fccab1030234f4b7520f8da83cf9b81d83a321944adc36b900014bbb33cd52e4b82ec426f9c887787058ba34881fad6a85ec021b8094cbee121dc52cb41e9d592c00d6db7628bc78bae6bc871eaccbba653a0862d8fdbff55ace2b7034522e9e519903674c872c8c336dc45ad65270ab3157467b14a785f3a1b7d39e6b421b8a53c6ec4e6092dc4d2f4200654b24ea647d6fb83a5d735ec377b8e954c56a88c0738076452d0458e14f0b78c37fda7f92d99bda17103b68e830f5dd1eb4119b03980356a88e5ce587e0de96358187d65facbcfcbc576af4796858ff3a713650d7f3c6d25bf68ba828dfd1891d6fb4cc9038309ca82da16471800d2dda4d54d5033a5251587a6241192f111563f55b6bc48e6077cf0db531cbda797c772a9eec094611cd9c17476f2b354a06d9dfa6289698c7c93a188b9a73cbd999c23a5a1d8df50fbf9745361f733d411bdd5ed287c1af881fc543a4a998fbb2020037190fdc874eab52e5cff632f65ccac59e64ddc088255f3a7f8440a2b28a39ee0b3a910746818d8f9dc0a653d1d4618235c9e097359dd2d1cc0cc7b98147d8e9ab8417995152a0e9d2f0fc070187d5aeb4a36591068a2f71b127b91ed8df66bfb4525f153290f496ee043223f0a98a3bd1b02fc541b02cc8d4c9ae7b8e7e88841f8705793c0c63073d018488100abc2fd92dd4fcd35763fb5de5033fc294efaadfc642876ea1b063956da11a123fd15a7c1ddc94f14d85be5ef858a8ec7c046869cdefafb4b56ac2427d61717060138a3b51ea6490fe959f23f4a69c77b204315e76f3d635a680b0199dc4903c36df6ed56aece3baa6cb26ddc543a6d1a21e8d87aa17849c509b21fa386c0b9", 0x1000, 0x8}, {&(0x7f0000001300)="38fb8d2e63f1c79064442180e82e14985ff5c5c5902f6fcb10b7cceb1fda89516e3589d1e1469aeb861a7011590d3131c981c69590a887572a03ddee786674e7cc369b579e782f646d53cf809f0d331b72a19e17bf8eda3ec7cad2a3d1234fd807c790c094e63f7e3d", 0x69, 0x100}], 0x10811f399ed7ea7e, &(0x7f0000001740)=ANY=[@ANYBLOB='#}-&:,P,-^[*$[,fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c0b952f00c9c8ac81a531f961ad5f48e0ee6a63d66a69b03c5ac97cd78138c10a8e766b72d0eb418a44b5ca5425c5bff1d51bf54d114b9211e1accc4ee0ac39fa92d802f789123526c8be4778d9d9be3bfdb0878924ddf70434a98cdf000242839d590de0646f2207e5f3780472b83cd20fe8354c5ae96a7d4e251e4a820f2f420844c04d7b75aefc592be2b4f4d90524fbfef54ffe4dd18e8e229b2431a76ed4fc800a6760cb5e71744fc4aa8d03fc8628575c4988fd79cda1e120ddb010086d7bee21044fd403752ec85fa82b5941bf3ff78b5a24542c8b107f9a034cf0b13ef1e1d93ef10d378829a1f7124454ab343210f9ab25bacadb6e4d"]) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f00000016c0)={{'\x00', 0x1}, {0x200}, 0x40, 0x0, 0x0, &(0x7f0000001480)='./file0\x00', &(0x7f00000014c0)='./file0\x00', &(0x7f0000001500)="9da7f9a84b08c29ee2b635a9c2acc1d767e00cf73e61b072c16c25ebe517e1f549d5a011cc3aa7e17460c0f45992eee62b7f70603d8f37ea5f5042fa8d73c044675050084ede6086cb55d44ea2dae47be404b1bf7a4ab87d24dc88664d49d7ab89aa53f090c1b369a2692ffd24433dcdc098d745fe828a4c", 0x78, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="02000000b6000000010000000c4200000017134b23e15f09643c5bb6ebcab49edb5eca39ff2966edea3c9ec894460f039905676b68b2577a33c4401fa08a9d9e4c7c9b83d567dcf6e8480117f0fca9a137a9816700000088f67c0934cd589de19a186a2d68406a888de0cca180424fff2f4c2acbb6db8b8c5af21b20b2cb1c4649bbd17dfa6d4e112368b9a2b3045abdc6324b510cadda9b00eb80006c11cf5b94998cfc8bec3c1cf06d4969f73a29588fd459f6ea8712f3a38a275ddd5e00000041c028821946eb48d2aa04f6f64cbca5e3de1c7caeecc5f7fc1c893336b5fd6621648ad84a6989f3bd6c84a996b5aec78ded43acf60447c6a6e9881bd88de789002a93da6ff6a041463f90ee140e1c9cda787dabe8e181b0c0a0fbd31232"], 0x120}) socket$inet6_tcp(0xa, 0x1, 0x0) 03:30:45 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:45 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) perf_event_open(&(0x7f0000000040)={0x1, 0xfffffffffffffebe, 0x6f, 0x1, 0x8, 0x6, 0x0, 0x2b96, 0x4020, 0xb, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x7, @perf_bp={&(0x7f0000000000), 0x4}, 0x50001, 0x9, 0x80, 0x8, 0x20008, 0x1f, 0xa, 0x0, 0x7, 0x0, 0x4}, r1, 0xd, r3, 0x0) 03:30:45 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) (fail_nth: 100) 03:30:45 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) pwritev2(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)="f06c98b0bba570865eedc53615597d1fb0ac6e9e946e621e159e6502454420053fe1052013863c6e4e64ed0092a2dad659bf777f62b6fe8c1b2ae300a429626a2b8be3599618370ed89cd2d301bf0fd1f1f9d2a42b949f1f99f273eb89d92858ad3877daedb24d63e782485fe75c19df137a9923d0a728e609b654653eb73765384aae879c840ad078a3a635c0189fa86754ba0e72d53c2d10a79c18a181af22f0c306", 0xa3}], 0x1, 0x80000001, 0xff, 0x8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 2280.229544] sg_write: data in/out 150994910/80 bytes for SCSI command 0x0-- guessing data in; [ 2280.229544] program syz-executor.7 not setting count and/or reply_len properly [ 2280.234693] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2280.234693] program syz-executor.6 not setting count and/or reply_len properly [ 2280.240861] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2280.240861] program syz-executor.0 not setting count and/or reply_len properly [ 2280.244758] FAULT_INJECTION: forcing a failure. [ 2280.244758] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2280.246372] CPU: 0 PID: 44444 Comm: syz-executor.6 Not tainted 5.10.230 #1 [ 2280.247327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2280.248461] Call Trace: [ 2280.248818] dump_stack+0x107/0x167 [ 2280.249302] should_fail.cold+0x5/0xa [ 2280.249814] __alloc_pages_nodemask+0x182/0x600 [ 2280.250430] ? __kmalloc+0x16e/0x390 [ 2280.250920] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2280.251728] ? trace_hardirqs_on+0x5b/0x180 [ 2280.252300] alloc_pages_current+0x187/0x280 [ 2280.252882] sg_build_indirect.isra.0+0x2f5/0x710 [ 2280.253537] sg_common_write.constprop.0+0x992/0x1a30 [ 2280.254223] ? sg_build_indirect.isra.0+0x710/0x710 [ 2280.254882] ? vprintk_func+0x93/0x140 [ 2280.255392] ? printk+0xba/0xf1 [ 2280.255826] ? record_print_text.cold+0x16/0x16 [ 2280.256438] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2280.257099] ? trace_hardirqs_on+0x5b/0x180 [ 2280.257689] sg_write.part.0+0x69e/0xaa0 [ 2280.258222] ? sg_new_write.isra.0+0x770/0x770 [ 2280.258828] ? __lockdep_reset_lock+0x180/0x180 [ 2280.259432] ? perf_trace_lock+0xac/0x490 [ 2280.259981] ? lock_acquire+0x197/0x470 [ 2280.260510] ? find_held_lock+0x2c/0x110 [ 2280.261051] ? _cond_resched+0x12/0x80 [ 2280.261580] ? inode_security+0x107/0x140 [ 2280.262125] ? avc_policy_seqno+0x9/0x70 [ 2280.262647] ? selinux_file_permission+0x92/0x520 [ 2280.263285] sg_write+0x87/0x120 [ 2280.263724] ? sg_write.part.0+0xaa0/0xaa0 [ 2280.264269] vfs_write+0x29a/0xb10 [ 2280.264736] ksys_write+0x12d/0x260 [ 2280.265210] ? __ia32_sys_read+0xb0/0xb0 [ 2280.265746] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2280.266432] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2280.267102] do_syscall_64+0x33/0x40 [ 2280.267583] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2280.268249] RIP: 0033:0x7f5171091b19 [ 2280.268731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2280.271125] RSP: 002b:00007f516e607188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2280.272110] RAX: ffffffffffffffda RBX: 00007f51711a4f60 RCX: 00007f5171091b19 [ 2280.273037] RDX: 000000000000007a RSI: 0000000020000940 RDI: 0000000000000003 [ 2280.273969] RBP: 00007f516e6071d0 R08: 0000000000000000 R09: 0000000000000000 [ 2280.274891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2280.275815] R13: 00007ffc00a13b6f R14: 00007f516e607300 R15: 0000000000022000 03:30:45 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r4 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r5 = fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r3, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x101400, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000440)="9101ff523e1eaf916635a1d0aae412b14d8ed4e2ccbd5ebc66dbd6c74ac005973fdbddeb6b1a93ed2ae1efb7e281fd49c57df662d49b8671c8c5a0d125ac394544647fecf89ad3968104ffc06f6f92e686168ab436eb8e502a2e0e09282b7a459211490ffb18156b40bf1215fedb76bf4d751038c7cf91cf1e3c3f78aac2784f2e706b384c387f03babed84f56c5dadb08a68ac67c2b77a082a103eb57912dd6549ccec43381e1814b34159122ac2be360ac008d2b5e5c022f5d46d9bcd60654a33c8049aa7b0775c5f9b52b90cbb469c4566a64735c72051c34b90bc58975cc97b886a1c6be034c5b4904547bd7427296c45db982b114ffde0910c073f4840567ee3cf98150b10703b894002494ad34fd4882c9c3d8f14e841546653907f552ab8e93d49ae0f5ed41c24a3bfa33ffea4c2df90e75cc9ce256dd89b216f7122f05fcfc61802d3ae8f061e284c6981c989d38f6399c98b6f5ba04544ee6b221248528536076c1d12b1b2fac50ecb89b41e4329a227bd8028f59bb33082543d43e3fff32a2530979ccb4484003755df3b7982704e091c68b0afd8df050a75814ffe8b4b0f968fa10eaf6f5354589dee6a75a8de5924a09b60cce9ba22f7b83a7e67d97abe18b77bd661875549a53a01c47391b13d77e8199b09e3aba5124ae97176af7c4f09365ad4cb676b395a0c2dbbab1facd7ba051ce91883eea08268025e1858a3f1d68d2fbed826fe978c8987ffd21fa465ce9fa60f4a2165bf58b44a0bc6bc9ebc1911f6f709a43287166e14947c2339b1702514ae4a27199abb00439de07aa210f259e38b95f67ab7c863e9d4129492d283669dc88582321bb20a14bad999c8a35584c2a1d2b5bd4fe32f8636eb2590a201ed57e3806f1f6f610f250db1cc11e063d0ec52d704973168a238d99bc3562063dd97a4292551965afaea3381b1813fc7a655d0d0ffd4d5fbf3a3f9b157368e7e5f64b3a1904fe5e70042379b8a49de1aa6074f7cce0b0a10bf142f45c8ecf73b11c47dca358eefe5cccef4bb7a4535f0ffd85546e778a1117fe8aa0bdf4be411c0a062fedba610b27cd9830577fbe01fd82d219c59ed00cb45164858d85176b7bc4d42b4bc948a64ecfed2339a143f0d7f16f26ee5742ebc040ae6512d62d5f1d03248ba4544feefbdcade1ff48d561d5069ea52da6c61482f377d0a26564a3c13a9d16c26f281e710a4305306643af78e771e041ec244650cdd649f61c664e0d499aae3271c10d05284a0ffc452ea50013c3bffa502cf02a0fdd9c0816cf94d2d9f11b0bfafb890d9c529395b897e23478c26aa374d9e0fecc4740711251b094305a1711644b3312e15ec4c369d4dfa8b7216669c555eb160b4507ab52c718b9adf0cdb300e9d6e4df2f81f48e30237c2ae9fc25e35b635c50838772bb84e5269b0882e15fc7326a2cfd73546eee263c2cf5fc252300ebe90d74f3bd3c11090ab38ea0b568cd4b8f5b38e21c3967a3e2392aeda19f639c476b16263f4c78c17270a10e60a9a9669a5857185cd7c7c1c4cb50db0258e9efb0d7965fdbcdc475b2a49827e418aeec94a7d5fd5be182cc75bd282085ace7f1b7f107650077c22ca9d8dc14f69ce1af8af08a4113e2def86e7dba34f25be327ef4f700c42975d30f74bf7653193fbddf563eee5462925f5320b935083b67781c8abde7cdcc2e1cd4c11011a8ec530f9814a7ae1ddfc47aafcbf4d8573e6627e2c7650101ece89f2b526ef285760bc65dd66e662c8ca5804267eda6016261673f97278ecb756946efcf76d7b513f490b12ff889f9f86b7fe4b83a8187f2fbe876ca9c713e6bd55d41d87670e01238170ef0c872c975a1dbc697fab5a816509d83dd2509470ecac18c02a15cd468f9ec06936b6cdca93ac88bff7c50f85ebbac06425f8140d1a19e3cccbfb3e95646310bd4807eddf9acec1f785be5ec5b424633ef82c6383734dfe914ae873e9ce5236c0a51541064367991d19feca6b3888a2ef39559d174141fcfc92085f884149de049c30705517f9323795f1250cf8a87dd06d34904aabcde72fd02155c0acd5e88b0cb10fe31f7159b4bef14306b20c80c7589370fd444a55f4966e80f734f468a676864c564c738a0578e6e9788351e775ba02ef78985e2bde189ae55b12b023104c050da54e39c8e7bf6211f02b1f47d75940fab1f1374b2fa69bba7cca63d168ca6e8b7dbb9dfe8b3fedd1d4560e987c3514337f5f73d76a594d5e5b6b3ceeb76d544422a10f2943a9263bb1a1f3fb10edbe29884f79d324c879a76e4c1e25ec62984c83fc405510c1c82061964f4c1e313bc529f0a3d975862673c79300b4bf76da499cea163038bb3889134d6b99a1d6cb548d7f05da0abf275f73149f23fa4652b274de0206c74c6e0ab77131f9b59afb0c3d1a8dabd6cfbdd53dbbe43c25a56a8f72cc7743a458f0a701a89d8cd99371b186a54c1b3291d2e7dfe86196715199a652dc3cb8d2aecb60dbda5ce3b81783c9e4b37d6bd6fdde177d7361464a63a049189d8e903671681d9cd29379cfeec9e2d0861c86d9e9d9f0d62024a192523a1df6f99c330b7c2c0fa0df498f47b8db8d5a06ad52257a67453291bcecff6397ddfdd8639a5545ba648471de366030590b9bb7100c20b025777afaad05fa998c5eaf3f4dc457cce0f9d62dd48bcfb4757f09d9d05edd78d0c943e3063f59a55ed31f47ad0d5820e1a7d9d06b3d870f0b4b364902d65a4e897e19b20dd4d057a396e83a08c5d1cfcfad4b2ed50448f35b5fcc8ec2ced1c38a046e1b82ee42bc87daa60cdc8531942e838a621e23355208ed02c0cb088e8dcbda7554de5e31efd478f5ee3f6a34315b3e20688b50d0c7eeb0e894d8384bda0d53a125b9607fe887d8e1dde5b400c723eb0f25f131b47ff4eaf4e584bd6058c628ca71bb1f8680feac0142dfd144cb2ce0a2e2a0ecf925c33862414e90ca79fd23449548ef06ce0531dace91b3cb0b64dfc9837831a701520f765b0342b2ef2a15763595ef82663efe5ad580f7cc82c115a29941855f3b933e50e68b7c6af2875dc43aff3c563d3ff23aa6d75c9dcb49a420527c83746ed8dd33931e1866a67e3c1315bf23aadb542eec4672468080893a200cad1ec28f802be5610d2c8d4b763efa6a53c166e13fde5c0de4d29099e3eb9abe68a01f7e81b1cb4ae5510c5708f5168a17dd9a109ba5d819f003c4c616df28e1ee8034fd4362f8fac849295b91cf53c08c86972279638fea9aa084b9e5c5c5d31e6efb7bf4c5f26f89bc84be9d60a6f46216d71e0e66b76c28291651ffc8d167fd95b3f73284514d5d126216b30cc90479113d92cc16159ef9203f95d9d8fea17800068997eae4573967b0a923e2532acac395474b6aad04ec3ab31a0dc6e80aaf64de4b480e84765b5ae1a5739835c73ad4d79a598938ec1a96f99601283c0dc947f531cb99f9e7f9fdd704117b35dc3f7be60b4bd5b6972d745d210a03aef24b1f5304e7f0e5fc5393f6a6f80334cd12a8b74fed306b332564f96e444d6bcef52275db6049b82d6bc14a606327cfa1fdc2467d52a1f979573e72eeffe1c581c89eeda65cd2eedbef4a514e45309136b6bfd8d8942b9c00bf9919f809dcfd28c4d479f28145f251b96b630fbe54e047c1612b83559bd1cef4ba51b34127c3c5189868e00c11268275b7b6e12c751db0c52f848770277291b79243be55d47554554ad92c43b4aaeed745fb4de97bfeb801f8e88e6178c7ca0c3a2fd3943208455c7e428932405032c14d927a43d738a42a35e5dcf8495164489f250d85157bd6b333fa9ad2bbca867de40ff6ba45bd84fdcf15fb63a5678a9bc4083ce3daffad0ee67c381bc131bad9df648837813943e1ce86910241c565f41f15b8bc9b9c765371e44a8e3e17f6b0905780cb09876a0a4b60b5ce9bf09089088d9404847a4b2471301e5b85341891bde4f12a12f785a4727942d44918612170cbda88653c3f54784e59047a8da92c4de58f36034651ea2ab5b8d1de52d624490547fa581249e8e0dfad3521e5b720011159a857b2daa3b2a90486e42a17853a7dcdc154570c30fa2dc8e968223bdae1edd48da89401daec6c5290d29f448e5cffe112ae4e1c27fd73dd5354e8518791f8cc343b276b5b339c50f0e9ad795bd89e9243143f3539dd2d17614a97af76aab6d8194f1af5e8f1c5c7b0e759c4a7bd7ae9cfb9e636840459ade547fda1f24b6d2c1e3704c971a32ec8a3c8c51df48cf9714f1f8ce9a8bf1acea087b820c0d5c48851f262d64a2a0b3dd4c62b318ca92658a8081651b2007d2b4fc783e98d600c9e103a61b9c60a7d7bf4111c618ceedfeef5d80443a5f8766032b9466bf41816c4debd334fe80cc73c896fadb20e25bb29dda2d13c7360061602890bbd986faa696ecaf9100b2e5e314e2e9a3cf593ef103b6ed97a78905805d674bf1961d788c3fd538a0dcb08d3c1f48668e2d4f3d9f7b18bd158d554deee98822458b0f26bbd36f3f6107e5280c9792423dc0bd8443af4f7003f04c414a961176b223012baca0860c40565bd659d3fd4db4f41ba680bac8ea36f3fc11d087c5ad6310aa30a6365cd71e82f6d92bb26ad1209db211f025f277c6047b32d6008f3fb876a87073d4987c3b61e8d9c1218f2ec00c0e5e34a9ecdc8160a44c5def89f4da8159c9fe19e658d1421c7fbe0d1b7521ead969df0790fe86fa04343983d25cbf641f07616702f1ce5112b8a79a2f81f3a8a0ad1d25f7a3487c0cc56557ba1665e4265a58733650ddc87d315d4b1f21995c62503aeeee8151d823b4cbab783462bfad9851a2232f37eedf2d22d4eefd6e18a2db111293a93df851a62d83c8130952fb98310faf8dcbb828b0cb0ccea5848a2b5396616493cdef15d00b5eb5edb44de1d32ed91a6d2a3f2adc99a8d8b2ef15daedf7b1f5f6df50092854e05610fb6302f8ef6b4408f7e5bab13aedb1b9f648d09851c12b3ea98e6a24be50f0efe999bd3ee533e8693d894e4041d49b66d565f091a4a5288bcfd944ba5fd5cb0a163ab76befc99b8c3b007cf0b76c65264f56590866e9a859b12187a74e127ce5845691bc2bc287ed95913ce0be6610343c0823b62c536fc18c4a52bf92b015a19e0104f9323c4c2517fb1cc092b1ca6d2f30769be4d904ab6bfdc04ff649c34dca7f6d2c413e94fa2dc28ffb741ccd3e5d31ad9c87af226769876645205e7945acbf9a1f18fcf5c897beb4d56ec48ea343ebbebe361b3cb344f1c89a20f39d8a8f1b84c1fa8300f59470c4f8f4ee4859bd1d7cd2e6e5b6b214a344bb3a00f4da590c8e671ddceaa6c38fed35479d56e44e4a90a263f81859965d23a99ab3000744f57f8c7bb0f09c368eb666cc40a33eb0a72df0de24b3ec6979da88d6634b5d89d6919d422ab178d22baf9e9e4d237ffe31d13826a8b3d28027125d888d19c836e9870f3eb3c0b6eca7fab359b8e3ad73367891e21e3a4df200c402f14da5c8aae478a78ab4cf9b23652413d111ded5bd9c5f39931f08dd85bc477aa02cb694fe88fa74a5cb31d5ed887d8e5d01cef53893d93c33d23d1be421f6b98f56797c926c490f038aa0f0c87c301ddf5fe06cfe5d5cb73500a03e34a4842a3d18dae4877a3607316c6c0a7bc23315d5401536d6e17bbfb0d91462ddb82590a46d22ab196aa5de750a14fe90f3c0778028fe52e30bd79f79a17618af25360ac91fb0503749d2d1b20375d411cf1dfea669689491705915edd044be7b5c5eb1c5722e677c927a5cc9f891de2b94567421bf263", 0x1000, r7}, 0x68) r8 = fork() kcmp(r5, r8, 0x6, 0xffffffffffffffff, r6) rt_tgsigqueueinfo(r5, r1, 0x31, &(0x7f0000000000)={0x33, 0x5, 0x80000001}) 03:30:45 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:45 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x3, 0x0, 0x9}, 0x0, 0x4, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:30:45 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2280.349846] sg_write: data in/out 150994911/80 bytes for SCSI command 0x0-- guessing data in; [ 2280.349846] program syz-executor.7 not setting count and/or reply_len properly 03:30:45 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000000c0)={0x9, 0x0, {0x1, 0x0, 0x3, 0x0, 0x8}, 0x1}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x11108, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000004a}, 0xb610, 0x0, 0x7, 0x0, 0x4, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x3c}}, @GTPA_TID={0xc}]}, 0x40}, 0x1, 0x0, 0x0, 0x4050}, 0x4040) [ 2280.363326] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2280.363326] program syz-executor.0 not setting count and/or reply_len properly 03:30:46 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:30:46 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2280.442260] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2280.442260] program syz-executor.0 not setting count and/or reply_len properly 03:30:46 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7155925, 0x0, @perf_config_ext={0x3, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x1) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000)=0x4300, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000900)={{}, 0x0, 0x4, @inherit={0x60, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000000100f076d9f90e79ec65cd8071541e41ff00000003fcffff"]}, @devid}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = dup2(r4, r3) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r6, r5, 0x0, 0x7ffffff9) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000006280)={{{@in=@rand_addr=0x64010102, @in=@multicast1, 0x4e22, 0x3, 0x4e24, 0x0, 0x0, 0x0, 0xa0, 0x3b}, {0x0, 0x0, 0x3, 0x8, 0xfffffffffffffff8, 0x0, 0x0, 0x487}, {0x5, 0xfff, 0x3, 0x1}, 0x0, 0x30, 0x3, 0x1, 0x0, 0xf60dea7448723268}, {{@in=@dev={0xac, 0x14, 0x14, 0x2d}}, 0x2, @in=@local, 0x0, 0x2, 0x1, 0x7e, 0x10000, 0x5, 0x3f}}, 0xe8) sendmmsg$inet6(r2, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1, 0x0, 0x0, 0x3}, 0x200000}], 0x7ffff000, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) 03:31:01 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:31:01 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x460, 0x9, 0x0, 'queue1\x00', 0x8}) 03:31:01 executing program 2: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) clone3(&(0x7f0000001580)={0x0, &(0x7f0000000300), &(0x7f0000000340)=0x0, &(0x7f0000000440), {0x1c}, &(0x7f0000000480)=""/4096, 0x1000, &(0x7f0000001480)=""/189, &(0x7f0000001540)=[r1, r1], 0x2}, 0x58) fcntl$setown(r3, 0x8, r4) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x1ff) r5 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_netprio_ifpriomap(r5, &(0x7f0000000280), 0x2, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cgroups\x00', 0x0, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r7, 0x0) lstat(&(0x7f0000001600)='./file0\x00', &(0x7f0000000100)) fstat(0xffffffffffffffff, &(0x7f0000000180)) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r8, 0x0, r8) write$sndseq(r8, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) sendmsg$nl_generic(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000007340)=ANY=[], 0x3744}}, 0x880) 03:31:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2295.897668] sg_write: 1 callbacks suppressed [ 2295.897687] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2295.897687] program syz-executor.6 not setting count and/or reply_len properly 03:31:01 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:01 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x3}, 0x0, 0xfffffffc}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000000c0)={{0xfa, 0x7f}, 0x0, 0xa77, 0xffff, {0x3, 0xcc}, 0xd1, 0x8}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000300)={{0x64, 0x2c}, 'port0\x00', 0x0, 0x9, 0x1, 0x9, 0x2, 0x40, 0x3, 0x0, 0x0, 0x6b}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r2, 0xc0bc5351, &(0x7f00000003c0)={0x3dc6, 0x2, 'client1\x00', 0xffffffff80000002, "f579ce24aff4c1da", "b290eef3c33025c6b26e0f27bfb81421c98a10aaab665fd6290bae7259b0af5a", 0x100, 0x2}) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) write$sndseq(r1, &(0x7f0000000180)=[{0x7, 0xff, 0x3, 0x98, @tick=0x6ba, {0x5, 0xe1}, {0xb1, 0x78}, @raw32={[0x4b0, 0x1, 0x249]}}, {0x9, 0xfb, 0x6, 0x5, @time={0x0, 0x86}, {0x2, 0x20}, {0x5, 0x2}, @quote={{0x3e, 0x9}, 0x9, &(0x7f0000000140)={0x80, 0x0, 0x14, 0x0, @tick=0xfffffffd, {0x8, 0x1f}, {0x3, 0x7}, @addr={0x2, 0x9}}}}, {0x6, 0xff, 0x4, 0x80, @time={0x17e5f6fc, 0x5}, {0x7b}, {0xf7, 0xff}, @quote={{0x6, 0xff}, 0x645}}, {0xd0, 0x8, 0x94, 0x3, @tick=0x80000001, {0x98, 0x8}, {0x8, 0x4}, @time=@time={0x1000, 0xfffffffd}}, {0x1, 0x2, 0x2, 0x6, @tick=0x200, {0xff, 0x6}, {0x80, 0x81}, @control={0xf8, 0x80000001, 0x50}}], 0x8c) 03:31:01 