8", @ANYRESDEC=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r7, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r7, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1054.428511]    program syz-executor.1 not setting count and/or reply_len properly
15:07:45 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:07:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1054.500183] sg_write: data in/out 196608/87 bytes for SCSI command 0xbd-- guessing data in;
[ 1054.500183]    program syz-executor.5 not setting count and/or reply_len properly
15:07:45 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f", 0x18}], 0x2)

15:07:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e35246203337", 0x4e}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1054.591899] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1054.591899]    program syz-executor.2 not setting count and/or reply_len properly
[ 1054.606184] sg_write: data in/out 196608/30 bytes for SCSI command 0xbd-- guessing data in;
[ 1054.606184]    program syz-executor.1 not setting count and/or reply_len properly
15:07:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:07:45 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924", 0x24}], 0x2)

15:07:45 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 1)

15:07:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e35246203337", 0x4e}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1054.698452] sg_write: data in/out 196608/87 bytes for SCSI command 0xbd-- guessing data in;
[ 1054.698452]    program syz-executor.5 not setting count and/or reply_len properly
[ 1054.733402] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1054.733402]    program syz-executor.2 not setting count and/or reply_len properly
[ 1054.737078] FAULT_INJECTION: forcing a failure.
[ 1054.737078] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 1054.738642] CPU: 0 PID: 6851 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1054.739579] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1054.740690] Call Trace:
[ 1054.741049]  dump_stack+0x107/0x167
[ 1054.741546]  should_fail.cold+0x5/0xa
[ 1054.742065]  _copy_from_user+0x2e/0x1b0
[ 1054.742609]  iovec_from_user+0x141/0x400
[ 1054.743144]  __import_iovec+0x67/0x590
[ 1054.743668]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1054.744359]  import_iovec+0x83/0xb0
[ 1054.744844]  vfs_writev+0xc1/0x620
[ 1054.745310]  ? vfs_iter_write+0xa0/0xa0
[ 1054.745832]  ? __fget_files+0x2cf/0x520
[ 1054.746353]  ? lock_downgrade+0x6d0/0x6d0
[ 1054.746893]  ? find_held_lock+0x2c/0x110
[ 1054.747440]  ? ksys_write+0x12d/0x260
[ 1054.747941]  ? __fget_files+0x2f8/0x520
[ 1054.748465]  ? __fget_light+0xea/0x290
[ 1054.748977]  do_writev+0x139/0x300
[ 1054.749332] sg_write: data in/out 196608/30 bytes for SCSI command 0xbd-- guessing data in;
[ 1054.749332]    program syz-executor.1 not setting count and/or reply_len properly
[ 1054.749451]  ? vfs_writev+0x620/0x620
[ 1054.751967]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1054.752651]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1054.753325]  do_syscall_64+0x33/0x40
[ 1054.753811]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1054.754478] RIP: 0033:0x7ff981a49b19
[ 1054.754965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1054.757390] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1054.758380] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1054.759316] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1054.760288] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1054.761216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1054.762145] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:07:45 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1077.039386] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.039386]    program syz-executor.2 not setting count and/or reply_len properly
[ 1077.054742] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.054742]    program syz-executor.1 not setting count and/or reply_len properly
[ 1077.055017] FAULT_INJECTION: forcing a failure.
[ 1077.055017] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1077.058398] CPU: 1 PID: 6877 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1077.059239] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1077.060273] Call Trace:
[ 1077.060600]  dump_stack+0x107/0x167
[ 1077.061049]  should_fail.cold+0x5/0xa
[ 1077.061517]  _copy_from_user+0x2e/0x1b0
[ 1077.062008]  sg_write.part.0+0x1cf/0xaa0
[ 1077.062501]  ? sg_new_write.isra.0+0x770/0x770
[ 1077.063068]  ? lock_acquire+0x197/0x470
[ 1077.063548]  ? find_held_lock+0x2c/0x110
[ 1077.064046]  ? __might_fault+0xd3/0x180
[ 1077.064544]  ? lock_downgrade+0x6d0/0x6d0
[ 1077.065059]  ? _cond_resched+0x12/0x80
[ 1077.067600]  ? inode_security+0x107/0x140
[ 1077.069143]  ? avc_policy_seqno+0x9/0x70
[ 1077.070440]  ? selinux_file_permission+0x92/0x520
[ 1077.072023]  sg_write+0x87/0x120
[ 1077.073174]  do_iter_write+0x4f0/0x700
[ 1077.074413]  ? import_iovec+0x83/0xb0
[ 1077.075681]  vfs_writev+0x1ae/0x620
[ 1077.080990]  ? vfs_iter_write+0xa0/0xa0
[ 1077.082356]  ? __fget_files+0x2cf/0x520
15:08:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:07 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924", 0x24}], 0x2)

15:08:07 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:08:07 executing program 4:
iopl(0x80)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r4=>0xffffffffffffffff})
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r4, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, r0, 0x10000000)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r7, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r7, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:08:07 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 2)

15:08:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2) (fail_nth: 1)

[ 1077.083830]  ? lock_downgrade+0x6d0/0x6d0
[ 1077.085552]  ? find_held_lock+0x2c/0x110
[ 1077.086992]  ? ksys_write+0x12d/0x260
[ 1077.088338]  ? __fget_files+0x2f8/0x520
[ 1077.089792]  ? __fget_light+0xea/0x290
[ 1077.091111]  do_writev+0x139/0x300
[ 1077.092401]  ? vfs_writev+0x620/0x620
[ 1077.093743]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1077.095609]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1077.097395]  do_syscall_64+0x33/0x40
[ 1077.098759]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1077.104884] RIP: 0033:0x7ff981a49b19
[ 1077.106147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1077.114591] FAULT_INJECTION: forcing a failure.
[ 1077.114591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1077.116282] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1077.116302] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1077.116311] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1077.116321] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1077.116337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1077.116347] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1077.133451] CPU: 0 PID: 6883 Comm: syz-executor.5 Not tainted 5.10.233 #1
[ 1077.135461] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1077.137938] Call Trace:
[ 1077.138706]  dump_stack+0x107/0x167
[ 1077.139770]  should_fail.cold+0x5/0xa
[ 1077.140907]  _copy_to_user+0x2e/0x180
[ 1077.142029]  simple_read_from_buffer+0xcc/0x160
[ 1077.143390]  proc_fail_nth_read+0x198/0x230
[ 1077.145656]  ? proc_sessionid_read+0x230/0x230
[ 1077.146807]  ? security_file_permission+0xb1/0xe0
[ 1077.148000]  ? proc_sessionid_read+0x230/0x230
[ 1077.148655]  vfs_read+0x228/0x620
[ 1077.149126]  ksys_read+0x12d/0x260
[ 1077.149603]  ? vfs_write+0xb10/0xb10
[ 1077.150108]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1077.150812]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1077.151503]  do_syscall_64+0x33/0x40
[ 1077.152003]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1077.152706] RIP: 0033:0x7f5ece70369c
[ 1077.153208] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1077.155671] RSP: 002b:00007f5ecbca5170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1077.156708] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f5ece70369c
[ 1077.157667] RDX: 000000000000000f RSI: 00007f5ecbca51e0 RDI: 0000000000000003
[ 1077.158629] RBP: 00007f5ecbca51d0 R08: 0000000000000000 R09: 0000000000000000
[ 1077.168676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1077.169603] R13: 00007fffe836142f R14: 00007f5ecbca5300 R15: 0000000000022000
15:08:07 executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:08:07 executing program 7:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r1 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
fcntl$getownex(r1, 0x10, &(0x7f0000000140))
ioctl$SG_IO(r1, 0x2285, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), r3)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="005928bd7014fbdbd525010000000c00000002000000bde887e740ac8cb869520ab9523d842a9b0b0689fec9b39b3547e996bee0a258184c3d7b8e845014668f965802cbea3b5f6c816282f68ebbd54750b740cf6dd5d07412679827451399"], 0x20}, 0x1, 0x0, 0x0, 0x24040090}, 0x4080)
r4 = fcntl$dupfd(r1, 0x0, r2)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2)
r5 = syz_open_dev$vcsa(&(0x7f0000000080), 0x4a, 0x210001)
getsockopt(r5, 0x40000, 0x0, &(0x7f0000000340)=""/111, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000900), 0x0, 0x0)

15:08:07 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924", 0x24}], 0x2)

[ 1077.211817] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in;
[ 1077.211817]    program syz-executor.7 not setting count and/or reply_len properly
[ 1077.218506] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.218506]    program syz-executor.2 not setting count and/or reply_len properly
15:08:07 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:07 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 3)

15:08:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1077.317846] FAULT_INJECTION: forcing a failure.
[ 1077.317846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1077.319430] CPU: 0 PID: 6897 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1077.320354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1077.321426] Call Trace:
[ 1077.321777]  dump_stack+0x107/0x167
[ 1077.322265]  should_fail.cold+0x5/0xa
[ 1077.322782]  _copy_from_user+0x2e/0x1b0
[ 1077.323321]  sg_write.part.0+0x5f7/0xaa0
[ 1077.323867]  ? sg_new_write.isra.0+0x770/0x770
[ 1077.324521]  ? find_held_lock+0x2c/0x110
[ 1077.325073]  ? __might_fault+0xd3/0x180
[ 1077.325610]  ? lock_downgrade+0x6d0/0x6d0
[ 1077.326177]  ? _cond_resched+0x12/0x80
[ 1077.326703]  ? inode_security+0x107/0x140
[ 1077.327261]  ? avc_policy_seqno+0x9/0x70
[ 1077.327804]  ? selinux_file_permission+0x92/0x520
[ 1077.328491]  sg_write+0x87/0x120
[ 1077.328948]  do_iter_write+0x4f0/0x700
[ 1077.329475]  ? import_iovec+0x83/0xb0
[ 1077.330004]  vfs_writev+0x1ae/0x620
[ 1077.330508]  ? vfs_iter_write+0xa0/0xa0
[ 1077.331057]  ? __fget_files+0x2cf/0x520
[ 1077.331609]  ? lock_downgrade+0x6d0/0x6d0
[ 1077.332192]  ? find_held_lock+0x2c/0x110
[ 1077.332746]  ? ksys_write+0x12d/0x260
[ 1077.333266]  ? __fget_files+0x2f8/0x520
[ 1077.333809]  ? __fget_light+0xea/0x290
[ 1077.334347]  do_writev+0x139/0x300
[ 1077.334832]  ? vfs_writev+0x620/0x620
[ 1077.335351]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1077.336079]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1077.336787]  do_syscall_64+0x33/0x40
[ 1077.337294]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1077.337991] RIP: 0033:0x7ff981a49b19
[ 1077.338502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1077.341046] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1077.342074] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1077.343032] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1077.343982] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1077.344948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1077.345885] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1077.357699] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.357699]    program syz-executor.1 not setting count and/or reply_len properly
[ 1077.359468] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.359468]    program syz-executor.2 not setting count and/or reply_len properly
15:08:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:08 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1077.435733] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.435733]    program syz-executor.1 not setting count and/or reply_len properly
15:08:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:08 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 4)

[ 1077.591853] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.591853]    program syz-executor.1 not setting count and/or reply_len properly
[ 1077.595336] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.595336]    program syz-executor.0 not setting count and/or reply_len properly
[ 1077.599796] FAULT_INJECTION: forcing a failure.
[ 1077.599796] name failslab, interval 1, probability 0, space 0, times 1
[ 1077.601561] CPU: 1 PID: 6905 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1077.602495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1077.603620] Call Trace:
[ 1077.603994]  dump_stack+0x107/0x167
[ 1077.604516]  should_fail.cold+0x5/0xa
[ 1077.605045]  ? sg_build_indirect.isra.0+0x94/0x710
[ 1077.605722]  should_failslab+0x5/0x20
[ 1077.606246]  __kmalloc+0x72/0x390
[ 1077.606729]  sg_build_indirect.isra.0+0x94/0x710
[ 1077.607381]  ? scsi_req_init+0x18/0xb0
[ 1077.607918]  ? scsi_initialize_rq+0x16/0xb0
[ 1077.608532]  sg_common_write.constprop.0+0x992/0x1a30
[ 1077.609247]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1077.609933]  ? vprintk_func+0x93/0x140
[ 1077.610468]  ? printk+0xba/0xf1
[ 1077.610923]  ? record_print_text.cold+0x16/0x16
[ 1077.611563]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1077.612273]  ? trace_hardirqs_on+0x5b/0x180
[ 1077.612877]  sg_write.part.0+0x69e/0xaa0
[ 1077.613439]  ? sg_new_write.isra.0+0x770/0x770
[ 1077.614073]  ? find_held_lock+0x2c/0x110
[ 1077.614637]  ? __might_fault+0xd3/0x180
[ 1077.615182]  ? lock_downgrade+0x6d0/0x6d0
[ 1077.615766]  ? _cond_resched+0x12/0x80
[ 1077.616321]  ? inode_security+0x107/0x140
[ 1077.616891]  ? avc_policy_seqno+0x9/0x70
[ 1077.617446]  ? selinux_file_permission+0x92/0x520
[ 1077.618111]  sg_write+0x87/0x120
[ 1077.618583]  do_iter_write+0x4f0/0x700
[ 1077.619122]  ? import_iovec+0x83/0xb0
[ 1077.619652]  vfs_writev+0x1ae/0x620
[ 1077.620172]  ? vfs_iter_write+0xa0/0xa0
[ 1077.620726]  ? __fget_files+0x2cf/0x520
[ 1077.621272]  ? lock_downgrade+0x6d0/0x6d0
[ 1077.621839]  ? find_held_lock+0x2c/0x110
[ 1077.622402]  ? ksys_write+0x12d/0x260
[ 1077.622932]  ? __fget_files+0x2f8/0x520
[ 1077.623487]  ? __fget_light+0xea/0x290
[ 1077.624024]  do_writev+0x139/0x300
[ 1077.624532]  ? vfs_writev+0x620/0x620
[ 1077.625058]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1077.625775]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1077.626483]  do_syscall_64+0x33/0x40
[ 1077.626992]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1077.627692] RIP: 0033:0x7ff981a49b19
[ 1077.628220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1077.630706] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1077.631741] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1077.632731] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1077.633701] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1077.634685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1077.635654] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1077.907434] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1077.907434]    program syz-executor.2 not setting count and/or reply_len properly
15:08:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:30 executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:08:30 executing program 4:
iopl(0x80)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r4=>0xffffffffffffffff})
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r4, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, r0, 0x10000000)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r7, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r7, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:08:30 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:30 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 5)

[ 1099.423824] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.423824]    program syz-executor.0 not setting count and/or reply_len properly
[ 1099.425290] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
15:08:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1099.425290]    program syz-executor.1 not setting count and/or reply_len properly
[ 1099.429748] FAULT_INJECTION: forcing a failure.
[ 1099.429748] name failslab, interval 1, probability 0, space 0, times 0
[ 1099.434326] CPU: 1 PID: 6920 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1099.435159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1099.436170] Call Trace:
[ 1099.436500]  dump_stack+0x107/0x167
[ 1099.436968]  should_fail.cold+0x5/0xa
[ 1099.437437]  ? create_object.isra.0+0x3a/0xa20
[ 1099.438000]  should_failslab+0x5/0x20
[ 1099.438466]  kmem_cache_alloc+0x5b/0x310
[ 1099.438966]  create_object.isra.0+0x3a/0xa20
[ 1099.439500]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1099.440123]  __kmalloc+0x16e/0x390
[ 1099.440564]  sg_build_indirect.isra.0+0x94/0x710
[ 1099.441159]  ? scsi_req_init+0x18/0xb0
[ 1099.441635]  ? scsi_initialize_rq+0x16/0xb0
[ 1099.442165]  sg_common_write.constprop.0+0x992/0x1a30
[ 1099.442802]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1099.443410]  ? vprintk_func+0x93/0x140
[ 1099.444052]  ? printk+0xba/0xf1
[ 1099.444865]  ? record_print_text.cold+0x16/0x16
[ 1099.445986]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1099.447205]  ? trace_hardirqs_on+0x5b/0x180
[ 1099.448253]  sg_write.part.0+0x69e/0xaa0
[ 1099.449048]  ? sg_new_write.isra.0+0x770/0x770
[ 1099.449605]  ? finish_task_switch+0x126/0x5d0
[ 1099.450148]  ? finish_task_switch+0xef/0x5d0
[ 1099.450691]  ? __schedule+0x82c/0x1ea0
[ 1099.451177]  ? io_schedule_timeout+0x140/0x140
[ 1099.451741]  ? _cond_resched+0x5d/0x80
[ 1099.452216]  ? inode_security+0x107/0x140
15:08:30 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1099.452721]  ? avc_policy_seqno+0x9/0x70
[ 1099.453964]  ? selinux_file_permission+0x92/0x520
[ 1099.455131]  sg_write+0x87/0x120
[ 1099.455940]  do_iter_write+0x4f0/0x700
[ 1099.456925]  ? import_iovec+0x83/0xb0
[ 1099.457842]  vfs_writev+0x1ae/0x620
[ 1099.458716]  ? vfs_iter_write+0xa0/0xa0
[ 1099.459676]  ? __fget_files+0x2cf/0x520
[ 1099.460632]  ? lock_downgrade+0x6d0/0x6d0
[ 1099.461787]  ? find_held_lock+0x2c/0x110
[ 1099.462821]  ? ksys_write+0x12d/0x260
[ 1099.463737]  ? __fget_files+0x2f8/0x520
[ 1099.464696]  ? __fget_light+0xea/0x290
[ 1099.465799]  do_writev+0x139/0x300
[ 1099.466650]  ? vfs_writev+0x620/0x620
[ 1099.467563]  ? __ia32_sys_readv+0xb0/0xb0
[ 1099.468560]  do_syscall_64+0x33/0x40
[ 1099.469580]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1099.470822] RIP: 0033:0x7ff981a49b19
[ 1099.471714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1099.474520] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1099.475449] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1099.476318] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1099.477738] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1099.479474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1099.481029] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1099.486768] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.486768]    program syz-executor.5 not setting count and/or reply_len properly
[ 1099.531337] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.531337]    program syz-executor.2 not setting count and/or reply_len properly
15:08:30 executing program 7:
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = gettid()
setpriority(0x0, r0, 0x0)
getpgrp(0x0)
pidfd_open(r0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x30, 0x10, 0x1, 0x6, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0x11, 0x0, 0x0, 0x1, [@generic="487fec864b245e0f3f9be149f8"]}]}, 0x30}}, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000000), 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0xc00)
sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200044}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x8c, 0x1, 0x2, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x5}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_MASK={0x1c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x1}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x40}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x8c}}, 0x4044001)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r2 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000005c0), 0xc, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYRES16=r2, @ANYBLOB="010029bd7000fcdbdf25040000004404004e24000014000300000000000000000000000000000000000c0007003000000004000000080005000400000008000b0e73697020060002005a00000038000280060002004e2100000800090000000000080006f54f00000014000100e000000200000000000000000000000008000900090000001c00038008000300000000000800010001000000080001000200000008000400200000004c000280080006000300000005000d00010000000800050005001c283171ff89dee001000800070086000000080009007c000000080004000900000006000f0002000078e00006000b000a00"], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x44)
getsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f0000000040), &(0x7f00000000c0)=0x10)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x5c, r2, 0x100, 0x0, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xcd}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
unshare(0x48020200)