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x2, 0x3}) r4 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x6, 0x3f, 0xff, 0x2, 0x0, 0x6, 0xbccc071f5ed8ff62, 0x8, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f00000000c0), 0xd}, 0x61, 0x6, 0x3f, 0x3, 0x5d58, 0x0, 0x80, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0x9, r4, 0x3) [ 2295.913107] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2295.913107] program syz-executor.0 not setting count and/or reply_len properly [ 2295.921014] sg_write: data in/out 150994913/80 bytes for SCSI command 0x0-- guessing data in; [ 2295.921014] program syz-executor.7 not setting count and/or reply_len properly 03:31:16 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f00000000c0)={{0x3f, 0x5}, {0x4, 0x1}, 0xb8, 0x2, 0xc2}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) [ 2311.228921] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2311.228921] program syz-executor.0 not setting count and/or reply_len properly [ 2311.239350] sg_write: data in/out 150994914/80 bytes for SCSI command 0x0-- guessing data in; [ 2311.239350] program syz-executor.7 not setting count and/or reply_len properly [ 2311.246847] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2311.246847] program syz-executor.6 not setting count and/or reply_len properly 03:31:16 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000002b80)=[{{&(0x7f00000000c0), 0x6e, &(0x7f00000014c0)=[{&(0x7f0000000140)=""/20, 0x14}, {&(0x7f0000000180)=""/86, 0x56}, {&(0x7f0000000200)=""/51, 0x33}, {&(0x7f0000000240)=""/222, 0xde}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/131, 0x83}], 0x6, &(0x7f0000001540)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001600)=""/113, 0x71}, {&(0x7f0000001680)=""/176, 0xb0}, {&(0x7f0000001740)=""/116, 0x74}], 0x3, &(0x7f00000017c0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}, {{0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f0000001800)=""/154, 0x9a}, {&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f00000028c0)=""/254, 0xfe}, {&(0x7f00000029c0)=""/60, 0x3c}, {&(0x7f0000002a00)=""/193, 0xc1}], 0x5}}], 0x3, 0x2003, &(0x7f0000002c40)) write$binfmt_elf64(r0, &(0x7f0000002c80)={{0x7f, 0x45, 0x4c, 0x46, 0x3f, 0x1, 0xff, 0xff, 0x8001, 0x3, 0x3, 0xffff, 0x2fc, 0x40, 0x25a, 0x6, 0x1, 0x38, 0x1, 0x892f, 0x5, 0x800}, [{0x7, 0x200, 0x81, 0x5, 0xffffffff, 0xfffffffffffffffd, 0x52b, 0x1}, {0x4, 0x8, 0xaa, 0x9, 0xfffffffffffffffa, 0xd73, 0x3, 0x8001}], "af9902f15236df802553b737886edbcd7668d4c4f0f6281a06ccbe2e73e457e9bfc1c36fb1b27e21fd48fc466c17f1ef3f3bbb4a6ee4fe5d5eb0858e893178b1d02d6b84c8f5791f196d47fc368ea2b41e3eec3e5028896583841083687065f9c1573777e07157cc1d24a548be687d5720f0b10482b46718a748adb876afe7929e5b13cea51ab07ca57e26bffce2e3920fe34c81b84f72e455e7eb5578feabf207619515c4202cc750", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x859) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:31:16 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:16 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0xb6, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:16 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x460, 0x9, 0x0, 'queue1\x00', 0x8}) 03:31:16 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0x1, 0x0, 0x25dfdbfc, {0x1, 0x0, 0x500}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0x11, 0x1, '802.15.4 MAC\x00'}]}, 0x30}}, 0x21) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000080)={0x14, r1, 0x300, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4008011}, 0x4040090) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r2, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0xff}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x44041}, 0x8000) r3 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r3], 0x1}, 0x58) r4 = fsmount(0xffffffffffffffff, 0x0, 0x3) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000140)={0xffffffffffffffff, 0x7, 0x6, 0x3}) 03:31:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0xbfffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:16 executing program 2: r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x3, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgsnd(r0, &(0x7f0000000100)={0x1}, 0x8, 0x0) r1 = msgget$private(0x0, 0xa0) msgsnd(r1, &(0x7f0000000580)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000000)={0x2, "078e4030a2890bd801808d996aa01386bf554a52e9f617c584e6b27f29ac96af08302300c7c5e96ff320c646b1b81545170809ab68253a106bba60f14d42f171331eae1c4c8dc7ff657981939a63e51022b6a2109d2bd5b9e673ad77cac6d0fa76133a2ac30e80ad"}, 0x70, 0x0) r2 = getpid() msgctl$IPC_STAT(r1, 0x2, &(0x7f00000005c0)=""/4096) r3 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r2], 0x1}, 0x58) r4 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f, 0x4, &(0x7f0000000480)=[{&(0x7f0000000140)="0d68a77d89e8160980787637e8151eced76476c49154f0d6dd8e2584f88a204645f3af36a02b151189ad3e9295d0d3f42cebceb338c8b8e83261dd99e1eb8d3371735cb3e767903ae9931cd82b11f2f3e8cbc0152a6aac1366d8c6c03abf997e13d88c2fc514e55b39d9be1df10ac3b09668994c6b3647055ef5489306f53cd1f2ee76dc99ed1c6cc9e05c", 0x8b, 0x3}, {&(0x7f0000000200)="e31f9bf8e4dc6569d9b36f11a57b621fb6afcee65edcd87d4309041a81cdfdf6246e42712a4bf4f14f507255f0923ee543c3b177f6ebbef63bd4481d0bff9fa0d110ce9a63c44e326a5c6fe47f58ebd21545dbd53ccfc33f6d9fb16a13859b9b79d3447d734ebe8338fa51baea42b7d1acc4", 0x72, 0xfff}, {&(0x7f0000000280)="21ab5cf0a78c3df50ea5f93450b1ec6e338c3ec702595d9616ce7a8e526e3abf2f3b69cb92e39aa66264343e4292581dff3b1178e29d0c5ecad3ed32ec727e39235960d313351bf5a523aab5f7fb384d20ae2c0a96e18b2aa5dad59be68572ec8f24d3e379d4adae2d8f3e47c6bde8112a0161ea48512d0d6e29869e4ee499a33c1a9b3c029834d9e738331fd04157dd2364562f7a629df445ff1d0e2b80227dc00bbc3d07f2aec2e57e5f6afa18158f16b35af6bcb3c45f60eb7663a9d0ad261641ed1af22b81c631ca9354c5857c", 0xcf, 0x91f}, {&(0x7f0000000440)="3b774b0d87b4ae58db971d6fb8c8c50482d37fcc70909f792ffdf48fbb401af6358893d68b42a5b9df2553238b0db52fed4216333aac9d1b", 0x38, 0x3}], 0x1141800, &(0x7f0000000500)={[{@shortname_lower}], [{@appraise}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}) r5 = syz_open_procfs$namespace(r3, &(0x7f0000000540)='ns/pid\x00') dup2(r4, r5) 03:31:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:16 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x80841) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x0, {0x2000, 0xfffffffb}, 0x8}) 03:31:16 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:16 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0xb6, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:17 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x460, 0x9, 0x0, 'queue1\x00', 0x8}) [ 2311.375866] sg_write: data in/out 150994915/80 bytes for SCSI command 0x0-- guessing data in; [ 2311.375866] program syz-executor.7 not setting count and/or reply_len properly [ 2311.396500] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2311.396500] program syz-executor.0 not setting count and/or reply_len properly 03:31:17 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x20}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000140)={0x7, 0x6, 0x1, 'queue0\x00', 0x1}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x440000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000000)={0x9, 0x0, 0x0, {}, 0x4, 0xffffffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000200)={0xffffffff, 0x1, {0x0, 0x1, 0x0, 0x2, 0x1}, 0x800000}) [ 2311.433917] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2311.433917] program syz-executor.6 not setting count and/or reply_len properly 03:31:17 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x10, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:17 executing program 4: perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f00000000c0)={0xe58, 0x8001, 0x9, {0x7f, 0xff}, 0x74, 0x6}) 03:31:17 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) [ 2311.518190] sg_write: data in/out 150994924/80 bytes for SCSI command 0x0-- guessing data in; [ 2311.518190] program syz-executor.7 not setting count and/or reply_len properly 03:31:32 executing program 2: socket$inet_tcp(0x2, 0x1, 0x0) r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:31:32 executing program 1: ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000080)=0x20) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000000)={0x5e48, 0x4, 0x0, {}, 0x1000}) 03:31:32 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:31:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x48, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:32 executing program 3: ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000040)={'wg1\x00'}) getpid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x1}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) dup(r3) fcntl$dupfd(r2, 0x0, r2) write$sndseq(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000eaff000018000000", @ANYRES32=r2, @ANYBLOB="ffff4d7f000030eaa44466696c653000"]) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0xfffffffd}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1}, 0x58) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000000), 0x9}, 0xb610, 0x0, 0x7, 0x0, 0x1001, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r5, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) getdents64(r5, &(0x7f0000000080)=""/149, 0x95) 03:31:32 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0xb6, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:32 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) pwritev2(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000380)="8cc5526116071be7a950b7e817ea2baf336e5f51cf6a5485941a56d6fefa5c12934782828f1f308392bd42be89c5daeccbeef6813a7aae03129084e5a45e937ca1d11447714b2e757b76d64fb8e66a9f6e55c880786fd79ce4bcd931ea1b11ad701bebc2194cca240a9fa6c97965f0e3ce0fde81d6736c45814e94aa84e3", 0x7e}, {&(0x7f0000000540)="9232588f8cf2d9e02a0840f4dfd1d39f8012d2e61530a7c46211362868bcd2b1c362fee85a6d5b16680c18542fbed8ec64c9069e1f99188117677bf2599b0e6ec516712245cbac2dc82c636bd8f8bddfa5e5b06720c055527231615664ab3754bf84415b57acd0d0108b3889d03f36c47c87c57a51267ca3e8483e5ff6f9477a624d75eeeb45797fb453e8ac4c7b71db56ef9a0f74db6ced8fc45f3a3b63a84ea7e60a81abccad8aeb461e9bfb184fd0eec8602fb3534fc25ea95a9a52648b8f1e5d94d5", 0xc4}, {&(0x7f0000000640)="7dcfd853879accbdc7c4c27a264c0ba8c36bcf2af9187adca93a9e8d2cff3bf1f71834823e554b54938f9bf57064f496dacdd4d17b9a5ea8c13bb310dd1e29d638ef5986b2aee487e70befab8b6b63f3ddca0af2e3e1913d7ac6d7ed498cc5a9d5495062d748348bb87bd87a2ef9e4f0aef5b0f1bb2729f593c7a1b1fbcb340ae9038565464542d2c5469018d6eee07d7c373edaf20a2f6159c49b8915885d073763531c685736cd", 0xa8}, {&(0x7f0000000280)='\v#R', 0x3}, {&(0x7f0000000700)="f7268c16d49f28c025bb3c5b2d34f0edcc2e29a0342c0053f848c28915ab1251f60d86dd9c6a92abf7824ba03cf7655d977c08f44ac42dbd85d2441edea2c09e2868f0f401bcb90f8f8c0be43d166a265cec0b5665701935ef70ff88d0a718943feb09fcac1959821926d8814133b4f97a54e71524c8ae4a088c6ef88085cf0c4def327d9b68de9c15112b15a1e886541c8b5e9655862996b8bcee8b8b213b66bcd5fee5452b8559fc5261f6bae0df69b319c3d94d81ff934346505d2129aa66af7b3a7de8f5a5a6a33ef1c7f81dee9054be2956ab0af804724877256811b5597dad09490e760764f79f20a5c9c7c1a8857733bac4ddcfe26c97829f452f216a489a7b852529e7906fd7eb6690aeb4465d0f7bbcd4ad8b8c892b595cf445b508544821833b439ac6696a6b0754c2d9da7d5a785fd65a493891a8e96c60924ad78ef8d36d9f8219ed42c72e9ccbae73d02a60f2c0333881359655075c0ababa526e9b4b024fadea7b82645eebce4a26cde8289755771ef4af72b4354d5cad2044bdda8f2278cd175631130d19c52e0fbb526c8a2e96ea38cc647541de68f0aae5fd7726b0fbe01647f44c916f6f349f0b3f105c99b103f24a1c7778ad0162a34a39de12dc532a2a3a32d07250981320c39a31b990c83d88344298af56bb8ff8bc642639c3b553cc34b88225954e3e4aa4b20460b72d965e1353a32b8b08bca58bb3785b154b025895ba59e10e64ef056bbbaa71c3b9b0e16369e905e54b815ca9f74fcba2e6c941532d3b262590ff2eb98dba8f66c60e08e15782405ae7d23e1018584d838e37b30ed41abd71c968c9ad2aab612aa46d8ff2f04dea803aa9006bf7b777c6605bf8a6f0d3b03491fba78680983b7f2e4f01e3c444ee7497e09c1dda6f0534c00acaec31be547245c10ab8c0c6ced9e7a68b9c297532ecbc85cc372443608beb4ffac8596f597ff4d21707d109cd8b21151505b8f4d5621688c9def6480c09b20b850c70f4f8bae1b65b1e9f20f337a4027433c6a0c8f3d5671f6eb2cdaf54f8a6d99e466dad503e41e31547c2bc8f4adeea84f0a60db1b78aa40679b0e9a6e2b2ef5a65b599e56be72558a57751a8964a959bdc0ab702370e55b4e6f6285ab95f5784a25bb0fd033a11b16820a576addeceb39ba5618f374558ab6796039ddcce72008077270a21a97bc3884c1211605e1a1fa656b903a1ebd31247a63086538bfefec9dcb47a2feef05e7b72734b73ece781d24a2fa57a4703fccfa21c77c2c9166b4d304c433670bb1a7753cedb8e0a425b951b2ab5048f9999b093346e5b0093cd635712fd9b3056f798160394c36c85911d61cc643aae2586a21c0b1c390c91986a17dfa3ad3c55b1068e9e8428a7bbf8c0a642556702fb19f82e426c05bb59a546d4ba8e21e42372da3cfb453f31733e14884c1641e827e18c6e73b86f6126ded182157de65795e417d6499aa9d5fd0bd1de629b470f325e37b753a5d2c084c76c4e5a4f1557d1f0e6a086f19742939a1d51b16b8dfcf676d7a2e45aca79128635c13aafcd81ea0aafc74e31333ae1c6a3ab0230c6c6342e3be3615d14b8f4d47988641ef2a7578ebdb969ea3734ef67e8cfc1fffc8c98e7ad46155914b43f15bdf86fbfa5a80090b65e08e385cbaa6ded8e8a34157580d472c5d65d1342191676528df41ece3cc44412bdd8dbebf2841b4dd84ca79b9b4eae0fdc64efbb137564ce955d5fe235a51ede9c3a6c3aef55dc598b7684495a2f200cc25f8ef293ecb61418871772babbdfc6082a139058821b79c07613ee1c47b53ac7e79539facdae6d0741e859f0f8eb5af994cd8567ded3a6e52b05af368b2c24dffca62ee16d00ca984352a32dd27f2aeff8a747f34b6835422fb735c683bd95f57f9871e0da08cba2efad71113e3994312f39b4fe032c4373f23a728864bb996d30e42295477b3d916e18ec1fdaa68d8bf7a8a954d0de318a9c2d485c3d84e61322498fb991c299cdc5390e3e000853bcc238e267dbba1f87a605fd546726b9fbe5b1f8cb2be51598acdd9139082085d737bb2e62c06c30552fe0f1e1836a74991164d9e9bc60cfc8073a98fa16c0215b5050d73de5bf947410a463de04473b565e0383a63d86289cc2e64063d283eee8516ad14e2908e1ca1d16b00b6b4f1434642ba65dbcd92d765ba76ae5b55db9ce8b531acb182e7ad241f00ddf9315f67733a15e1dd1f5b24a92685b603c1acba808a36127a113422000464dbd2500c197f4b300ed3a1f22c36314dba7a0c0b9db34b00cb0f46254e1e4d8d5529dacac4da1905f93cf8641c15949cf569f3a05341606e12e6725ddd9d97d4a4b5691f9325eb82d71c01f3981a0f4ff3842de0ad7ab64dc29d6e373055ac12f8416a2edae873c4b699d9df5cf5527ef08042f74eb2e1f93be6fd7e7465f7212bf75eb81e3ebf0b002dc48d14e48d6377f9e3dd45ed0455440d18b22cfc594d280a85cd67b700490ecfbde2f5319b8a5f49462501fdc2aaef194cb105db1376714d6975a4cfc9483e7c47b96d6e8ec53754f7d0ced104f1e2b790ab1791ef742b893c53a1dbe4667902fe6c4d8322325b3fe71b131e46e90b4fa2a8129cedbc38b8149dd2a36fa374eddb62bc9377300099dec09ecaa840c8209b3df99d75131225ddb87a0716eaad95e626a95ca3dc9cd3df7a5411b26f73e66766c6dc708805b83c31a02da45e74e2e32be212b7caa1cca8180f1daa6ab78daf5616838d6ba83f6d8d3896f1d45b731a18563b2cbd26dbdabd31ce73b3a4f95e010e709c7af54c49d9ca5cf51b5da39ad68555e4c92ec660277798c944481e10dd36e7c913275048450f6a760ffe5036b58e709d3d2d288fb1999b4536c6ba61a66d559160d0d1b4e5e35d1d4f6d9d6a963bc3a42706f345b6e91072af64454f5d1c5b6d9cdd7dfc4161d51e939da8b48d2b8b4b7f15879b5208a6d95844c50c35ad47d95022afb39c810356714cd3a23c643100e3f950e70312e9407496056bf8049e0e87e6b58b1216d1751e2c85b372a3a404136e68016a913f48b39c208d934ac86d81c5ce3346ed9e27a44c93419c0fed52269bc754e6b22a53b6c89617152be68783ad01d8c1974a5da94e697fcb8c57d147e5a43b0b4083a7ccd39198683693b871e701a69f975ac47cf0ad5d7a26931d81e4f8ec9d1b3acb07f1c00178641d3a897e87e5f34d631b90604a11a8e74627bc975530f5cfc5b848ad5c87670b3a93857e97575a9a0d5ffbc09089be9bbfd481f123c903a8d55649265b1beefc32f4c02e55bb63f5a81b82dd38c26431a9bee596c14b322e763a52a0b66ad18974d863799b55031908efd81802b7f17748d2289978d4b59a43ae358a8994b80787b7723152d68bc2ec318ef0edcec956835335ecee9659e31bc367c5bd20db1493183facaabba33685a5b1c69a9ccb266d0ac8c1ace95665247732e3ff4b5438fda98adeb065279a21ddd894a3f8d3a89316881d7bc2679c3f9b25d9d9977968f16ae36db35cb512577e5552b9c841c4da605555c68c0ab149ca485368041456972b133a113a9ccacf893ffae4ebe39b1be7ec5626afe510e7cdd31e0fa0283c74a1dfec04d2799cc19a13bbc774ed9227e7ca61594489191dc104e52ea1883f283ac9de3afd93609de0a3fcb1219144d0fc13868e8d230cbeec5390ee16094c0abce635df064aac947628b2d76bf95216b2059bf94cee9e5e3fa69289a9154718a9a2fa5e6eb812a7830bd2f52fd08bbbbece758719cfac458ba5d4403adb24b42020a3d92ff83f01bf51108a4a5c6650023db7480cc44a1fddea86c2d04a02ffcd2d6875496a59bba5b406963baf9539e1a2ebc5b38810eaa673de009bfd61b72b0d4da88de949015dc7bb9d4c4b2d7d14d94b6f1dfde45b1b1a75d05d030a225c3613991d6998d8ee06dba5040401a8bdc6ea9f07fcc71e7641c601fa07da12af84ee3ee8373f7e911c4c9ddb3c800dcc8784170012fd348e6da5542fbb715aa9cecc07f8dbe3ed9ab1a24298c82b4caa1fc2bad818ce2ba5e263fe2995ae7f6a7aab6c81ca96284f5cada2970d4f73b7543b76c4d60064ed23854a4e6723f5ac209ce353e6fbfe49f0471c3834d51baa9ac6b352078d68e0a966eed41c03707bed2420fb1f67b7c868dea6b47c84d399b6e1ef1b4e7e695450077b6bc3d13ec37bc91c4b15cd39f7f5ed4eb45782e51866964d3ad3be07f1203dab4e33375cac12f5b25176644279a7519cd9e280c4ed07ebd3f270f50c791384ec6860de45acb174071254738a1cd1b512ab737004eb2de30cef729e000bd20616f93d01bb339c774fc6921e94f71ae5cee5a2aaf09accf0b0a67476daa47ae5d407443deae12a4ae0dc127a7b89e1276d95e485e1a00f954802aa25ae25fe29b656ef5f566fe430fd5792d8475b90d75fe1b4a1965bc0914b51a2b2640b6d6c5ddad381e143a3590de051979a78a8eb0a27d08f0bb00d89e17c7d04bcf33f1ee8a4676d1fe578d5c446b2957e0ced5a988018fd0f84027ba153f7ce541b6956e4a0007731c9df85f839c7e2f49217376374cdda83346f75160ad973fce08a7f96640b603c9802b4f5054d8b3113d4155d7bc9eef62b11aa1f81fdcbffe84df79c77fea6a0f590e11bdc2172a46d899dcf38ceb0d073640980cb6c645174a394856cae633d2253933c67493e33b4126831c69e66e35e1f522ad7d78cc508c52b81cc5759d5fde8658e99ef85c4925008321f34b142b43c9958deb07d85860fb17470a016e217c398a2b1ab7303a4f1932dba68981d1d4a7338ea1ea15e9921a2c167bbc7411b4a0f898291115370480b378a5ad14e78c7ba6920ed8616082dfd1ab5a93b38da8c1572bd505a9f7ea571b7b0cfb4173fa833aded14de4b6070db842e3e98677a3f7efd7bea201da0c90bede1ff843e95f5465ace4a3cd018175175ca98b376b3d142c90cf6c7bdfd2796b7db39171ad76ec6070c82a66bda8ac2f9797f4a6ad34f42952ee9a58458c6e4ac090cd24067e7700c6a4a8ad704750509931a0d844c4c80449688965c5761e248ecef938b93c890de0015413f63f1bdb674fdeb130653d1a3a13c29f66c6a6205744d1c46dde9bc57ff9efc0ee8173c7092fd7a6e043833abbd524a8a573b225cf7e0a4f2000ac078155fab8ed5bb189c5acc13dba9849a49db08b398798ef0886412bc621e0bfab60e096bc5ce562c128bb845c268b3a8967b9b591ff73f9b930f3b9aeb487fd4281cd2fe808d985bd8a7001613fb70a58b30c56c39dc37c0cd48dfc4e4380b7ac0903e4e2b8b0d16e6b163e0c7d1ef0326ac55e4b578f321895659a473843db2cf4611a3caed1c103b2f38590c83ad231cb9a200b34935234302767ede6d4ef0968ced3dc0edafab94bc804e9c1ffdefb9d45d3f2cee3be879c77dad31e3c1528b2e0a8586e6d6f846445d2c2b9e48cd962b9b566513895f297063f41634a06353916d2c124463f6ea041afe01d7cf0598797233699885e6754f53cdedd20db90f0821b3bf3debc08f0b6b2dd745a33737b153936fa14decdf2ac1af71eafbbf622167cdcc6da510bcdfcde8ba4a739a949593de0e15d6984b474cfafa0f021c8746e910df2fb8b41c33162da2aed11285c39fe6a38220b616314f1d236e7ea99fa9e213f56b7ef928790020d02e47950d61b181be639644913192b2599f9c482404327bece3760dd72281928effa9b0702fa0a112606ec3c10ae35f88b4b75b102197ed612424c95181aaedf90dec4c7c7", 0x1000}, {&(0x7f0000001700)="e89f98d9d8430bed4915648adf4012d57444fb1b3127af46113368a6f71f5c882be7d8ed38f6b67f38a545fca28d1f730ffd672d8a8cacec7657735824d46f184d939100fe6d66b65f957db6fd3044947de9d8f899f4cd81a2a52525f97ae7e0b211034bd6e9ee6c19fd681474d0282f7615ef451dd15d4b5c5cc9f50ae4b6e3a36dfaa8509ec04c6a406cb8a239192b62542573b38b1ab0f3232adc9e99173681a4215ac0ce8083dbd6f5927e57", 0xae}, {&(0x7f00000017c0)="e9abd10d2551ab6b808b884985d8a9d845bf76d3b35723eec28fda306cd7750149fa8c04977651b1d4822c3cf5d52731c8f190d12bd7ceafed3d1cd432e213eaabc377ad110f74b095a328bd58dc1b998f4e20221468f160478bcecaabed895fb90d04f01650890b3948cf503d8c6a64a65d9081cb6fe78aec5f5c07125b0b59eceb8be0be877eba0bd61196c298540761329854f27993c16560dc27f8b07ef2484cdcc9025727b53d901afbd12213783b71746f73c8ebbdb8ced706a1d2554d21966790a9", 0xc5}], 0x7, 0x4, 0xc18b, 0x4) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r2 = fsmount(0xffffffffffffffff, 0x1, 0x72) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000180)={0xfffff000, 0x1, {0x3, 0x0, 0x9, 0x2}, 0x8000}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f00000000c0)={0x401, 0x1, 'client0\x00', 0x0, "2fd927ff0d5333b9", "2415a090e2871691032406062d0ab7e852eb413aa6cf7b2416237d884e41d1b8", 0x44ac, 0x9}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{0xffffffffffffffff, 0x128}, {0xffffffffffffffff, 0x2002}, {}, {0xffffffffffffffff, 0x6080}, {0xffffffffffffffff, 0x9200}, {0xffffffffffffffff, 0x62}, {r4, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r5 = fork() kcmp(0x0, r5, 0x6, 0xffffffffffffffff, r4) r6 = fork() kcmp(r6, r5, 0x6, r3, 0xffffffffffffffff) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000001940)={0x1, r5}) r7 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$chown(0x4, r7, 0x0, 0x0) add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f0000000300)={0x0, "09b17ed3f434e0c46393d8c9e158eda12ab964101f65e1992e14438a893a767a359e57157d78fe17d60693cc5235c7babf997809e5a9e113136fc62f182f759e", 0x30}, 0x48, r7) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x6, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2326.786230] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2326.786230] program syz-executor.0 not setting count and/or reply_len properly 03:31:32 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2326.810249] sg_write: data in/out 150994980/80 bytes for SCSI command 0x0-- guessing data in; [ 2326.810249] program syz-executor.7 not setting count and/or reply_len properly 03:31:32 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2326.838163] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2326.838163] program syz-executor.6 not setting count and/or reply_len properly [ 2326.854083] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2326.854083] program syz-executor.0 not setting count and/or reply_len properly 03:31:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x4c, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:32 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x80400) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:31:32 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0xb6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2326.907072] sg_write: data in/out 150994984/80 bytes for SCSI command 0x0-- guessing data in; [ 2326.907072] program syz-executor.7 not setting count and/or reply_len properly 03:31:32 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2326.950983] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2326.950983] program syz-executor.6 not setting count and/or reply_len properly 03:31:32 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:31:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x68, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2326.986225] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2326.986225] program syz-executor.0 not setting count and/or reply_len properly 03:31:32 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x2, @tick=0x7ff, 0x1f, {0x5, 0x1}, 0x20, 0x0, 0x7}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f00000001c0)={0x4, 0x2, 'client0\x00', 0xffffffff80000002, "fe8d12b3b61eb883", "bf4a811ae5f84e36e83f90ebe70b9b0b97987a204b38b50ee8edd6353705009c", 0x35, 0x80}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000000c0)={0x0, 0x1, {0x1, 0x0, 0x0, 0x3, 0x4}, 0x60264b5a}) [ 2327.023908] sg_write: data in/out 150995012/80 bytes for SCSI command 0x0-- guessing data in; [ 2327.023908] program syz-executor.7 not setting count and/or reply_len properly [ 2342.914911] sg_write: data in/out 150995016/80 bytes for SCSI command 0x0-- guessing data in; [ 2342.914911] program syz-executor.7 not setting count and/or reply_len properly 03:31:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:48 executing program 2: getpid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)=0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000180)=@sco}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r4 = syz_io_uring_setup(0x7f02, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000580)="4f2439dc901e465d38395275337090bbb0625a4687e1c9f865395eb13889993b2cc0861139bb7c8f2a0023b7cda6069f3379eaf80531d8c237372fda7bc9952953bf1f97b9c98113a93a11e1e83f3c84c01fd72d42c06d214412a2dfa6e0402eb8d8fd4a316c0a976829ffd5e61597c23285398f4466bddffdafe8b8ad9e740d7ca3d226f753de267c95b336edd3eed341829f", 0x93, 0x10040, 0x1}, 0xffffffff) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f0000000180)=@sco}, 0x0) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) syz_io_uring_submit(r8, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r6, 0x0, 0x3) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r6, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r9}}, 0x7fffffff) clone3(&(0x7f00000003c0)={0x20010200, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r2], 0x4e, {r1}}, 0x58) 03:31:48 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x7, 0x0, 0x0, 'queue0\x00', 0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:31:48 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:48 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:31:48 executing program 3: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x4, 0x10004, 0x81001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) r9 = perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x40, 0x7, 0xff, 0x81, 0x0, 0x0, 0xc2e78, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f00000000c0), 0x2}, 0x2108, 0x1, 0x3, 0xc, 0x6413, 0x200, 0x5, 0x0, 0x719, 0x0, 0x400}, r0, 0x7, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe0, 0x81, 0x2, 0x1, 0x0, 0x10000, 0x20020, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x4c652, 0x6, 0x7fff, 0x4, 0x1, 0xd034, 0x2, 0x0, 0x0, 0x0, 0x4}, r8, 0xc, r9, 0x10) clone3(&(0x7f00000003c0)={0x1b0141700, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)}, 0x58) 03:31:48 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x6c, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:48 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x8d03}) [ 2342.918539] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2342.918539] program syz-executor.0 not setting count and/or reply_len properly [ 2342.952721] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2342.952721] program syz-executor.6 not setting count and/or reply_len properly 03:31:48 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x74, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:48 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100850001000000180000002c7892a998797cda95aa916196015701b97428f0431755", @ANYRES32=r0, @ANYBLOB="04000000000000002e2f66696c653000"]) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x6, 0x400, 0x0, 'queue1\x00', 0x2}) [ 2343.011051] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2343.011051] program syz-executor.0 not setting count and/or reply_len properly [ 2343.014664] sg_write: data in/out 150995024/80 bytes for SCSI command 0x0-- guessing data in; [ 2343.014664] program syz-executor.7 not setting count and/or reply_len properly 03:31:48 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x6, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:31:48 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) [ 2343.098182] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2343.098182] program syz-executor.0 not setting count and/or reply_len properly [ 2343.138991] sg_write: data in/out 150994910/80 bytes for SCSI command 0x0-- guessing data in; [ 2343.138991] program syz-executor.6 not setting count and/or reply_len properly 03:32:02 executing program 2: shmat(0xffffffffffffffff, &(0x7f0000ffa000/0x3000)=nil, 0x3000) r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:32:02 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:02 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r2 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000180)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x7a, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:02 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) sendmmsg(r2, &(0x7f0000003300)=[{{&(0x7f00000000c0)=@l2tp={0x2, 0x0, @multicast2, 0x2}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000140)="e96ffff9096815b718ecd5130dca23cccf4d8d784ceac19bf2f41a57dcca98b6997c10d9d696adb58dbe159a", 0x2c}, {&(0x7f0000000180)="a1e707322d7871223d7170a9c0858284b6d2ec9ff5824fd7fc0878ffd906e0ba0c868d96", 0x24}, {&(0x7f00000001c0)="64fc5edb6cd9a98cee90bbe5fcca9b21a51c670a3ef72c3a54c6fe6918e694766bc337ff41e168e48231dbc1ab61351ccc2a166af82c5b77ad70be518b6ec4040564ef95fba3a0c59bd1e6f2f36bbfbd7cdf590dbe36b26b614888498d7e8c058e9128c83d0d5bfacd9655dcdd20f6bb6e6f", 0x72}, {&(0x7f0000000240)="1e7b6bb455ec3e27b77195759e6567cc275031f50776faf04a3c9faba9aa45121390f9a6a828570e9f1acd22c0b9513081cd3f9e529b4ece6e991395a7b26733eac50976a20534eae88fb50c201b0eef1dac7f54b5bca43ab3d7598bf1c2854e8e673b23a26554a3", 0x68}, {&(0x7f00000002c0)="ce6e151aac6b2adb9c69853f77c86f979111cd78cdd5ebe300c68c68", 0x1c}], 0x5, &(0x7f00000004c0)=[{0x78, 0x3a, 0x2, "701b425f4c7ceec6530d0b2def75fa6fe25e7bf8ec18d1fbb3108ce6e9fe207e993b4f55de271f359c6a50fc47926c4ff15fa173ab48add6358e6a277b66bc8402a3e497c50b47a629fd84bc6889f27f193b4f9e9f769bebac9efe2a54c9e6f42ca9fa3ea93caa"}, {0x88, 0x6, 0x5, "3a54269f94f39f97e55609f4ce3be5c47aa43a8c39bb70e7a06566d48e1120011ab6af645d09689a6cc3cd32a4b85aea06ff0450bc16b756ac4fc3a430f374d65c230df845bbf82eb4f0e41b1ee4ec838df9e33c316bd593c7a39ab644585ca98df813281bef554b1dbab5746797662274f1faef4a4a8565"}, {0xd8, 0x119, 0x0, "dacad24f9b8af2ce50bf0dc90fea368b62d9128d564f0d4f9c4f97a9e436bea8baac363d89b84727630ab90db0085f6f54cf82c587887125274c9423c266a16e7cce4f4a5ca60c141181ca162221ddfe96f5fb20a9deae8d442d5c21c90a903af282376f4404056a5e66f577833afe381939c11bb753b7ddf6578f1eacf296c1e1d220a86dea6e3d3be1aefa6cf439e6b55cbc601eb501dd83646c7caca4160513fe913f20607d9b08079a2ae207f30d226e22d9e8c2a72af9809e0601e333937d91554ba8df1fe9"}, {0x18, 0x84, 0x0, "b3b32a"}, {0xc0, 0x6, 0x20, "54d2a70a3afa93cbebe83a5fd2a47e434fc8c79800912fce466e0d408f79839015bd6d0a3eb7b7baf2d8afd6c9e51c3773de67f74df125b816c8836b151f2073f18f1fae715efd6d49ceec5ea0dbf85c9106c22f4c3d96b5ca45ddb0165d020d57eb50349ca31e905128318d48a51837eb65e15c2a1fd9e9fd65caddae8aada80e9432412467f05ac945c392e44cf0876f70fdc352103359d361645ae1b5f724310bbccec7df9dc6f5780db7e842eba0"}, {0xa8, 0x103, 0xd843, "ad91fd0a9295ac1f2959e920f07e5089adca1e4637691de43a0492f91a431e5692ad98090d8687c0d27fc3669233aadd723dba3b08baa33997b3d45bb875c41ed9d9d7f7534b0fbc6512de9b6c97b47dfc41ea10428eaa9f616859fc093b798953e3a058306205c45e6272fec8f7468e7ed34d2b74c4b68e7a5ceae64d8633ecf3157c2fd796ab3ed640d6fab507f90e025da55d64"}, {0x100, 0x11, 0x7fff, "2078805b0e4c07f30a1d61abff250757f258a170b5bbd4c8b8a2d655c8db1080e3093a006b4ef86f99f6c674b4133aec87ba9ceb824f73033ff2722afa508d079cbdadfab60a79743d13e1116db9500ac6a7f7924540ed06e95b183a735857bebaf0534efb50ed4ced4fe36f20c9ca2ca28d1eb47144396356b50beafb0f8a7b30018e8b3c6e8742a0f90a7c54425670cc6eb3c1603d64b6290ee11385c96cbf455d62a9f329e0747862cfc7adafabd435953715084ded40ca7e5a4710aeb991fbd22a30a30c46a8680284df102e87abc1057a41f20930bddf017900ab2bda0c102998d454e3a0ea9afbe8701739"}], 0x458}}, {{&(0x7f0000000380)=@in={0x2, 0x4e21, @broadcast}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000940)="bf562f4c679fad09e0e39dec00fd3a6add3de93f195c9f7cd539792aa13b79a8986db0c5abaf6d738fbb9051ad1faef847f3c171314e5d73b086627a3289d334aede16da4a5ce04de04c0edfd1cbd548e998a280dc47f4a02f3e82f09127cabc5d62b2f72b2fe85e7d58118ca68319718eaa1fd2af781b2ad7495219c11eaa77723b37bf5fd8d834942c9c799dce48ff11eba1ff51dd4da1e116015e645e0a3a7ba1d72b818940da2baba11b99fb", 0xae}, {&(0x7f0000000400)="c836b3a6822e946541c560bb93", 0xd}, {&(0x7f0000000a00)="d23f28cdc22876462aeb6fd997995b84af410a934d87464a3a621dc8fe66c03543cb1300c8b2dcaf814693acaa899e18c74c3153778d7a54bff5b45d35", 0x3d}, {&(0x7f0000000a40)}], 0x4, &(0x7f0000000ac0)=[{0xf8, 0x115, 0x4, "0cc6efaa6672db123f0f713ae0a6277a868d4e7d9519a21e20fdde48384122e8caf77ce6982489623de7cf7aa1ded8e10ba20dc4239908dd8c34b4868018822b98d692533b7b8cc072d90192ed3975bd64c4696219fe8e294fe8ab4ca02eefb62f22afb60322ade703b1171f2f67558294995498e51f3dfe708bc4cd10c6ced55896fe2dd72241af4bdc74869fc673ed5b4f9ccf989cb65b57c1dff4f713cc1eae150022996a70c27646c486c4dc8ef2528670fd1c85aff7707b81b4253480845e6fffcaf0f39a11fb8bcdfc35d56ae822158c863dcc4702d4cae74444df710b54d78da4f78d743d"}, {0x108, 0x84, 0x605b, "247c5702f3b68ebd610de10b48dd3f0524c9573a235a851a43efa29dc1c2d49715e758e87874bfbfb65602324f53f8d60bac4ededde0c138ed4ec3d708a67e6d796d022882cb6212f6114f3b99d6f47cd6fba7d96b7b30b5a74cda572dc1a0a21a3ac953bc9e7fee36af28410152a2335a2da624222477426a695fc88f5f7cafd21a5a936ca771dc86047adc8d1609166e9b72211126484250a20907741507227e22fc2c2983657091493645e83e4f75e3abfc870062e4893b97db0c77b319c5995921f49ed5126a5fa863e1308fcfccfeca2147c5d3cee7522afbd0ab368950cc72468fb86975d2a3b2e834002d868eaa94a4b6e1e9"}, {0xc8, 0x110, 0x3f, "175714a7d8fc55e12c24121a29d0785311bd44b9164951a4691edd88050cc74c3f9e640fca5fb2dc4b274d03cc68e49d2ea222da9187bd1d1637761a67f89fbe88fd5f23746ee377eddb9e54d7d1e407e856e7777fc0482d24964388f270e6d05483043dae729eb313c90294347bb45a493b8d9d44a668bd3d76bf976c44517b2b856d5b669a2b3461dcae288405110f02290d0e8649be92a687a0b0af12f4facf26a8923fcb6ee8789c5ab09093e2f1fbfebf16"}, {0x48, 0x112, 0x81, "94a7d4a190d4406ab98ac27ad5c7ac9d0a3814ce3d67ecf341b77915af0dcb6e56e615d59a9cbcabc1fafd8358cbff174fba"}], 0x310}}, {{&(0x7f0000000e00)=@l2tp6={0xa, 0x0, 0x1, @ipv4={'\x00', '\xff\xff', @broadcast}, 0xffffffff, 0x3}, 0x80, &(0x7f0000001f40)=[{&(0x7f0000000e80)="fadbddd88367eea8679c222e9fd9c8e8ce93716aee96ceaf1368e8ce7c9f1ec2d80c9a99e53448d5f2d8ad8bd0136ab96816e767ba039212f4a3db6da8db35cb278dbbc27c8de4fac0d051c84afc4e3c09db0d7635e0cd29386c73828d17393d0a78de8a58f1614051d58bd62b49630d42c1b04c5cfbfc6af08ccab76e78f0a05908652e9354e9ee0b69822d95", 0x8d}, {&(0x7f0000000f40)="3785f46f217d5b0dcd405e952d860d9cd33ba1d847e6174840a65dfa53abceac44b79d3e05f38a56380ff34a35980a4557b6cc4be3fb3ea03349ea3e29a8e2063077e086aac36b66d0cecd832c1da93d90670c5d18eb3fc6b2360f04a5d7edfc44783d7bc8c133f644eac3530daee8e68856e58f623806a4f809f90bd769985d8199b1ef42e30f5189982bf2fb9da4ea309367405141c1ca7fbf9e711e481264519175106b89e73009f205341a7aa70e6f49ff8911f780d7e26d08abe7be8f4d223b3494bed26f111fd2ea7b99c34f60f94d9423c08684364715f5798e556378db6e87a8e90bcead679fd8583e0fe692b0659c42d31a1813a266a732af0d36799eb92cd99d76cbd6c9a9be5afe7a055a6b1ffc74306aaa7fa410c850051356611fd879504ae59a2b12423a9176080617e8d155e1e56db1c8cdf8a65f8e871335cac41133e60e2f9f7ce2726e443bb7e5303e8667d0685511ee707f7d952117786438f94c2986d3b7620de7a09888c8e8fb048ffa56f5b84097ebec0030ace17c8e5df77663a2a3c02fbb84cfd38407a3959567ef572fd6510903addb00c60cfad0456801dc0dec83c57d42f63d1e60621f67e9a5fa2c88e9b40d8bd071047cfe911922fcf9dae3121ed480d8ea234b8a290014b8fcad7ad6ad4101895461ac1df36bb883ba8f35989f30e37119ac173c8576086ddd31e0c085152aa86ba8c94ea897cd5646662c0db77dd44f0de5d95e07597ca96782718ca61b7208564db60e3678953154fd93e3ec189256673e5160d9fe63d141ac26ec009d1965dbd91548d9991eb1dde1d8a15498af15d77f276d3e2ff3a588d0fd3b08ff0f086cb74fef6a25ada7e42b7623514c05ac03a2bdebb40510413240ce145dc0083a4c66350ca0984394ede14cf0508a3521993bf138335ba9db71a142d60a19f9ae77b68a381a761c12b3c395a61fd786daf8a9049c61dda381ec1bd39fbad481e7cd2a1ba5da5de3b1672d22ccd37761997e59eb055476a98434ff7edb1b17e058428380cd24dbf0569b0bfe036ed933fd27f84bdcb05aab09c47c59b5573da102ba2b1069cefa8674f6c462eab38b49442313b73998a821de4dc63e0f7bc028bc0e9d32fb993cee3b7bd693905f91970bcca6adb05ccb9c56b8d934dbf9e19121abcbb72dcf61a64ddc105a8e8bd8f65875c26cc5ae75dbf2cbf5f57a08fbca5f230ef8c6276a09901c54a6c7e5c65a0e827112ba0e6799de118faa1a341a9c0bc05a04ddc42d565b27cd6be05798527e42527e1ddef57a28019fa919e9f7e9c4a8ad71bbfd448f8feaa141bfb97c883ee92f9bbb76a0ddec7b09d584179e541cfb102268d45b29cc07c0d336aca1751a6f961316a969573aa7206eb9b7bf7892465fd67a624ced0d26d8c0ad969fe7b3dc4a2715638cca4885725d08061cb433c333f21c22195c8816b0ff1e329934df211a8d30d0b7a081a07eae16f73e5bba48a0114853baa51ab831d85ce3fb9913df5a285cfcadf4eae8f5ac41d1601beb6c78c3a01b144e57e5ee71d30bdd53aacdc3073ca3d7ce837fbdd0dfa3b58161013e11145c7bcc2159f802acf8dd4bd745fc6cff1fa31370138de04de257cfb15b38804933a499eddba5739732c771044a11badedb27fe97084db96c7e70fd2d58579a57b6fda7570ad940feb1990cc144d01aafebf0e91760e7dc49bec884f4f6381e06e02448c217f12c27d01d4b58bfb9fcd66ee59d5c0dd6d531f6b4dbc180a5a2b3aeecfd451bf411be43ede111cd379809d50b275eaf69aecac6904e5e6a6782418c7f9e7d0b1b197ddf8df6addcc8d054f9c59a49a4ea4fb9f3b48102093cc0688db46908aec24a818e58d8d91434a566bffc3eda1a360cf474c354db975f274c37ed048ff6e7f81b1a055d42e4b85574fbc61d12d33fa3c910addf0ed6de2cd5372a4bc448e1a7846bedf9a575b877a9bc7d591ae897077d6d21995a7578f8053b0edf8e46a61e3fdf7a629b5708e8dd14cffa51c70f806c79c4e81dcf013f8a3f8174dba862dc444474c873efc41d48cd91ef734cff5449fa7cf82fcf3c96421af481066b07aec11018d7066608f32c6d79025951c20c60416d280bb2c396c003c441c42979b72cc948331d13ffc281a92815ffe4c50dfab52db289bf3ef3954d659b1100f02867474ecf378d0622f9e2696b1a86e09f301b34a9f2bdfe30a4b02392a20a7820fc5a69cef1981c5269d1e5ee11281d7c024107ea1e39eaae08b2ad0965b2dae4a3945b773126be758bd901358a0153efff38cf392176d7d4778e574f34c3d35ed663458c0029640ffd8dd8abeb43f6f79ec2c6a742458600cb636298124bc1f4ea79063479b49dd4f4b330f8c783f3e7f0a0fa66cf141ba903f16326e03f38e28c49cd6fb6e1d73de3620e05f39879427ff9c6d6c9b200d97ac499b3486b4fac4c2745533e2b3b3cb5e62d6494934c549119e0ca323fe75226d00767ddfec4593f27b371721d6da271e8025c4912e2e5369cc7768b75ae56797e50801fd925c3bf93c2eef659d9eedf86377dfbf9dc3ae730cc43c570ac0c031d2a2b830bb307704e678c68abb9d59e8a4e7fa079dfa917b0362a4f963bd00156cf2a0a053adbc0f02219b855d1f38413d90cb8ce60a5aa33e2bae198a800010a777f40a51bd0cf8c2f7c16e9462cce3c29a1f31f138d528be447963de9cc9cb1f6e05aae8d7886f79ba0bb77eaedc0c7a23cb24958b568aecde2ccd8dcea0be1b7bfeeaf7c0e02f5fd3c4a886990a4ca0f76fa20e302f33929db46940dac750dadd24dd43ffdad6cf36b4b812aaa95f71eb49be073cd196dc19fc9b6234178c3c5bcab3bb28b340b7b7c213b27c467f6cb582eed7f31d30310d141745cf8e2f35ddd04abee262aab653a665093f7240b6dc3cd1f2d6fbd3b8cf2be32ef1c09d3083ee802a79e4b0007d3aace63d87a7c20847d46171449dd77723f2c417ad862cb13a819300c7360e3543e4f58bc792a6bcf0fcf133491eea2acd8f7496641e9afeb0ca8f7c8edf9031a48e8bba1e36a76920620454bec0336213a151aebddf1cfccac6b400fe8bb5ad6e0b290529e81a00809772a90ba8de2b9daa525f39f6dd008ee8d2dfb4ac426fe088b4d67c30d1642c1429f7c46d22f1fb2225de01efc19443ace7fb96638c52a04aaa30b3a4db9991544ccdec0731436b0d282f50ef88f30ff5cd45e4720a23a54678b18f5a8bc8d409e23a22b2e714b903ce42bb6cb1dac9767cf0b7aa073c6b218b23f5af0f951767dee6e20f0812eec67290dbbbebeb62f1dcc7a96038fca1efa6fa50236389cd2355739b72bca3a1292208aa981e3fe8342a0563cfc4fea8facceb362dabe14258bff67a83bd76fc9eca5d23ac9aa8ba93493d2c854dd9805b2e628ec7967aae5e9e3dff9b93dc88af4f5bebf0d96fa9db927b59953909ecdf4eab8752b716f458b1557c01ee6aa6c1b8291a96eacaa0d4453eb80dca69b0fab99aa06797989d74f32d82f2d7f0897b08b4f723b8d56e7dc126f08754f4509f94e2b1d489e0d634d5bd1444a7f5b67ed7640bc302e1347a3bd53d65b14d0ad9bbf43bcb034427958123c0d14026e12305196faad67ab3dbdad2698296bbbd3f9cc89f6c54117cd7a69c344a47bb95bbfc5274c08c34626b67a9bdb145ccdb01611bf05d9725a96a2eae6e757a35881413be769c8f3e3d884c08b4433a7eb753a56888175da11eb0273735a4ccd915eeba4b0a7c0b8c3c014b129120e763dbf5de3cadda88d78aad7a4510e54469bcbf4ceeffcf4b750ad8c872edf008ce897eecd6f3adf921340b5ce709210c6cfcb0e6fc21b403e1a88769888b8a47224f9c5d7fcbc143dbc7a2178e5d923887e925812da94b6658532ce1820d23247c7f052526ebae9cd93772c28ff723e978a5a23e42c1dec144a78a35d438d9f21600ef84014c25c39388b723477e0b914ee75d38f5fb08db922cfa7545d0133130af9609815a410ef29eddc39f3f8c7491dde30d9eb8610097ce54c34cffb0ace8063ffcaff7506a1d98bf2943a0eef4a0ca0320c20b7950a72b76a0131068991f8c00c5a318f25553481fc27ecbab57e37285a660c539e227179bb0eee13cd1380a9102bfea1a0112f40ae83d219943c63a5e96a9f889b5fbc9577513a559d1f64953a9ad0253491898504c63f59a93b9f7ab77976f11edd1555e00b0a6de2fb557c9ac2d29dda5564a587de41c48f133c119f9712c5679fe7f00df34039b6bb8e317881ff53fb604a6f15ad11d910fbd1bce511117c50e36b4d9fe1c25303dd647e44dc59578f5b5ad68dfb1d6274498d7b918ae9826f07467cde5eb5538754249a0f7d95d82a169072027f838a803babbb85af0a513167d606004c4269480d52162d5cf633241d6dc9411e791a7b66366eda3f8730a31ae97c48456b9623bff8a86076c8d1ebd784cacaa70e4608f7a42812a354def7d092f12e22bf1625715231f5e45dd294b5efece27e53928f866e3f6f38780764e737e5bb495ee67562ed7ab7a86f79faf6f55f7f5d3891f8f6a1a6d121039819176a0e46900a730195b0dad13ffaeccb30c818c85466573b735941214b6992569d167956b1f04f3acdd399f56974bb53df4abe955f029580518783ff677df30b4b0dd7f7438d1266f892bf89554bf00e6324201b1074d319d3a973ee07f79a95a9e4d06e16b3c1d5994253538d46fec02b8167f5c437d8dc06e67dace9114c3daf485f8a2252b6d1472cfe0ef46af31fc4df032effbf8101d26776fb5979e3486f96112684ab183cdb752eaeee02e469dca55cb1bf2624ab1235cb37bf26558a0ea62b1f27a9415a13f104c0274765cd21bd6f2a221b875f434f820ae06a6ddc119b3c20b2795e600fea6d0a6fad7ea83d72297af6584e3182022086d75f04836dad6060b163c123f1b7ad0103b129ee4d996635324abff239be0b40dd93980e3da98426b668336abb1d6a6c20ec09a385ddc5fc29ca858b9d72bc0395f1101a1074c20fcfb4a0b5e5e7c11dd08db28595d0129d369d374d06734a3900476ace23b8052c267d56ce6f4f4335c0a4d2f0fa4e6caeafda42d511aae1eb6553ad9ea71c8f5b36feed936a375ffeab3d0dac881f5d0d9bfc62b1a204110f1f70bad78a117ee5f152c25e6551ac5354b0083fa245230c44e72061ca5606b8987171ebb05984ba6613ae78cfac4549cd97506b1b81a8aba2b1297d06cf76b4cb7878cca427bebb6d8c6394b2597ddf01148f8b49dadc5a9acdf5c4977ec4ad929f519892babb6fe58c7c0e2a2b62964ea84bdc083777086ef86cb9c719c95055e1a8f9813ec889f5486f31446ab3f09daf284efe2a8c027948f7bad9fb8ca2e42750f0da6a980f5b0f40e878172965730eec06106ff41f4761ad97568cb9e32168a7caf0a316a2a7aa9ecdfee0448a33ec139a973b8159927db9ca27b0708e9f52fa6f0673a41d9ffe1510a9aba04a6020a68de966b1ee5ecc7f3f1aed37c67c9f4958ba5f16a09aad625a44628d675b107f1dfbaa2d8e59c46c9507d83fb34bef46b12373b33ac005bcb9a31da994ff96329c6d184e48f13eefb55e4c582e5b19d500b37a0bcbfd598271a904de6b1ebe973caba856bd7aee8d36fc2955d659e45dfe215a016106b209d03ac52cb3b076082d3eee6b7a9609378e44f66322bca4335a8233579eb2b05380aacbdaf098baafc9b7f069eba57ca8b281c775935a0b8b39ea3a4b3f7cd7a907a44706fb5063cf8d6304e48e68a941c3ea989e01c57891", 