15:08:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1099.573233] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.573233]    program syz-executor.1 not setting count and/or reply_len properly
15:08:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0200abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1099.613100] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.613100]    program syz-executor.5 not setting count and/or reply_len properly
[ 1099.632350] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.632350]    program syz-executor.5 not setting count and/or reply_len properly
15:08:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:30 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec", 0x2d}], 0x2)

[ 1099.678210] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.678210]    program syz-executor.1 not setting count and/or reply_len properly
[ 1099.688244] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.688244]    program syz-executor.2 not setting count and/or reply_len properly
15:08:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0300abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:08:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6", 0x7f}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1099.741392] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1099.741392]    program syz-executor.5 not setting count and/or reply_len properly
15:08:30 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec", 0x2d}], 0x2)

15:08:30 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 6)

15:08:30 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1099.832192] FAULT_INJECTION: forcing a failure.
[ 1099.832192] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 1099.835466] CPU: 1 PID: 6956 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1099.837185] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1099.839205] Call Trace:
[ 1099.839840]  dump_stack+0x107/0x167
[ 1099.840717]  should_fail.cold+0x5/0xa
[ 1099.841805]  ? find_held_lock+0x2c/0x110
[ 1099.842791]  __alloc_pages_nodemask+0x182/0x600
[ 1099.843912]  ? __kmalloc+0x16e/0x390
[ 1099.844828]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1099.846542]  ? trace_hardirqs_on+0x5b/0x180
[ 1099.847585]  alloc_pages_current+0x187/0x280
[ 1099.848759]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1099.850158]  sg_common_write.constprop.0+0x992/0x1a30
[ 1099.851625]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1099.853062]  ? lock_downgrade+0x6d0/0x6d0
[ 1099.854226]  ? do_raw_spin_trylock+0xad/0x180
[ 1099.855519]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1099.857040]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1099.858498]  ? trace_hardirqs_on+0x5b/0x180
[ 1099.859729]  ? ___ratelimit+0x1fc/0x440
[ 1099.860893]  sg_write.part.0+0x69e/0xaa0
[ 1099.862037]  ? sg_new_write.isra.0+0x770/0x770
[ 1099.863342]  ? find_held_lock+0x2c/0x110
[ 1099.864485]  ? __might_fault+0xd3/0x180
[ 1099.865643]  ? lock_downgrade+0x6d0/0x6d0
[ 1099.866831]  ? _cond_resched+0x12/0x80
[ 1099.867936]  ? inode_security+0x107/0x140
[ 1099.869115]  ? avc_policy_seqno+0x9/0x70
[ 1099.870265]  ? selinux_file_permission+0x92/0x520
[ 1099.871635]  sg_write+0x87/0x120
[ 1099.872596]  do_iter_write+0x4f0/0x700
[ 1099.873677]  ? import_iovec+0x83/0xb0
[ 1099.874762]  vfs_writev+0x1ae/0x620
[ 1099.875780]  ? vfs_iter_write+0xa0/0xa0
[ 1099.876925]  ? __fget_files+0x2cf/0x520
[ 1099.877502]  ? lock_downgrade+0x6d0/0x6d0
[ 1099.878695]  ? find_held_lock+0x2c/0x110
[ 1099.879854]  ? ksys_write+0x12d/0x260
[ 1099.880988]  ? __fget_files+0x2f8/0x520
[ 1099.881518]  ? __fget_light+0xea/0x290
[ 1099.882011]  do_writev+0x139/0x300
[ 1099.882458]  ? vfs_writev+0x620/0x620
[ 1099.882938]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1099.883603]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1099.884251]  do_syscall_64+0x33/0x40
[ 1099.884720]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1099.886135] RIP: 0033:0x7ff981a49b19
[ 1099.886675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1099.891968] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1099.894153] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1099.896191] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1099.898237] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1099.900262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1099.902245] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:08:30 executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:08:49 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec", 0x2d}], 0x2)

15:08:49 executing program 3:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:08:49 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0400abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1118.642638] sg_write: 4 callbacks suppressed
[ 1118.642650] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.642650]    program syz-executor.2 not setting count and/or reply_len properly
[ 1118.676227] sg_write: data in/out 196608/79 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.676227]    program syz-executor.1 not setting count and/or reply_len properly
[ 1118.697597] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.697597]    program syz-executor.5 not setting count and/or reply_len properly
[ 1118.703217] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.703217]    program syz-executor.0 not setting count and/or reply_len properly
[ 1118.710534] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.710534]    program syz-executor.5 not setting count and/or reply_len properly
15:08:49 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 7)

15:08:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6", 0x7f}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:08:49 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:08:49 executing program 7:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:08:49 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:08:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6", 0x7f}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1118.725993] FAULT_INJECTION: forcing a failure.
[ 1118.725993] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1118.727635] CPU: 0 PID: 6985 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1118.728562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1118.729709] Call Trace:
[ 1118.730067]  dump_stack+0x107/0x167
[ 1118.730557]  should_fail.cold+0x5/0xa
[ 1118.731064]  __alloc_pages_nodemask+0x182/0x600
[ 1118.731670]  ? __kmalloc+0x16e/0x390
[ 1118.732160]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1118.732951]  ? trace_hardirqs_on+0x5b/0x180
[ 1118.733532]  alloc_pages_current+0x187/0x280
[ 1118.734115]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1118.734752]  sg_common_write.constprop.0+0x992/0x1a30
[ 1118.735432]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1118.736082]  ? vprintk_func+0x93/0x140
[ 1118.736592]  ? printk+0xba/0xf1
[ 1118.737024]  ? record_print_text.cold+0x16/0x16
[ 1118.737652]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1118.738314]  ? trace_hardirqs_on+0x5b/0x180
[ 1118.738888]  sg_write.part.0+0x69e/0xaa0
[ 1118.739423]  ? sg_new_write.isra.0+0x770/0x770
[ 1118.740025]  ? find_held_lock+0x2c/0x110
[ 1118.740570]  ? __might_fault+0xd3/0x180
[ 1118.741093]  ? lock_downgrade+0x6d0/0x6d0
[ 1118.741676]  ? _cond_resched+0x12/0x80
[ 1118.742185]  ? inode_security+0x107/0x140
[ 1118.742730]  ? avc_policy_seqno+0x9/0x70
[ 1118.743264]  ? selinux_file_permission+0x92/0x520
[ 1118.743918]  sg_write+0x87/0x120
[ 1118.744375]  do_iter_write+0x4f0/0x700
[ 1118.744904]  ? import_iovec+0x83/0xb0
[ 1118.745434]  vfs_writev+0x1ae/0x620
[ 1118.745933]  ? vfs_iter_write+0xa0/0xa0
[ 1118.746452]  ? __fget_files+0x2cf/0x520
[ 1118.746970]  ? lock_downgrade+0x6d0/0x6d0
[ 1118.747507]  ? find_held_lock+0x2c/0x110
[ 1118.748042]  ? ksys_write+0x12d/0x260
[ 1118.748545]  ? __fget_files+0x2f8/0x520
[ 1118.749070]  ? __fget_light+0xea/0x290
[ 1118.749709]  do_writev+0x139/0x300
[ 1118.750175]  ? vfs_writev+0x620/0x620
[ 1118.750674]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1118.750922] sg_write: data in/out 196608/79 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.750922]    program syz-executor.1 not setting count and/or reply_len properly
[ 1118.751365]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1118.751379]  do_syscall_64+0x33/0x40
[ 1118.751398]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1118.755214] RIP: 0033:0x7ff981a49b19
[ 1118.755720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1118.758218] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1118.759223] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1118.760185] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1118.761149] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1118.762151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1118.763116] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:08:49 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f", 0x2f}], 0x2)

15:08:49 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0500abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1118.834640] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.834640]    program syz-executor.5 not setting count and/or reply_len properly
[ 1118.841893] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.841893]    program syz-executor.2 not setting count and/or reply_len properly
[ 1118.852396] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.852396]    program syz-executor.5 not setting count and/or reply_len properly
15:08:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4a", 0x84}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1118.867136] sg_write: data in/out 196608/84 bytes for SCSI command 0xbd-- guessing data in;
[ 1118.867136]    program syz-executor.1 not setting count and/or reply_len properly
15:08:49 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f", 0x2f}], 0x2)

15:08:49 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0600abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:08:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4a", 0x84}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1137.996763] Bluetooth: hci7: command 0x0406 tx timeout
15:09:13 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5a399389165bf9414bda4e1a2da620000000000", 0x9b}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f", 0x2f}], 0x2)

15:09:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0700abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1143.143606] sg_write: 4 callbacks suppressed
[ 1143.143617] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.143617]    program syz-executor.5 not setting count and/or reply_len properly
[ 1143.154160] sg_write: data in/out 196608/107 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.154160]    program syz-executor.2 not setting count and/or reply_len properly
[ 1143.156622] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.156622]    program syz-executor.0 not setting count and/or reply_len properly
[ 1143.168154] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.168154]    program syz-executor.5 not setting count and/or reply_len properly
[ 1143.194285] sg_write: data in/out 196608/84 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.194285]    program syz-executor.1 not setting count and/or reply_len properly
15:09:13 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:09:13 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 8)

15:09:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4a", 0x84}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:09:13 executing program 4:
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:09:13 executing program 3:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:09:13 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:09:13 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x1)

15:09:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b8", 0x86}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1143.272824] FAULT_INJECTION: forcing a failure.
[ 1143.272824] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1143.274391] CPU: 1 PID: 7022 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1143.275224] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1143.276232] Call Trace:
[ 1143.276559]  dump_stack+0x107/0x167
[ 1143.277005]  should_fail.cold+0x5/0xa
[ 1143.277474]  __alloc_pages_nodemask+0x182/0x600
[ 1143.290840]  ? __kmalloc+0x16e/0x390
[ 1143.291297]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1143.292030]  ? trace_hardirqs_on+0x5b/0x180
[ 1143.292558]  alloc_pages_current+0x187/0x280
[ 1143.293096]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1143.293688]  sg_common_write.constprop.0+0x992/0x1a30
[ 1143.294348]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1143.294954]  ? vprintk_func+0x93/0x140
[ 1143.295427]  ? printk+0xba/0xf1
[ 1143.295828]  ? record_print_text.cold+0x16/0x16
[ 1143.296394]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1143.297005]  ? trace_hardirqs_on+0x5b/0x180
[ 1143.297535]  sg_write.part.0+0x69e/0xaa0
[ 1143.298029]  ? sg_new_write.isra.0+0x770/0x770
[ 1143.298610]  ? find_held_lock+0x2c/0x110
[ 1143.299108]  ? __might_fault+0xd3/0x180
[ 1143.299590]  ? lock_downgrade+0x6d0/0x6d0
[ 1143.300103]  ? _cond_resched+0x12/0x80
[ 1143.300577]  ? inode_security+0x107/0x140
[ 1143.301082]  ? avc_policy_seqno+0x9/0x70
[ 1143.301574]  ? selinux_file_permission+0x92/0x520
[ 1143.302163]  sg_write+0x87/0x120
[ 1143.302595]  do_iter_write+0x4f0/0x700
[ 1143.303073]  ? import_iovec+0x83/0xb0
[ 1143.303541]  vfs_writev+0x1ae/0x620
[ 1143.303986]  ? vfs_iter_write+0xa0/0xa0
[ 1143.304471]  ? __fget_files+0x2cf/0x520
[ 1143.304954]  ? lock_downgrade+0x6d0/0x6d0
[ 1143.305456]  ? find_held_lock+0x2c/0x110
[ 1143.305952]  ? ksys_write+0x12d/0x260
[ 1143.306439]  ? __fget_files+0x2f8/0x520
[ 1143.306928]  ? __fget_light+0xea/0x290
[ 1143.307405]  do_writev+0x139/0x300
[ 1143.307841]  ? vfs_writev+0x620/0x620
[ 1143.308307]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1143.308945]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1143.309573]  do_syscall_64+0x33/0x40
[ 1143.310027]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1143.310674] RIP: 0033:0x7ff981a49b19
[ 1143.311128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1143.313352] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1143.314296] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1143.315163] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1143.316026] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1143.316887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1143.317756] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1143.326593] sg_write: data in/out 196608/86 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.326593]    program syz-executor.1 not setting count and/or reply_len properly
15:09:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0900abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1143.362493] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.362493]    program syz-executor.5 not setting count and/or reply_len properly
15:09:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b8", 0x86}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:09:13 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x1)

[ 1143.383508] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.383508]    program syz-executor.5 not setting count and/or reply_len properly
[ 1143.412091] sg_write: data in/out 196608/86 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.412091]    program syz-executor.1 not setting count and/or reply_len properly
15:09:14 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 9)

15:09:14 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x1)

15:09:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b8", 0x86}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:09:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0d00abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1143.494344] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1143.494344]    program syz-executor.0 not setting count and/or reply_len properly
[ 1143.503234] FAULT_INJECTION: forcing a failure.
[ 1143.503234] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1143.504703] CPU: 1 PID: 7052 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1143.505534] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1143.506562] Call Trace:
[ 1143.506892]  dump_stack+0x107/0x167
[ 1143.507340]  should_fail.cold+0x5/0xa
[ 1143.507812]  __alloc_pages_nodemask+0x182/0x600
[ 1143.508381]  ? __kmalloc+0x16e/0x390
[ 1143.508839]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1143.509577]  ? trace_hardirqs_on+0x5b/0x180
[ 1143.510107]  alloc_pages_current+0x187/0x280
[ 1143.510667]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1143.511261]  sg_common_write.constprop.0+0x992/0x1a30
[ 1143.511895]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1143.512504]  ? vprintk_func+0x93/0x140
[ 1143.512981]  ? printk+0xba/0xf1
[ 1143.513384]  ? record_print_text.cold+0x16/0x16
[ 1143.513952]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1143.514586]  ? trace_hardirqs_on+0x5b/0x180
[ 1143.515119]  sg_write.part.0+0x69e/0xaa0
[ 1143.515620]  ? sg_new_write.isra.0+0x770/0x770
[ 1143.516178]  ? find_held_lock+0x2c/0x110
[ 1143.516674]  ? __might_fault+0xd3/0x180
[ 1143.517155]  ? lock_downgrade+0x6d0/0x6d0
[ 1143.517667]  ? _cond_resched+0x12/0x80
[ 1143.518139]  ? inode_security+0x107/0x140
[ 1143.518671]  ? avc_policy_seqno+0x9/0x70
[ 1143.519161]  ? selinux_file_permission+0x92/0x520
[ 1143.519753]  sg_write+0x87/0x120
[ 1143.520167]  do_iter_write+0x4f0/0x700
[ 1143.520643]  ? import_iovec+0x83/0xb0
[ 1143.521108]  vfs_writev+0x1ae/0x620
[ 1143.521551]  ? vfs_iter_write+0xa0/0xa0
[ 1143.522033]  ? __fget_files+0x2cf/0x520
[ 1143.522540]  ? lock_downgrade+0x6d0/0x6d0
[ 1143.523042]  ? find_held_lock+0x2c/0x110
[ 1143.523539]  ? ksys_write+0x12d/0x260
[ 1143.524005]  ? __fget_files+0x2f8/0x520
[ 1143.524492]  ? __fget_light+0xea/0x290
[ 1143.524969]  do_writev+0x139/0x300
[ 1143.525402]  ? vfs_writev+0x620/0x620
[ 1143.525866]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1143.526514]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1143.527143]  do_syscall_64+0x33/0x40
[ 1143.527594]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1143.528217] RIP: 0033:0x7ff981a49b19
[ 1143.528667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1143.530921] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1143.531843] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1143.532707] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1143.533567] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1143.534452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1143.535320] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:09:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:09:30 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 10)