0x1000}], 0x2, &(0x7f0000001f80)=[{0x60, 0x84, 0x800, "57f46457d849ed679cd88b0920221dcbfa50441b6237c1c6e874e7921d917ba9f5804dcc6fcee8258ab38265af353c703ab601ab7580a3fe816427dc0b07542e25de29ccfd4d3ed2fa68"}, {0x1010, 0x113, 0xf0f6, "92dbe54b0eff581ddf40009022631503dbcd6485090fe7ac34dab8fd738547dfd25aecbe4b036c68c65d1f1188a7c75f0b2575bb13fddbd896224e298d47103d4cf387a97ca98662230044456746482614d327417ec5242162b987c2a9d18e4582063a893f30b90d0f4edb2bdff950db2d59502180a669108754f175acd67709115a0cfea676a8ea97d514c694e50c719c418569f4989ba1fc62481e74ca1be4b86bee4d2fecaa105499912b793f9eefc24cb81755e39e3d44d8332ce1cd925c99e1423efabed1451af97bd01ddb80b980c170743402b8cb9ad0eae5dbcadd290d03cbaccb224328774a26f5cabde15195d7f1e0bf2c70fbf81581406fa4f7dd9ff9491219cf79c26076de575a69d1c57bba8c56d9ae52538ce6b3a5aec2622a13847905d069308e391d4069ecd251c61eed482385c7a2b6c080bd35b2225429ba508803226f0e5bf691cd7cb8e70c7cd354ccc75cc799cd144774f880274c04e0b8f1d1d57d5b57bdd0d1d60b9b107dfae15293b89a4a8f0dc3c9e6f6dd53d24dd65d2e8d9f65014d33fc473327c5053f0e8361d4ff5b05e8b92f16289b981642d607b21ca40fa4cf3a51b3990ad45273fc615170eb91dd6bd7cde8ca2beff1706d189308ed9e4d06fbc99d18864a3a0f1aa8b7d254ca5d7e0433c60f99b32ac02508777084668859fdd4cf7443741fecf89c69ad909bd5822bbbf69b4dc666f0e3db7f9d5476c7f05c6c59895c0c94b52b036934369a7413a491408f1c30b93a624ca9e7545747d3d9b2237396e7ecde95ea283a0cd96b443bc8b5ea8fd0d32b45c9532ad9f5c894ea4dba82f0f54f9288de2390d135edfecd92a4cfc4989f57b99fdac6b5e4790d14d7965b952a27d2453dfae1bd2a903176cd455b527ae2d8e69f9d97240210ec2dd5518dbd3d5ff7c392712c6977fb239b5d898f436511f8c7b7000b5b617e062dff975c70c2acea6918857741c6725d56fcfa85274f5658ae85a08229f9a02c4602ade21b071d4ac08f983971fd25a2f87176738f8f5c951c184f2e7b3f613293cbc8ab1c0b4f6b468efd100b2662eaa11c489990282c8adb46cb5658a1ef6f145735353a3c88b2a8fb30623b91ba9f23894d271cb9a575f869fd28067cb56d8e75ae1c10d6b17aabd781aca020f117bebf8dee51c0f5f0a942b54b7e3550b66a319372cce166aa1c26897f9bd5eedd152abc5f7ace9548db9bf7f209949564dc24ed0ea189135ae30f79881809705fc1b98559bec03dab4c4a0d63114b64ad72dfb917ad1899cf200a24653adbc391a9638774e2e7f8af7fc6b5e03bc46e8df01815719bc03866c48e14c7a52876c67a257fbea875a264dc3bed03d29883422e2c089595a54a37ab413d3bcdb80764f52df98a36ed54f4a8ee1c379e734b589e3fa59d3895ce6b197eed4f8981281b62a9f36443334d2673f8aaa21faff59c3b55b5536de29b28ec2db6b7e7350cc73dfc2260252bacf6ca3b031e018998b669c0a1d47257c8c01eb03c52f264fbb9a1548548cf3b96d783224705122879efec8d34d16370aded8c13f046e653b87c7161cde03932d14a869bc3ddf662c54b4a6fb4196b0e83c04c45cf2e8d7ea73af51db40a3e5ac476a68df7cee060dd4912e42c1c41aa9ed39574851a3d7c8fa07627c948e78043de987435fe5b026faddf63e67869327a808da356871529c23b1f94e7d9093a17f1069f54caab1e368a9d118015e8cf48e8a2d71caa2e62caf90f73885a10777d31d649d9623edea5343946bbb7c895e51886191b85af9996e7b528cfe8034a8e9622198a49b10787551af9056426f01eb73ef96feb68920c4c9936dadca3c43b49ae8cb0dfb0886253caeadf3d6842766d856375751c262b9028df343163ceece5d86ddeb79154978e8469ffa1531fa7dc658032522b74121b0b3427c4f98ffb8833586948e7d6c3ccd3a696071dc2e57945b7fefe6fb102e9d49897d0d211847b29496ed6aa43eb35afa43ac4e0efd56f4d283997efd1789b09a0d37ddd369b48154bbf03508e32fad1099a95294d2b600422f4d0d349df85d89cc26046fe7b561c8596601bab8d9f600da389631c94fb0180286dd31c7ef743236a3ed5267b9432b03b2ef693103cd9c88b3573a9479e3bfbae133d026f4e97c1ba9e9ec04465de3bf956491e2687ffcb996aa83bb1522437e12f7127cd027a9ab8aed9c955faf22bfd4184ecd43b79a1cb6f81edfbe68bebc87d98b7ec5781c375152abc361e5ca19a14e8677fc9d0cd7d6dc632390664c6bd6739ba6ff93777cd43d5a0451ad41022520221104e70c08895a694b8e7b6e90f507ef49d00c9f507bc32cab8b0b548d5ff8707686baa766c09279bd1a22b669b603aa5fc8d8934ec0aff77c65891952e4cbf69c064293d7136ee8a24285b0591a657080aa45b9ee9d3c8fa97b1fcc8ffeb3399952af48cb52e6fc9bec79cebb424dec2e582bd1518e1e327933b89f84e08cdb16690dc7040ace974f91109b7cb78aa85338763a31172b5b787e01271f90915acaf4fb27e3924d01941d20935c20f7f0b5a461ce7a4a3a5c02db7f278018d4ea7b16b13fbafa17d22b1f7d20fd62ba44ee6e3af01fcdbe7ff1ed230644e065b3deb269e3d7a3daa10d5bc3777264aad7f4e35f29fb680b855c85c20ee0f6e6fc00f8af33cdbf433f357841344fc8be40f6daa844b9d2b59e1de667366c9bfd8e04867eba8326ffea8373d132abef226b298904adea7cfd81480a9100a1e2db5d13381f789d63f29a7542cd9c3e85ac0d284cc9951016ac5e9135780c44d787c1ad4dd4bf2a50795ad74dd69fac66e9c35836ac28c5d873ff345e8100ac25e67caf89526f7daf8d1b896e063c38f3eda464c6f30afee1de285bd0f5cc8ba1b07dd800490fe383ac0e0178c020742cd53f53288eb75df7f224b705d589f95deba0cabba54bf7008c03abc2e381ae6d5a9cc9ff58f7e3985c7f9b7e4a80d3dccbeb58bbfac3a376f842f9e5acedf778b08cb8c83e758db19fdef75b3f831cd7068d4064d008c0a5fbc69a8ec93021e80953dc28a24aceab5bd89ee4ab010858177b84ae74b50ba1f1955c869523ce36277c538c92a60bd5d2c34c693dfae3ea659a57c685ec84b6e02111be470cd7157e724cb6bf9c5cdace06fc1283dfb15ea7bd121f58c22e6a8ff7ed0c9418f15cc6d191b9dd353afd8d14e5e2a263ffa4e7605a12de02e9585221095714fac6afc04645881ca1302da6f98112876910f4fa79baa76ada2e5dca806ad1814ed6e12231182dca37ad201355892135401f27567e91f2715a0a34e49e1130c490cc474a1a08e68d06ca15330537645278723b486105d7b65d02a23fac10ac09b7386e852f13cee63bdaded270c0fb1ccc7e98d38b81a3f02217cab333fc17fe9bb404c7cc21b2234a52fb01fe9219a65958f6c2847a9d685d44d68d86f81c15a863c2acf5d9cf9e8482ca21e3828f9cea0433ea063ecd606a59e686e01f1fe0a06f8ec25a8da6f08144804c4cb6e3cd37f3be117f7afbfa7d5b901a038f3d46d3a87f9f9e97ba6402a4e408adde444300b4feeacb580064605c2ad81088c7155e43121010e95ec0b88fe6d9aa3baa67c6dda20ce38e64f0ba1532b81c4c5eaeb5eecd0222c6744c7ae0dabc5bb5e2ddd6265eb2cf8eecdcf498167afaa35fc0e1b708fabea53e1b37228e2428fc924160b6b2c3f9935b560aa65720cc634da08b7c5fdfad3808e2a53ed0da8b7d06689568e8dc6d3f6cced9cf86dcd3e9911b80e953d826a4105b4e1a09ff7a39c191e7f99fb59277d70e2a4adefebdb1859b54c6a3939c83c3854be5915628f5329ce9753fadf5a1d48331fb7b1d1bc93f6d8452c4b092de6d32fe2bf9c57e4b5ea2fd87761c12cf5dbfb1373046d6cb7013ef100d11fda81d36b928a778a8f83a3e5f2bbfeb244d0c7f7fb49679553473780136dc6b3e47fab670363efe2489c6b20948a8bc67d77f4b457f7017fb5872a73eec4c24499a3df14d84d349b42ec03e6014867a14321f466ae570c299685a0bdf32ed3044896c2207e2253b60dd45b3b0969e7944d17341049f84af3d70118d081077091971bffc86284d50b1deeaa6c17076c98a54a2d301030961355d0e554f868b29e48af9947bf9d2ec66052ee13ab84fc26a29156a6572fea800aafe526e3f33b9be88f4edc83f8dd43622140e0d800f1499643a1097fe254d66c50ee9c5580a6ec1b498005e00ddfbee16d5fbec1d36404246ce9f4ab8df2db19639ea57024f324dd4f2a802bc393ed8e061d97cd5e2918c8b006a7b9fb63e60b50dd2a211d8b5c4e3db90f239d67a0bd4c15d7c3520e299fbb8650066cd1f1d446a6721980b033a1ec7f08fc5bbbcceef15baaaecfdcb9f3594bb4cdd9ed6c8e175a3d6dfa41511de9611eb4eee1ea0edab5ab0ce1db88854fdcc8e32ba35b427f29406c2a6af52a3a23bd0fb792eead7e7d86aba1d6a877e726a01c8d0599d008da0858e72998ffea11dc3ebbf5517283ae47b9e395ab8d167fe2c9274cd8fc5c610a843a30e77a8445c9ce3a71794a2ec6f0910f33d4d19deff842f604a4773c29f7a6d5fbc5c9246ef5f68c8a0ba7d3da452be24679e2e8371dfd4eda1e58f2266d53fe56cf452a20ca954b84957732811d3f6b7e1aa24d31cf2e1baf6f06e8bb69020797f1540105c501ce5df339341f757e1cfce67a9671d9c7d56f2433b3245b030f5c3b1073ea6810a3c4b5a6be767ee97a42dd297ce8927c01c92784f02f4caa7feeb63ac7c4dd3f44637cf032fc4cf86cad8621e4e05c671c843431455bc919d395bf0830b7e02bd30eecf7ae9fbdcbf8f1e86c1eee7bb510374876d8f16b4a6de66f4c57fbffee50294886d3eedb51c0896dbaf350c0334ae48cd71240a1768de8de414f37fd041cdd5aac58986b746bce7dfeaf958ec1192d497b63ff47f801a0cbf0d166527d1701229322a941ff126da00ff6557e258da0e0dc8c27d3aedd818e297c2ff7ba2b143b714606d1f25025f8609bd078f980cb8f455d5865117a0766aaf02ab5c70b5e119046c9946af3502e35f60a85a755a5c94328d174f524081830fb9b52e6a69450929272e62e681380a7f96896f5027edd194564e6a3dd9f1f2c53fd135610ef582ea187fdabd498b767416f7ed8a22b6fcdcd5d1e6a84c9fbc3dbf404facfbc4281471d1f1c27fc357b8e81bd4cfdc4e2329e20b93e7b2b93d5ec27ebd771dd253ad1829f3b2627dac8970bc9d8dcbcb75fe0115cd69311a6571b1204ae1435f2678cbe4c8351156d2d1d181a29a87720dad6980596df60f8b8226da4455408dbc7f8e9aae9cea918b2177282e083b0d22b6d2a012828ab6d8a21d293391bde13638bd4e1b644890fa4a85ff91e07031198d3508a0b22379f7ca6659fb26bfa16bd0b4dea75454fd9039ae86cabccb0d64db93e6f6965b91a53a3eb011132614d9d1e6efc573b9eeb00671899a1c1c4ec43b8ffc5e5843759aac8c3fee17a98f6109a63a35221f7416d5e232b2e057ff540ea0b890443c5ecb86d06714d359664a3ec42db3a666b439135b4bbda6af4eff6a6a2202e78630da865f6916010b36ba1a81c0a348059540fbd7fa4eda09861156a1e2d1f29dd61a18d744b0d3c59adea5c2d0ac88319328b38787a2133496738c256d71f18111d9de4fd43ed37946fce7a9363fd87c7cd17a79d22b57c9d7eb3b8643318cf3ef66fad1660d309cb37a619497bc1b2966561dbe206de1ea7b525a32c4b6e9f22ca5fdca56415fc62b06930"}, {0x38, 0x116, 0x2, "b9dfb47579bc5346eb161040aa6aec6584acef43f8f7fa3d82d706c911a822118eb2133edac4f1"}, {0xd8, 0x114, 0x1, "b6fc35324989f2150a7d98f57b40bd7ead09dd546900751e5a87a2319713eb378d160f3c0a7e757d5571fae3c2f2aec7f3ffd98d74603700437f9b3f2d889a626ebb8681688cd18842f90b0611fbec93dfeeccb1058fc0e7d3a085a70cd0d5b4dcf8c7029c67c901b7e045a3110b4dee38ab267a477b978e927fdd0d7f3c734add75caae55e272ff1c4d8cac1fa24a41b21ac70def33d1df281a9cb93e93749392a1d74f35589f5a3fa9078d7b76ef3d90c12b17b7751f0fd258ed8174e0901a13110e42"}, {0x108, 0x105, 0x0, "cf0c8d1d3c860135d4a356d35858bcb6797bc1bb7c6e62673c15952ec2571cedcce8357e1ab023f823662e4591ebe43b5c2c6dc576c9afa6a76163e86f70c7297ddac8c7950883d395144daafa3e5a1af32878c3c7e9a25375ba6e338b3d1904beb8e76364c97b79e8da3770c49ecfc404e128409df8fb71b7739e2e7f0358c62a5c265afe3f812d7155c09ca4d4ca0fdc672cd6fe6714a9e2e2df140de4cb38ffdb33d239b20d256c0dc7a499b3a9825983849d4f12bd23b6fef9d61012c23b17dd3ecc6b70507611eb6329f6f1a2b0025bf41dbc702af96752387c2a5a38e380152cf3b6416e6378c938a14b9402c7842c963dab88"}, {0xd8, 0x111, 0x80000000, "647a4ad199bb0fc9aea1aa35e6bbe406a1fcebb61a64325c6b23eafff5df6cf6193f6e35d2967f0b538b9e706d7dc0d5b46c2534f99fbad5fc93a66ccdea197ad423ea1af5fa1447842e474b152b3f7a3d7930c54748c96fb483f90c7281d4d3ddee3c833ce83f8bcaaeddf62a7f886ba72a5c5bc4b8fcbfe100816dc0e052b6f4661a61e9174c903d6696b0622b8be0595c8d47c973437cd358912015878d89700a2a676789c83c698145a5f8b66f8cf1430e433083a3c27ec1875ca558494c835e2a"}], 0x1360}}], 0x3, 0x801) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:32:02 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) write$sndseq(0xffffffffffffffff, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0xfce2, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb310, 0x0, 0x7, 0x3, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, r0, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r5, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r7 = fcntl$dupfd(r6, 0x0, r6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r7, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r8 = memfd_create(&(0x7f0000000440)=').)\x00', 0x1) pipe(&(0x7f0000000540)={0xffffffffffffffff}) io_submit(0x0, 0x7, &(0x7f0000000640)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000000000)="397d73bb6973bb9b1687713e8444a2fba180688479950829db99f979d0eb72e2411a74fca6b4a8bf648df48a7b1a2ddde45542f42a63c6964404037bd949b8120590b3312f9ec16241da4680e1fccc8d69a47facb72169d822d9551835636124d0e57f4da204d89e11db1bd1e66f6b3a0cc3f4689bd4765ddf81829f3ba6cc986ae13150f6c4bc466376d0a90c646bb8e5981fbb7df7072fb0d449332d2204145cf235e92c96f9d6358099c6967a1bc50edaee", 0xb3, 0x9}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x3, 0xffffffffffffffff, &(0x7f0000000100)="116f2509c0b59b4d33902e25d5dc758dd4eddc6447a52da25e2e433b7d0c82c9604ff3800ae25d94012b61daecc6729d6a863026508be9bef5ea5831c16af9486cad8016e93cd0e9a317d47cd846af8a93f7206e92", 0x55, 0xe5, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x3ff, 0xffffffffffffffff, &(0x7f00000001c0)="f5e6589aa56c4a7cc7410be6", 0xc, 0x401, 0x0, 0x2, r2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x9, r3, &(0x7f0000000240)="fb", 0x1, 0x1d, 0x0, 0x1, r5}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x7, 0x3, 0xffffffffffffffff, &(0x7f00000002c0)="87538e34430b2e4ac4fb752318dd58d4d9e8a38eda5f7176e948d8a39d268c0798602c656c9a1cc9daa59429ed2e1239ee133eb590f79f333a86705173d8519a09bdb6098b5d47d89ec4d4d2bca57a5d56650044a99789ab5472b716eccf3f7d6c81", 0x62, 0x81, 0x0, 0x0, r7}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x2, r8, &(0x7f0000000480)="88daaa7fe3239881bfc6fd9643488ba0e796c1fb028fc16d71a6fc043b86e92adbc0a7773191ae73c48f1e3d88bb384c40ba877a7739e106cfa769d1408fd011252b8e87bb2f6cd48333d96da0b86d0cf9407a5d616c371786f58aced62e8cb0e34652482ede74e5bc24fc43abe3330c2cf941cd2932112255d1cc69bbff05b654e60e680327f117067dd270c0f2f94e3c30ebdcbfe87b33ac87b3a3f8fd7256022170ad94ea6b06c7d6dcdb84622e228802473dbfec86eac23b64c2b246", 0xbe, 0x2, 0x0, 0x0, r9}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x7, 0x7, 0xffffffffffffffff, &(0x7f00000005c0)="765dbd2cd3d1149f4f0b4e1da8130ada1a1f2f5ddd6971e8ef7b5f6d296e4094fe48b939417772157812", 0x2a, 0x1, 0x0, 0x2}]) 03:32:02 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x24480, 0x0) r2 = perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001900)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r3, 0x5000943f, &(0x7f0000000900)={{}, 0x0, 0x4, @inherit={0x60, &(0x7f0000001d00)=ANY=[@ANYBLOB]}, @devid=r4}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000500)={r4, 0x3400000000000000, 0x20, 0x1}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000100)={r4, 0x401, 0x5, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0xffffffff, {0x4, 0xe76}}) 03:32:02 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x7, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2357.149713] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.149713] program syz-executor.0 not setting count and/or reply_len properly [ 2357.150257] sg_write: data in/out 150994911/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.150257] program syz-executor.6 not setting count and/or reply_len properly [ 2357.163844] sg_write: data in/out 150995030/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.163844] program syz-executor.7 not setting count and/or reply_len properly 03:32:02 executing program 1: read$hidraw(0xffffffffffffffff, &(0x7f0000001480)=""/4096, 0x1000) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = timerfd_create(0x5, 0x0) writev(r1, &(0x7f0000001400)=[{&(0x7f00000000c0)="7b64b2dac46fcee4c67b2046e80a5f28edb5fc424d54f00a0d0d933619a09ff0d0318fdba17e6743f9f5c928b3951ea88be8bf45831f77388c076edad61805e1597aa525f69a3ae48722840086c9153a4ae6dc551cf43dec4e9b877ba4bfadf71e823652586d7a87698833b67c7d29aed99b6458a52c65a1aee152eda4b266d430eddeb1e823689f0f77dfec7e0484c073c142994c2979a588655524268d5ff1190a33c204b845588a8c28539e709e96bad0e67d3f9dd2f855d7e27ebe966c92b716a79e8fad5d041aaa5993c95be963010874d5eb462db645145aa529858a393372eed428cc874098bb28", 0xeb}, {&(0x7f00000001c0)="2b8ff4e681a464e6a011e0ad8443eb0776974f0db33b40213c4c793b29755390342b562de3051359", 0x28}, {&(0x7f0000000200)="336763b8f59fda1635347e772c2546a58adf3f71d56ff690a14fa1ae0049b790453f215da414952bc0961badfa1fd76bb4f62167a33a5271953e315be3fdd4fcf2664babf74dee5cd35a1e33b9e1cd959a8e7ede6e8569499312316144186952b68f346e233d9889130e6fc118c9094f0c67d1238d153b03515c2db84d2d5cc3090cc127eee2dda3638cb34b8e3670717ed1fae7388eed76226eaff1210d9e28f07cee329b0dd64f89364afdbb529288b462a0a26dabe9c405bc721b816fdd274b718fb130a90e3bf75cae63d8955fb229c058beb641dd17a6373ac6fa061b54ae66fa868063889ffde5793ec248cf8eb4e0c961aab12b2433d2229138c6c92e237d2ae3a7ae09798828526c0baf0b76dc9452a212fa7b1e3f9eb347a869c51fa0e380805d4757520d4049f70971e49d397763b86b02455c5b3c195c0b55a06ea02ce3574e8eb5b7246f03a029c7c44f1d394f560b1f3aa45815a77323c4eedb28d1a81e7d5e559bd86fb4b0c988115f1cdf42ca8dcbc8804958918f38505511bde63ee9286f6eb6a87652c7f231b57e4709928a3c282cc37fb9a8a8887a850cf8fa75b9942fac6fac75c61c6ba976275ca6f96b5b49e672b4e1db76625c0173dba106530842dbd6a3b7a49584207e540638f09336f11dd07e90a9d8dc7e1ec5074ee6e61da85be74a683cf20b5391a87d02046b25161d58867b251711ba9da771329f5fcd3d6841ccd262cfee3ce07387b74686cd0aaf11ed5d13989ac1f420d182bed72c4c2eed0c14c780cee901814740b6a9aced3c3dd3b2a42f981b5192217d626a2e02525310977c3b9957cedc971580748b7ae5e29b29835cdb3e3bf7b681f144f5e5366fd8d78cd499696979bb67427d8d74eef7ea7a1db5f98019579e3d3ce7de23f7881764068cae0fbb0a08df4de1247be103f5dad136c5c72ea7e593b48ad82b84001d9eec6289560f209b77d8e43efe784082ddd70b35d4fb2db690151da8f3d3fa8023a3f33f6cab0ddbacc4946843452c32d16ff1c3e0e48861c85fde761394805d32db370f4def9d9601351f740b1e7e55f9595effaa7b81246c34a078fc66a78ed078e06aa343510911d50c0bb6026efd3eeee33ecb642be517697730db46a66e9cc0ec2efa731ee12a4074190963d52546dac287ea3eafe742c7360c358c39234df1677768a90572eade0d1c5a2685263228b5016386f259c2f9272295f36d0bed968e0ce7b5188c0823043e7103760d8c1f353d5e890a5d3ce8a0c4e4c6fc3733712726de1d52cf01f6a7e9247f53c431c111e24f7d5c37eb369c70d9320572f87afbfe89164ce034e9c0aa12cfdd15c5120f27783138f143955643949951af378ea0944734170cf95aa2e971741c5312b3db43957d69f41996ed04d6f9eea385996223785f2c91f3539c07a3d7143905da64b19459e8970cbbca4e217bcaf31c16c50776d1d7281ed790e95f6e1a896a47db3d6b171ff31064de4fe68da525a2d37203bd206b63d5ab9f684dacc43717749d6a4cbf7b6cc8115e1d75f1ae3d6239e5151893bbb2ecaded4d2a8d13b448640221150f1b38114aab4b849cf258880216f1e1d70da99f48c632d1a6e1ca1e8630500107879b4ae050506d5f108ad50ded1e3edfd14a13e5958d00229aafdc630a4277703fcf326b25a93b7890ea416c5b69b12b1572b75fc21655bccd2ff654553a3981cdced179dfa5e081a8b5a299ab7991f2eda034c123cb328c84cbcdec8721ad9ed25548e039c5e0f98b81599e61ebffa0864842fbba69e5daeec975bb5e29521f45bf467e2bc88ca3f4b3256864bac1b4f45f70f0fac8c661fda8cb284b9a02a487673d3b8084bd5aee3e2c5d8747e979f2ccb8a5cd229513c07795949653e8458133c3b421b2fdce09f6124f84ea5ae9557ca2e785693cf346a797c0388f909ab828e68c26e9b3d11ce32d29cea66567182c0e1e55624df39a31466b41e2550cbc24131778a27878157d8a0ab52ac420e9b2dcbffa59b4428457659794d85cedc713124af2ca1a3a45e7a043db72ec7de22aae3f877fd0c19ec212f66dbeefa384d76bde82570ac3c7bbc584613df0510dd6f1d6b850a8568f35d4d7d60a029b4f2988d48607922ec4b73df413653f006dd34bf0ca5e4533bebc436b80b1695cd7717ede6c949ceb4de64370b9e7409eff7aa906283e9769b9bac5358fddebfaa538f5c7338e62171135366bbc93ce1ab081c2e024f1f8daad00f107a11dc5526d0c62a6a9a31b84b74510f7b70fb314d775875fbbc58a12080fd076001843428162386c35a7e506e763be5cc7ae6067c2d6ff77768657ce5a872b08673abd845a2991ec6d3cf0f3193c05b96ffe02c07092d0b280c64f3caf2cf2277501ea3f8cb1c33add6f4a6280e7904aacac6b18a0b3c1ff971c582dee8e4ca365f08107b5f4755a8a0c1bc21927c429e74e95fd4d2420321153feeb8de642f6d5624577ec58b6412625afb9e16442c2f614e9d4e6630f1d6287292cdea01a47368bd57ed09f3f719906d6d51dff289ed431dc7fce8fd141f5c2516a1b433b99aaf3680d6cd1f388ac08bf401e5b5371ae21cfd89adaf91892651ae6e2de22be8d6a31a070f962fba505eb845b079f53f3a1bd4b9baf081d0f8f7e0a4d2c016e200a2ef8d41ef3b32747697fc52e783530c2cd38a2f2523234fb08e2afb28b0af7ca53e8cf001280fb33e0450c86e4b25050b3b05012ce5f0e0250b06aaed09b0c584484f43346f1657d945833c27b7612cfeb40bc2f9849a41963910a17a8c8da3d4723408640e8e84bee74111cb81a49cb589a34c312cbbdd800b5f46093050b3d5b5221603b99d589cc136918f1f72199822e2ac917b19bdb67341046fbd69a5302b1e8f8ad01e77dc16f147ee4f5b92308b8a97edfc7f069c8759730f5965cc4d561573a6e5398ff851825e1c89cd69a4476e45ea7abd9555e4f75f3332a7bb0bc1e0223ae80202494de9e1fd33524cc6a9f74bbe92c59ea38aa419f7320055dfd95bd1a8d74b1ab7bcbf1909cba5661a82d727e251cf1bfb022398b6308121cbc737197b985c096131a18e61e489dc5e5036a92e03671f40d8e46fe8e86cf15a320bcb3b977022a8607f67aa588abc06d1cf97c9301b7ef8f9d6704397c8f56126da2f49bcef0891f4af4c9746f773ba509fa40feb66e401948fb3c241f540650b3c3c6b08007adcb19f2f91902040efecce4f113bc6024c67c3f5b4066f80bd90fdfed03f420e63ee81ba091a883066ca264a9f8441e3faab0fd60224ae63b2abeac1ed86ad30c2ce29d5c59dde5f2c12385776d7fa796eb13ff67d79dff1b1231ce9ba0ced1890e40b3b8b52a3f6585a281114011074a51727fb9670ac0f94b3a3fb42d833330c056aa6a3d4851e1dccc248f5b83370216960e2d2947aebf6e14fe6606d124b100cf7e8cfd1129e1f5574d6ab04cebdb7df6f93aa4abb2cf6655fdcc8d853b5d796996e55281288d613fcfc5d0c8078135d433f7e9c692d9b9413bed2fba48206e55cbe0396a3f5c8fb460f427cfcaf96ccffc7fd36b3aca2474090cc0faea4f8526cfe0ef757007b7a0c69225be83585e35c7c395265a4992f3ff2be37839f57cf93ebbd25236e44b953e7836a80d837749ffc4696ce5ca2aac29a592e18f0cb4bcccb67b6b153ed65f82bfe99542d4c220423062641b4144e383c111420874aa542bf05ef937814a3cfae54c3ba939bd1e86af8e507d42166d9a2f12288ec8ba66f164af212dc8b2f5b91f7b1decfba65786a0009a0c2743330692e3f482bc1b3b77d6ca00e1f2355373a612e027830076c3b2b779c2e500f77afbebd0717fba1b16cc6fc8781d6edb11e7f9e7707408ba08090557de26231f595d3a8274824c2664d0b240273b062cbf6009217af943a7e12ee84b87fccf004c1a7ae866dd1384b51bc871311fce8e06ea4232eff7decc255d67bf8b142873547f0928e80a5f54b06c4b40e6c8668c6f922c9b68c992e4fd783861a94852ee8ad94626322dce6b137434e0a78ad324ed285c0021a954b0f9f1d5d07265f29a253240f1430dedb4195b3267721a0d29d5977d7166cff0eab06b56570510912929feda6d21e821d9bf17571157e9e47b17937330683978b7c713af955c58875f1392894f2a19de43b4e07de68dcd4ac8ab73128b8b6ecf1aa34f74c91cf42404ee1374e36935c3b42e78dcf6df47878208bb0cf21bc3f23ad47dd730c2c458ae903e6a2c1830cab22446515739bbf247afb5e071858a185a548e1760ff95500592c6322ed27bc9c134de40112c7c531d6bfc6665c3e4d40dbf59c67b409875cc5a94707e90686174b278df8f4ced53f738254710a91dde934b9932de199f09a1799f4d75bbd71f5dc437e278be38fcb2e3b2a910209efdcaebe7df6eabcbffdd30ad224650a7cf2391e86646d82906b82c4bf0c449a142b477ae818db1050d0d54b90fb766e3c92fa582be8c3c51a6cfa260a7e8f09831209d28833ddb81960e21a974033c1cf5446e437fc5d433b7091ffd28cc23ec39207416459927d1b1cd8abcb61bff35c2fb0a0248ab4b66301fe93a4f1d1c27544963bcc95938f5b522b11be39bbad529e39f839e04f974b911cd0b5c5728be88515225e15e7e7ceef9da92a9632ea1c68f311e8ef95335e9c3aba4a75ab1d3f18c74eb5802f62d74ce1956cdd8e57effeada2f223f98af7386b4547ce0f398236a7db8cfbeb66f0cac5473a8bc92f5444363fdd9591a20cbc90283c0c86fff7f008bac826a748e3849cc5d9a10ee3323b2e5b358118e7a5906c873e0113e2e73f581f8a7f15a009d5b373673d9cea9f5f221c3ee685517917c9f81547881f9c8c7a7dee467d58f3f31a9e987d916be044594d1082bc8afa583367daa95ac91cdef354313f12bc6cddd3b5fee6bd910a1537ca67eb8b334fb8665072e1ceaf01f7266615a4dbbdc905a1ec4a870063d001361bbce20431d71cdb6254c4cd4328df0f74e19fb5d80d4cda3575b867106023c32d00b6e2bc845996ced1d34d1febc6adea5e8abed7839d7d72087108f75871f0550e2374a7eaf7d892548e99bd7b8d467b15fe403f05d03c41e809411bd4a48b0cf0f0979a8b7bb6135e42e47ab5099d17a5dd9ef6a255e9035b1934338c0b3dfcbbdafe6c8aba34533c35ef5c241e30cac2e98a90346b49b38f170799fa2256d6088f4deadf8d6807f461df7ad3c418c53a208075fb90a1cedf7104fa0568cfe8a56a29fd24122e353f9a7781389ef2c7440b4f7c78dd53159c3fa3c7cb55ed89c89ec1b317ef9282c23380d1cc51902fe342fbdc0414f3f75bf95ffb31fc5f425ee979e61ac32bac5ad9909385e9e3be5f9aaa1d92b93772a288968c977fb337613ed2e1489f3cacc237f73ab27765377693340dd96cf5622081d6a93f9c76d275133111d972312263ea437e4beebdcceaa1a2d00a160986cc102bec4bb585806b55859bc022b0f2176a9539a0f9d6d922d8e8668a1924e0b9812cf0d3a82b76073b00ed92ed102378f626634c5349f37ceb4dc5b96c4f9130ba8ddf4ad1b122eebc7481d89fa081718e4089d0920dd3d1f3e63eb5a4c49283bd9123bf0a03e66adbc28d329bb8edcb5660fcea1e23980f4cb31d71b0e7f7e64e8db9cc56fa38485ce2e51ce5549116a0129b07236577f8de4ecb88cb62f9c05f2e1030fe6ddf1668a464f3de1d194ed408ec87ac7a4d98cc426dd93561b429fc3580d7df26f4411c159475d621022c0d51a36b9ac3f47683eb4fbf2c552", 0x1000}, {&(0x7f0000001200)="9015fea31dd1301d673b63fbd7843ff20e89066028c7740c10a178b6e7ba9644e138f720a7aaefed379ecd5786e5b895354cb5b2a6710113d92d89a6836ba7e7b055d7416d79005957cc010e7f6c4069108c781928a00c602847b005f18a481fd7ee54ca85816f18328cd820ea42fca78096c915cc7113efb7a6204e1989ac2aa253e5baefed4798e71ba7bc812d56828463d4c21a9c3f9d274e31baf13f70f99fd08280aef730db94dc7b614243dc59ab1c7fd21bd21d2ed27505698d3a81e4a0cbd5df97df746c92e48f0d3576b9fc9f1e449c3a7ff96deaff5a5acfc8a43ce1e4547952fb7c2c96670076a915e917d6e1fda967b0f80888e71c8ebb", 0xfd}, {&(0x7f0000001300)="52d0949149c933837033f51bf276f1451a552f01a15201eedea98ba37097193fa62d4ffb85175f126ebdd4337c9554a07c3fd63306a05490c763314581af6e215fac47e929b95f302862215472a7ea1b92d7cc2bb9d7ac4136ed9b5831878aaafd0a53e54079d31d7ec06bc32b2f2e800396da30992f9c9c19d4ed718dab44bb6c3cee211b82ca6dacb9d1306f9033ffc4b2f0534c1d7ccd0188adf5c81a402690bfe58c238e4c4e76551f34f281a2d72e640521b87cac0d362ba175754decb94e583791000799654b5c6f0e80a61f8a81aaecb31cb71ed857ed31d836714fcc3890be8302e73c214114bbe836842fb40a82c68ef947c7ad03b27680f4", 0xfd}], 0x5) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x0, 0x3dc7a0d6}) 03:32:02 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2357.267517] sg_write: data in/out 150994912/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.267517] program syz-executor.6 not setting count and/or reply_len properly 03:32:02 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:02 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r2 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000180)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) [ 2357.315934] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.315934] program syz-executor.7 not setting count and/or reply_len properly 03:32:02 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)={0x0, 0x3f}) 03:32:02 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f00000000c0), 0x840, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000100)={0x9, 0xfa, 0x5}) [ 2357.335586] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.335586] program syz-executor.0 not setting count and/or reply_len properly 03:32:03 executing program 3: r0 = getpid() r1 = clone3(&(0x7f0000000280)={0x200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x40}, &(0x7f00000000c0)=""/207, 0xcf, &(0x7f00000001c0)=""/97, &(0x7f0000000240)=[r0, r0, r0, 0x0, r0, r0, r0, r0, r0], 0x9}, 0x58) getpgid(r1) sched_setaffinity(r2, 0x8, &(0x7f0000000300)=0xc7) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:32:03 executing program 2: r0 = getpid() r1 = fork() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r2, 0x0, r2) write$sndseq(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) kcmp(r0, r1, 0x4, r2, r3) getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone3(&(0x7f00000003c0)={0x29002200, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:32:03 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) inotify_init1(0x800) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:03 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x48, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:03 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:03 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {0x9}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f00000001c0)={0xe40c, 0x2, {0x2, 0x1, 0x80000000, 0x1, 0x1}, 0x81}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x4400) fcntl$dupfd(r1, 0x0, r1) write$sndseq(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000000c0)={0x10001, 0x2, {0xfffffffffffffffe, 0x0, 0xa75c, 0x2, 0x9}, 0x8}) 03:32:03 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2357.507521] sg_write: data in/out 150995420/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.507521] program syz-executor.7 not setting count and/or reply_len properly [ 2357.511249] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.511249] program syz-executor.0 not setting count and/or reply_len properly [ 2357.520386] sg_write: data in/out 150994913/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.520386] program syz-executor.6 not setting count and/or reply_len properly 03:32:03 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r2, 0x8010671f, &(0x7f0000001140)={&(0x7f00000010c0)=""/78, 0x4e}) ioctl$BTRFS_IOC_INO_LOOKUP(r2, 0xd0009412, &(0x7f00000000c0)={0x0, 0x25}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r3, 0x0, r3) write$sndseq(r3, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000001180)={0x6, 0x1, 0x0, 'queue0\x00', 0xff}) 03:32:03 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:03 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2357.637093] sg_write: data in/out 150994914/80 bytes for SCSI command 0x0-- guessing data in; [ 2357.637093] program syz-executor.6 not setting count and/or reply_len properly 03:32:21 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:21 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0xc77}, 0x0, 0xe, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000180)={0x0, 0x9, 0xff, 0xf7d4, 0x52ab, 0xfffffffd}) perf_event_open$cgroup(&(0x7f00000000c0)={0x1, 0x80, 0x7, 0xd7, 0x63, 0x6, 0x0, 0x0, 0x40, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x7, 0x9}, 0x8000, 0x3e5f, 0x7, 0x0, 0x2, 0x7, 0x6, 0x0, 0x0, 0x0, 0x9}, r2, 0x7, r0, 0x8) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r3, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r4, 0x4, 0x2400) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40042409, 0x1) syz_open_procfs(0x0, &(0x7f0000000140)='net/arp\x00') r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) pwrite64(r5, &(0x7f0000000380)="d7ce0883d0f56c5e6afb38bac9eb30454e6994f60b92f70614473f8a4adae882455aa4da531f733ed5d0729c73e291de3170260c4b904749be542571dcbf22324ad3b1574af9ab056df7943ba2011a75683a229c2c5b74748a0ecd63bb85fe95b1693184330ab2b10d4826060183e0f0201b503d2a0f22d5e287c64f3d1be5f67985278518fe", 0x86, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r6, 0x40a85323, &(0x7f00000002c0)={{0x9, 0x7}, 'port1\x00', 0x16, 0x140044, 0x2, 0x1, 0x4, 0x2, 0x37d3, 0x0, 0x2, 0x8}) 03:32:21 executing program 2: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) prlimit64(r0, 0x5, &(0x7f0000000040)={0xf2, 0x4}, &(0x7f0000000080)) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x1e8}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r9 = fork() kcmp(r9, r7, 0x6, r5, 0xffffffffffffffff) fork() ptrace$setopts(0x4206, r7, 0x5e, 0x0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:32:21 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:21 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:21 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x2bb, 0xffff, 0x0, 'queue0\x00', 0x1ff}) 03:32:21 executing program 3: getpid() ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) getpgid(r0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9596, 0x0, 0x10004, 0x1001e5, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000000180), &(0x7f0000000040)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r7], 0x1}, 0x58) 03:32:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2375.466158] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2375.466158] program syz-executor.0 not setting count and/or reply_len properly [ 2375.477510] sg_write: data in/out 150994915/80 bytes for SCSI command 0x0-- guessing data in; [ 2375.477510] program syz-executor.6 not setting count and/or reply_len properly [ 2375.486104] sg_write: data in/out 150995676/80 bytes for SCSI command 0x0-- guessing data in; [ 2375.486104] program syz-executor.7 not setting count and/or reply_len properly 03:32:21 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r1, 0x0, r1) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:36 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x1a, 0x1, 0x1, 'queue1\x00', 0x81}) r3 = inotify_init1(0x800) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000180)=0x6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:36 executing program 3: r0 = getpid() r1 = getpgrp(r0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x2}}, './file0\x00'}) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r3, &(0x7f0000000100)={r4, r5, 0xfffffbff}) clone3(&(0x7f00000003c0)={0x20000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:32:36 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000000000, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/bnep\x00') socket$netlink(0x10, 0x3, 0x8) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/consoles\x00', 0x0, 0x0) 03:32:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:36 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x68, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:36 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0xa, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:36 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:36 executing program 2: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = syz_open_dev$vcsa(&(0x7f0000000140), 0x100000000, 0x80001) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) r5 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r5, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() ptrace(0x10, r7) kcmp(r8, r7, 0x5, r1, 0xffffffffffffffff) get_robust_list(r8, &(0x7f00000000c0)=&(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)}}, &(0x7f0000000100)=0x18) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) [ 2391.119461] sg_write: data in/out 150995932/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.119461] program syz-executor.7 not setting count and/or reply_len properly [ 2391.125065] sg_write: data in/out 150994918/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.125065] program syz-executor.6 not setting count and/or reply_len properly [ 2391.138928] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.138928] program syz-executor.0 not setting count and/or reply_len properly 03:32:36 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:36 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000000c0)) 03:32:36 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:36 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x10, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2391.306428] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.306428] program syz-executor.0 not setting count and/or reply_len properly [ 2391.317151] sg_write: data in/out 150994924/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.317151] program syz-executor.6 not setting count and/or reply_len properly [ 2391.341111] sg_write: data in/out 150996188/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.341111] program syz-executor.7 not setting count and/or reply_len properly 03:32:36 executing program 4: syz_extract_tcp_res$synack(&(0x7f00000000c0), 0x1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:32:37 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:37 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x74, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:37 executing program 3: prlimit64(0x0, 0x5, &(0x7f0000000000)={0xd1, 0x7}, &(0x7f0000000040)) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1}, 0x58) prlimit64(0x0, 0xd, 0x0, &(0x7f0000000080)) 03:32:37 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x48, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:37 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000000c0)) [ 2391.476115] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.476115] program syz-executor.0 not setting count and/or reply_len properly [ 2391.495104] sg_write: data in/out 150994980/80 bytes for SCSI command 0x0-- guessing data in; [ 2391.495104] program syz-executor.6 not setting count and/or reply_len properly 03:32:55 executing program 3: r0 = epoll_create(0x1) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x30000010}) r2 = getpid() dup3(r1, r1, 0x80000) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r2], 0x1}, 0x58) syz_open_procfs(r2, &(0x7f0000000080)='net/dev_mcast\x00') 03:32:55 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x0, 0x6, 0x5, 0x3, 0x0, 0x2, 0x29000, 0x4, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x7, 0x3}, 0x10000, 0x101, 0x6949, 0x7, 0x0, 0x9, 0x0, 0x0, 0x566, 0x0, 0x4384}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x404b00) fcntl$dupfd(r0, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) fsetxattr$security_capability(r1, &(0x7f00000000c0), &(0x7f0000000100)=@v3={0x3000000, [{0x1e68, 0x2}, {0x3, 0x3f}]}, 0x18, 0x1) 03:32:55 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:55 executing program 2: clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1}, 0x58) 03:32:55 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:55 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000000c0)) 03:32:55 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x4c, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:55 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2409.467262] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2409.467262] program syz-executor.0 not setting count and/or reply_len properly [ 2409.479707] sg_write: data in/out 150996444/80 bytes for SCSI command 0x0-- guessing data in; [ 2409.479707] program syz-executor.7 not setting count and/or reply_len properly [ 2409.500606] sg_write: data in/out 150994984/80 bytes for SCSI command 0x0-- guessing data in; [ 2409.500606] program syz-executor.6 not setting count and/or reply_len properly 03:32:55 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000000)) 03:32:55 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x300, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:55 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:32:55 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2409.602103] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2409.602103] program syz-executor.0 not setting count and/or reply_len properly [ 2409.613486] sg_write: data in/out 150996700/80 bytes for SCSI command 0x0-- guessing data in; [ 2409.613486] program syz-executor.7 not setting count and/or reply_len properly 03:32:55 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x68, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:32:55 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) [ 2409.671266] sg_write: data in/out 150995012/80 bytes for SCSI command 0x0-- guessing data in; [ 2409.671266] program syz-executor.6 not setting count and/or reply_len properly 03:33:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x500, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:09 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:33:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x10, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:09 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x9, 0x2, 0xd3, 0x2, 0x0, 0x4, 0xa2022, 0x5, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_config_ext={0x7, 0x5}, 0x880, 0x5, 0x5, 0x2, 0x657, 0x8, 0x68, 0x0, 0x5ca2, 0x0, 0x2000000000000}, 0xffffffffffffffff, 0x8, r0, 0x8) getdents64(0xffffffffffffffff, &(0x7f00000000c0)=""/221, 0xdd) 03:33:09 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:09 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x6c, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:09 executing program 3: r0 = getpid() ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) getpgid(r1) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r4 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r5 = fork() dup2(r3, r3) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r3, 0x128}, {0xffffffffffffffff, 0x2002}, {r4}, {0xffffffffffffffff, 0x6080}, {r4, 0x9200}, {r4, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r5, r8, 0x6, 0xffffffffffffffff, r7) r9 = fork() kcmp(r9, r8, 0x6, r6, 0xffffffffffffffff) getpgid(r8) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:33:09 executing program 2: getpid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r2 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10005, 0x1b7, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000080)) r3 = fork() dup2(r1, r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r1, 0x128}, {0xffffffffffffffff, 0x2002}, {r2}, {0xffffffffffffffff, 0x6080}, {r2, 0x9200}, {r2, 0x62}, {r5, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r6 = fork() kcmp(r3, r6, 0x6, 0xffffffffffffffff, r5) r7 = getpgrp(r6) getpgrp(r7) r8 = fork() kcmp(r8, r6, 0x6, r4, 0xffffffffffffffff) r9 = fork() kcmp(r9, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x2, 0x1, 0x5, 0x2, 0x1, 0x8, 0x40, 0x400}, 0x0) ptrace$setopts(0x4206, r6, 0x7ff, 0x10) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1}, 0x58) [ 2423.473132] sg_write: data in/out 150995016/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.473132] program syz-executor.6 not setting count and/or reply_len properly 03:33:09 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x74, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2423.524667] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.524667] program syz-executor.0 not setting count and/or reply_len properly 03:33:09 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) [ 2423.537412] sg_write: data in/out 150999004/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.537412] program syz-executor.7 not setting count and/or reply_len properly [ 2423.553417] sg_write: data in/out 150995024/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.553417] program syz-executor.6 not setting count and/or reply_len properly 03:33:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x48, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:33:09 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x600, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:09 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:33:09 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x7a, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2423.693544] sg_write: data in/out 151013340/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.693544] program syz-executor.7 not setting count and/or reply_len properly [ 2423.700152] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.700152] program syz-executor.0 not setting count and/or reply_len properly 03:33:09 executing program 2: clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1}, 0x58) [ 2423.725230] sg_write: data in/out 150995030/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.725230] program syz-executor.6 not setting count and/or reply_len properly 03:33:09 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4c, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x700, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:09 executing program 3: getpid() ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0xffffffffffffffff, 0xff, &(0x7f0000000000)=""/96) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x2}}, './file0\x00'}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000140)=0xc) r10 = dup(r3) clone3(&(0x7f0000000300)={0x10900000, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r8, r9, r4], 0x3, {r10}}, 0x58) [ 2423.822589] sg_write: data in/out 151014364/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.822589] program syz-executor.7 not setting count and/or reply_len properly [ 2423.867993] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2423.867993] program syz-executor.0 not setting count and/or reply_len properly [ 2441.126382] sg_write: data in/out 151021532/80 bytes for SCSI command 0x0-- guessing data in; [ 2441.126382] program syz-executor.7 not setting count and/or reply_len properly 03:33:26 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:26 executing program 4: r0 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$chown(0x4, r0, 0x0, 0x0) keyctl$link(0x8, r0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:33:26 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:26 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x68, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:26 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:33:26 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:26 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000000)) 03:33:26 executing program 3: r0 = getpid() getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) ioctl$SG_SET_DEBUG(r2, 0x227e, &(0x7f0000000140)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r5, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r6 = fork() kcmp(r4, r6, 0x6, 0xffffffffffffffff, r5) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x7, 0x5, 0x4, 0x3f, 0x0, 0x7f, 0x88000, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000040), 0x3}, 0x40001, 0xf9, 0xfffffffb, 0x2, 0x1a2, 0x7ff, 0x101, 0x0, 0x6, 0x0, 0x4}, r4, 0xd, 0xffffffffffffffff, 0x8) accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x10, 0x0) [ 2441.147074] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2441.147074] program syz-executor.0 not setting count and/or reply_len properly [ 2441.151174] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2441.151174] program syz-executor.6 not setting count and/or reply_len properly 03:33:26 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:26 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:26 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) [ 2441.263353] sg_write: data in/out 150995420/80 bytes for SCSI command 0x0-- guessing data in; [ 2441.263353] program syz-executor.6 not setting count and/or reply_len properly 03:33:26 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6c, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:26 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) [ 2441.298041] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2441.298041] program syz-executor.0 not setting count and/or reply_len properly [ 2441.335804] sg_write: data in/out 151022556/80 bytes for SCSI command 0x0-- guessing data in; [ 2441.335804] program syz-executor.7 not setting count and/or reply_len properly 03:33:40 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x74, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:40 executing program 2: r0 = getpid() waitid(0x0, r0, &(0x7f0000000000), 0x20000000, &(0x7f00000002c0)) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) waitid(0x2, r0, &(0x7f0000000140), 0x1, &(0x7f0000000580)) r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x1, 0x290400) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000280), &(0x7f0000000440)=ANY=[@ANYBLOB="00fb2006811f5644bbad039733036522a424eec568fe55c70000000000000008635b5632daf946c1a1a7fccbdbbd9d3fe777cbfc78c3950f153291b4d61c0b260cc85d49d8b11799568ff1121ea37dbd0ef086db54f43b015b888420110000000062e9d81a2cf999dca50fa12d2d2fcd53cce82ecfaf11b12540ebb03476bb4206fc64218a4ccb2be3fc4156e68e36f0ef50d2aff1c1234af375e94447eaa8e4af40063f6e60839b1275f7a9be15ccd5b60c13fbca2937c32d7dad5c7b7ec1abb7d53ed0f116db004864e64178c139a7b6eaef4a67882bc7cb8f963ca28e6e27e6408c7e61bf39e3f4d824d9bc7f132c7d5348c962bba133cf60228e12fe40d3e480f918fc54f3ab76d578898eb7938a0e1eac93d711c31f2d46796e08dd11de"], 0x120, 0x2) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) fcntl$setownex(r1, 0xf, &(0x7f0000000200)={0x2, r2}) 03:33:40 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:33:40 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:40 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x800, 0x0, 0x1, 0x101, 0xfffffe00, 0x74c5c6e6}) perf_event_open$cgroup(&(0x7f0000000100)={0x6, 0x80, 0x0, 0xff, 0x7, 0x4, 0x0, 0x3, 0x11600, 0x4, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, @perf_config_ext={0x80000001, 0x2}, 0x46040, 0x4, 0x5, 0x9, 0x7, 0x100, 0x3, 0x0, 0x1000, 0x0, 0x80000000}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0xf) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r1, 0x80047210, &(0x7f00000000c0)) 03:33:40 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:40 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:40 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) preadv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/69, 0x45}, {&(0x7f0000000080)=""/29, 0x1d}], 0x2, 0x1873, 0x6) [ 2455.289396] sg_write: data in/out 150995676/80 bytes for SCSI command 0x0-- guessing data in; [ 2455.289396] program syz-executor.6 not setting count and/or reply_len properly [ 2455.299137] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2455.299137] program syz-executor.0 not setting count and/or reply_len properly [ 2455.323104] sg_write: data in/out 151024604/80 bytes for SCSI command 0x0-- guessing data in; [ 2455.323104] program syz-executor.7 not setting count and/or reply_len properly 03:33:40 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:41 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:41 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:41 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) [ 2455.418635] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2455.418635] program syz-executor.0 not setting count and/or reply_len properly 03:33:41 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7a, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2455.445014] sg_write: data in/out 150995932/80 bytes for SCSI command 0x0-- guessing data in; [ 2455.445014] program syz-executor.6 not setting count and/or reply_len properly 03:33:41 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0xffffffff80000001}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x3ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:33:41 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = fcntl$getown(0xffffffffffffffff, 0x9) capget(&(0x7f00000002c0)={0x20080522, r1}, &(0x7f0000000300)={0x8001, 0xd2, 0x5, 0x56, 0x6, 0x2}) [ 2455.498021] sg_write: data in/out 151026140/80 bytes for SCSI command 0x0-- guessing data in; [ 2455.498021] program syz-executor.7 not setting count and/or reply_len properly 03:33:41 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2455.586025] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2455.586025] program syz-executor.0 not setting count and/or reply_len properly 03:33:54 executing program 4: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x80000) r2 = socket$netlink(0x10, 0x3, 0xf) dup2(r0, r2) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:33:54 executing program 2: r0 = getpid() r1 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffc000/0x2000)=nil) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000000c0), &(0x7f0000000100)=0x0, &(0x7f0000000140)) r4 = getgid() setxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="02000000010006000000000002000600", @ANYRES32=0xee01, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000700", @ANYRES32=0x0, @ANYBLOB="02000300", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040002000000000008000100", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r4, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\a\x00', @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="10e3ffffff00020000f6a065f1070d9c"], 0x7c, 0x0) r5 = getpgrp(r0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r8 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x4, 0x10004, 0x1001e4, 0x0, r7}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r9 = fork() dup2(r7, r7) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r7, 0x128}, {0xffffffffffffffff, 0x2002}, {r8}, {0xffffffffffffffff, 0x6080}, {r8, 0x9200}, {r8, 0x62}, {r10, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r11 = fork() kcmp(r9, r11, 0x6, 0xffffffffffffffff, r10) shmctl$IPC_SET(r1, 0x1, &(0x7f0000000180)={{0x2, r2, r3, 0x0, r4, 0x10d, 0xffff}, 0x4, 0x4, 0x4, 0x84, r5, r9, 0x5}) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:33:54 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:54 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:33:54 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_generic(r6, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x19, 0x200, 0x70bd29, 0x25dfdbff, {0x19}}, 0x14}, 0x1, 0x0, 0x0, 0x4000081}, 0x40) dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r9 = fork() kcmp(r4, r9, 0x6, 0xffffffffffffffff, r8) r10 = fork() kcmp(r10, r9, 0x6, r7, 0xffffffffffffffff) rt_sigqueueinfo(r9, 0x3b, &(0x7f0000000000)={0x6, 0x76, 0x7}) 03:33:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:54 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2469.270959] sg_write: data in/out 150996188/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.270959] program syz-executor.6 not setting count and/or reply_len properly 03:33:54 executing program 1: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) [ 2469.302877] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.302877] program syz-executor.0 not setting count and/or reply_len properly [ 2469.306045] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.306045] program syz-executor.7 not setting count and/or reply_len properly 03:33:54 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:55 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:55 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:33:55 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2469.452242] sg_write: data in/out 150996444/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.452242] program syz-executor.6 not setting count and/or reply_len properly 03:33:55 executing program 4: r0 = perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x6e, 0x1, 0x20, 0x0, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f00000000c0)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r2, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r5 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r4, r4) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r4, 0x128}, {0xffffffffffffffff, 0x2002}, {r5}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r8, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r9 = fork() kcmp(r6, r9, 0x6, 0xffffffffffffffff, r8) r10 = fork() kcmp(r10, r9, 0x6, r7, 0xffffffffffffffff) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)={0x239c, 0x11, 0x20, 0x70bd2b, 0x25dfdbff, {0x7}, [@nested={0x1112, 0x7d, 0x0, 0x1, [@generic="b7c051d60ec8e6d03d09757f36f16d7250793d84bfe49e6e03bfc32afefbffd9cdb6254a67257be17f1b8a51b59b9d61a895f146aff3459f874cb72c8a16f02c7babb196affd0a6e7719826c09405c1c75296687f62f7abfe7f0be9e2f0431ab29607d431dbec9c60bcc9b04907ff5fd78ae8da15b79d6ad877b4afa6ad9c2c98fd20b123595104f3f8d91416bce51062cce6a04a1abaa6a1f831aff71fba6530527e830466b9deb5f95e396047ed7a51edc149b4c62264cea128d80e01361e1fcb4701ce6450bb67c0bfecf9c22cfa2fdb9963ab9d4f06f0f32a4dbb84e6db2bc41c378d62c78cd1859bb851b5a75059135e441675f5d6c624ef296243eefe8263f14cb42d72723dc9187076b5f01f449ba0d4c9ec605e55243f83cd2dafcce76669b5f68861602c33a709205bf61071ecf437445246b2c38fbded61a2559438499cb41deaa1bf5a24e2d7e051966a62eaec993f1daa6c101f9b781387945a8a557e60aa217ec28da151c718c29fa2f726300eccf415fd7b5b63eb3a4f45ae97c11849d6da9a9afafef2a1785a66be3758a859ff89f24eba3ba3b655a66c20f313ab9dd28000e7b0b28dc421b1a13fac3f34e3077dda1833197f5585eb20155d0193b96d63299e9dc0d1f7e23b0893bd052e36148a2dc006dc7c0f473b4678da9bb19a4bacf58c489b9e245310aa3f451633ae1bde674e9f08bc4711309bd05beafcb38e64069610dfb2eeccf6a3d0e1656df594f7ef07645c57f5707dacb9b2c007bead58b88eb1065554b5166e602f71df4f2134576f36837601f2d5133139d52c9ba1240d6ba9acfac6fe5e588a618215df59ef523a3f05f9cf89ab9a21e667f84d75cd7aae4ca7779ee72a5eb9622e3dba5ee4085f0e79e3f1a6c8b03c8e597ad67114a23dff23f07f34f4156027e6e583390b34930fc671bb42e75d2e78e2620349d030e9c05252645a6b782373898c2b00da3c0f56bcac70b464dc53d5b40376cee40a3ac4fcd9b85d854af79035dbb9610ade0206526088a57e679180ddb6419f759f21c8dfe082cc2c5bb935b13c0bb4f643a7748a3b95340d85ea91c3994814d5bd2d47fd321c8f0ebafdbe1d34b189b0d8c54749a7b0f00314c3ac28672c69e5b346d8243941b79d67dc855c33a35bfc5fa981eb4400e99be18a243bb95cb1f8b138f4d23bd7c79a357c549819330196fac39098c66d0aed4cdafe62deda0cdc5180034786608579badebd873cb239e61bdfd27c3b34bc86e7461fcbd42442c0442492b583145dacd932197280cf38c7d775cdbd1162119a885db9b49af37deaca8ec7e29e520ce941c009657ba120f43c40f96bca75fbeeb5f288f1ea265c7facc9a0a883b5335417c38a05b2c06ae4e1859638e803f7a323d2c8b88fa2840b95d90108f3e8d30c3c9eea3927b5cb91c4495d6c963639285d4edce15f0e8bb5ee046a025e6d56e54d3219d6b6a0b5eefdf036b742c807bf1407ff41d6a214b34f7696194199ebf896c1c8ca6e8bb697b5ba234423808d0e06326846e68f504178a835201fa72183db36a067e9c53b29375041a1195d18637a9157414ba7a7183d1ba343879363bece2e305c6863d1ebd3c5ec5b4cf6de22337daec545ea0ae274dcd627c0e05b2af716c7ff1b0568aa3f8ab808c775e960de1307361e21f336337122c8741fc07a24f9dfdf93f4d2c0250994b1b2180da71b282801a2f16eab9288f870fab1904aa81820b6bc490a54deab3384aa2a8de380961d04ec33e51d22d0a986a81d081d035bb9ae4bc8bdb89e959f72b446c0203aa5715c4c71860c7b849bbfd0e0a1a15bd0c8590c5fe8c7b534b1067312d2233922e62d4d7594c029c2fd007fa04d42a6b44ddb0b37ace2b555c90691e708538a279f8f0bfe0145b97e9a03d6ffacd8b74be3a442ab85a3f8ed2270c543b4a76e7cfa39affeaaf8467f5d83cd985bc35138be9bf2d5688fed74655af4779678826a56a788c2598532bbea15acf484460ec8c9e26891d66a8c06b82a38aa8c3cb51b42715bccfe29d3246cf3d08f102edd32ab20792fc8fdf9c419f9258efd1d45135cbea990c1345028511b123791b875c8bf64c3ece77a7b74f523b5b7488780c7e404eaff095e896160c6a907d767159a189dc4150bbc92e08dcaf8c9b7906acd105491b9a3784756882dd4c12011e0440afcfd6d65c24d74e06625ccdf57a3d4c2b27f58df859165ed44cba666e9e6b328a8fdb86a7645bffbd514774371257f7ccd8d8f4342bbb65ebcef74f344e27450b734d78fc59f16db304a00180a27942d32a2de5163a862ff80de1c3901d97843b0ea55ed98e88d36a04bd5577fcb508a853e1788a7f6739db6e4e0602d3a4b24b5333f6a0f4f55f01d963a028a78770fb061b8e34f02c126c7d15a2e677355732c4696f6258a24c57650e8e29ab03473f6c820380609ad07a18c894dbb4b857fb5228b8ca4fa3c739e01f069c536248e054edecf5c57519cc61400e23f9e48b6ff0a539938e9416a283c8268b57a1cd026cfb74b3f3db5a901dab933dc8a4a9ca4497489c881dc084a45d2684b3a1845bdfe6c18f84b45e5eb27c607777fc49b7efb89bdae30c4ea977f5989e77ff3c814ecd2c58d56ef4693f22c8456ccef1db8864b37d1e85b3912f3bfa53dfa63c0ad28bad40b5a2ad6ac20ebb173daffed39929ba6169869796293b03f6224cfa591267f26075be59da64099180e34093b85cceb0a4e0dbf7a3f9dfd33fa44c9ca20b34475138de969c70d4302c9d66c1b425be75cec3c3531ec1b85f19cd46d9f232ae18f3ca4d7a8931eacbc43c36ec076cc20a0258a7ef80c191301c015923cf8877c00bf50e45220928646689e0006f6a725395b630f7bc560a04d975ae0ca02cbf87d7c5d46454ab75ca145e8154d494698b5450347aede80c7c678ffe70936451aa8e9f0d2f72a71d79aee03f98d19aad5d6846d30799ba2705d983f63d9866df4e8470f919b839f46b0af8198918c29e88f686de4ba3f5da9bcff13dd33af6239b38f3860790dd423c18571f560ce1a9e8d11703a90fc68f0436558ada26c826211377c85ae3518fa9a26255d78934990e56bc757bab22d840a4d7da0d6b905002dc6046c7c59a49132267ea580fef8430a043a5919b3d7255d3a5df39ece20bd4b054f2bb610084497db05281e7989088a77c9db77f468662c77a44de40e9e44d896991825dcec89403c0b4a477027e18b400550f1f85a9510beef9dc078bf8a744c1c99d75d1f9f07b0ecde0d00a9c21df79122bc9633a9e7617a6c0c05798e9ecee21af93b57de83120e6fac2bc1c1bfa3267461092aebacd10291fedbe87a322dd60a068d9c84bffbe0f652d3da073dc19879c9c815f7fc2acc51bf61437527cd1e16e684f891864749a0818d13ec02356b40babee04c6efbadc7b35f2a2386c8675625b8c27077c339e41c9df64000520c671d1d8e92e21a29ed6255661f1e4c5b0debbcdeb1ead72c8b596cf44ce206113d8f600949cf2c8a4f42b9b9dc4e543f01053a9f8899282a3b2d2159c6c3e36eb89e59c047b6bcaabab944e8af0fe65d5781b88d80645080dfd3b0e99892e6560357c3ca20838505d56b0ab4ad0509397f280f4b6d5ee71afae01c501c76a0815e85f2d3112bec2e8bf127f228fec2df39b5db32efedbac04ae2c83619a4193dda17124e599ea8a43b6833a7c28110977894f38f61443ad1199895f121c5953d51df672dda2c0adcab092ecc57738b17ddb47124c74de44009ab05fa08ca3b14cce5775ccf1a762e42e6d697ccc5f318527b2c968b2a72e52ad15e2500b7f408d0f1c8291018b727037a8a82de970fe397faac644f4263a2cb799c4df5778c21054d49669bb10ea4502abb96b7dc1a769a4b5393dadf4121eb0d5d4836fdbe9ec00d7e3ae2edf1c5cca7bf837afe30690cfda7446a7dec1a134df2e5de0ad73e1819bf4c97cdd1f15798e8b1176e9742c26d0c64fc46f23a86d4634dceb13f624322ff2498a7bceab9b900d9ab11b5dc477e8e376afc31044cf58a207ca0c8ae473e2e316f679208b449711d0eb04d3163b7039b8e95a9e2fbbb8025231296619970ff98a02033d891924820657de22f14aeef06359b18e8d9bba2e0ea4f04add463f81b1c28b8404c1f148488c7bc460df84d55dfd118e5da6ea898577fec67795ba618435c3d14e3f6c9c8573e8e0e0f5e8e5cd90bf9ad89d75481b0a02f79ad6000a4506a1ec5522ccd1175c285a3178a35eaecd2fabf35ed4ea7a8fd376b21593ba002c68d08d54a3780df0f5514b488cfeea2a617d5e25a9e0f93ccfa97761a8c4a267497d97c68b411f42a55d529c4e861376eea6d4ab48d35931d7fd4c23276463428d1417d408e3f9c12e040678dc287cdc0c1f817db02d79d9e707e6a914ec5fe2796ebcd91ee293052fe20300fbbaea5bfe871dc653319bfe50650892781242f139b8f5df6602d2a3c4c058998bc6ce7974b2eb8bdf2649715ff40a50782002211b994ea01adcbefad1e4e63afa6e7f8c6e8f32314453e38a1f5966d1036a6e48875544e0e167b296807650c7ceb175c8e2d56bd79f7eb9dfc7befdd768c6878e3d8a4a6a893abf54bb80d3e1e84d7e244ba18706826c5dba0d742889ed6f4f563014d960c851b7dac0599d65defb6ca85bba7ea336f3838d31826168cb1d00769dd1b507ced7c9693b09282228ecb8c9a17534318b6b989804b5b12732b841236134a98065b4501bd840a1025d64125754acc4eda98c53d5ab1b04de5b8a565bf969e9fd76e8dd5cdf78d7c01e5a933da31aa29c077cc3417910639ef5c537c87b1400ab5264a784737d8bd858c8d7b214e2253c1442ede699e9f2888cd5504a471f4e7c9879d765ce236cf334efcfc6325f69a64322a7cb85b657c91e1164f9acfad4ca43153fe75d3694d60bbc53c9e6b710fde23399dbfc990e5fc059b378056bee905aa6d69801b809ebc7cb1f391ccb26049997deb09f98c61263990f0aa85062794fcaf9d97f6d53ad5e4b6d61e58dbbc4ea4dc8b6a138ef57c663303079aafaeb40bc666c6d12784a4e99aec010756e2a4feae1cc61d6df292c6df359b6f7980102a2c7c1f2352e5585e18570ce54937d6ae04323918b5535bc5d917a28e2006765b67d4826f76390dd46b5b8d9588e93dd7024ad0657da7f85c0c2ddba3be12edd26be699ecbadb224083b266e4fc0497eab967f81bfa1b33dbb0a64c62cb72d200d041ceaa062ceb009b15c69c89dffaa1153bf6db5cd80e093d14834ee398889d728d6ad88b75383086c6380cac028fcdf14904c65c80ce94dae8d81dc967700b5d75d9b553399258fd2272bf1f7cdb6a317358c0c08820ccaed3bd26a6c41e15792b09486d2c181e3267e9adb82a7cd32541832e53f5717cc94f4b62a6e9c2b9ce4482cf1ffbd083c2c1305e4829a6afa9b2d2a6aeae110d627eb4a5be0f8640f3f9c4c35b8c876ab923efb3dfe1a6e605dd4361bbe1cc4d438b684a8b45bcf22ba047c2ff034302905ed35a786365be944afcb885f2eaeddbc52898f5f5d6aa7d95fb62f79026b3e8a6353ef6c6c9976bfc31f50f2e06a652c9d5b17d026fdcfc76fc023c2fe1850135e118b1960ba73e2af37ef7fbd580765abc552c514e7876e32374476ebdb74d07563d78b40054c18a1e71026ac18bbd1e7788076128ca363870dd83e21d5c100c36fa618abb9ee9b70478ddebf6f76d91946796e8f478e08e659f8ff3c71db91209b3c11af6388221767ec4ff1d2e6dcd2786ea6c6", @generic="b24ec7bc4a146a967babc72751cfc477e1e13b51bf17bcb5317e", @generic="4040929ce53456b2ad300f44b77160799043bfde3513471b6285b53b8e5eb64de56739dc428ac81d6832351e44406d9fa997d85c3c6b86b69861597f983092c7f2c155b1c143d2adc75c9dcdc7f8b9af484b733b369558a6705e98405bebf16e0f6037b1f94da578c1f0d6fbf1ee953b0741f358fa15587e5baaca3b4111f27f1738bb09a79b805c040ebf3e0354e6a3840b34748a11c3fbac9d518bb044066967c4b6b76d94c24bb554e13f3739c9f5be2323e547ae8c7cdddf25c6ef27d438b8be0a8611a95c8ec820d242e2e47818a09a4e759b2679dfcf4324c6", @typed={0x5, 0x2f, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x90, 0x0, 0x0, @uid}, @typed={0x8, 0x54, 0x0, 