15:09:30 executing program 7:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:09:30 executing program 4:
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:09:30 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:30 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:09:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:09:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0e00abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:30 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1160.351407] sg_write: 4 callbacks suppressed
[ 1160.351420] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1160.351420]    program syz-executor.0 not setting count and/or reply_len properly
[ 1160.356720] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1160.356720]    program syz-executor.5 not setting count and/or reply_len properly
[ 1160.359431] sg_write: data in/out 196608/87 bytes for SCSI command 0xbd-- guessing data in;
[ 1160.359431]    program syz-executor.1 not setting count and/or reply_len properly
[ 1160.376311] FAULT_INJECTION: forcing a failure.
[ 1160.376311] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1160.377114] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1160.377114]    program syz-executor.5 not setting count and/or reply_len properly
[ 1160.378019] CPU: 0 PID: 7067 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1160.383762] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1160.384914] Call Trace:
[ 1160.385291]  dump_stack+0x107/0x167
[ 1160.385804]  should_fail.cold+0x5/0xa
[ 1160.386344]  __alloc_pages_nodemask+0x182/0x600
[ 1160.387014]  ? __kmalloc+0x16e/0x390
[ 1160.387536]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1160.388383]  ? trace_hardirqs_on+0x5b/0x180
[ 1160.388985]  alloc_pages_current+0x187/0x280
[ 1160.389601]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1160.390282]  sg_common_write.constprop.0+0x992/0x1a30
[ 1160.391037]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1160.391733]  ? vprintk_func+0x93/0x140
[ 1160.392278]  ? printk+0xba/0xf1
[ 1160.392739]  ? record_print_text.cold+0x16/0x16
[ 1160.393389]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1160.394091]  ? trace_hardirqs_on+0x5b/0x180
[ 1160.394701]  sg_write.part.0+0x69e/0xaa0
[ 1160.395283]  ? sg_new_write.isra.0+0x770/0x770
[ 1160.395930]  ? find_held_lock+0x2c/0x110
[ 1160.396500]  ? __might_fault+0xd3/0x180
[ 1160.397056]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.397648]  ? _cond_resched+0x12/0x80
[ 1160.398193]  ? inode_security+0x107/0x140
[ 1160.398771]  ? avc_policy_seqno+0x9/0x70
[ 1160.399365]  ? selinux_file_permission+0x92/0x520
[ 1160.400045]  sg_write+0x87/0x120
[ 1160.400523]  do_iter_write+0x4f0/0x700
[ 1160.401070]  ? import_iovec+0x83/0xb0
[ 1160.401607]  vfs_writev+0x1ae/0x620
[ 1160.402118]  ? vfs_iter_write+0xa0/0xa0
[ 1160.402671]  ? __fget_files+0x2cf/0x520
[ 1160.403241]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.403815]  ? find_held_lock+0x2c/0x110
[ 1160.404386]  ? ksys_write+0x12d/0x260
[ 1160.404921]  ? __fget_files+0x2f8/0x520
[ 1160.405481]  ? __fget_light+0xea/0x290
[ 1160.406028]  do_writev+0x139/0x300
[ 1160.406524]  ? vfs_writev+0x620/0x620
[ 1160.407076]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1160.407803]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1160.408519]  do_syscall_64+0x33/0x40
[ 1160.409039]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1160.409748] RIP: 0033:0x7ff981a49b19
[ 1160.410265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1160.412810] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1160.413974] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1160.414972] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1160.415955] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1160.416938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1160.417922] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:09:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1160.484434] sg_write: data in/out 196608/87 bytes for SCSI command 0xbd-- guessing data in;
[ 1160.484434]    program syz-executor.1 not setting count and/or reply_len properly
15:09:31 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="3000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:31 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:31 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1160.552192] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1160.552192]    program syz-executor.5 not setting count and/or reply_len properly
[ 1160.575153] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1160.575153]    program syz-executor.5 not setting count and/or reply_len properly
15:09:51 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1181.028934] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.028934]    program syz-executor.5 not setting count and/or reply_len properly
15:09:51 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r1, r1)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:09:51 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:09:51 executing program 7:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:09:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="4800abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 1)

15:09:51 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 11)

[ 1181.041237] FAULT_INJECTION: forcing a failure.
[ 1181.041237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1181.042696] CPU: 1 PID: 7112 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1181.043533] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1181.044550] Call Trace:
[ 1181.044878]  dump_stack+0x107/0x167
[ 1181.045326]  should_fail.cold+0x5/0xa
[ 1181.045797]  _copy_from_user+0x2e/0x1b0
[ 1181.046290]  iovec_from_user+0x141/0x400
[ 1181.046790]  __import_iovec+0x67/0x590
[ 1181.047184] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.047184]    program syz-executor.5 not setting count and/or reply_len properly
[ 1181.047277]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1181.049953]  import_iovec+0x83/0xb0
[ 1181.050404]  vfs_writev+0xc1/0x620
[ 1181.050839]  ? vfs_iter_write+0xa0/0xa0
[ 1181.051326]  ? __fget_files+0x2cf/0x520
[ 1181.051834]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.052339]  ? find_held_lock+0x2c/0x110
[ 1181.052838]  ? ksys_write+0x12d/0x260
[ 1181.053307]  ? __fget_files+0x2f8/0x520
[ 1181.053798]  ? __fget_light+0xea/0x290
[ 1181.054277]  do_writev+0x139/0x300
[ 1181.054713]  ? vfs_writev+0x620/0x620
[ 1181.055181]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1181.059851]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1181.060480]  do_syscall_64+0x33/0x40
[ 1181.060934]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1181.061556] RIP: 0033:0x7fe1ffe69b19
[ 1181.062008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1181.064259] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1181.065183] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1181.066046] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1181.066908] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1181.067783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1181.068651] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
15:09:51 executing program 4:
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1181.089636] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.089636]    program syz-executor.0 not setting count and/or reply_len properly
[ 1181.095793] FAULT_INJECTION: forcing a failure.
[ 1181.095793] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1181.097262] CPU: 1 PID: 7119 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1181.098099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1181.099110] Call Trace:
[ 1181.099437]  dump_stack+0x107/0x167
[ 1181.099917]  should_fail.cold+0x5/0xa
[ 1181.100389]  __alloc_pages_nodemask+0x182/0x600
[ 1181.100958]  ? __kmalloc+0x16e/0x390
[ 1181.101417]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1181.102157]  ? trace_hardirqs_on+0x5b/0x180
[ 1181.102688]  alloc_pages_current+0x187/0x280
[ 1181.103233]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1181.107852]  sg_common_write.constprop.0+0x992/0x1a30
[ 1181.108486]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1181.109092]  ? vprintk_func+0x93/0x140
[ 1181.109566]  ? printk+0xba/0xf1
[ 1181.109967]  ? record_print_text.cold+0x16/0x16
[ 1181.110533]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1181.111145]  ? trace_hardirqs_on+0x5b/0x180
[ 1181.111695]  sg_write.part.0+0x69e/0xaa0
[ 1181.112190]  ? sg_new_write.isra.0+0x770/0x770
[ 1181.112749]  ? find_held_lock+0x2c/0x110
[ 1181.113246]  ? __might_fault+0xd3/0x180
[ 1181.113734]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.114248]  ? _cond_resched+0x12/0x80
[ 1181.114721]  ? inode_security+0x107/0x140
[ 1181.115225]  ? avc_policy_seqno+0x9/0x70
[ 1181.115729]  ? selinux_file_permission+0x92/0x520
[ 1181.116324]  sg_write+0x87/0x120
[ 1181.116743]  do_iter_write+0x4f0/0x700
[ 1181.117220]  ? import_iovec+0x83/0xb0
[ 1181.117686]  vfs_writev+0x1ae/0x620
[ 1181.118130]  ? vfs_iter_write+0xa0/0xa0
[ 1181.118614]  ? __fget_files+0x2cf/0x520
[ 1181.119096]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.119618]  ? find_held_lock+0x2c/0x110
[ 1181.120115]  ? ksys_write+0x12d/0x260
[ 1181.120583]  ? __fget_files+0x2f8/0x520
[ 1181.121071]  ? __fget_light+0xea/0x290
[ 1181.121548]  do_writev+0x139/0x300
[ 1181.121981]  ? vfs_writev+0x620/0x620
[ 1181.122445]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1181.123080]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1181.123718]  do_syscall_64+0x33/0x40
[ 1181.124170]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1181.124793] RIP: 0033:0x7ff981a49b19
[ 1181.125244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1181.131507] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1181.132438] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1181.133302] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1181.134165] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1181.135025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1181.135912] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:09:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="4c00abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:51 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1181.189175] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.189175]    program syz-executor.5 not setting count and/or reply_len properly
[ 1181.210943] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.210943]    program syz-executor.5 not setting count and/or reply_len properly
15:09:51 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 2)

[ 1181.262149] FAULT_INJECTION: forcing a failure.
[ 1181.262149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1181.263632] CPU: 1 PID: 7132 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1181.264458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1181.265455] Call Trace:
[ 1181.265781]  dump_stack+0x107/0x167
[ 1181.266226]  should_fail.cold+0x5/0xa
[ 1181.266696]  _copy_from_user+0x2e/0x1b0
[ 1181.267185]  sg_write.part.0+0x1cf/0xaa0
[ 1181.267701]  ? sg_new_write.isra.0+0x770/0x770
[ 1181.268264]  ? lock_acquire+0x197/0x470
[ 1181.268747]  ? find_held_lock+0x2c/0x110
[ 1181.269246]  ? __might_fault+0xd3/0x180
[ 1181.269730]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.270244]  ? _cond_resched+0x12/0x80
[ 1181.270720]  ? inode_security+0x107/0x140
[ 1181.271224]  ? avc_policy_seqno+0x9/0x70
[ 1181.271738]  ? selinux_file_permission+0x92/0x520
[ 1181.272330]  sg_write+0x87/0x120
[ 1181.272747]  do_iter_write+0x4f0/0x700
[ 1181.273224]  ? import_iovec+0x83/0xb0
[ 1181.273692]  vfs_writev+0x1ae/0x620
[ 1181.274135]  ? vfs_iter_write+0xa0/0xa0
[ 1181.274620]  ? __fget_files+0x2cf/0x520
[ 1181.275107]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.275624]  ? find_held_lock+0x2c/0x110
[ 1181.276121]  ? ksys_write+0x12d/0x260
[ 1181.276587]  ? __fget_files+0x2f8/0x520
[ 1181.277076]  ? __fget_light+0xea/0x290
[ 1181.277553]  do_writev+0x139/0x300
[ 1181.277992]  ? vfs_writev+0x620/0x620
[ 1181.278458]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1181.279095]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1181.279757]  do_syscall_64+0x33/0x40
[ 1181.280209]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1181.280829] RIP: 0033:0x7fe1ffe69b19
[ 1181.281280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1181.283516] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1181.284440] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1181.285307] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1181.286172] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1181.287036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1181.287918] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
15:09:51 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 12)

15:09:51 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e35246203337", 0x4e}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="6800abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1181.398184] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.398184]    program syz-executor.0 not setting count and/or reply_len properly
[ 1181.401824] sg_write: data in/out 196608/30 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.401824]    program syz-executor.2 not setting count and/or reply_len properly
[ 1181.408278] FAULT_INJECTION: forcing a failure.
[ 1181.408278] name failslab, interval 1, probability 0, space 0, times 0
[ 1181.409748] CPU: 1 PID: 7136 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1181.410582] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1181.411620] Call Trace:
[ 1181.411949]  dump_stack+0x107/0x167
[ 1181.412397]  should_fail.cold+0x5/0xa
[ 1181.412868]  ? blk_rq_map_user_iov+0x2aa/0x1a60
[ 1181.413440]  should_failslab+0x5/0x20
[ 1181.413912]  __kmalloc+0x72/0x390
[ 1181.414341]  blk_rq_map_user_iov+0x2aa/0x1a60
[ 1181.414893]  ? sg_common_write.constprop.0+0x992/0x1a30
[ 1181.415553]  ? sg_write.part.0+0x69e/0xaa0
[ 1181.416069]  ? sg_write+0x87/0x120
[ 1181.416515]  ? blk_rq_unmap_user+0x750/0x750
[ 1181.417059]  ? find_held_lock+0x2c/0x110
[ 1181.417559]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1181.418211]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.418718]  ? import_single_range+0x24d/0x2e0
[ 1181.419282]  blk_rq_map_user+0x103/0x170
[ 1181.419793]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1181.420374]  ? alloc_pages_current+0x18f/0x280
[ 1181.420934]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1181.421551]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1181.422199]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1181.422812]  ? vprintk_func+0x93/0x140
[ 1181.423294]  ? record_print_text.cold+0x16/0x16
[ 1181.427884]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1181.428498]  ? trace_hardirqs_on+0x5b/0x180
[ 1181.429028]  sg_write.part.0+0x69e/0xaa0
[ 1181.429522]  ? sg_new_write.isra.0+0x770/0x770
[ 1181.430076]  ? find_held_lock+0x2c/0x110
[ 1181.430571]  ? __might_fault+0xd3/0x180
[ 1181.431054]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.431592]  ? _cond_resched+0x12/0x80
[ 1181.432069]  ? inode_security+0x107/0x140
[ 1181.432571]  ? avc_policy_seqno+0x9/0x70
[ 1181.433063]  ? selinux_file_permission+0x92/0x520
[ 1181.433654]  sg_write+0x87/0x120
[ 1181.434069]  do_iter_write+0x4f0/0x700
[ 1181.434544]  ? import_iovec+0x83/0xb0
[ 1181.435009]  vfs_writev+0x1ae/0x620
[ 1181.435453]  ? vfs_iter_write+0xa0/0xa0
[ 1181.435954]  ? __fget_files+0x2cf/0x520
[ 1181.436436]  ? lock_downgrade+0x6d0/0x6d0
[ 1181.436939]  ? find_held_lock+0x2c/0x110
[ 1181.437435]  ? ksys_write+0x12d/0x260
[ 1181.437900]  ? __fget_files+0x2f8/0x520
[ 1181.438387]  ? __fget_light+0xea/0x290
[ 1181.438864]  do_writev+0x139/0x300
[ 1181.439295]  ? vfs_writev+0x620/0x620
[ 1181.439781]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1181.440418]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1181.441047]  do_syscall_64+0x33/0x40
[ 1181.441497]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1181.442125] RIP: 0033:0x7ff981a49b19
[ 1181.442577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1181.444835] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1181.445759] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1181.446623] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1181.451510] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1181.452383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1181.453245] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1181.487453] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.487453]    program syz-executor.5 not setting count and/or reply_len properly
[ 1181.494082] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.494082]    program syz-executor.5 not setting count and/or reply_len properly
[ 1181.588904] sg_write: data in/out 196608/30 bytes for SCSI command 0xbd-- guessing data in;
[ 1181.588904]    program syz-executor.2 not setting count and/or reply_len properly
15:09:52 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="6c00abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:09:52 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e35246203337", 0x4e}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:10:07 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r1, r1)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:10:07 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r1, r1)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:10:07 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 13)

15:10:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 3)

15:10:07 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e35246203337", 0x4e}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1196.499792] sg_write: 2 callbacks suppressed
[ 1196.499806] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1196.499806]    program syz-executor.0 not setting count and/or reply_len properly
[ 1196.510741] sg_write: data in/out 196608/30 bytes for SCSI command 0xbd-- guessing data in;
15:10:07 executing program 4:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:10:07 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:10:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="7400abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1196.510741]    program syz-executor.2 not setting count and/or reply_len properly
[ 1196.519710] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1196.519710]    program syz-executor.5 not setting count and/or reply_len properly
[ 1196.524907] FAULT_INJECTION: forcing a failure.
[ 1196.524907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1196.526456] CPU: 1 PID: 7167 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1196.527337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1196.528395] Call Trace:
[ 1196.528747]  dump_stack+0x107/0x167
[ 1196.529224]  should_fail.cold+0x5/0xa
[ 1196.529729]  _copy_from_user+0x2e/0x1b0
[ 1196.530252]  sg_write.part.0+0x5f7/0xaa0
[ 1196.530784]  ? sg_new_write.isra.0+0x770/0x770
[ 1196.531382]  ? find_held_lock+0x2c/0x110
[ 1196.531916]  ? __might_fault+0xd3/0x180
[ 1196.532457]  ? lock_downgrade+0x6d0/0x6d0
[ 1196.533010]  ? _cond_resched+0x12/0x80
[ 1196.533511]  ? inode_security+0x107/0x140
[ 1196.534013]  ? avc_policy_seqno+0x9/0x70
[ 1196.534532]  ? selinux_file_permission+0x92/0x520
[ 1196.535150]  sg_write+0x87/0x120
[ 1196.535601]  do_iter_write+0x4f0/0x700
[ 1196.536126]  ? import_iovec+0x83/0xb0
[ 1196.536627]  vfs_writev+0x1ae/0x620
[ 1196.537103]  ? vfs_iter_write+0xa0/0xa0
[ 1196.537622]  ? __fget_files+0x2cf/0x520
[ 1196.538137]  ? lock_downgrade+0x6d0/0x6d0
[ 1196.538667]  ? find_held_lock+0x2c/0x110
[ 1196.539201]  ? ksys_write+0x12d/0x260
[ 1196.539702]  ? __fget_files+0x2f8/0x520
[ 1196.544265]  ? __fget_light+0xea/0x290
[ 1196.544778]  do_writev+0x139/0x300
[ 1196.545245]  ? vfs_writev+0x620/0x620
[ 1196.545746]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1196.546426]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1196.547097]  do_syscall_64+0x33/0x40
[ 1196.547582]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1196.548266] RIP: 0033:0x7fe1ffe69b19
[ 1196.548751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1196.551107] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1196.552108] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1196.553028] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1196.553949] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1196.554870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1196.555792] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
[ 1196.579288] FAULT_INJECTION: forcing a failure.
[ 1196.579288] name failslab, interval 1, probability 0, space 0, times 0
[ 1196.580716] CPU: 1 PID: 7157 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1196.581545] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1196.582560] Call Trace:
[ 1196.582882]  dump_stack+0x107/0x167
[ 1196.583328]  should_fail.cold+0x5/0xa
[ 1196.583791]  ? prep_compound_page+0x295/0x3c0
[ 1196.584356]  ? create_object.isra.0+0x3a/0xa20
[ 1196.584915]  should_failslab+0x5/0x20
[ 1196.585380]  kmem_cache_alloc+0x5b/0x310
[ 1196.585872]  ? prep_new_page+0x159/0x1d0
[ 1196.586369]  create_object.isra.0+0x3a/0xa20
[ 1196.586904]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1196.587524]  __kmalloc+0x16e/0x390
[ 1196.587964]  blk_rq_map_user_iov+0x2aa/0x1a60
[ 1196.588532]  ? sg_common_write.constprop.0+0x992/0x1a30
[ 1196.589180]  ? sg_write.part.0+0x69e/0xaa0
[ 1196.589693]  ? sg_write+0x87/0x120
[ 1196.590135]  ? blk_rq_unmap_user+0x750/0x750
[ 1196.590673]  ? find_held_lock+0x2c/0x110
[ 1196.591172]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1196.591821]  ? lock_downgrade+0x6d0/0x6d0
[ 1196.592342]  ? import_single_range+0x24d/0x2e0
[ 1196.592901]  blk_rq_map_user+0x103/0x170
[ 1196.593397]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1196.593976]  ? alloc_pages_current+0x18f/0x280
[ 1196.594535]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1196.595151]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1196.595796]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1196.600443]  ? vprintk_func+0x93/0x140
[ 1196.600919]  ? record_print_text.cold+0x16/0x16
[ 1196.601482]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1196.602094]  ? trace_hardirqs_on+0x5b/0x180
[ 1196.602625]  sg_write.part.0+0x69e/0xaa0
[ 1196.603122]  ? sg_new_write.isra.0+0x770/0x770
[ 1196.603679]  ? find_held_lock+0x2c/0x110
[ 1196.604199]  ? __might_fault+0xd3/0x180
[ 1196.604681]  ? lock_downgrade+0x6d0/0x6d0
[ 1196.605194]  ? _cond_resched+0x12/0x80
[ 1196.605666]  ? inode_security+0x107/0x140
[ 1196.606169]  ? avc_policy_seqno+0x9/0x70
[ 1196.606661]  ? selinux_file_permission+0x92/0x520
[ 1196.607250]  sg_write+0x87/0x120
[ 1196.607662]  do_iter_write+0x4f0/0x700
[ 1196.608154]  ? import_iovec+0x83/0xb0
[ 1196.608621]  vfs_writev+0x1ae/0x620
[ 1196.609064]  ? vfs_iter_write+0xa0/0xa0
[ 1196.609547]  ? __fget_files+0x2cf/0x520
[ 1196.610030]  ? lock_downgrade+0x6d0/0x6d0
[ 1196.610532]  ? find_held_lock+0x2c/0x110
[ 1196.611030]  ? ksys_write+0x12d/0x260
[ 1196.611495]  ? __fget_files+0x2f8/0x520
[ 1196.611991]  ? __fget_light+0xea/0x290
[ 1196.612482]  do_writev+0x139/0x300
[ 1196.612914]  ? vfs_writev+0x620/0x620
[ 1196.613378]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1196.614012]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1196.614636]  do_syscall_64+0x33/0x40
[ 1196.615086]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1196.615703] RIP: 0033:0x7ff981a49b19
[ 1196.616163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1196.618388] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1196.619309] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1196.620188] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1196.621052] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1196.621915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1196.622781] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:10:07 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 14)