0x0, @u32}]}, @generic="46ebfcfc21ceb260c58638a56fd42cf22194df04512a2e5f156877175be7361dafb9c54d3d309c7502479ba32cd583611739719fdeaca219ae719a0c8fba656f51eec75bb9325605e95f0068f7af06aac09e3bef009b113bbddf3ec28987fadade8a79dac9bc8798e0e50e1fe0bba479675264ba6bae39ed96cdbe193537fad86e864f9d95fca783c991fc70b186a0e00f98459d3ff06a69cc37f27d4b4ed0fc701bdfdc19e52dbd56461c7bd29cf1810573e59abc2afe0f987a9bb67c3312524e43406bb6e4b99f36f2ce9fca6f9eacbc890ab0026f1dc8a1b1d84091887a86a8c0b9f82aee9ffc8f14d7110019e4ec265a92cd316ca2e2d20a861494d1f7e2441cf3389937b966d11020def8e69721fb86d2723ab40f71d7c5999488a61325906c926e27d34ba3dd80ee2d1904feb1cf78d6b9913ae6d6e61d76f7bf3a488f75e2236b421b3b5cb66e366b30de26f4c067abd31a3895b8d18f4d7c4824a5d7144d62432f743896746a575203902215b3458e299d726fca861a7d49d8872249cd1065f985c58084054ed0df8acd49ca7cbd5c48b22dc23ce61c575ff8b1406d1e4656ef62bfcf460ae760424a37d4923f4a7676803837dfe1bf7b7fe7e49cfc5efaefe73278a67a43b21d3de5625e42e64ce37535ec8f8d5042fe6ee86523a436fb8fe99e6ce3b9f998e7cfab03d91f2555664c60e895b01848faf4dd014acdd2f8679605727a8ad15510811f1054675151cdec49e5aaaa111d6d5232d7640ab9d47a2323216515e935f348b9c56fed9b99b7933bac12a65d6e6be3ba1cacce006d3bc654dd12799e5942ab33e100a7b7077d8ce64755b3661775c05165f56ce0bc64cda2cc995b3e0a34bc517516c76cf351b36d5dd44efeeb82b33a3aaed1cf7993cc5a39e8721222bea91e5ce839823faf43a527de2ff6a05b609aef3c9bb94419157a0933ab9be6854f0efe5b000b5935578a74fb8d2649aaeac94511b21cb824403208d017c4efde5c3a8b5e034ec2b45b956b663c4802cc5275e03acdc836e97871dd6f591f4db3aff48946323c7b98ced908d5b0f0ec15331d7cff4a3a043180328da5ecf635c3cd90ce825040b79224c1038212046d0b8cb43163a2ab92bd83d10284e19ddfbc38c2d1842193c3847d9340e907c7c27685d0334c18ad5592e181dba8a2ba35806bfd9f08d329933a6d32f7c0e583256dd77c2bc444c3ab4017c39fad27c486f56ea6e886f1f3b22e9e81b13e7020d79fbc63649aa634ff627887b900b1ceed189cb838eb7d4aa5322407410fce90891a7de467eb5e1ca6abf25fe184959d2c0c8b3fc0e4fd026517334e10c1043be963ce73b4d6704d6e9c65cbc30a6ff77e9bad7aeb5ac5f8abe2c1b3a2d357324239b7e35cd42b13b4bc3a2015ef6b8a18e25620bfabb78b257f9ba63319567677acac6034f76479926afb8ea84fe098502e606bf20e3e94b17ab2b8696c86ac72b4aab22dcbe04a309ec49c677ec6c522abf1ee13734aee8e07f36f6190d5239b4ea59de575bb1c22ad23e977f9e39faf912188a953716d14a2f2c9178cc1ebb5295d6d476cdacb91293fe0ad81923a94a78ce8d192159691978afc6e4abf4432d928460bf240c56ed652bfe7c728a6141f5982d251363feb929e259a605e203ad0d3b86507ecea866c87021abbae27d3344e5ee50fa2669a32923ab595eaac13ec5ef0342dc5b96732ba00e76bff0f6fa5b443897c43639f220ac39f11095a7a32d5e729bd293e8b773dfb9b14e579f1ec5813cb95576ac3f86162ff44e50ce6797d465d5a64fba43bf9a5d9dfb53cfcc6bbaabc3503bdaee9f56f89357629423bf8a57ca42af7b8f1acbb898131768bceee36103019a3ff8b342f02a3c6c9917520d129e03c81d80779d0dfbab022d74a432fe318b136b5f1862bbf27ead0b5e3af9d88f48d759f95d47f6e0383f6ae82ba2cef98ad915db5eb4362c086ff46205bbe4b743ea85414688d804fe79e016a9bf9cb2c86044aeb6992a9ef8eea1c99ef8dceeaff8cd1cc1479cd3d1a94a1a6ce72c139318025f39e7ec3ff3ed495aab1792229d34ea6b1f631e7dc5971a282924777252078e805b46b3e588cd6ae2c0818de30b142c617a9c3c351e0f67216ea0ed3a607cf71b07e7e0b6aa46f936ed0c0fe2ab1fd16b65743e694e2111971b83d2a5a5dca13d7890a66de1a9ea0ca3970812c83715914b5b87af82df4c4efb6e4ff429cd6d97aa44e8ee0b473af42b14b0a3b44ce5f39ab4a1f6e2edeabe895df7ce16b620074adacea353027ce83aa7726479144a1b07f2e7b9fbf3aff154ea1acc7883ef0514e3debf5b0f5ab5934e7f7d0e2dd30225252c12985a8aa370f6e329563ccaf4784c91d557383eca708816f8648a9b16dd4e08c8d8f3d7c3e2299e04058132ec4962b068f28cfbeff1316de9b05c2aa65d34c00553ad27b2193830b38c064e530ad657ca7218c4acac89e3ab7eb8e4e3ac59b3366fea1f607aedb6915709dd5643d442322721ac746cf5015c0918d3bf8b29939ba9278a3e1cdb5cfa1904c30a8f00cd8d141f5fe7862ec6af013c4fccdd7717665ed8a44540ec3ecc590229463d754ca8352a7279ad7dfa12981274e16754063745aa55f08557de061a608c6c19caa8f057b1458282ef23ae1dc0f9df919878c9f722ced892e66ad2904402e961f0964f1c90175f7bacb46d7be41309d0cd7bf1c6b3bc49a8f44181173e269645255f688f2171dcb09394e6f163bd428176484ce774bcd2fd7eb9921bcfd9a37999407765d44212cdcaa8e6db6f7a90243042f8a86d752782b02ae8c2d627895a9360c875480f3d7e0def749e014794ebd2db5644523f6e6c493cac0bc3579b7cd6f8ac1501b3ae6947dc669a14269e9de0a813eb713c195b890894640b781da777699788e2723545bf0dfa3ef36fd27dad8e93242e37891bfd9118b68fccab03916ca023c9bb74d6cedf39d0756393e279ba6aa7ac5bd12a8aa85a9f8f2d7cd9581aa08e3ed142fc854a7925fbcbf1e04833f711795861066594d97abf0e727047f65a73d12f727f9b093309b5e54e34e990191e58ef12bdbba0de2ad97bbd4eb9ab8738f1b7d76e59a805de0d21c15ae72c425679dffb3ab861abad116b082d5019ab5f546ce78a7fd332b665eae1a661434c7b15c5a6fce887116aca649f7402ef9df7f3130876023d2916a5e85cae76b5f912fffb8034512735a16905bfe18db8329e732cbfe673419126a6da24e9759fc1affcd595d7f74bd1e7dcf06ff14e49aa90e7512d4ab972c8e09ea1c552678cbd34b0a49b6d866299f08d567aa8c567f0bbe8dae402ffa91fc19b636904c6c7cc9a333a36628d602643addba76824abd18c5410b8c62be6a173734eb8a66ce3b3c8086cfe1e598f538df9064af2bdd548067150de8fcd149615ca8bebf987ae55231816606eae67523522fc12b38181d54380d28c80b7de38e0afbae31154f0e1219ef23d3f3c6fb2766a694b8bf3d774039bfc62da6e567f7ca6e10c90962a10ce2e3d0fcdf5527386b94f4cd23ca05fdc82753143a145f3058dc4355cfff4b651a44cbc0cc78354673d3c2d720ddf351a94dcac13d94818a96eab973629da9fb74b562a2ea0155d61005a53ce39fcf595e20f936070ee2731626d24904436e208060ee3ed659235af1817fc58b32ff20543fe12994cfb00ab4822325d841bbc52fb57373d4f9bb4d32936d03ffd72ecde4de1937e3ef3fa3a7a4c698810389752b86d6c41dec05aaceb80e6200ff47c963a3db2ad2c53be46fdcb73e88150f9764dfa7cdc20e5cb15d2659f7d5637d22eee9ced3f3de847d798c6ee9c7dec3971af61fd1729126dc81e2c843b2c057f2ff2d1eeb279b595be425c5983bffaf8fd5c0cf2c86f37d13e8b19514496e09df1fd90acaac7285c296bf784367255beb8bb9532ece48f70dc814b12ff08773db8098bab15a4dd6151990e87149e4025aefa8007547584e53a0466d8f75fc529f42422d0a9f1e2cbc34be1f0b50176680b5b990c7be79248e1a5f1d1278fe22ee51b1e84e61a9eb8db8764c6630ebc42f1f0c43273c0829c79a10803c015c6aa2f8fab4dba7ee0c25bbd5e1045cfbf12e9a3e3b99aba10dbc73ada4da7d1bad97ea3e5b815b497b0f95ea0e34dbccd392d4ad59b391fb6544b9d68743950820ce241320d6c8530b766793b7a664522c2055914ff7a9f543be5a3403f03384f689d825838190dda85e106c6c2f12edfcd878cf0e04841cd338eb49d5f076907f16a5e3a9cbfed054d9bba6712e8f2fc13b6086e0f4b02195d7f258ebb15b857994f8b4815eacb2d601097645c67eff998ccaa46bad7756743cbbad49a8afc1243c19b6d5a65aae4f19c1b11076f216093482123e0c5fc7569750298c43d556152ea708cdcadc1eaa7d6a5db5ec12c4633d331d71b4c796f05f617b4e6c44233c6d7ce9cd80bbbe92c0b25483e2d9ab58de575a9c9edcfdc51c2a6011c4a42c54504f947443a78d1524e346f7a81eec3c2df8d87c31db7fa36c9014b09967dbec27d1b6d6ee83420519c6ddfc5f8550cd4f839886f5cf83a13d09d597b67d921f11ff6ec832e6e999ea6320cd85f4bcfa220fafeaa06e968877171fcf6d2e59b7607c54fae1cabf014214a3885d058527e4f64cb16bda5a81b100159d46910c51af242f5ad3d3349f0f646041b28f1f1c938a1886f4efd38e57e3d2baf886d6f199b9e9909349d1b15861814685a75f50fafde9e35c9ad7c237ca57c659e5fcf5290e8cdceb7fe489ed57c96cf4683141a0e8fa379c12d32c72911c8da574869fe4d5edcfcc019dac09ef49ed9751477e2c167c5f14d90a1133061fe4f9df2b4a9a2185653cbd08b9fadb4a6b62dc0aad0a09df5b33bdcc1c2f83005870a741db8edfe027dddbc60d5ce3dd7be0842c0a0b3415dd12f6ad09a029461afdbcf0f3c54a38732ee4dba85c12ebdaf4b26fc0b94f3a0874d4f4a50d9708fb4ba1a154e4606a3045eae9a51d612554aa3901ec8c0dd5088cdc2f03bb199be71d6626544cf7172279bfe5d0e945b7bb0198be2ca741742703c916f3f9446751753786a8f5b90d9916d198319fc45001cce683af6a69c8ed14af1c099da23771bc152775f6dda6b5e12ceeb17ede3c855589a63756b0ee818d0d15bc7c45437ac87ae2c53a556a59e34fe9d435e9d7e30ca50d136a88419b472276da67b638f19c59768498e2eb23b9c32923d3e41695d60fe860cdac6092c40313a00a23688e41b8f1395513d7a937516749878d39ed6b340a7e0eab5094ee74cb256ed7324abf04c19a86f5029599d1886dbcf5ad29f3a914cf4b20e7d7502ca9f8d3bc24b07e2007c0104dc37eaf02e91888538fb11937ddce4cbddc9c0cc58d55363112bfbc862529bd42e4c38bcfe248c99815fb6c6e3375d8e57d0cf2fc6023dabfdd6e3994b8cf2c160aa70dec6301571a11ec453231a8b8a4a3ad08ad590f48be93bd30269de42bbe63a9b8d4b15f1e412a9576423c0b6c438f118f3caea0b1937b821761da565c860ac255c2ac2420dd87f60ae797755052db5e48b6de41b808a3cf69e396a6cc5319d4e418d4cf3ce9fdbd99fba9718181c548bd918661ee2aaa707ad205126e5a894b11a98d00f7d4905df673fa92214f4a74bc0a7ed9daa31ade61f1d4ee54fc7b1d968c20d515b8c4c99c0783eeb00354176ea3e2bc73dbd9a6081ff4aef0d086239458e5a3d41d28868c88ce11caefa9f63b7c1f189c89acff585b136bae2ce4ba78d2d2ea3913", @nested={0xf6, 0x50, 0x0, 0x1, [@typed={0x8, 0x61, 0x0, 0x0, @u32=0x7}, @generic="a5bd36c599d120a855711e671e7f7b029270995f155c8de686160923d5e997f15276716e133ef731122af200c6f086e7d76c78b92848fb9c968902836608d1750c98e6684f7d1bd58e8198d1ad0d8b6cb5a668882efd2d91908c2f5decf230e0e87d05080970b5ed92000f95412e8401217271735ab9d2c071a04f2736a675ac42043f2ab0fff9210a5cc25cdb1659266609463b4f58d7d83934e78ca92ec3a5dfb4c2b28627836f053e779597c23f0c67888c4da96122128b1bd09c270ddb98c7b5a08971afb6f17fc15b50634a", @typed={0x8, 0x54, 0x0, 0x0, @u32=0x400}, @typed={0x14, 0x91, 0x0, 0x0, @ipv6=@loopback}]}, @nested={0x160, 0x5f, 0x0, 0x1, [@generic="17266068b8c843a595781f39a6bdcc2bad1aa7e7a9d89ac678795a7518f2276865bfe2e5ce82651a1bc428102f946ab5d3d3e5bfe2ae254789a8832dcfc41c5bd06cd6c451bf6830a1058eb594b72f126e6e809058043298e757c3d68811d3a5ba98a278bbfaef6d0dc07a74732f5f394831d30bf49f8af0303c99c63a9753d2bdbf73", @typed={0x8, 0x55, 0x0, 0x0, @uid=r2}, @typed={0x8, 0x38, 0x0, 0x0, @pid=r10}, @typed={0x4, 0x5f}, @typed={0x8, 0x12, 0x0, 0x0, @uid=0xee00}, @generic="a690193a642375fde0a8c412e061eff6dd147d4ce658231bb1e820c053d0c9c0a888bd024b4ea85820c3410647b40a", @typed={0x8, 0x24, 0x0, 0x0, @u32=0x40}, @typed={0x8, 0x68, 0x0, 0x0, @u32=0x9}, @generic="7de7fd0167f6c3972f9dc5aee8c042b243da2129d0347becb98334d10262e86aa951a972c16a52796669362271af6b48aa3d5bbc4c1405a961670f71555483a27c923607b95705a38709e20315480f8723f9a3d308a17090f67ef085d2f100b63fc617a040580da229b603767ffeff81940cbb13e3b5", @typed={0x8, 0x4a, 0x0, 0x0, @pid}]}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0x52, 0x0, 0x0, @u32=0x7}]}, 0x239c}, 0x1, 0x0, 0x0, 0x20010}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) [ 2469.461182] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.461182] program syz-executor.0 not setting count and/or reply_len properly [ 2469.471656] sg_write: data in/out 151125980/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.471656] program syz-executor.7 not setting count and/or reply_len properly 03:33:55 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:33:55 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:33:55 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:33:55 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2469.568132] sg_write: data in/out 150996700/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.568132] program syz-executor.6 not setting count and/or reply_len properly [ 2469.634555] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2469.634555] program syz-executor.0 not setting count and/or reply_len properly 03:34:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:09 executing program 2: r0 = getpid() socketpair(0x26, 0x5, 0x1000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setown(r1, 0x8, r0) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:34:09 executing program 3: r0 = getpid() ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x4}}, './file0\x00'}) r2 = getpgid(r0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) ioctl$sock_bt_hci(r1, 0x400448ca, &(0x7f00000002c0)="6feddc4a4263acde9e9ee805dcf1f2a9a16922c43a352e3d9a0cb86be34bab1825aba3c093d832ccd549fd8c42d986f7b0a829bd751dfca2c022ae4b87e800e01482b2b61fc31b214ad533e8341b6ebbdaad22bc648f819366260d62cd9f2b9a2c31ae9ef63a6804d6869d6f67c761a68eebc6aada50497249ebc05ee2652743a134f54b9a6a7e1d3023960053be9896bc9b65de58d6e99dcff1e7432221b7f6dadfb95c5125a1a7cf43d76608d55a286926a88c242d46df1ba793767698939f6b184428fb5afeba8c2da1815aac0c721a7612a998ec162409c3d0feabce1649e0601c7c823fd6e434428f38b799f60b5176f9efec097b516ff7e8f4f7794bb9cefae7156365d202ace831833c03effbcac008ab431ba2bfeac6efd737fba7d6e3af7847be5d819d7519ebaedd48d1f4a1db75b01acb1b13229213ee80b8a72566efd151ec305bafebed6606fd804dc07bedb51b5f3972d95231715b7561e1aa2766c4a1f206027ef58b133de4e7df08b123d545fb20bf3d729039a5df46759d3afb6030b4debd624adbb014116e5c9277adc5d63a537531bf4adc4f24363f04618fef7d226b9305deb4a436b5b1045613d8f470bd1a06455f33c09288ce085889055e8c55c04c6fb29c9077c1173830d577c025cabece53f10dcbbe73589232c309fc2c67620929054cc107cc1c61d2c4b439b8d9dd223bd1a6f66860d9f015cbc6ad606d50c8aba99190fdcf9947ccc84defac304735e57574edc7dc773af13aabb509d295e6137a820b5dad90fac839f906e52f82624c8ce604095aa32e1e1e70f632c1e8a58ec5c81ae9cb89560ebe02ce74b4b711e6db66c941b5f0c3bcae5738f87e0c1811773b364d4c680a8314492bffd720449c8badf6f78890ff04b354e3681d2ded95866f1d7c7e653e254563b8d54eb1817d84f92637fd114e70152a63e49a5675c006f232116a93f219b1834b530ca4fff92beb1771d6e14b3187c276ebab261fddccfda22759e97497444faf38dc9f32965a72fb72dce85bd964cbc35a8f49dcfe76880d1f7c0cef4fcd29e754035100d81aed8fe32984133bb17e108bdd7b85f27ea90cfe3eba015a3c7353d18eb42fe4533d0707956238b2e40d76ea072f01c21216f64874e8e955684d554df5e9b9f0d74b81b62bc3d9da29557588240666978f1c1ebba351ae7f95185fe33c3c3a1586adbc116217432409a51731d986b9bdce0dea0545a5eb8d7cb6027b1321cb02d766126d49f33eee338d91ea5d59bebab6765cd4405985a0df2805fe3439410f27995e9d34268aa41416b5a505a9616c6beaff24b84ad2c95eca45c31d0c2fc7f1784ea8734c3e198076253d5a0f23f5843f28fc58b5e9fd555d07710c6a63916e06a2816dcf87af92a48063179a017d710b870ce0387bd28629a2feae047b9b4852d73256bb1051debca60ac09756de8cbe2345952dda2614a6eecea6e4c1e5253e3b94cd46138a609affa992db23e181e3b4c91ecd930e2aa43241a9d582f2cfded46aa1061bad5f6479bcb0fe12bf3c99524dd38d969e8f630e4f664741383d86847f95946779464279cd3305e8e3a616ab8baaa9e30b72f85148780f6c2f32bcd5c67d7f96253932bfd511fa354685e2c3c0fe44bc78e73973c06cbfa64aa1ba80b7776e78a411d65bc7e7dac706d741832a278b3448a6e38a6a5c16903cd2342cb5147c07802196c2c3cf351da60228c59b107dcf5363ab76fd5e9facaea37b36b18d58b99d5239c6259ff900e9018b8321e7acf4cc134a79ce14981886769843841e2fa890fcea0d3c5423c5828e7b6442c648d5c2d52a10b3afbf9181caa430fa27e15e62e88b919af4c5c18ee3c865957e41de57da0fd3dc48c4727e547c5590b279a6f7daedffc28b86d3f87addfe50769156e9d647b87d0db1d62caccc7c7bd2e6c8481da0efebcbec39bfe14a84c23996efa3ec9914088163e93b21ae1d40eee25cc818e8e358777ad17f45290449af67d5fe728e7fb5bfcaea0d910799ef84d81ee6ce5dc298c7d3573566c076230825ed0dbd71b9970421ef4db49352e5426ab03deebe1464f116d45e4abd3a715aff0984372312d6e49b38f40d15960f8e4f6c03e0f495d3561c596224ff50760a13f999c65737fa5ee00827836029b847715009e3c9ef7f787504837175bcfbcff0f8075a41ad2b4883eab6fadc23d78e04615539fb676ac3d2b516c0f2a189af10deb4bfeffc9d0457572f94854ad36405f170fc5a72ea764a41e38adc8836c92d4c2d217cebadc706221b4a520f540c87e234a67d517815649063ebd01111a9ac0cddee0b6e95d08cd15ffd1cde51094d214f3eec42a6e4a5456b1fd5783c0e81f1866c4b2a8c2df96da05d1993a550ca153462ec4b30b4d18a27a6e4556c7c1a77ae4adcad28df080b94bbeb3f0bb86f9e344f363eec9ced0596645f1ffc8f267622353f078d735d45071a2083b7f1f02542b6f6f923d119e1bed7d1d595534bc8543c53b50293fc67fb1ca4b7c7e582b70a6f211f1ed426e7df69068a51437bb9f7ec6e334c9608b2d7b79e2bd078d671199d1d057d60662aeddfc07833545e57c401b0f8c6096f805892f7a42ee169ae30ed85159c96054159ba17a6318059d204ba752887828ed0b77ccd61a66572bd49172eb840d08c89b097ae94d69de14ab85eb6310038a6e55a081bca38f2080ef56880a6635b911bb42763b25d93e7a5fb5e11c88a6b562399e875652bb6b479cb746b0db51301f2e87e5c6a0a37a7b3ec7b1a6a58e18bfe37f3225f27534563944f39c8781419c7ecdf40ae79a1a7128bcd643fc04f8628264582a00edfecee8f0b18987f0745dc8b301f6a331fc6ee98d136acb8eebb2673c571c0596d723196b1feeb7cd5ea32cdbb93c8bfecd290747c29b82340c4749c73bbeccdbcf3b8a7b601d224626a66fd94f10f85d0815ba83daff3ea18995b370275d00683c16138b997834ee363d2a558e26eae42da0374882480737c9f2cc4b9e4d0eea2d063b5cdaaf5a0fd8711412d39c930975e79188ac55a01c3bb43848dba8622dafe3683b3c621f5d3edbca64da9a57a49d1bccee5651eaabab3c0af3a713616628458a156d1fc3ed5ac3aae7670ab2f5902e19a476019d4bc351d3d3a8eb0769119db5969cc927fbc71efea07043409d35f2351a0bdce9805e678c509bd92b7c7c3f651770f0b236694f147fbbdbeae90d1725bdb36a5c67975e63aa4c3c5bbfd34fa50851c66608a78e2cd571ade3d74e5217b725f27cb84e17feeb9fa9e802f8b07e0abbb165511455ad8fc92b87cf33216eee7bd8e4681a871811d18a90175f6c4119f36d3c504fa573208d80a23524b159e8b6e99174b4b5eee4a0fa95331f9e57295a7435599647f95cb443513695cc8502401f68ba8b05fc9e0580a4107097717359043bb67eda9224405eedb8132c33834ab8d2b6454454e9ef1d886e3f701a954fa01b5b0fb0c7bc7e1a2b670358913177e597fcda564b67bd71711a1174bf9c900a0e96146e6b4ecce644d57dcd13a109bcdca26a2cbf706d23d2712e2558bd246202a29209b9f28bb1b259f6cbf55633f9a76798a2ed9bc61e97563099ce7c7e8ebb8c76b5d64960fcefc62b120766bf07547ec89afd5efb7423183d77970b53ad73be44ccd5e2e677340274116d444ea7b66dc396ca05a9ca19868e1c22207803d958b5e33a2a0874bc8c8648e96474beec1802b6d1da4c932789684e1c79d77eb6f017e191a8112ce9626c16e619c4ecb83190d00f251b811f10722047e51f72659f60fadf3bbefdedac362b1b4c7297a5b54c225ac98150c719ce36a7dcfb7fa718f37f99d310ca01a61e66c89ced46d7e54dcc0c65f97cf4487d3ea57be0c1f5607dfe792f04408af6f1b2fd6be230164a5a4ca746f72f13f4c8e6084013190a1b7e24918a1ab4c86f8ceb13af1f0f1dbdde9d0d6105fd27daaf80e15275f7e6f23b338a54a6890427845a4e348e0bda7eee4a897f246855f163e0b8a43fd6f32b8db73b7da24c01691a629192e84d2dd225c11d71cc01f3a031e938de44f0de2fbce81675e194b3169da3c9d58ac46b60a7298d765664249fdc2b514b2aeac793a63f8c4388207a65db7005426c4436f50816cd2142093fe212da2191cb2a4dcc974e6fc850a3405241e11ec3cdf3da7016791ca0b64f154d1877451eb9aee7e56acf52e84a2385ebdb181f6ec69cf46bced2544acdb5fd21447590131112a07e2d3728b0b95ab39a150230e58b598c80666a9c7ebfa8610b8e732656702df68524ec60f7a5d4d727110c794308f5df5f5fd31e70a79322f7ef9780534f2a5a1d7ea6597b7b31642b2330b269480df4c15876ab37d62793259c43e6ee3e8ca1eeed49994665794dd3ce7781b2611c895d484d27a89174bd2f9e632fb604faefcfebdfb399237e6bfa7c373f6cd7ec6876c29a83ec9478fae3a05c2048643650e2168d62ee73362a4fa1d39200427f59902ea39e77c7ab48a7dd628b58efe0027bb1edf9b398860bb403801e604981880163514419826a39ce6e640186c7975c905340a3252572db9b85f1ebc9dda5b6faac3c999f7b61bcfe29e791e6ed7d9d0c4d508a7577b71869382a8f550fd954315e2c6c4431d87b35ba5cf74067e0e8ed8b45964b7c9d549736a9cf98fe15d332b77fa5e2486cfe955dc8d964c2a00ec2cef9b63f4aa949416ea8346daa271fa7e97b0c52f87f79e169d8ac932b4d7e62cfc195af88612e94d899afd91e54d6fc2b84808065796e16c9c6c7a4db7b280781e9d7425d69e43a1aa2023ec512a8be6cf940c9964b590b7b5d89a554ceee93ba4cff2a65a8907f3dfe90ae443eb53f3c900c9756d9378e206a87c1e7359ae7476a1140c3c914531a7f0563961dc2283cdf5fc5c59c364d9d3c6e636127a134e979d725be4580c77238498c4b22f803b9e0c6f9895a02a7c6d74d06a495395d3a288021cff5d7887e3f39fe2b146295231a81cc7ea7993b3369cc5a7f4d95eb8fbdf4ccf7822abd16c920b54432610f6697f65c8a81da6d1e8bb87947d60b4e020a57f015de58c9bd7d279001b70bdda5233473e537ca8db6fecb45704a953cef123bb5adac099ee3aace37ecb7cde4cd5c404557f96cbd080ee02ff704d9fbd89c7c26553ca07f133309c09aaaca77daa05a7ee58051d3d19af551692f201754b674bbfafa768c4c2db6d1b35980370a5584c55208ce2cb324dcdf3ae62d9288c5d66200a4bd0605b22ce8de6092e3347f02b2c570f8a2b63a250a5e75edae07f07883342186a274dc99364fc99e63df6d566baea92931239270adc29c151e812ccf3a3fb3a9b47b58e78f760e3557f0d8a047dd089db4faf98819de2d8024831cce1a528a5b9cbb51ca05ebf75f094cd3c7873721408921184fe85c90d2c44009bd1bdf562d606efa45861efed0a78a9ba9d361c2cc82b14f54151d9ec3592e2fa8ac3afda102b84653db1ed48be3695b567d8e18d1c3fbdaeb2628d595492a6397cce2ac80a356c797de45da47917b8e7ec49353d20e47fca7cc70996d996180df95282ec1c08c16089f7878c7199261096d3b74dbd064f8c0e21f21cc4008a0050d2680ada6b6630dfb2401e2592709464bdb6ebb86ccdd56f853f66824cd0bb1601cb9bb1344c868fa2d07344aa748ca0ede9d2cf2000e81fdf53e5d48b0ce97cc143f18672fc440c4ec87db41ae8db426137731da1f031acec510f58cc212196410e15bb824005d1e379055cd03d2e283a688c7f8c919b53") r4 = fcntl$dupfd(r3, 0x0, r3) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r5, 0x0, r5) write$sndseq(r5, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x3, 0x10000, 0x7}}], 0x1c) sendfile(r3, r5, 0x0, 0xb6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) clone3(&(0x7f0000000000)={0x3020f000, 0x0, 0x0, 0x0, {0x2}, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[r0, r0, r2, r0], 0x4, {r4}}, 0x58) [ 2483.464264] sg_write: data in/out 150997468/80 bytes for SCSI command 0x0-- guessing data in; [ 2483.464264] program syz-executor.6 not setting count and/or reply_len properly 03:34:09 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0xa, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:09 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:34:09 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:34:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0xa1, 0x0, 0x0, 0x0, 0x4010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000000c0)={0x108, @tick=0xff, 0xc, {0x20, 0x7e}, 0x2, 0x2, 0x7}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000004c0)={0x7ff, 0x0, 0x1, 'queue0\x00', 0x1}) r2 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x83, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffc000000001, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000003c0), 0x8090, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}, {@dfltgid}], [{@fsmagic={'fsmagic', 0x3d, 0x8000}}, {@audit}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@euid_eq={'euid', 0x3d, 0xee00}}, {@smackfsroot={'smackfsroot', 0x3d, 'queue1\x00'}}]}}) r4 = fcntl$dupfd(r3, 0x406, r0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000180)={0xfffffffd, 0x3, {0x3, 0x1, 0x1000, 0x2}, 0x1}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000380)=0xc) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f00000002c0)={0x4, 0x3ff, 0x1, 'queue0\x00', 0x2}) [ 2483.496834] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2483.496834] program syz-executor.0 not setting count and/or reply_len properly [ 2483.508712] sg_write: data in/out 151191516/80 bytes for SCSI command 0x0-- guessing data in; 03:34:09 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x10, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2483.508712] program syz-executor.7 not setting count and/or