15:10:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 4)

15:10:07 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:10:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="7a00abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1197.041337] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1197.041337]    program syz-executor.5 not setting count and/or reply_len properly
[ 1197.052072] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1197.052072]    program syz-executor.5 not setting count and/or reply_len properly
15:10:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0003abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1197.152466] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1197.152466]    program syz-executor.5 not setting count and/or reply_len properly
15:10:07 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1197.169011] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1197.169011]    program syz-executor.5 not setting count and/or reply_len properly
15:10:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0005abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1197.254448] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1197.254448]    program syz-executor.5 not setting count and/or reply_len properly
[ 1197.384381] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1197.384381]    program syz-executor.0 not setting count and/or reply_len properly
[ 1197.390720] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1197.390720]    program syz-executor.1 not setting count and/or reply_len properly
[ 1197.392720] FAULT_INJECTION: forcing a failure.
[ 1197.392720] name failslab, interval 1, probability 0, space 0, times 0
[ 1197.394170] CPU: 0 PID: 7198 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1197.395061] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1197.396156] Call Trace:
[ 1197.396505]  dump_stack+0x107/0x167
[ 1197.396982]  should_fail.cold+0x5/0xa
[ 1197.397483]  ? bio_alloc_bioset+0x3b7/0x600
[ 1197.398051]  should_failslab+0x5/0x20
[ 1197.398548]  __kmalloc+0x72/0x390
[ 1197.399005]  bio_alloc_bioset+0x3b7/0x600
[ 1197.399549]  ? bvec_alloc+0x2f0/0x2f0
[ 1197.400057]  ? kasan_unpoison_shadow+0x33/0x50
[ 1197.400657]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1197.401323]  blk_rq_map_user_iov+0x473/0x1a60
[ 1197.401911]  ? sg_common_write.constprop.0+0x992/0x1a30
[ 1197.402606]  ? sg_write.part.0+0x69e/0xaa0
[ 1197.403167]  ? blk_rq_unmap_user+0x750/0x750
[ 1197.403746]  ? find_held_lock+0x2c/0x110
[ 1197.404293]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1197.404990]  ? lock_downgrade+0x6d0/0x6d0
[ 1197.405529]  ? import_single_range+0x24d/0x2e0
[ 1197.406128]  blk_rq_map_user+0x103/0x170
[ 1197.406659]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1197.407279]  ? alloc_pages_current+0x18f/0x280
[ 1197.407876]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1197.408546]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1197.409237]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1197.409887]  ? vprintk_func+0x93/0x140
[ 1197.410398]  ? record_print_text.cold+0x16/0x16
[ 1197.411006]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1197.411666]  ? trace_hardirqs_on+0x5b/0x180
[ 1197.412248]  sg_write.part.0+0x69e/0xaa0
[ 1197.412782]  ? sg_new_write.isra.0+0x770/0x770
[ 1197.413379]  ? find_held_lock+0x2c/0x110
[ 1197.413912]  ? __might_fault+0xd3/0x180
[ 1197.414430]  ? lock_downgrade+0x6d0/0x6d0
[ 1197.414980]  ? _cond_resched+0x12/0x80
[ 1197.415489]  ? inode_security+0x107/0x140
[ 1197.416035]  ? avc_policy_seqno+0x9/0x70
[ 1197.416568]  ? selinux_file_permission+0x92/0x520
[ 1197.417202]  sg_write+0x87/0x120
[ 1197.417647]  do_iter_write+0x4f0/0x700
[ 1197.418158]  ? import_iovec+0x83/0xb0
[ 1197.418657]  vfs_writev+0x1ae/0x620
[ 1197.419133]  ? vfs_iter_write+0xa0/0xa0
[ 1197.419651]  ? __fget_files+0x2cf/0x520
[ 1197.420182]  ? lock_downgrade+0x6d0/0x6d0
[ 1197.420721]  ? find_held_lock+0x2c/0x110
[ 1197.421256]  ? ksys_write+0x12d/0x260
[ 1197.421756]  ? __fget_files+0x2f8/0x520
[ 1197.422281]  ? __fget_light+0xea/0x290
[ 1197.422793]  do_writev+0x139/0x300
[ 1197.423258]  ? vfs_writev+0x620/0x620
[ 1197.423757]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1197.424459]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1197.425135]  do_syscall_64+0x33/0x40
[ 1197.425621]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1197.426290] RIP: 0033:0x7ff981a49b19
[ 1197.426775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1197.429185] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1197.430180] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1197.431109] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1197.432046] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1197.432981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1197.433913] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1197.436097] FAULT_INJECTION: forcing a failure.
[ 1197.436097] name failslab, interval 1, probability 0, space 0, times 0
[ 1197.437478] CPU: 1 PID: 7197 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1197.438303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1197.439315] Call Trace:
[ 1197.439636]  dump_stack+0x107/0x167
[ 1197.440090]  should_fail.cold+0x5/0xa
[ 1197.440561]  ? sg_build_indirect.isra.0+0x94/0x710
[ 1197.441159]  should_failslab+0x5/0x20
[ 1197.441621]  __kmalloc+0x72/0x390
[ 1197.442048]  sg_build_indirect.isra.0+0x94/0x710
[ 1197.442626]  ? scsi_req_init+0x18/0xb0
[ 1197.443101]  ? scsi_initialize_rq+0x16/0xb0
[ 1197.443630]  sg_common_write.constprop.0+0x992/0x1a30
[ 1197.444292]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1197.444898]  ? vprintk_func+0x93/0x140
[ 1197.445369]  ? printk+0xba/0xf1
[ 1197.445770]  ? record_print_text.cold+0x16/0x16
[ 1197.446334]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1197.446949]  ? trace_hardirqs_on+0x5b/0x180
[ 1197.447482]  sg_write.part.0+0x69e/0xaa0
[ 1197.447976]  ? sg_new_write.isra.0+0x770/0x770
[ 1197.448553]  ? find_held_lock+0x2c/0x110
[ 1197.449050]  ? __might_fault+0xd3/0x180
[ 1197.449532]  ? lock_downgrade+0x6d0/0x6d0
[ 1197.450044]  ? _cond_resched+0x12/0x80
[ 1197.450516]  ? inode_security+0x107/0x140
[ 1197.451018]  ? avc_policy_seqno+0x9/0x70
[ 1197.451509]  ? selinux_file_permission+0x92/0x520
[ 1197.452117]  sg_write+0x87/0x120
[ 1197.452531]  do_iter_write+0x4f0/0x700
[ 1197.453005]  ? import_iovec+0x83/0xb0
[ 1197.453471]  vfs_writev+0x1ae/0x620
[ 1197.453916]  ? vfs_iter_write+0xa0/0xa0
[ 1197.454398]  ? __fget_files+0x2cf/0x520
[ 1197.454880]  ? lock_downgrade+0x6d0/0x6d0
[ 1197.455381]  ? find_held_lock+0x2c/0x110
[ 1197.455884]  ? ksys_write+0x12d/0x260
[ 1197.456382]  ? __fget_files+0x2f8/0x520
[ 1197.456870]  ? __fget_light+0xea/0x290
[ 1197.457345]  do_writev+0x139/0x300
[ 1197.457777]  ? vfs_writev+0x620/0x620
[ 1197.458238]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1197.458873]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1197.459499]  do_syscall_64+0x33/0x40
[ 1197.459950]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1197.460588] RIP: 0033:0x7fe1ffe69b19
[ 1197.461038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1197.463263] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1197.464195] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1197.465057] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1197.465920] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1197.466783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1197.467645] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
15:10:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="4c05abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:10:48 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r1, r1)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:10:48 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r1, r1)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1237.519501] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.519501]    program syz-executor.1 not setting count and/or reply_len properly
[ 1237.528617] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.528617]    program syz-executor.2 not setting count and/or reply_len properly
[ 1237.537268] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.537268]    program syz-executor.5 not setting count and/or reply_len properly
[ 1237.543936] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.543936]    program syz-executor.5 not setting count and/or reply_len properly
[ 1237.545819] FAULT_INJECTION: forcing a failure.
[ 1237.545819] name failslab, interval 1, probability 0, space 0, times 0
[ 1237.547427] CPU: 1 PID: 7208 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1237.548260] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1237.549272] Call Trace:
[ 1237.549641]  dump_stack+0x107/0x167
[ 1237.550088]  should_fail.cold+0x5/0xa
[ 1237.550558]  ? create_object.isra.0+0x3a/0xa20
[ 1237.551118]  should_failslab+0x5/0x20
[ 1237.551585]  kmem_cache_alloc+0x5b/0x310
[ 1237.552091]  create_object.isra.0+0x3a/0xa20
[ 1237.552625]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1237.553247]  __kmalloc+0x16e/0x390
[ 1237.557715]  sg_build_indirect.isra.0+0x94/0x710
[ 1237.558291]  ? scsi_req_init+0x18/0xb0
[ 1237.558764]  ? scsi_initialize_rq+0x16/0xb0
[ 1237.559292]  sg_common_write.constprop.0+0x992/0x1a30
[ 1237.559924]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1237.560531]  ? vprintk_func+0x93/0x140
[ 1237.561004]  ? printk+0xba/0xf1
[ 1237.561434]  ? record_print_text.cold+0x16/0x16
[ 1237.561999]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1237.562612]  ? trace_hardirqs_on+0x5b/0x180
[ 1237.563142]  sg_write.part.0+0x69e/0xaa0
[ 1237.563637]  ? sg_new_write.isra.0+0x770/0x770
[ 1237.564200]  ? find_held_lock+0x2c/0x110
[ 1237.564696]  ? __might_fault+0xd3/0x180
[ 1237.565177]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.565712]  ? _cond_resched+0x12/0x80
[ 1237.566186]  ? inode_security+0x107/0x140
[ 1237.566688]  ? avc_policy_seqno+0x9/0x70
[ 1237.567185]  ? selinux_file_permission+0x92/0x520
[ 1237.567776]  sg_write+0x87/0x120
[ 1237.568190]  do_iter_write+0x4f0/0x700
[ 1237.568667]  ? import_iovec+0x83/0xb0
[ 1237.569131]  vfs_writev+0x1ae/0x620
[ 1237.569591]  ? vfs_iter_write+0xa0/0xa0
[ 1237.570075]  ? __fget_files+0x2cf/0x520
[ 1237.570556]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.571061]  ? find_held_lock+0x2c/0x110
[ 1237.571558]  ? ksys_write+0x12d/0x260
[ 1237.572024]  ? __fget_files+0x2f8/0x520
[ 1237.572512]  ? __fget_light+0xea/0x290
[ 1237.572987]  do_writev+0x139/0x300
[ 1237.573444]  ? vfs_writev+0x620/0x620
[ 1237.573909]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1237.574549]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1237.575175]  do_syscall_64+0x33/0x40
[ 1237.575626]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1237.576247] RIP: 0033:0x7fe1ffe69b19
[ 1237.576697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1237.578961] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1237.579885] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1237.580748] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1237.585643] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1237.586506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1237.587368] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
[ 1237.603511] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.603511]    program syz-executor.0 not setting count and/or reply_len properly
[ 1237.608038] FAULT_INJECTION: forcing a failure.
[ 1237.608038] name failslab, interval 1, probability 0, space 0, times 0
[ 1237.611759] CPU: 1 PID: 7219 Comm: syz-executor.0 Not tainted 5.10.233 #1
15:10:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 5)

15:10:48 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:10:48 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 15)

15:10:48 executing program 3:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:10:48 executing program 4:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:10:48 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1237.612608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1237.613649] Call Trace:
[ 1237.613978]  dump_stack+0x107/0x167
[ 1237.614425]  should_fail.cold+0x5/0xa
[ 1237.614895]  ? create_object.isra.0+0x3a/0xa20
[ 1237.615462]  should_failslab+0x5/0x20
[ 1237.615929]  kmem_cache_alloc+0x5b/0x310
[ 1237.616428]  create_object.isra.0+0x3a/0xa20
[ 1237.616965]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1237.617610]  __kmalloc+0x16e/0x390
[ 1237.618049]  bio_alloc_bioset+0x3b7/0x600
[ 1237.618552]  ? bvec_alloc+0x2f0/0x2f0
[ 1237.619013]  ? kasan_unpoison_shadow+0x33/0x50
[ 1237.619565]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1237.620181]  blk_rq_map_user_iov+0x473/0x1a60
[ 1237.620727]  ? sg_common_write.constprop.0+0x992/0x1a30
[ 1237.625403]  ? sg_write.part.0+0x69e/0xaa0
[ 1237.625929]  ? blk_rq_unmap_user+0x750/0x750
[ 1237.626469]  ? find_held_lock+0x2c/0x110
[ 1237.626965]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1237.627611]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.628113]  ? import_single_range+0x24d/0x2e0
[ 1237.628674]  blk_rq_map_user+0x103/0x170
[ 1237.629170]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1237.629783]  ? alloc_pages_current+0x18f/0x280
[ 1237.630342]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1237.630954]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1237.631603]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1237.632209]  ? vprintk_func+0x93/0x140
[ 1237.632685]  ? record_print_text.cold+0x16/0x16
[ 1237.633251]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1237.633895]  ? trace_hardirqs_on+0x5b/0x180
[ 1237.634432]  sg_write.part.0+0x69e/0xaa0
[ 1237.634929]  ? sg_new_write.isra.0+0x770/0x770
[ 1237.635490]  ? find_held_lock+0x2c/0x110
[ 1237.635988]  ? __might_fault+0xd3/0x180
[ 1237.636473]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.636987]  ? _cond_resched+0x12/0x80
[ 1237.637482]  ? inode_security+0x107/0x140
[ 1237.637988]  ? avc_policy_seqno+0x9/0x70
[ 1237.638483]  ? selinux_file_permission+0x92/0x520
[ 1237.639075]  sg_write+0x87/0x120
[ 1237.639495]  do_iter_write+0x4f0/0x700
[ 1237.639507] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.639507]    program syz-executor.2 not setting count and/or reply_len properly
[ 1237.645905]  ? import_iovec+0x83/0xb0
[ 1237.646371]  vfs_writev+0x1ae/0x620
[ 1237.646814]  ? vfs_iter_write+0xa0/0xa0
[ 1237.647296]  ? __fget_files+0x2cf/0x520
[ 1237.647778]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.648279]  ? find_held_lock+0x2c/0x110
[ 1237.648773]  ? ksys_write+0x12d/0x260
[ 1237.649238]  ? __fget_files+0x2f8/0x520
[ 1237.649743]  ? __fget_light+0xea/0x290
[ 1237.650219]  do_writev+0x139/0x300
[ 1237.650650]  ? vfs_writev+0x620/0x620
[ 1237.651117]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1237.651756]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1237.652381]  do_syscall_64+0x33/0x40
[ 1237.652832]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1237.653473] RIP: 0033:0x7ff981a49b19
[ 1237.653926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1237.656158] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1237.657087] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1237.657973] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1237.658837] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1237.659703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1237.660565] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:10:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0006abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1237.686253] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.686253]    program syz-executor.5 not setting count and/or reply_len properly
[ 1237.691164] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.691164]    program syz-executor.5 not setting count and/or reply_len properly
15:10:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0007abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1237.756328] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.756328]    program syz-executor.5 not setting count and/or reply_len properly
[ 1237.764980] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1237.764980]    program syz-executor.5 not setting count and/or reply_len properly
15:10:48 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:10:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0009abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:10:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 6)

15:10:48 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:10:48 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 16)