reply_len properly 03:34:09 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) [ 2483.571126] sg_write: data in/out 150999004/80 bytes for SCSI command 0x0-- guessing data in; [ 2483.571126] program syz-executor.6 not setting count and/or reply_len properly 03:34:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:09 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:34:09 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:34:09 executing program 3: r0 = getpid() r1 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x200800, 0x100) r4 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) kcmp$KCMP_EPOLL_TFD(r1, r0, 0x7, r2, &(0x7f0000000040)={r3, r4, 0x1000}) 03:34:09 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x48, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2483.660115] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2483.660115] program syz-executor.0 not setting count and/or reply_len properly [ 2483.670293] sg_write: data in/out 151013340/80 bytes for SCSI command 0x0-- guessing data in; [ 2483.670293] program syz-executor.6 not setting count and/or reply_len properly [ 2483.683828] sg_write: data in/out 151257052/80 bytes for SCSI command 0x0-- guessing data in; [ 2483.683828] program syz-executor.7 not setting count and/or reply_len properly [ 2500.219756] sg_write: data in/out 151322588/80 bytes for SCSI command 0x0-- guessing data in; [ 2500.219756] program syz-executor.7 not setting count and/or reply_len properly [ 2500.223724] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2500.223724] program syz-executor.0 not setting count and/or reply_len properly 03:34:25 executing program 3: add_key(&(0x7f0000000100)='id_legacy\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180), 0x0, 0xfffffffffffffffa) r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000002c0)={0x3c7, 0x3f, 0x1, 'queue0\x00', 0xb3}) r3 = clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {0x1000}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[r0], 0x1, {r2}}, 0x58) r4 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x20, 0x47, 0x20, 0x4, 0x0, 0x10001, 0x80, 0x5, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x800, 0x4, @perf_config_ext={0x6ee, 0x6}, 0x800, 0x3, 0x46, 0x3, 0xff, 0x400, 0x101, 0x0, 0x0, 0x0, 0x3bd9e79d}, r3, 0x9, 0xffffffffffffffff, 0x3) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r6, 0x0) r7 = openat$cgroup_subtree(r2, &(0x7f00000001c0), 0x2, 0x0) fcntl$setown(r7, 0x8, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) dup3(r1, r6, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x5, 0x3f, 0x1f, 0x8b, 0x0, 0x0, 0x2966d, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x6, 0x2, @perf_config_ext={0x7f, 0x4b1}, 0x1a, 0xfa, 0xff, 0x0, 0x101, 0x3, 0x4, 0x0, 0x1000, 0x0, 0x5}, r3, 0xc, r4, 0x8) 03:34:25 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0xee00, 0xee01}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000100)={0x51, @tick=0x9, 0x1, {0x5, 0x1}, 0x8, 0x0, 0x8}) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r5 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r4}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r6 = fork() dup2(r4, r4) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r4, 0x128}, {0xffffffffffffffff, 0x2002}, {r5}, {0xffffffffffffffff, 0x6080}, {r5, 0x9200}, {r5, 0x62}, {r7, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r8 = fork() kcmp(r6, r8, 0x6, 0xffffffffffffffff, r7) fcntl$setown(r2, 0x8, r6) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:34:25 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x5, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:25 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4c, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:25 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:34:25 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = fcntl$getown(0xffffffffffffffff, 0x9) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, r2, 0x6, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) fcntl$dupfd(r4, 0x0, r4) write$sndseq(r4, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xffffffffffffff94, 0x0}}], 0x200002dc) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r1, 0x7, r3, &(0x7f00000000c0)={0xffffffffffffffff, r4, 0x101}) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r5, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x7, 0x0, 0x1, 0x2, 0x3, 0x6, 0x2, 0x279, 0x40, 0x151, 0x22c4, 0x400, 0x38, 0x2, 0x3f, 0x70, 0x5}, [{0x70000000, 0x8001, 0x5, 0x3800, 0x7, 0x1, 0x3, 0x8e39}, {0x2, 0x3f, 0x612, 0xffff, 0x8, 0x8, 0x40, 0xffffffffffffff80}], "a2fced51114d2bffb9e430f06c47acd6505d64e54eb86b9ff0b4871bf9d9a73e96acc63b6bc5bfce1feac99db06c831134bc264d4f0295a4d164767c58d2acbaaaaab9b65ccd83a59fd905a00ac03c564070b56cc6fd4707ec66f92f9ecd9243f84c49e873604ba941a5a49a0df0b18cbb4ea8710870f11fa62be8dff4d52de70543854e7e55ec93ed6fc655e89f795a4f126494aeef41c6727e47d81235a596b566053a065d068d7c85bd95ea4fd2fa46d19a21b0730eb1f1976566113d9ac8cf5ebd189e6c18fee57687788ccebf9aad1285ade26a19040697fd56e1686289a2", ['\x00', '\x00', '\x00']}, 0x491) fcntl$lock(r5, 0x7, &(0x7f0000000000)={0x2, 0x1, 0x8, 0x658, r0}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r5, @in_args={0x4}}, './file0\x00'}) ioctl$HIDIOCGRDESCSIZE(r6, 0x80044801, &(0x7f00000001c0)) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x58, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x53, 0x25}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 03:34:25 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:34:25 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2500.231706] sg_write: data in/out 151014364/80 bytes for SCSI command 0x0-- guessing data in; [ 2500.231706] program syz-executor.6 not setting count and/or reply_len properly 03:34:42 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x5, 0x80, 0x0, 0x9, 0xb48, 0x5, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f00000000c0)}, 0xc80, 0x0, 0xffff8001, 0x6, 0x4, 0x3f, 0x9, 0x0, 0x8, 0x0, 0x401}, 0xffffffffffffffff, 0xf, r1, 0x0) 03:34:42 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:42 executing program 2: r0 = getpid() ptrace$peeksig(0x4209, r0, &(0x7f0000000000)={0x8, 0x1, 0x4}, &(0x7f0000000040)=[{}, {}, {}, {}]) clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:34:42 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:34:42 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000080)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@local}, {@in=@local, 0x0, 0x33}, @in6=@mcast1}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) 03:34:42 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x68, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:42 executing program 3: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xf88c0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x1, 0x0, 0x0, 'queue1\x00', 0x3}) r3 = syz_io_uring_setup(0x794d, &(0x7f0000001800)={0x0, 0x9592, 0x0, 0x10004, 0x1001e4, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000000)) r4 = fork() dup2(r2, r2) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ppoll(&(0x7f0000000380)=[{r2, 0x128}, {0xffffffffffffffff, 0x2002}, {r3}, {0xffffffffffffffff, 0x6080}, {r3, 0x9200}, {r3, 0x62}, {r6, 0x10c}], 0x7, &(0x7f00000003c0), &(0x7f0000000400), 0x8) r7 = fork() kcmp(r4, r7, 0x6, 0xffffffffffffffff, r6) r8 = fork() kcmp(r8, r7, 0x6, r5, 0xffffffffffffffff) prlimit64(r8, 0xf, &(0x7f0000000040)={0x80000000081, 0x8}, &(0x7f0000000140)) clone3(&(0x7f0000000080)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 03:34:42 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2517.344483] sg_write: data in/out 151388124/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.344483] program syz-executor.7 not setting count and/or reply_len properly [ 2517.352203] sg_write: data in/out 151021532/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.352203] program syz-executor.6 not setting count and/or reply_len properly [ 2517.366715] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.366715] program syz-executor.0 not setting count and/or reply_len properly 03:34:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:34:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:43 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 03:34:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6c, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2517.536192] sg_write: data in/out 151022556/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.536192] program syz-executor.6 not setting count and/or reply_len properly [ 2517.540112] sg_write: data in/out 151453660/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.540112] program syz-executor.7 not setting count and/or reply_len properly 03:34:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x86b9bed9a2af109) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:34:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) [ 2517.592835] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.592835] program syz-executor.0 not setting count and/or reply_len properly 03:34:43 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 03:34:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x74, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x10, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:43 executing program 3: r0 = getpid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x7, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) clone3(&(0x7f0000000000)={0x728174200, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[r0], 0x4000000000000029, {r2}}, 0x58) [ 2517.724130] sg_write: data in/out 151024604/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.724130] program syz-executor.6 not setting count and/or reply_len properly 03:34:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:43 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) fsetxattr(r1, &(0x7f0000000000)=@known='system.posix_acl_access\x00', &(0x7f0000000040)='\x00', 0x1, 0x1) [ 2517.744628] sg_write: data in/out 152043484/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.744628] program syz-executor.7 not setting count and/or reply_len properly 03:34:43 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) [ 2517.797027] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2517.797027] program syz-executor.0 not setting count and/or reply_len properly 03:34:59 executing program 2: r0 = getpid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)) r1 = getpid() r2 = getpgid(r0) clone3(&(0x7f0000000000)={0x20000200, 0x0, 0x0, 0x0, {0x30}, 0x0, 0xffffffffffffff91, 0x0, &(0x7f00000000c0)=[r0, r0, r0, r1, 0x0, r2], 0x1}, 0x58) 03:34:59 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 03:34:59 executing program 3: r0 = getpid() clone3(&(0x7f0000000080)={0x20000200, 0x0, 0x0, 0x0, {0xffffdfff}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) finit_module(0xffffffffffffffff, &(0x7f0000000000)='\xf5\\-#\xa5},&=}#{-\x00', 0x2) 03:34:59 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6eaa, &(0x7f00000000c0)={0x0, 0x777, 0x10, 0x0, 0x9c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) 03:34:59 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x48, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:59 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7a, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:59 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x48, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:59 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) [ 2533.603111] sg_write: data in/out 155713500/80 bytes for SCSI command 0x0-- guessing data in; [ 2533.603111] program syz-executor.7 not setting count and/or reply_len properly [ 2533.620167] sg_write: data in/out 151026140/80 bytes for SCSI command 0x0-- guessing data in; [ 2533.620167] program syz-executor.6 not setting count and/or reply_len properly [ 2533.631538] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2533.631538] program syz-executor.0 not setting count and/or reply_len properly 03:34:59 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0) 03:34:59 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4c, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:59 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:59 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:59 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:34:59 executing program 3: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)={0x404, 0x33, 0x8, 0x70bd28, 0x25dfdbfb, {0x1c}, [@nested={0x2c5, 0x40, 0x0, 0x1, [@generic="044f47bf682199668daaa38098ce8b9c313c33d2b0ed41a0afe1c32e60f57118c52b0caf920febd2103e7f4fcf96d659262976551cf7318f828483269cceccb3a6c071d85cfc238c2966d6498702849ab095cdc46dcb8de5b7b1552f12c24fe50782aa1e4aac5344d38f3e30e3b4a9a545c7f438382db6488b70718bde1b4d2f0be3c702014585fcace6855fd2f19a060d4c33277bb5846d39f91650ea056c2677a9", @typed={0x85, 0x50, 0x0, 0x0, @binary="25400787807a783dfae2f505b1877957f973e0740761b7350c69cd597a99b4d45b095c9a94a4acb5d2bf445d9ca02a1f257e9a73f2af1837c0a1c43aef638bb1715f39144d81a0265bb86fa8e978e914fc01b0b8a92d0dfbd18004d996626d1f4c735b9e2e5b12872db2c7b9fad9aed378e8d1b8c42df941175ba655e6366a7a16"}, @typed={0xc, 0x50, 0x0, 0x0, @u64}, @typed={0xa0, 0x3f, 0x0, 0x0, @binary="cbe19c463baeee0faffc79e3b4c289f499201df188fac3596e65f84e39f3a17510b1102d7fad3efea9b7f4861af78e02cac8387e55d4c78332ffa14f22351d40dd5c25702e01402e32b34df03f08090ec6a073ba625dcf81498944b427d8c042bec2fe5956e249939ef581ec954ca76337f1c4f6a757dc8f52c7b11b58de5ec41c01717402a545a48a5c64b0a8aea6af010fe36ee9e73f664bb0e487"}, @generic="0f3d3e81d4e07e5ed410d7e1ffcf07e964b8224e1d6479f5015ca412257b306b99a9a7425b1ccc5a66a57e78ad15557a233045360356fb9afcc89a28dce4ca86857acc2eeecafc123c479fd2df2ae147aab8151620ae3983a7c135b5e3ae023212a23b09f0056f60423399d2afaa81766c3f4b8af6ad77d095e0715f65098d68acb923c52d96095ca698fe1bb6d0d6052328f2abbaed90b9a2c6975877ddd1609e92a57f4a1da02a3131d1a6b944ddab29d817ef73188a2fd7", @typed={0x4, 0x81}, @generic="ef548112e460d88c67de4b48c6bf258ad847ec9b693c6f4b15c87f7dfaa6c84fe9a3374fa17fe66c48a5d0e1615c"]}, @typed={0x4, 0x3d, 0x0, 0x0, @binary}, @typed={0x8, 0x80, 0x0, 0x0, @fd=r3}, @typed={0x8, 0x84, 0x0, 0x0, @u32=0x7fffffff}, @typed={0x8, 0x68, 0x0, 0x0, @pid=r0}, @typed={0x8, 0x3c, 0x0, 0x0, @fd=r1}, @generic="5c57090ac4bd8a6a5b66d08bd53da9fe32a555e24097327bef2f19fa7d73c2f740e8b7dd7b213146c2547a495d286fbeee320406e530396de5b559d08671ed1d9b7749ff233f649d1ab3d10b048eb6be55e487edc84de1f7334cc0ecde0041523b3365238273bf121e0a7bdb110319af4df6c1cb304772ee14f59757f7c4588356029cd52f08198e79136c99325ad6f30d7cbeff8f2fc7e8c6b5bdbeedb08e76db9a3230c8f9d1c7b9b8fd43e9ecf7070962dd1a7987037157a489cf0d0c00153296b253910a09721bdbe466b3c5e9d7255f799af64242b7f0483903fe25a820fbdefc52cb", @generic="030072a00cedb12c0b26fa5bed86eeb260400bf738c32218faaf8b3fbf181b"]}, 0x404}, 0x1, 0x0, 0x0, 0x40}, 0x20040058) r4 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r4, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r4, 0x80286722, &(0x7f0000000040)={&(0x7f0000000000)=""/44, 0x2c, 0x1, 0x4}) 03:34:59 executing program 2: r0 = getpid() clone3(&(0x7f00000003c0)={0x20000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001540)=0x0) r4 = fork() shmctl$IPC_SET(0x0, 0x1, &(0x7f0000001580)={{0x1, 0x0, 0xee00, 0x0, 0x0, 0x9, 0x6}, 0x3b, 0x8, 0x5, 0x7fff, r3, r4, 0x7}) r5 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r2, 0x0) openat$cgroup_ro(r2, &(0x7f0000001480)='cgroup.events\x00', 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r7 = fcntl$dupfd(r6, 0x0, r6) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r7, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f0000001440)) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r8 = creat(&(0x7f0000000340)='./file0\x00', 0x18) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x4000010, r8, 0xe2e3a000) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ppoll(&(0x7f0000000000)=[{r2, 0x4000}, {0xffffffffffffffff, 0x4a4}, {0xffffffffffffffff, 0x2200}, {0xffffffffffffffff, 0x1600}, {0xffffffffffffffff, 0xa100}], 0x5, &(0x7f0000000080)={r9, r10+60000000}, &(0x7f00000000c0)={[0xaa]}, 0x8) preadv2(r5, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/174, 0xae}, {&(0x7f00000002c0)=""/97, 0x61}, {&(0x7f0000000440)=""/4096, 0x1000}], 0x3, 0x2, 0x5, 0x4) [ 2533.825926] sg_write: data in/out 155975644/80 bytes for SCSI command 0x0-- guessing data in; [ 2533.825926] program syz-executor.7 not setting count and/or reply_len properly [ 2533.825966] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2533.825966] program syz-executor.6 not setting count and/or reply_len properly [ 2533.834528] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2533.834528] program syz-executor.0 not setting count and/or reply_len properly 03:34:59 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0) 03:34:59 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000140)={{0x0, 0x2}, {0x81, 0x8}, 0x401, 0x1}) 03:34:59 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0xffff98b7, 0x2, 0x0, 'queue1\x00', 0x4}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x101, 0xfffffe00, 0x74c5c6e6}) r1 = fsopen(&(0x7f00000002c0)='nilfs2\x00', 0xd9a6e9e5c63515c2) ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f00000004c0)={0x1, 0x1, @status={[0xffffffff, 0x2, 0x8001, 0x2, 0x6, 0xff]}, [0x1, 0x4, 0x10001, 0x0, 0x5a, 0xfffffffffffffffa, 0xff, 0x9, 0x20, 0x6, 0x7ff, 0x6, 0x20, 0x8001, 0x4, 0x67f, 0x3, 0x10000, 0x7f, 0xffff, 0x3, 0x5, 0x328, 0xcf, 0x101, 0x5, 0x3f, 0x8, 0x5, 0x1ff, 0x1c000000000000, 0x3, 0xf6ea, 0x0, 0x9, 0x9, 0x81, 0x8, 0x9, 0x8000, 0x9, 0x7ff, 0x6, 0x1, 0x5, 0x4, 0x400, 0x0, 0x2, 0x8, 0x5, 0x450, 0x7, 0x80000001, 0x6, 0x6, 0xffffffffffffaf63, 0x96, 0x3, 0x1f, 0x6, 0xe310, 0xff]}) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4a}, 0xb610, 0x0, 0x7, 0x0, 0x8000000b7a, 0x1000000, 0x0, 0x0, 0xfffffc01}, 0xffffffffffffffff, 0x5, r5, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r5, 0xab749000) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r3, 0x4008941a, &(0x7f0000000240)) fcntl$setstatus(r2, 0x4, 0x2400) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x3, 0x4, 0x1, 0x3, 0x0, 0x9, 0x8000, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f00000000c0), 0x8}, 0x8040, 0x800, 0x925, 0x1, 0xa4, 0x0, 0x6, 0x0, 0x1, 0x0, 0xed43}, 0x0, 0xffffffffffffffff, r2, 0x9) 03:34:59 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x68, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) 03:34:59 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r0, &(0x7f0000000940)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "1e56"}, 0x7a) [ 2533.998001] sg_write: data in/out 151125980/80 bytes for SCSI command 0x0-- guessing data in; [ 2533.998001] program syz-executor.6 not setting count and/or reply_len properly [ 2534.003126] sg_write: data in/out 150994908/80 bytes for SCSI command 0x0-- guessing data in; [ 2534.003126] program syz-executor.0 not setting count and/or reply_len properly 2024/11/25 03:35:03 Manager.Poll call failed: read tcp 127.0.0.1:48900->127.0.0.1:44521: i/o timeout VM DIAGNOSIS: 03:38:33 Registers: info registers vcpu 0 RAX=ffffffff83e7c900 RBX=0000000000000000 RCX=ffffffff83e644dc RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e7cf08 RBP=fffffbfff09c6450 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff85677788 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e7c90e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5bc62d1e10 CR3=000000000e3da000 CR4=00350ef0 DR0=0000000100000000 DR1=0000000100000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=8fb7c40e26f793a7c34e593b637cadf1 XMM02=2c67c8bc2e329bc3000000000011a7e0 XMM03=e042d86d42eb936e00000000001210f0 XMM04=6be055f9b3911b2f00000000000ae968 XMM05=46a22742a40792900000000000a29258 XMM06=f6f26eb69d5d053d0000000000127b78 XMM07=139997807ff5a4420000000000123710 XMM08=e1353cc91df538a70000000000121e50 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000200000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff8880183e8478 RBX=ffff888009a5e370 RCX=ffffffff815feb3c RDX=1ffff1100134bc6e RSI=ffffffff81646e8b RDI=ffff8880183e8400 RBP=ffff888009a5e360 RSP=ffff88800eeefc00 R8 =0000000000000001 R9 =ffff88800b654aaf R10=0000000000000000 R11=0000000000000001 R12=ffff88800fdd7300 R13=00007fd9a34ba000 R14=00007fd9a30ff000 R15=0000000000000000 RIP=ffffffff81646edc RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd9a34df328 CR3=000000000cc20000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=652022746f6f72223d74636361207469 XMM02=3d6c616e696d72657420322e322e302e XMM03=3d656d616e74736f682022646873732f XMM04=40404040404040404040404040404040 XMM05=5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a XMM06=20202020202020202020202020202020 XMM07=00000000000000000000000000000000 XMM08=652075253d64692073253d706f000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000