[ 1237.886765] FAULT_INJECTION: forcing a failure.
[ 1237.886765] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1237.888241] CPU: 1 PID: 7239 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1237.889067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1237.894107] Call Trace:
[ 1237.894433]  dump_stack+0x107/0x167
[ 1237.894876]  should_fail.cold+0x5/0xa
[ 1237.895340]  ? find_held_lock+0x2c/0x110
[ 1237.895837]  __alloc_pages_nodemask+0x182/0x600
[ 1237.896401]  ? __kmalloc+0x16e/0x390
[ 1237.896858]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1237.897626]  ? trace_hardirqs_on+0x5b/0x180
[ 1237.898153]  alloc_pages_current+0x187/0x280
[ 1237.898691]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1237.899282]  sg_common_write.constprop.0+0x992/0x1a30
[ 1237.899914]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1237.900518]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.901020]  ? do_raw_spin_trylock+0xad/0x180
[ 1237.901594]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1237.902231]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1237.902843]  ? trace_hardirqs_on+0x5b/0x180
[ 1237.903371]  ? ___ratelimit+0x1fc/0x440
[ 1237.903857]  sg_write.part.0+0x69e/0xaa0
[ 1237.904363]  ? sg_new_write.isra.0+0x770/0x770
[ 1237.904921]  ? find_held_lock+0x2c/0x110
[ 1237.905429]  ? __might_fault+0xd3/0x180
[ 1237.905912]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.906426]  ? _cond_resched+0x12/0x80
[ 1237.906900]  ? inode_security+0x107/0x140
[ 1237.907403]  ? avc_policy_seqno+0x9/0x70
[ 1237.907894]  ? selinux_file_permission+0x92/0x520
[ 1237.908484]  sg_write+0x87/0x120
[ 1237.908900]  do_iter_write+0x4f0/0x700
[ 1237.909454]  ? import_iovec+0x83/0xb0
[ 1237.909951]  vfs_writev+0x1ae/0x620
[ 1237.910395]  ? vfs_iter_write+0xa0/0xa0
[ 1237.910879]  ? __fget_files+0x2cf/0x520
[ 1237.911362]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.911864]  ? find_held_lock+0x2c/0x110
[ 1237.912361]  ? ksys_write+0x12d/0x260
[ 1237.912828]  ? __fget_files+0x2f8/0x520
[ 1237.913317]  ? __fget_light+0xea/0x290
[ 1237.917825]  do_writev+0x139/0x300
[ 1237.918258]  ? vfs_writev+0x620/0x620
[ 1237.918724]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1237.919361]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1237.919985]  do_syscall_64+0x33/0x40
[ 1237.920435]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1237.921056] RIP: 0033:0x7fe1ffe69b19
[ 1237.921519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1237.923749] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1237.924672] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1237.925552] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1237.926417] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1237.927281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1237.928145] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
[ 1237.976364] FAULT_INJECTION: forcing a failure.
[ 1237.976364] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1237.977897] CPU: 1 PID: 7243 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1237.978724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1237.979732] Call Trace:
[ 1237.980059]  dump_stack+0x107/0x167
[ 1237.980506]  should_fail.cold+0x5/0xa
[ 1237.980976]  copy_page_from_iter+0x40a/0x900
[ 1237.981548]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1237.982119]  ? blk_rq_unmap_user+0x750/0x750
[ 1237.982660]  ? find_held_lock+0x2c/0x110
[ 1237.983161]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1237.983811]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.984313]  ? import_single_range+0x24d/0x2e0
[ 1237.984872]  blk_rq_map_user+0x103/0x170
[ 1237.985391]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1237.985981]  ? alloc_pages_current+0x18f/0x280
[ 1237.986537]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1237.987149]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1237.987790]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1237.988394]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.988904]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1237.989568]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1237.990187]  ? trace_hardirqs_on+0x5b/0x180
[ 1237.990716]  ? ___ratelimit+0x1fc/0x440
[ 1237.991207]  sg_write.part.0+0x69e/0xaa0
[ 1237.991703]  ? sg_new_write.isra.0+0x770/0x770
[ 1237.992260]  ? find_held_lock+0x2c/0x110
[ 1237.992757]  ? __might_fault+0xd3/0x180
[ 1237.993240]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.993813]  ? _cond_resched+0x12/0x80
[ 1237.994290]  ? inode_security+0x107/0x140
[ 1237.994794]  ? avc_policy_seqno+0x9/0x70
[ 1237.995287]  ? selinux_file_permission+0x92/0x520
[ 1237.995879]  sg_write+0x87/0x120
[ 1237.996294]  do_iter_write+0x4f0/0x700
[ 1237.996771]  ? import_iovec+0x83/0xb0
[ 1237.997236]  vfs_writev+0x1ae/0x620
[ 1237.997721]  ? vfs_iter_write+0xa0/0xa0
[ 1237.998211]  ? __fget_files+0x2cf/0x520
[ 1237.998695]  ? lock_downgrade+0x6d0/0x6d0
[ 1237.999196]  ? find_held_lock+0x2c/0x110
[ 1237.999693]  ? ksys_write+0x12d/0x260
[ 1238.000159]  ? __fget_files+0x2f8/0x520
[ 1238.000647]  ? __fget_light+0xea/0x290
[ 1238.001128]  do_writev+0x139/0x300
[ 1238.001613]  ? vfs_writev+0x620/0x620
[ 1238.002082]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1238.002719]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1238.003347]  do_syscall_64+0x33/0x40
[ 1238.003799]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1238.004424] RIP: 0033:0x7ff981a49b19
[ 1238.004877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1238.007187] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1238.008115] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1238.008979] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1238.009868] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1238.010738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1238.011603] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1260.290026] sg_write: 5 callbacks suppressed
[ 1260.290037] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.290037]    program syz-executor.2 not setting count and/or reply_len properly
15:11:10 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 17)

15:11:10 executing program 4:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:11:10 executing program 7:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:11:10 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:11:10 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000dabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:10 executing program 3:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:11:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 7)

[ 1260.317244] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.317244]    program syz-executor.5 not setting count and/or reply_len properly
15:11:10 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf", 0x75}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1260.322202] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.322202]    program syz-executor.0 not setting count and/or reply_len properly
[ 1260.343020] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.343020]    program syz-executor.1 not setting count and/or reply_len properly
[ 1260.356756] FAULT_INJECTION: forcing a failure.
[ 1260.356756] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1260.358719] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.358719]    program syz-executor.5 not setting count and/or reply_len properly
[ 1260.362252] CPU: 1 PID: 7266 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1260.365088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1260.366103] Call Trace:
[ 1260.366436]  dump_stack+0x107/0x167
[ 1260.366885]  should_fail.cold+0x5/0xa
[ 1260.367353]  __alloc_pages_nodemask+0x182/0x600
[ 1260.367920]  ? __kmalloc+0x16e/0x390
[ 1260.368375]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1260.369110]  ? trace_hardirqs_on+0x5b/0x180
[ 1260.369638]  alloc_pages_current+0x187/0x280
[ 1260.370200]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1260.370791]  sg_common_write.constprop.0+0x992/0x1a30
[ 1260.371423]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1260.372026]  ? vprintk_func+0x93/0x140
[ 1260.372500]  ? printk+0xba/0xf1
[ 1260.372899]  ? record_print_text.cold+0x16/0x16
[ 1260.373463]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1260.374072]  ? trace_hardirqs_on+0x5b/0x180
[ 1260.374634]  sg_write.part.0+0x69e/0xaa0
[ 1260.375130]  ? sg_new_write.isra.0+0x770/0x770
[ 1260.375689]  ? find_held_lock+0x2c/0x110
[ 1260.376189]  ? __might_fault+0xd3/0x180
[ 1260.376673]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.377188]  ? _cond_resched+0x12/0x80
[ 1260.377661]  ? inode_security+0x107/0x140
[ 1260.378184]  ? avc_policy_seqno+0x9/0x70
[ 1260.378676]  ? selinux_file_permission+0x92/0x520
[ 1260.379267]  sg_write+0x87/0x120
[ 1260.379683]  do_iter_write+0x4f0/0x700
[ 1260.380160]  ? import_iovec+0x83/0xb0
[ 1260.380626]  vfs_writev+0x1ae/0x620
[ 1260.381070]  ? vfs_iter_write+0xa0/0xa0
[ 1260.381554]  ? __fget_files+0x2cf/0x520
[ 1260.382038]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.386308] sg_write: data in/out 196608/69 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.386308]    program syz-executor.2 not setting count and/or reply_len properly
[ 1260.386566]  ? find_held_lock+0x2c/0x110
[ 1260.386582]  ? ksys_write+0x12d/0x260
[ 1260.386597]  ? __fget_files+0x2f8/0x520
[ 1260.390045]  ? __fget_light+0xea/0x290
[ 1260.390539]  do_writev+0x139/0x300
[ 1260.390972]  ? vfs_writev+0x620/0x620
[ 1260.391435]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1260.392070]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1260.392701]  do_syscall_64+0x33/0x40
[ 1260.393152]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1260.393772] RIP: 0033:0x7fe1ffe69b19
[ 1260.394244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1260.396479] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1260.397405] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1260.398296] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1260.399157] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.400018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1260.400880] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
[ 1260.414117] FAULT_INJECTION: forcing a failure.
[ 1260.414117] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1260.415558] CPU: 1 PID: 7261 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1260.416388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1260.417392] Call Trace:
[ 1260.417714]  dump_stack+0x107/0x167
[ 1260.418171]  should_fail.cold+0x5/0xa
[ 1260.418638]  copy_page_from_iter+0x40a/0x900
[ 1260.419182]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1260.419749]  ? blk_rq_unmap_user+0x750/0x750
[ 1260.420326]  ? find_held_lock+0x2c/0x110
[ 1260.420825]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1260.421473]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.421977]  ? import_single_range+0x24d/0x2e0
[ 1260.422554]  blk_rq_map_user+0x103/0x170
[ 1260.423051]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1260.423629]  ? alloc_pages_current+0x18f/0x280
[ 1260.424188]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1260.424803]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1260.425449]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1260.426059]  ? vprintk_func+0x93/0x140
[ 1260.426558]  ? record_print_text.cold+0x16/0x16
[ 1260.427125]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1260.427736]  ? trace_hardirqs_on+0x5b/0x180
[ 1260.428264]  sg_write.part.0+0x69e/0xaa0
[ 1260.428758]  ? sg_new_write.isra.0+0x770/0x770
[ 1260.429314]  ? find_held_lock+0x2c/0x110
[ 1260.429810]  ? __might_fault+0xd3/0x180
[ 1260.434241]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.434753]  ? _cond_resched+0x12/0x80
[ 1260.435224]  ? inode_security+0x107/0x140
[ 1260.435726]  ? avc_policy_seqno+0x9/0x70
[ 1260.436217]  ? selinux_file_permission+0x92/0x520
[ 1260.436819]  sg_write+0x87/0x120
[ 1260.437232]  do_iter_write+0x4f0/0x700
[ 1260.437706]  ? import_iovec+0x83/0xb0
[ 1260.438185]  vfs_writev+0x1ae/0x620
[ 1260.438632]  ? vfs_iter_write+0xa0/0xa0
[ 1260.439114]  ? __fget_files+0x2cf/0x520
[ 1260.439596]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.440097]  ? find_held_lock+0x2c/0x110
[ 1260.440593]  ? ksys_write+0x12d/0x260
[ 1260.441058]  ? __fget_files+0x2f8/0x520
[ 1260.441544]  ? __fget_light+0xea/0x290
[ 1260.442019]  do_writev+0x139/0x300
[ 1260.442477]  ? vfs_writev+0x620/0x620
[ 1260.442943]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1260.443578]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1260.444203]  do_syscall_64+0x33/0x40
[ 1260.444654]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1260.445276] RIP: 0033:0x7ff981a49b19
[ 1260.445728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1260.447980] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1260.448905] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1260.449771] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1260.450651] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.451520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1260.452388] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:11:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 8)

[ 1260.580229] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
15:11:11 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 18)

[ 1260.580229]    program syz-executor.1 not setting count and/or reply_len properly
15:11:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000eabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:11 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6", 0x7f}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1260.623481] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.623481]    program syz-executor.0 not setting count and/or reply_len properly
[ 1260.626161] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.626161]    program syz-executor.5 not setting count and/or reply_len properly
[ 1260.628334] FAULT_INJECTION: forcing a failure.
[ 1260.628334] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1260.628390] FAULT_INJECTION: forcing a failure.
[ 1260.628390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1260.629806] CPU: 1 PID: 7277 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1260.629813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1260.629817] Call Trace:
[ 1260.629836]  dump_stack+0x107/0x167
[ 1260.629850]  should_fail.cold+0x5/0xa
[ 1260.637242]  __alloc_pages_nodemask+0x182/0x600
[ 1260.637808]  ? __kmalloc+0x16e/0x390
[ 1260.638285]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1260.639021]  ? trace_hardirqs_on+0x5b/0x180
[ 1260.639548]  alloc_pages_current+0x187/0x280
[ 1260.640088]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1260.640682]  sg_common_write.constprop.0+0x992/0x1a30
[ 1260.641316]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1260.641923]  ? vprintk_func+0x93/0x140
[ 1260.642410]  ? printk+0xba/0xf1
[ 1260.642813]  ? record_print_text.cold+0x16/0x16
[ 1260.643380]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1260.643994]  ? trace_hardirqs_on+0x5b/0x180
[ 1260.644524]  sg_write.part.0+0x69e/0xaa0
[ 1260.645021]  ? sg_new_write.isra.0+0x770/0x770
[ 1260.645581]  ? find_held_lock+0x2c/0x110
[ 1260.646080]  ? __might_fault+0xd3/0x180
[ 1260.646577]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.647092]  ? _cond_resched+0x12/0x80
[ 1260.647566]  ? inode_security+0x107/0x140
[ 1260.648070]  ? avc_policy_seqno+0x9/0x70
[ 1260.648563]  ? selinux_file_permission+0x92/0x520
[ 1260.649154]  sg_write+0x87/0x120
[ 1260.649569]  do_iter_write+0x4f0/0x700
[ 1260.650048]  ? import_iovec+0x83/0xb0
[ 1260.650526]  vfs_writev+0x1ae/0x620
[ 1260.650972]  ? vfs_iter_write+0xa0/0xa0
[ 1260.651456]  ? __fget_files+0x2cf/0x520
[ 1260.651940]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.652442]  ? find_held_lock+0x2c/0x110
[ 1260.652939]  ? ksys_write+0x12d/0x260
[ 1260.653405]  ? __fget_files+0x2f8/0x520
[ 1260.653893]  ? __fget_light+0xea/0x290
[ 1260.658400]  do_writev+0x139/0x300
[ 1260.658832]  ? vfs_writev+0x620/0x620
[ 1260.659296]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1260.659929]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1260.660553]  do_syscall_64+0x33/0x40
[ 1260.661004]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1260.661624] RIP: 0033:0x7fe1ffe69b19
[ 1260.662078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1260.664325] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1260.665247] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1260.666121] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1260.666993] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.667859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1260.668723] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
[ 1260.669608] CPU: 0 PID: 7279 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1260.670532] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1260.671624] Call Trace:
[ 1260.671975]  dump_stack+0x107/0x167
[ 1260.672459]  should_fail.cold+0x5/0xa
[ 1260.672971]  copy_page_from_iter+0x40a/0x900
[ 1260.673564]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1260.674199]  ? blk_rq_unmap_user+0x750/0x750
[ 1260.674789]  ? find_held_lock+0x2c/0x110
[ 1260.675335]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1260.676035]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.676569]  ? import_single_range+0x24d/0x2e0
[ 1260.677163]  blk_rq_map_user+0x103/0x170
[ 1260.677691]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1260.678324]  ? alloc_pages_current+0x18f/0x280
[ 1260.678919]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1260.679572]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1260.680263]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1260.680913]  ? vprintk_func+0x93/0x140
[ 1260.681421]  ? record_print_text.cold+0x16/0x16
[ 1260.682025]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1260.682693]  ? trace_hardirqs_on+0x5b/0x180
[ 1260.683260]  sg_write.part.0+0x69e/0xaa0
[ 1260.683789]  ? sg_new_write.isra.0+0x770/0x770
[ 1260.684383]  ? find_held_lock+0x2c/0x110
[ 1260.684918]  ? __might_fault+0xd3/0x180
[ 1260.685437]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.685988]  ? _cond_resched+0x12/0x80
[ 1260.686517]  ? inode_security+0x107/0x140
[ 1260.687059]  ? avc_policy_seqno+0x9/0x70
[ 1260.687586]  ? selinux_file_permission+0x92/0x520
[ 1260.688219]  sg_write+0x87/0x120
[ 1260.688663]  do_iter_write+0x4f0/0x700
[ 1260.689182]  ? import_iovec+0x83/0xb0
[ 1260.689691]  vfs_writev+0x1ae/0x620
[ 1260.690189]  ? vfs_iter_write+0xa0/0xa0
[ 1260.690717]  ? __fget_files+0x2cf/0x520
[ 1260.691246]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.691795]  ? find_held_lock+0x2c/0x110
[ 1260.692338]  ? ksys_write+0x12d/0x260
[ 1260.692846]  ? __fget_files+0x2f8/0x520
[ 1260.693373]  ? __fget_light+0xea/0x290
[ 1260.693894]  do_writev+0x139/0x300
[ 1260.694385]  ? vfs_writev+0x620/0x620
[ 1260.694895]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1260.695590]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1260.696276]  do_syscall_64+0x33/0x40
[ 1260.696771]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1260.697452] RIP: 0033:0x7ff981a49b19
[ 1260.697945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1260.700386] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1260.701384] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1260.702346] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1260.703276] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.704209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1260.705152] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:11:11 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r1, r1)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1260.720468] sg_write: data in/out 196608/79 bytes for SCSI command 0xbd-- guessing data in;
[ 1260.720468]    program syz-executor.2 not setting count and/or reply_len properly
15:11:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0030abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:11 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6", 0x7f}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0048abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:29 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6", 0x7f}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:29 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:11:29 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:11:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 9)

[ 1278.700603] sg_write: 6 callbacks suppressed
[ 1278.700615] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.700615]    program syz-executor.5 not setting count and/or reply_len properly
[ 1278.712844] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.712844]    program syz-executor.1 not setting count and/or reply_len properly
[ 1278.719174] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.719174]    program syz-executor.5 not setting count and/or reply_len properly
[ 1278.724939] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
15:11:29 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 19)

15:11:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="004cabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:29 executing program 7:
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:11:29 executing program 3:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1278.724939]    program syz-executor.0 not setting count and/or reply_len properly
[ 1278.727201] sg_write: data in/out 196608/79 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.727201]    program syz-executor.2 not setting count and/or reply_len properly
[ 1278.729773] FAULT_INJECTION: forcing a failure.
[ 1278.729773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1278.731371] CPU: 0 PID: 7315 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1278.732290] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1278.733393] Call Trace:
[ 1278.733746]  dump_stack+0x107/0x167
[ 1278.734225]  should_fail.cold+0x5/0xa
[ 1278.734765]  copy_page_from_iter+0x40a/0x900
[ 1278.735377]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1278.736006]  ? blk_rq_unmap_user+0x750/0x750
[ 1278.736587]  ? find_held_lock+0x2c/0x110
[ 1278.737125]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1278.737848]  ? lock_downgrade+0x6d0/0x6d0
[ 1278.738402]  ? import_single_range+0x24d/0x2e0
[ 1278.743056]  blk_rq_map_user+0x103/0x170
[ 1278.743597]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1278.744224]  ? alloc_pages_current+0x18f/0x280
[ 1278.744837]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1278.745518]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1278.746233]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1278.746938]  ? vprintk_func+0x93/0x140
[ 1278.747468]  ? record_print_text.cold+0x16/0x16
[ 1278.748098]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1278.748782]  ? trace_hardirqs_on+0x5b/0x180
[ 1278.749373]  sg_write.part.0+0x69e/0xaa0
[ 1278.749924]  ? sg_new_write.isra.0+0x770/0x770
[ 1278.750544]  ? find_held_lock+0x2c/0x110
[ 1278.751128]  ? __might_fault+0xd3/0x180
[ 1278.751666]  ? lock_downgrade+0x6d0/0x6d0
[ 1278.752236]  ? _cond_resched+0x12/0x80
[ 1278.752761]  ? inode_security+0x107/0x140
[ 1278.753323]  ? avc_policy_seqno+0x9/0x70
[ 1278.753872]  ? selinux_file_permission+0x92/0x520
[ 1278.754526]  sg_write+0x87/0x120
[ 1278.755009]  do_iter_write+0x4f0/0x700
[ 1278.755537]  ? import_iovec+0x83/0xb0
[ 1278.756054]  vfs_writev+0x1ae/0x620
[ 1278.756545]  ? vfs_iter_write+0xa0/0xa0
[ 1278.757088]  ? __fget_files+0x2cf/0x520
[ 1278.757625]  ? lock_downgrade+0x6d0/0x6d0
[ 1278.758181]  ? find_held_lock+0x2c/0x110
[ 1278.758753]  ? ksys_write+0x12d/0x260
[ 1278.759283]  ? __fget_files+0x2f8/0x520
[ 1278.759833]  ? __fget_light+0xea/0x290
[ 1278.760363]  do_writev+0x139/0x300
[ 1278.760847]  ? vfs_writev+0x620/0x620
[ 1278.761366]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1278.762077]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1278.762809]  do_syscall_64+0x33/0x40
[ 1278.763315]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1278.764015] RIP: 0033:0x7ff981a49b19
[ 1278.764519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1278.767045] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1278.768078] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1278.769046] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1278.770013] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1278.771014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1278.771984] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:11:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="054cabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1278.811035] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.811035]    program syz-executor.5 not setting count and/or reply_len properly
[ 1278.817597] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.817597]    program syz-executor.5 not setting count and/or reply_len properly
15:11:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0068abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1278.852529] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.852529]    program syz-executor.5 not setting count and/or reply_len properly
[ 1278.867851] FAULT_INJECTION: forcing a failure.
[ 1278.867851] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1278.869345] CPU: 1 PID: 7307 Comm: syz-executor.1 Not tainted 5.10.233 #1
[ 1278.870183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1278.871213] Call Trace:
[ 1278.871541]  dump_stack+0x107/0x167
[ 1278.871988]  should_fail.cold+0x5/0xa
[ 1278.872457]  __alloc_pages_nodemask+0x182/0x600
[ 1278.873027]  ? __kmalloc+0x16e/0x390
[ 1278.873483]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1278.874224]  ? trace_hardirqs_on+0x5b/0x180
[ 1278.874762]  alloc_pages_current+0x187/0x280
[ 1278.875308]  sg_build_indirect.isra.0+0x2f5/0x710
[ 1278.875904]  sg_common_write.constprop.0+0x992/0x1a30
[ 1278.876542]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1278.877160]  ? vprintk_func+0x93/0x140
[ 1278.877639]  ? printk+0xba/0xf1
[ 1278.878045]  ? record_print_text.cold+0x16/0x16
[ 1278.878616]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1278.879242]  ? trace_hardirqs_on+0x5b/0x180
[ 1278.879777]  sg_write.part.0+0x69e/0xaa0
[ 1278.880275]  ? sg_new_write.isra.0+0x770/0x770
[ 1278.880855]  ? find_held_lock+0x2c/0x110
[ 1278.881355]  ? __might_fault+0xd3/0x180
[ 1278.881840]  ? lock_downgrade+0x6d0/0x6d0
[ 1278.882355]  ? _cond_resched+0x12/0x80
[ 1278.882949]  ? inode_security+0x107/0x140
[ 1278.883457]  ? avc_policy_seqno+0x9/0x70
[ 1278.883953]  ? selinux_file_permission+0x92/0x520
[ 1278.884549]  sg_write+0x87/0x120
[ 1278.884967]  do_iter_write+0x4f0/0x700
[ 1278.885446]  ? import_iovec+0x83/0xb0
[ 1278.885916]  vfs_writev+0x1ae/0x620
[ 1278.886362]  ? vfs_iter_write+0xa0/0xa0
[ 1278.886866]  ? __fget_files+0x2cf/0x520
[ 1278.887300] sg_write: data in/out 196608/84 bytes for SCSI command 0xbd-- guessing data in;
[ 1278.887300]    program syz-executor.2 not setting count and/or reply_len properly
[ 1278.887351]  ? lock_downgrade+0x6d0/0x6d0
[ 1278.887369]  ? find_held_lock+0x2c/0x110
[ 1278.890450]  ? ksys_write+0x12d/0x260
[ 1278.890931]  ? __fget_files+0x2f8/0x520
[ 1278.891422]  ? __fget_light+0xea/0x290
[ 1278.891911]  do_writev+0x139/0x300
[ 1278.892363]  ? vfs_writev+0x620/0x620
[ 1278.892846]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1278.893485]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1278.894116]  do_syscall_64+0x33/0x40
[ 1278.894570]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1278.895250] RIP: 0033:0x7fe1ffe69b19
[ 1278.895704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1278.897948] RSP: 002b:00007fe1fd3df188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1278.899121] RAX: ffffffffffffffda RBX: 00007fe1fff7cf60 RCX: 00007fe1ffe69b19
[ 1278.900852] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1278.902588] RBP: 00007fe1fd3df1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1278.904631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1278.906346] R13: 00007ffe527e500f R14: 00007fe1fd3df300 R15: 0000000000022000
15:11:29 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4a", 0x84}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 10)

15:11:29 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 20)

[ 1279.033718] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1279.033718]    program syz-executor.0 not setting count and/or reply_len properly
[ 1279.047518] FAULT_INJECTION: forcing a failure.
[ 1279.047518] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1279.048977] CPU: 1 PID: 7335 Comm: syz-executor.0 Not tainted 5.10.233 #1
15:11:29 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4a", 0x84}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1279.049817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1279.054891] Call Trace:
[ 1279.055235]  dump_stack+0x107/0x167
[ 1279.055697]  should_fail.cold+0x5/0xa
[ 1279.056167]  copy_page_from_iter+0x40a/0x900
[ 1279.056712]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1279.057276]  ? blk_rq_unmap_user+0x750/0x750
[ 1279.057813]  ? find_held_lock+0x2c/0x110
[ 1279.058309]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1279.058974]  ? lock_downgrade+0x6d0/0x6d0
[ 1279.059479]  ? import_single_range+0x24d/0x2e0
[ 1279.060036]  blk_rq_map_user+0x103/0x170
[ 1279.060531]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1279.061109]  ? alloc_pages_current+0x18f/0x280
[ 1279.061663]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1279.062273]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1279.062926]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1279.063536]  ? vprintk_func+0x93/0x140
[ 1279.064013]  ? record_print_text.cold+0x16/0x16
[ 1279.064578]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1279.065192]  ? trace_hardirqs_on+0x5b/0x180
[ 1279.065723]  sg_write.part.0+0x69e/0xaa0
[ 1279.066219]  ? sg_new_write.isra.0+0x770/0x770
[ 1279.066789]  ? find_held_lock+0x2c/0x110
[ 1279.067293]  ? __might_fault+0xd3/0x180
[ 1279.067775]  ? lock_downgrade+0x6d0/0x6d0
[ 1279.068288]  ? _cond_resched+0x12/0x80
[ 1279.068761]  ? inode_security+0x107/0x140
[ 1279.069268]  ? avc_policy_seqno+0x9/0x70
[ 1279.069759]  ? selinux_file_permission+0x92/0x520
[ 1279.070349]  sg_write+0x87/0x120
[ 1279.078787]  do_iter_write+0x4f0/0x700
[ 1279.079280]  ? import_iovec+0x83/0xb0
[ 1279.079761]  vfs_writev+0x1ae/0x620
[ 1279.080209]  ? vfs_iter_write+0xa0/0xa0
[ 1279.080691]  ? __fget_files+0x2cf/0x520
[ 1279.081172]  ? lock_downgrade+0x6d0/0x6d0
[ 1279.081672]  ? find_held_lock+0x2c/0x110
[ 1279.082180]  ? ksys_write+0x12d/0x260
[ 1279.082644]  ? __fget_files+0x2f8/0x520
[ 1279.083149]  ? __fget_light+0xea/0x290
[ 1279.083623]  do_writev+0x139/0x300
[ 1279.084069]  ? vfs_writev+0x620/0x620
[ 1279.084553]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1279.085208]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1279.085860]  do_syscall_64+0x33/0x40
[ 1279.086323]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1279.086961] RIP: 0033:0x7ff981a49b19
[ 1279.087412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1279.089637] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1279.090560] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1279.091442] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1279.092310] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1279.093176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1279.094048] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:11:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="006cabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:29 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:11:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1293.837395] sg_write: 4 callbacks suppressed
[ 1293.837407] sg_write: data in/out 196608/84 bytes for SCSI command 0xbd-- guessing data in;
[ 1293.837407]    program syz-executor.2 not setting count and/or reply_len properly
[ 1293.855537] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1293.855537]    program syz-executor.1 not setting count and/or reply_len properly
[ 1293.873394] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1293.873394]    program syz-executor.0 not setting count and/or reply_len properly
[ 1293.881103] FAULT_INJECTION: forcing a failure.
[ 1293.881103] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1293.882595] CPU: 1 PID: 7369 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1293.883485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1293.884530] Call Trace:
[ 1293.884869]  dump_stack+0x107/0x167
[ 1293.885331]  should_fail.cold+0x5/0xa
[ 1293.885820]  copy_page_from_iter+0x40a/0x900
[ 1293.886387]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1293.886977]  ? blk_rq_unmap_user+0x750/0x750
[ 1293.887543]  ? find_held_lock+0x2c/0x110
[ 1293.888043]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1293.888692]  ? lock_downgrade+0x6d0/0x6d0
[ 1293.889195]  ? import_single_range+0x24d/0x2e0
[ 1293.889754]  blk_rq_map_user+0x103/0x170
[ 1293.890250]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1293.890830]  ? alloc_pages_current+0x18f/0x280
[ 1293.891413]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1293.892056]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1293.892730]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1293.893368]  ? vprintk_func+0x93/0x140
[ 1293.893847]  ? record_print_text.cold+0x16/0x16
[ 1293.894415]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1293.895031]  ? trace_hardirqs_on+0x5b/0x180
[ 1293.895575]  sg_write.part.0+0x69e/0xaa0
[ 1293.896073]  ? sg_new_write.isra.0+0x770/0x770
[ 1293.896632]  ? find_held_lock+0x2c/0x110
[ 1293.897132]  ? __might_fault+0xd3/0x180
[ 1293.897617]  ? lock_downgrade+0x6d0/0x6d0
[ 1293.898132]  ? _cond_resched+0x12/0x80
[ 1293.898606]  ? inode_security+0x107/0x140
[ 1293.899110]  ? avc_policy_seqno+0x9/0x70
[ 1293.903422]  ? selinux_file_permission+0x92/0x520
[ 1293.904039]  sg_write+0x87/0x120
[ 1293.904472]  do_iter_write+0x4f0/0x700
[ 1293.904965]  ? import_iovec+0x83/0xb0
[ 1293.905448]  vfs_writev+0x1ae/0x620
[ 1293.905911]  ? vfs_iter_write+0xa0/0xa0
[ 1293.906409]  ? __fget_files+0x2cf/0x520
[ 1293.906909]  ? lock_downgrade+0x6d0/0x6d0
[ 1293.907440]  ? find_held_lock+0x2c/0x110
[ 1293.907957]  ? ksys_write+0x12d/0x260
[ 1293.908445]  ? __fget_files+0x2f8/0x520
[ 1293.908948]  ? __fget_light+0xea/0x290
[ 1293.909444]  do_writev+0x139/0x300
[ 1293.909896]  ? vfs_writev+0x620/0x620
[ 1293.910378]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1293.911040]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1293.911702]  do_syscall_64+0x33/0x40
[ 1293.912175]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1293.912822] RIP: 0033:0x7ff981a49b19
[ 1293.913293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1293.919684] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1293.920646] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1293.921550] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1293.922452] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1293.923366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1293.924272] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1293.928253] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1293.928253]    program syz-executor.5 not setting count and/or reply_len properly
15:11:44 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0074abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0200abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:11:44 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:11:44 executing program 7:
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:11:44 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:11:44 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 21)

15:11:44 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:11:44 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4a", 0x84}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0300abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:11:44 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 22)

[ 1294.174453] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1294.174453]    program syz-executor.0 not setting count and/or reply_len properly
[ 1294.231057] FAULT_INJECTION: forcing a failure.
[ 1294.231057] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1294.232632] CPU: 1 PID: 7377 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1294.233498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1294.234548] Call Trace:
[ 1294.234889]  dump_stack+0x107/0x167
[ 1294.235376]  should_fail.cold+0x5/0xa
[ 1294.235838]  copy_page_from_iter+0x40a/0x900
[ 1294.236399]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1294.237011]  ? blk_rq_unmap_user+0x750/0x750
[ 1294.237590]  ? find_held_lock+0x2c/0x110
[ 1294.238137]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1294.238832]  ? lock_downgrade+0x6d0/0x6d0
[ 1294.239392]  ? import_single_range+0x24d/0x2e0
[ 1294.239987]  blk_rq_map_user+0x103/0x170
[ 1294.240515]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1294.241100]  ? alloc_pages_current+0x18f/0x280
[ 1294.241668]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1294.242279]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1294.242930]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1294.243558]  ? vprintk_func+0x93/0x140
[ 1294.244036]  ? record_print_text.cold+0x16/0x16
[ 1294.244618]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1294.245255]  ? trace_hardirqs_on+0x5b/0x180
[ 1294.245814]  sg_write.part.0+0x69e/0xaa0
[ 1294.246346]  ? sg_new_write.isra.0+0x770/0x770
[ 1294.246954]  ? find_held_lock+0x2c/0x110
[ 1294.247507]  ? __might_fault+0xd3/0x180
[ 1294.248007]  ? lock_downgrade+0x6d0/0x6d0
[ 1294.248544]  ? _cond_resched+0x12/0x80
[ 1294.249035]  ? inode_security+0x107/0x140
[ 1294.249556]  ? avc_policy_seqno+0x9/0x70
[ 1294.250063]  ? selinux_file_permission+0x92/0x520
[ 1294.250676]  sg_write+0x87/0x120
[ 1294.251106]  do_iter_write+0x4f0/0x700
[ 1294.251638]  ? import_iovec+0x83/0xb0
[ 1294.252138]  vfs_writev+0x1ae/0x620
[ 1294.252613]  ? vfs_iter_write+0xa0/0xa0
[ 1294.253130]  ? __fget_files+0x2cf/0x520
[ 1294.253647]  ? lock_downgrade+0x6d0/0x6d0
[ 1294.254185]  ? find_held_lock+0x2c/0x110
[ 1294.254704]  ? ksys_write+0x12d/0x260
[ 1294.255187]  ? __fget_files+0x2f8/0x520
[ 1294.255710]  ? __fget_light+0xea/0x290
[ 1294.256203]  do_writev+0x139/0x300
[ 1294.256651]  ? vfs_writev+0x620/0x620
[ 1294.257134]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1294.257794]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1294.258445]  do_syscall_64+0x33/0x40
[ 1294.258911]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1294.259577] RIP: 0033:0x7ff981a49b19
[ 1294.260049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1294.262381] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1294.263360] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1294.264263] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1294.265161] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1294.266064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1294.266964] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1294.338599] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1294.338599]    program syz-executor.1 not setting count and/or reply_len properly
[ 1294.349592] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
15:11:44 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 23)

15:11:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0400abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1294.349592]    program syz-executor.5 not setting count and/or reply_len properly
[ 1294.413613] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
15:11:45 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b8", 0x86}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1294.413613]    program syz-executor.0 not setting count and/or reply_len properly
[ 1294.415736] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1294.415736]    program syz-executor.1 not setting count and/or reply_len properly
[ 1294.445989] FAULT_INJECTION: forcing a failure.
[ 1294.445989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1294.447718] CPU: 0 PID: 7385 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1294.448618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1294.449713] Call Trace:
[ 1294.450065]  dump_stack+0x107/0x167
[ 1294.450544]  should_fail.cold+0x5/0xa
[ 1294.451050]  copy_page_from_iter+0x40a/0x900
[ 1294.451660]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1294.452268]  ? blk_rq_unmap_user+0x750/0x750
[ 1294.452851]  ? find_held_lock+0x2c/0x110
[ 1294.453388]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1294.454086]  ? lock_downgrade+0x6d0/0x6d0
[ 1294.454626]  ? import_single_range+0x24d/0x2e0
[ 1294.455239]  blk_rq_map_user+0x103/0x170
[ 1294.455794]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1294.456417]  ? alloc_pages_current+0x18f/0x280
[ 1294.457017]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1294.457676]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1294.457729] sg_write: data in/out 196608/86 bytes for SCSI command 0xbd-- guessing data in;
[ 1294.457729]    program syz-executor.2 not setting count and/or reply_len properly
[ 1294.458368]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1294.458385]  ? vprintk_func+0x93/0x140
[ 1294.461494]  ? record_print_text.cold+0x16/0x16
[ 1294.462105]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1294.462768]  ? trace_hardirqs_on+0x5b/0x180
[ 1294.463597]  sg_write.part.0+0x69e/0xaa0
[ 1294.464133]  ? sg_new_write.isra.0+0x770/0x770
[ 1294.464737]  ? find_held_lock+0x2c/0x110
[ 1294.465276]  ? __might_fault+0xd3/0x180
[ 1294.465798]  ? lock_downgrade+0x6d0/0x6d0
[ 1294.466353]  ? _cond_resched+0x12/0x80
[ 1294.466864]  ? inode_security+0x107/0x140
[ 1294.467528]  ? avc_policy_seqno+0x9/0x70
[ 1294.468063]  ? selinux_file_permission+0x92/0x520
[ 1294.468702]  sg_write+0x87/0x120
[ 1294.469151]  do_iter_write+0x4f0/0x700
[ 1294.469666]  ? import_iovec+0x83/0xb0
[ 1294.470171]  vfs_writev+0x1ae/0x620
[ 1294.470650]  ? vfs_iter_write+0xa0/0xa0
15:11:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="007aabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:45 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1294.471175]  ? __fget_files+0x2cf/0x520
[ 1294.471730]  ? lock_downgrade+0x6d0/0x6d0
[ 1294.472272]  ? find_held_lock+0x2c/0x110
[ 1294.472809]  ? ksys_write+0x12d/0x260
[ 1294.473311]  ? __fget_files+0x2f8/0x520
[ 1294.473840]  ? __fget_light+0xea/0x290
[ 1294.474353]  do_writev+0x139/0x300
[ 1294.474823]  ? vfs_writev+0x620/0x620
[ 1294.475345]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1294.476038]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1294.476714]  do_syscall_64+0x33/0x40
[ 1294.477202]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1294.477875] RIP: 0033:0x7ff981a49b19
[ 1294.478365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1294.480801] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1294.481801] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1294.482738] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1294.483700] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1294.484636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1294.485574] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:11:45 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b8", 0x86}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:11:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0900abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:11:45 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:12:27 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:12:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0d00abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:12:27 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:12:27 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b8", 0x86}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:27 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:12:27 executing program 7:
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:12:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0002abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:27 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 24)

[ 1336.424197] sg_write: 4 callbacks suppressed
[ 1336.424209] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.424209]    program syz-executor.1 not setting count and/or reply_len properly
[ 1336.428925] sg_write: data in/out 196608/86 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.428925]    program syz-executor.2 not setting count and/or reply_len properly
[ 1336.437936] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.437936]    program syz-executor.0 not setting count and/or reply_len properly
[ 1336.441221] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.441221]    program syz-executor.5 not setting count and/or reply_len properly
[ 1336.448340] FAULT_INJECTION: forcing a failure.
[ 1336.448340] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1336.449978] CPU: 0 PID: 7421 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1336.450903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1336.452024] Call Trace:
[ 1336.452376]  dump_stack+0x107/0x167
[ 1336.456897]  should_fail.cold+0x5/0xa
[ 1336.457410]  copy_page_from_iter+0x40a/0x900
[ 1336.457999]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1336.458605]  ? blk_rq_unmap_user+0x750/0x750
[ 1336.459186]  ? find_held_lock+0x2c/0x110
[ 1336.459722]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1336.460417]  ? lock_downgrade+0x6d0/0x6d0
[ 1336.460989]  ? import_single_range+0x24d/0x2e0
[ 1336.461604]  blk_rq_map_user+0x103/0x170
[ 1336.462134]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1336.462755]  ? alloc_pages_current+0x18f/0x280
[ 1336.463357]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1336.464017]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1336.464744]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1336.465401]  ? vprintk_func+0x93/0x140
[ 1336.465914]  ? record_print_text.cold+0x16/0x16
[ 1336.466523]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1336.467186]  ? trace_hardirqs_on+0x5b/0x180
[ 1336.467762]  sg_write.part.0+0x69e/0xaa0
[ 1336.468310]  ? sg_new_write.isra.0+0x770/0x770
[ 1336.472943]  ? find_held_lock+0x2c/0x110
[ 1336.473488]  ? __might_fault+0xd3/0x180
[ 1336.474015]  ? lock_downgrade+0x6d0/0x6d0
[ 1336.474570]  ? _cond_resched+0x12/0x80
[ 1336.475078]  ? inode_security+0x107/0x140
[ 1336.475623]  ? avc_policy_seqno+0x9/0x70
[ 1336.476163]  ? selinux_file_permission+0x92/0x520
[ 1336.476834]  sg_write+0x87/0x120
[ 1336.477285]  do_iter_write+0x4f0/0x700
[ 1336.477796]  ? import_iovec+0x83/0xb0
[ 1336.478295]  vfs_writev+0x1ae/0x620
[ 1336.478781]  ? vfs_iter_write+0xa0/0xa0
[ 1336.479312]  ? __fget_files+0x2cf/0x520
[ 1336.479834]  ? lock_downgrade+0x6d0/0x6d0
[ 1336.480371]  ? find_held_lock+0x2c/0x110
[ 1336.480927]  ? ksys_write+0x12d/0x260
[ 1336.481439]  ? __fget_files+0x2f8/0x520
[ 1336.481980]  ? __fget_light+0xea/0x290
[ 1336.482503]  do_writev+0x139/0x300
[ 1336.482978]  ? vfs_writev+0x620/0x620
[ 1336.483478]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1336.484161]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1336.488876]  do_syscall_64+0x33/0x40
[ 1336.489374]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1336.490064] RIP: 0033:0x7ff981a49b19
[ 1336.490555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
15:12:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0e00abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:12:27 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1336.493028] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1336.494044] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1336.494978] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1336.495906] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1336.496862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1336.497814] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1336.504310] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.504310]    program syz-executor.5 not setting count and/or reply_len properly
15:12:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0003abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1336.583523] sg_write: data in/out 196608/87 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.583523]    program syz-executor.2 not setting count and/or reply_len properly
[ 1336.588082] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.588082]    program syz-executor.1 not setting count and/or reply_len properly
[ 1336.597604] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.597604]    program syz-executor.5 not setting count and/or reply_len properly
[ 1336.609583] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.609583]    program syz-executor.5 not setting count and/or reply_len properly
[ 1336.679230] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1336.679230]    program syz-executor.1 not setting count and/or reply_len properly
15:12:27 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:27 executing program 6:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:12:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0004abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="3000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:12:27 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 25)

[ 1336.741985] FAULT_INJECTION: forcing a failure.
[ 1336.741985] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1336.743533] CPU: 1 PID: 7451 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1336.744371] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1336.745397] Call Trace:
[ 1336.745724]  dump_stack+0x107/0x167
[ 1336.746169]  should_fail.cold+0x5/0xa
[ 1336.746638]  copy_page_from_iter+0x40a/0x900
[ 1336.747181]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1336.747770]  ? blk_rq_unmap_user+0x750/0x750
[ 1336.748327]  ? find_held_lock+0x2c/0x110
[ 1336.748854]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1336.749515]  ? lock_downgrade+0x6d0/0x6d0
[ 1336.750033]  ? import_single_range+0x24d/0x2e0
[ 1336.750612]  blk_rq_map_user+0x103/0x170
[ 1336.751124]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1336.751724]  ? alloc_pages_current+0x18f/0x280
[ 1336.752301]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1336.752953]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1336.753618]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1336.754243]  ? lock_downgrade+0x6d0/0x6d0
[ 1336.754772]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1336.755429]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1336.756067]  ? trace_hardirqs_on+0x5b/0x180
[ 1336.756619]  ? ___ratelimit+0x1fc/0x440
[ 1336.757134]  sg_write.part.0+0x69e/0xaa0
[ 1336.757649]  ? sg_new_write.isra.0+0x770/0x770
[ 1336.758223]  ? find_held_lock+0x2c/0x110
[ 1336.758725]  ? __might_fault+0xd3/0x180
[ 1336.759207]  ? lock_downgrade+0x6d0/0x6d0
[ 1336.759721]  ? _cond_resched+0x12/0x80
[ 1336.760195]  ? inode_security+0x107/0x140
[ 1336.760724]  ? avc_policy_seqno+0x9/0x70
[ 1336.761229]  ? selinux_file_permission+0x92/0x520
[ 1336.761840]  sg_write+0x87/0x120
[ 1336.762269]  do_iter_write+0x4f0/0x700
[ 1336.762770]  ? import_iovec+0x83/0xb0
[ 1336.763263]  vfs_writev+0x1ae/0x620
[ 1336.763734]  ? vfs_iter_write+0xa0/0xa0
[ 1336.764232]  ? __fget_files+0x2cf/0x520
[ 1336.764740]  ? lock_downgrade+0x6d0/0x6d0
[ 1336.765261]  ? find_held_lock+0x2c/0x110
[ 1336.765791]  ? ksys_write+0x12d/0x260
[ 1336.766278]  ? __fget_files+0x2f8/0x520
[ 1336.766800]  ? __fget_light+0xea/0x290
[ 1336.767307]  do_writev+0x139/0x300
[ 1336.767770]  ? vfs_writev+0x620/0x620
[ 1336.768264]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1336.768959]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1336.769628]  do_syscall_64+0x33/0x40
[ 1336.770109]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1336.770769] RIP: 0033:0x7ff981a49b19
[ 1336.771246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1336.773599] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1336.774548] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1336.775437] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1336.776327] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1336.777239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1336.778104] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:12:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0003abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1364.261165] sg_write: 5 callbacks suppressed
[ 1364.261176] sg_write: data in/out 196608/87 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.261176]    program syz-executor.2 not setting count and/or reply_len properly
[ 1364.265256] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.265256]    program syz-executor.0 not setting count and/or reply_len properly
[ 1364.269568] FAULT_INJECTION: forcing a failure.
[ 1364.269568] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1364.271004] CPU: 1 PID: 7473 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1364.271835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1364.272849] Call Trace:
[ 1364.273176]  dump_stack+0x107/0x167
15:12:54 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88a", 0x87}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:54 executing program 6:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:12:54 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:12:54 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0009abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:12:54 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0005abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:54 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 26)

15:12:54 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:12:54 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1364.273639]  should_fail.cold+0x5/0xa
[ 1364.274135]  copy_page_from_iter+0x40a/0x900
[ 1364.278585] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.278585]    program syz-executor.5 not setting count and/or reply_len properly
[ 1364.282086]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1364.282115]  ? blk_rq_unmap_user+0x750/0x750
[ 1364.285221]  ? find_held_lock+0x2c/0x110
[ 1364.285691] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.285691]    program syz-executor.5 not setting count and/or reply_len properly
[ 1364.285734]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1364.288415]  ? lock_downgrade+0x6d0/0x6d0
[ 1364.288913]  ? import_single_range+0x24d/0x2e0
[ 1364.289470]  blk_rq_map_user+0x103/0x170
[ 1364.289981]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1364.290561]  ? alloc_pages_current+0x18f/0x280
[ 1364.291117]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1364.291730]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1364.292378]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1364.292984]  ? vprintk_func+0x93/0x140
[ 1364.293463]  ? record_print_text.cold+0x16/0x16
[ 1364.294043]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1364.294658]  ? trace_hardirqs_on+0x5b/0x180
[ 1364.295189]  sg_write.part.0+0x69e/0xaa0
[ 1364.295686]  ? sg_new_write.isra.0+0x770/0x770
[ 1364.296242]  ? find_held_lock+0x2c/0x110
[ 1364.296739]  ? __might_fault+0xd3/0x180
[ 1364.297220]  ? lock_downgrade+0x6d0/0x6d0
[ 1364.297746]  ? _cond_resched+0x12/0x80
[ 1364.298221]  ? inode_security+0x107/0x140
[ 1364.298725]  ? avc_policy_seqno+0x9/0x70
[ 1364.299217]  ? selinux_file_permission+0x92/0x520
[ 1364.299807]  sg_write+0x87/0x120
[ 1364.300221]  do_iter_write+0x4f0/0x700
[ 1364.300697]  ? import_iovec+0x83/0xb0
[ 1364.301162]  vfs_writev+0x1ae/0x620
[ 1364.301611]  ? vfs_iter_write+0xa0/0xa0
[ 1364.302101]  ? __fget_files+0x2cf/0x520
[ 1364.302583]  ? lock_downgrade+0x6d0/0x6d0
[ 1364.303085]  ? find_held_lock+0x2c/0x110
[ 1364.303582]  ? ksys_write+0x12d/0x260
[ 1364.304047]  ? __fget_files+0x2f8/0x520
[ 1364.304535]  ? __fget_light+0xea/0x290
[ 1364.305011]  do_writev+0x139/0x300
[ 1364.305443]  ? vfs_writev+0x620/0x620
[ 1364.305920]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1364.306557]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1364.307189]  do_syscall_64+0x33/0x40
[ 1364.307641]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1364.308265] RIP: 0033:0x7ff981a49b19
[ 1364.308717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1364.314978] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1364.315901] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1364.316766] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1364.317640] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1364.318503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1364.319366] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1364.320721] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.320721]    program syz-executor.1 not setting count and/or reply_len properly
15:12:54 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0006abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1364.359808] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.359808]    program syz-executor.5 not setting count and/or reply_len properly
[ 1364.411287] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.411287]    program syz-executor.5 not setting count and/or reply_len properly
15:12:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000dabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1364.437892] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.437892]    program syz-executor.1 not setting count and/or reply_len properly
15:12:55 executing program 7:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:12:55 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:12:55 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0007abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000eabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1364.511957] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.511957]    program syz-executor.5 not setting count and/or reply_len properly
[ 1364.517705] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1364.517705]    program syz-executor.5 not setting count and/or reply_len properly
15:12:55 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0009abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:12:55 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 27)

15:12:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0030abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1364.659441] FAULT_INJECTION: forcing a failure.
[ 1364.659441] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1364.661025] CPU: 0 PID: 7506 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1364.661944] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1364.663030] Call Trace:
[ 1364.663381]  dump_stack+0x107/0x167
[ 1364.663859]  should_fail.cold+0x5/0xa
[ 1364.664364]  copy_page_from_iter+0x40a/0x900
[ 1364.664949]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1364.665568]  ? blk_rq_unmap_user+0x750/0x750
[ 1364.666158]  ? find_held_lock+0x2c/0x110
[ 1364.666696]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1364.667395]  ? lock_downgrade+0x6d0/0x6d0
[ 1364.667935]  ? import_single_range+0x24d/0x2e0
[ 1364.668536]  blk_rq_map_user+0x103/0x170
[ 1364.669072]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1364.669712]  ? alloc_pages_current+0x18f/0x280
[ 1364.670311]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1364.670970]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1364.671662]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1364.672314]  ? lock_downgrade+0x6d0/0x6d0
[ 1364.672863]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1364.673549]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1364.674229]  ? trace_hardirqs_on+0x5b/0x180
[ 1364.674799]  ? ___ratelimit+0x1fc/0x440
[ 1364.675321]  sg_write.part.0+0x69e/0xaa0
[ 1364.675856]  ? sg_new_write.isra.0+0x770/0x770
[ 1364.676455]  ? find_held_lock+0x2c/0x110
[ 1364.676991]  ? __might_fault+0xd3/0x180
[ 1364.677510]  ? lock_downgrade+0x6d0/0x6d0
[ 1364.678090]  ? _cond_resched+0x12/0x80
[ 1364.678600]  ? inode_security+0x107/0x140
[ 1364.679142]  ? avc_policy_seqno+0x9/0x70
[ 1364.679671]  ? selinux_file_permission+0x92/0x520
[ 1364.680305]  sg_write+0x87/0x120
[ 1364.680757]  do_iter_write+0x4f0/0x700
[ 1364.681269]  ? import_iovec+0x83/0xb0
[ 1364.681825]  vfs_writev+0x1ae/0x620
[ 1364.682480]  ? vfs_iter_write+0xa0/0xa0
[ 1364.683027]  ? __fget_files+0x2cf/0x520
[ 1364.683546]  ? lock_downgrade+0x6d0/0x6d0
[ 1364.684085]  ? find_held_lock+0x2c/0x110
[ 1364.684621]  ? ksys_write+0x12d/0x260
[ 1364.685120]  ? __fget_files+0x2f8/0x520
[ 1364.685670]  ? __fget_light+0xea/0x290
[ 1364.686184]  do_writev+0x139/0x300
[ 1364.686655]  ? vfs_writev+0x620/0x620
[ 1364.687154]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1364.687838]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1364.688512]  do_syscall_64+0x33/0x40
[ 1364.688997]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1364.689688] RIP: 0033:0x7ff981a49b19
[ 1364.690173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1364.692571] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1364.693574] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1364.694517] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1364.695444] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1364.696370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1364.697298] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1378.351115] sg_write: 5 callbacks suppressed
[ 1378.351126] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.351126]    program syz-executor.1 not setting count and/or reply_len properly
[ 1378.354555] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.354555]    program syz-executor.0 not setting count and/or reply_len properly
[ 1378.365090] FAULT_INJECTION: forcing a failure.
[ 1378.365090] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1378.366583] CPU: 1 PID: 7529 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1378.367418] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1378.368427] Call Trace:
[ 1378.368756]  dump_stack+0x107/0x167
[ 1378.369202]  should_fail.cold+0x5/0xa
[ 1378.369672]  copy_page_from_iter+0x40a/0x900
[ 1378.370228]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1378.370799]  ? blk_rq_unmap_user+0x750/0x750
[ 1378.371340]  ? find_held_lock+0x2c/0x110
[ 1378.371842]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1378.372493]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.373000]  ? import_single_range+0x24d/0x2e0
[ 1378.373558]  blk_rq_map_user+0x103/0x170
[ 1378.374064]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1378.374654]  ? alloc_pages_current+0x18f/0x280
[ 1378.375211]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1378.375831]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1378.376476]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1378.377083]  ? vprintk_func+0x93/0x140
[ 1378.377560]  ? record_print_text.cold+0x16/0x16
[ 1378.378358]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1378.379548]  ? trace_hardirqs_on+0x5b/0x180
[ 1378.380562]  sg_write.part.0+0x69e/0xaa0
[ 1378.381508]  ? sg_new_write.isra.0+0x770/0x770
[ 1378.382338]  ? find_held_lock+0x2c/0x110
[ 1378.382838]  ? __might_fault+0xd3/0x180
[ 1378.383323]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.383838]  ? _cond_resched+0x12/0x80
[ 1378.384314]  ? inode_security+0x107/0x140
[ 1378.384821]  ? avc_policy_seqno+0x9/0x70
[ 1378.385316]  ? selinux_file_permission+0x92/0x520
[ 1378.385910]  sg_write+0x87/0x120
[ 1378.386351]  do_iter_write+0x4f0/0x700
[ 1378.386829]  ? import_iovec+0x83/0xb0
[ 1378.387298]  vfs_writev+0x1ae/0x620
[ 1378.387743]  ? vfs_iter_write+0xa0/0xa0
[ 1378.388231]  ? __fget_files+0x2cf/0x520
[ 1378.388716]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.389220]  ? find_held_lock+0x2c/0x110
[ 1378.389720]  ? ksys_write+0x12d/0x260
[ 1378.390205]  ? __fget_files+0x2f8/0x520
[ 1378.390697]  ? __fget_light+0xea/0x290
[ 1378.391176]  do_writev+0x139/0x300
[ 1378.391612]  ? vfs_writev+0x620/0x620
[ 1378.392085]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1378.392726]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1378.393359]  do_syscall_64+0x33/0x40
[ 1378.393813]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1378.394461] RIP: 0033:0x7ff981a49b19
[ 1378.394917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1378.397161] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1378.398107] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1378.398981] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1378.399853] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1378.400724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1378.401596] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:13:08 executing program 7:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:13:08 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:13:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0002abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:13:08 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 28)

15:13:08 executing program 2:
iopl(0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:13:08 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:13:08 executing program 6:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:13:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000dabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:13:09 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 29)

[ 1378.456977] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.456977]    program syz-executor.5 not setting count and/or reply_len properly
[ 1378.490702] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.490702]    program syz-executor.5 not setting count and/or reply_len properly
[ 1378.491961] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
15:13:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0003abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1378.491961]    program syz-executor.0 not setting count and/or reply_len properly
[ 1378.531441] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.531441]    program syz-executor.1 not setting count and/or reply_len properly
[ 1378.535769] FAULT_INJECTION: forcing a failure.
[ 1378.535769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1378.537205] CPU: 1 PID: 7538 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1378.538045] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1378.539065] Call Trace:
[ 1378.539391]  dump_stack+0x107/0x167
[ 1378.539836]  should_fail.cold+0x5/0xa
[ 1378.540306]  copy_page_from_iter+0x40a/0x900
[ 1378.540849]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1378.541418]  ? blk_rq_unmap_user+0x750/0x750
[ 1378.541958]  ? find_held_lock+0x2c/0x110
[ 1378.542586]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1378.543236]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.543739]  ? import_single_range+0x24d/0x2e0
[ 1378.544298]  blk_rq_map_user+0x103/0x170
[ 1378.544793]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1378.545371]  ? alloc_pages_current+0x18f/0x280
[ 1378.545928]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1378.546558]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1378.547203]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1378.547810]  ? vprintk_func+0x93/0x140
[ 1378.548289]  ? record_print_text.cold+0x16/0x16
[ 1378.548858]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1378.549474]  ? trace_hardirqs_on+0x5b/0x180
[ 1378.550007]  sg_write.part.0+0x69e/0xaa0
[ 1378.550516]  ? sg_new_write.isra.0+0x770/0x770
[ 1378.551077]  ? find_held_lock+0x2c/0x110
[ 1378.551578]  ? __might_fault+0xd3/0x180
[ 1378.552063]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.552585]  ? _cond_resched+0x12/0x80
[ 1378.553061]  ? inode_security+0x107/0x140
[ 1378.553567]  ? avc_policy_seqno+0x9/0x70
[ 1378.554084]  ? selinux_file_permission+0x92/0x520
[ 1378.554688]  sg_write+0x87/0x120
[ 1378.555104]  do_iter_write+0x4f0/0x700
[ 1378.555578]  ? import_iovec+0x83/0xb0
[ 1378.556044]  vfs_writev+0x1ae/0x620
[ 1378.556486]  ? vfs_iter_write+0xa0/0xa0
[ 1378.556970]  ? __fget_files+0x2cf/0x520
[ 1378.557458]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.557958]  ? find_held_lock+0x2c/0x110
[ 1378.558485]  ? ksys_write+0x12d/0x260
[ 1378.558950]  ? __fget_files+0x2f8/0x520
[ 1378.559437]  ? __fget_light+0xea/0x290
[ 1378.559911]  do_writev+0x139/0x300
[ 1378.560343]  ? vfs_writev+0x620/0x620
[ 1378.560806]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1378.561440]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1378.562076]  do_syscall_64+0x33/0x40
[ 1378.562542]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1378.563163] RIP: 0033:0x7ff981a49b19
[ 1378.563616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1378.565843] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1378.566789] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1378.567653] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1378.568518] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1378.569381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1378.570271] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:13:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000eabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1378.615074] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.615074]    program syz-executor.5 not setting count and/or reply_len properly
[ 1378.630663] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.630663]    program syz-executor.5 not setting count and/or reply_len properly
15:13:09 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1378.699418] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.699418]    program syz-executor.5 not setting count and/or reply_len properly
15:13:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0030abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:13:09 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 30)

[ 1378.701744] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1378.701744]    program syz-executor.0 not setting count and/or reply_len properly
[ 1378.706428] FAULT_INJECTION: forcing a failure.
[ 1378.706428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1378.707878] CPU: 1 PID: 7554 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1378.708710] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1378.709720] Call Trace:
[ 1378.710063]  dump_stack+0x107/0x167
[ 1378.710522]  should_fail.cold+0x5/0xa
[ 1378.710992]  copy_page_from_iter+0x40a/0x900
[ 1378.711534]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1378.712099]  ? blk_rq_unmap_user+0x750/0x750
[ 1378.712639]  ? find_held_lock+0x2c/0x110
[ 1378.713136]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1378.713787]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.714312]  ? import_single_range+0x24d/0x2e0
[ 1378.714870]  blk_rq_map_user+0x103/0x170
[ 1378.722091]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1378.722668]  ? alloc_pages_current+0x18f/0x280
[ 1378.723223]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1378.723834]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1378.724475]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1378.725080]  ? vprintk_func+0x93/0x140
[ 1378.725555]  ? record_print_text.cold+0x16/0x16
[ 1378.726134]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1378.726747]  ? trace_hardirqs_on+0x5b/0x180
[ 1378.727277]  sg_write.part.0+0x69e/0xaa0
[ 1378.727772]  ? sg_new_write.isra.0+0x770/0x770
[ 1378.728330]  ? find_held_lock+0x2c/0x110
[ 1378.728825]  ? __might_fault+0xd3/0x180
[ 1378.729308]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.729821]  ? _cond_resched+0x12/0x80
[ 1378.730323]  ? inode_security+0x107/0x140
[ 1378.730825]  ? avc_policy_seqno+0x9/0x70
[ 1378.731317]  ? selinux_file_permission+0x92/0x520
[ 1378.731906]  sg_write+0x87/0x120
[ 1378.732321]  do_iter_write+0x4f0/0x700
[ 1378.732794]  ? import_iovec+0x83/0xb0
[ 1378.733257]  vfs_writev+0x1ae/0x620
[ 1378.733699]  ? vfs_iter_write+0xa0/0xa0
[ 1378.734211]  ? __fget_files+0x2cf/0x520
[ 1378.734695]  ? lock_downgrade+0x6d0/0x6d0
[ 1378.735195]  ? find_held_lock+0x2c/0x110
[ 1378.735690]  ? ksys_write+0x12d/0x260
[ 1378.736155]  ? __fget_files+0x2f8/0x520
[ 1378.736643]  ? __fget_light+0xea/0x290
[ 1378.737118]  do_writev+0x139/0x300
[ 1378.737549]  ? vfs_writev+0x620/0x620
[ 1378.738013]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1378.738676]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1378.739302]  do_syscall_64+0x33/0x40
[ 1378.739752]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1378.740371] RIP: 0033:0x7ff981a49b19
[ 1378.740822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1378.743059] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1378.743980] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1378.744841] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1378.745709] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1378.746602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1378.747466] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:13:23 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:13:23 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')

[ 1393.038182] sg_write: 1 callbacks suppressed
[ 1393.038193] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.038193]    program syz-executor.5 not setting count and/or reply_len properly
15:13:23 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 31)

15:13:23 executing program 7:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:13:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0048abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:13:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:13:23 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1393.087191] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.087191]    program syz-executor.0 not setting count and/or reply_len properly
[ 1393.090642] FAULT_INJECTION: forcing a failure.
[ 1393.090642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1393.092076] CPU: 1 PID: 7569 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1393.092949] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1393.093990] Call Trace:
[ 1393.094319]  dump_stack+0x107/0x167
[ 1393.094779]  should_fail.cold+0x5/0xa
[ 1393.095250]  copy_page_from_iter+0x40a/0x900
[ 1393.095793]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1393.096361]  ? blk_rq_unmap_user+0x750/0x750
[ 1393.096902]  ? find_held_lock+0x2c/0x110
[ 1393.097404]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1393.098052]  ? lock_downgrade+0x6d0/0x6d0
[ 1393.098562]  ? import_single_range+0x24d/0x2e0
[ 1393.099128]  blk_rq_map_user+0x103/0x170
[ 1393.099624]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1393.100205]  ? alloc_pages_current+0x18f/0x280
[ 1393.100762]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1393.101377]  sg_common_write.constprop.0+0x10ed/0x1a30
15:13:23 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0004abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1393.102021]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1393.102772]  ? vprintk_func+0x93/0x140
[ 1393.103328]  ? record_print_text.cold+0x16/0x16
[ 1393.103937]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1393.110748]  ? trace_hardirqs_on+0x5b/0x180
[ 1393.111327]  sg_write.part.0+0x69e/0xaa0
[ 1393.111864]  ? sg_new_write.isra.0+0x770/0x770
[ 1393.112463]  ? find_held_lock+0x2c/0x110
[ 1393.112998]  ? __might_fault+0xd3/0x180
[ 1393.113519]  ? lock_downgrade+0x6d0/0x6d0
[ 1393.114073]  ? _cond_resched+0x12/0x80
[ 1393.114599]  ? inode_security+0x107/0x140
[ 1393.115144]  ? avc_policy_seqno+0x9/0x70
[ 1393.115673]  ? selinux_file_permission+0x92/0x520
[ 1393.116307]  sg_write+0x87/0x120
[ 1393.116754]  do_iter_write+0x4f0/0x700
[ 1393.117267]  ? import_iovec+0x83/0xb0
[ 1393.117768]  vfs_writev+0x1ae/0x620
[ 1393.118253]  ? vfs_iter_write+0xa0/0xa0
[ 1393.118815]  ? __fget_files+0x2cf/0x520
[ 1393.119336]  ? lock_downgrade+0x6d0/0x6d0
[ 1393.119876]  ? find_held_lock+0x2c/0x110
[ 1393.120408]  ? ksys_write+0x12d/0x260
[ 1393.120911]  ? __fget_files+0x2f8/0x520
[ 1393.121437]  ? __fget_light+0xea/0x290
[ 1393.121950]  do_writev+0x139/0x300
[ 1393.122415]  ? vfs_writev+0x620/0x620
[ 1393.122932]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1393.123612]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1393.124292]  do_syscall_64+0x33/0x40
[ 1393.124778]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1393.125441] RIP: 0033:0x7ff981a49b19
[ 1393.125925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1393.128307] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1393.129290] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1393.130212] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1393.131155] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1393.132075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1393.132996] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1393.167071] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.167071]    program syz-executor.1 not setting count and/or reply_len properly
[ 1393.179218] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.179218]    program syz-executor.5 not setting count and/or reply_len properly
15:13:23 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0009abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:13:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="004cabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1393.275366] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.275366]    program syz-executor.1 not setting count and/or reply_len properly
15:13:23 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 32)

15:13:23 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000dabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1393.321798] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.321798]    program syz-executor.5 not setting count and/or reply_len properly
[ 1393.342183] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.342183]    program syz-executor.5 not setting count and/or reply_len properly
[ 1393.373606] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.373606]    program syz-executor.1 not setting count and/or reply_len properly
[ 1393.378687] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.378687]    program syz-executor.0 not setting count and/or reply_len properly
[ 1393.399998] FAULT_INJECTION: forcing a failure.
[ 1393.399998] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1393.401642] CPU: 1 PID: 7591 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1393.402539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1393.403625] Call Trace:
[ 1393.403978]  dump_stack+0x107/0x167
[ 1393.404457]  should_fail.cold+0x5/0xa
[ 1393.404964]  copy_page_from_iter+0x40a/0x900
[ 1393.405549]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1393.406167]  ? blk_rq_unmap_user+0x750/0x750
[ 1393.406766]  ? find_held_lock+0x2c/0x110
[ 1393.407312]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1393.408000]  ? lock_downgrade+0x6d0/0x6d0
[ 1393.408541]  ? import_single_range+0x24d/0x2e0
[ 1393.409144]  blk_rq_map_user+0x103/0x170
[ 1393.409675]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1393.410294]  ? alloc_pages_current+0x18f/0x280
[ 1393.410914]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1393.411574]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1393.412270]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1393.412918]  ? vprintk_func+0x93/0x140
[ 1393.413432]  ? record_print_text.cold+0x16/0x16
[ 1393.414040]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1393.414717]  ? trace_hardirqs_on+0x5b/0x180
[ 1393.415288]  sg_write.part.0+0x69e/0xaa0
[ 1393.415824]  ? sg_new_write.isra.0+0x770/0x770
[ 1393.416420]  ? find_held_lock+0x2c/0x110
[ 1393.416964]  ? __might_fault+0xd3/0x180
[ 1393.417484]  ? lock_downgrade+0x6d0/0x6d0
[ 1393.418047]  ? _cond_resched+0x12/0x80
[ 1393.418575]  ? inode_security+0x107/0x140
[ 1393.419120]  ? avc_policy_seqno+0x9/0x70
[ 1393.419648]  ? selinux_file_permission+0x92/0x520
[ 1393.420284]  sg_write+0x87/0x120
[ 1393.420740]  do_iter_write+0x4f0/0x700
[ 1393.421256]  ? import_iovec+0x83/0xb0
[ 1393.421770]  vfs_writev+0x1ae/0x620
[ 1393.422247]  ? vfs_iter_write+0xa0/0xa0
[ 1393.422786]  ? __fget_files+0x2cf/0x520
[ 1393.423305]  ? lock_downgrade+0x6d0/0x6d0
[ 1393.423843]  ? find_held_lock+0x2c/0x110
[ 1393.424375]  ? ksys_write+0x12d/0x260
[ 1393.424875]  ? __fget_files+0x2f8/0x520
[ 1393.425400]  ? __fget_light+0xea/0x290
[ 1393.425913]  do_writev+0x139/0x300
[ 1393.426376]  ? vfs_writev+0x620/0x620
[ 1393.426892]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1393.427575]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1393.428245]  do_syscall_64+0x33/0x40
[ 1393.428730]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1393.429393] RIP: 0033:0x7ff981a49b19
[ 1393.429876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1393.432273] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1393.433257] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1393.434177] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1393.435120] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1393.436040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1393.436960] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:13:24 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0068abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1393.509409] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1393.509409]    program syz-executor.5 not setting count and/or reply_len properly
15:13:44 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:13:44 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:13:44 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:13:44 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 33)

15:13:44 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')

15:13:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="000eabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:13:44 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="006cabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1414.407989] sg_write: 1 callbacks suppressed
[ 1414.408002] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.408002]    program syz-executor.5 not setting count and/or reply_len properly
15:13:45 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1414.420204] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.420204]    program syz-executor.5 not setting count and/or reply_len properly
[ 1414.429760] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.429760]    program syz-executor.0 not setting count and/or reply_len properly
[ 1414.433404] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.433404]    program syz-executor.1 not setting count and/or reply_len properly
[ 1414.471035] FAULT_INJECTION: forcing a failure.
[ 1414.471035] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1414.473029] CPU: 0 PID: 7612 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1414.474191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1414.475615] Call Trace:
[ 1414.476071]  dump_stack+0x107/0x167
[ 1414.476690]  should_fail.cold+0x5/0xa
[ 1414.477341]  copy_page_from_iter+0x40a/0x900
[ 1414.478102]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1414.478893]  ? blk_rq_unmap_user+0x750/0x750
[ 1414.479660]  ? find_held_lock+0x2c/0x110
[ 1414.480358]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1414.481264]  ? lock_downgrade+0x6d0/0x6d0
[ 1414.481966]  ? import_single_range+0x24d/0x2e0
[ 1414.482746]  blk_rq_map_user+0x103/0x170
[ 1414.483368]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1414.484033]  ? alloc_pages_current+0x18f/0x280
[ 1414.484673]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1414.485374]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1414.486111]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1414.486808]  ? vprintk_func+0x93/0x140
[ 1414.487534]  ? record_print_text.cold+0x16/0x16
[ 1414.488799]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1414.490160]  ? trace_hardirqs_on+0x5b/0x180
[ 1414.491363]  sg_write.part.0+0x69e/0xaa0
[ 1414.492468]  ? sg_new_write.isra.0+0x770/0x770
[ 1414.493698]  ? find_held_lock+0x2c/0x110
[ 1414.494794]  ? __might_fault+0xd3/0x180
[ 1414.495994]  ? lock_downgrade+0x6d0/0x6d0
[ 1414.497329]  ? _cond_resched+0x12/0x80
[ 1414.498568]  ? inode_security+0x107/0x140
[ 1414.499899]  ? avc_policy_seqno+0x9/0x70
[ 1414.501206]  ? selinux_file_permission+0x92/0x520
[ 1414.502757]  sg_write+0x87/0x120
[ 1414.503856]  do_iter_write+0x4f0/0x700
[ 1414.505097]  ? import_iovec+0x83/0xb0
[ 1414.506314]  vfs_writev+0x1ae/0x620
[ 1414.507478]  ? vfs_iter_write+0xa0/0xa0
[ 1414.508749]  ? __fget_files+0x2cf/0x520
[ 1414.510015]  ? lock_downgrade+0x6d0/0x6d0
[ 1414.511342]  ? find_held_lock+0x2c/0x110
[ 1414.512645]  ? ksys_write+0x12d/0x260
[ 1414.513867]  ? __fget_files+0x2f8/0x520
[ 1414.515145]  ? __fget_light+0xea/0x290
[ 1414.516397]  do_writev+0x139/0x300
[ 1414.517526]  ? vfs_writev+0x620/0x620
[ 1414.518738]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1414.520426]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1414.522080]  do_syscall_64+0x33/0x40
[ 1414.523276]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1414.524930] RIP: 0033:0x7ff981a49b19
[ 1414.526122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1414.532018] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1414.534442] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1414.536740] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1414.539026] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1414.541313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1414.543586] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:13:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0074abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:13:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0030abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1414.628486] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.628486]    program syz-executor.5 not setting count and/or reply_len properly
[ 1414.632026] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.632026]    program syz-executor.5 not setting count and/or reply_len properly
[ 1414.697926] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.697926]    program syz-executor.1 not setting count and/or reply_len properly
15:13:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="007aabe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:13:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400000021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:13:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe03000030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:13:45 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 34)

[ 1414.842183] sg_write: data in/out 196620/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.842183]    program syz-executor.1 not setting count and/or reply_len properly
[ 1414.852710] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.852710]    program syz-executor.0 not setting count and/or reply_len properly
[ 1414.861418] FAULT_INJECTION: forcing a failure.
[ 1414.861418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1414.862946] CPU: 1 PID: 7631 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1414.863855] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1414.864923] Call Trace:
[ 1414.865275]  dump_stack+0x107/0x167
[ 1414.865753]  should_fail.cold+0x5/0xa
[ 1414.866257]  copy_page_from_iter+0x40a/0x900
[ 1414.866840]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1414.867478]  ? blk_rq_unmap_user+0x750/0x750
[ 1414.868059]  ? find_held_lock+0x2c/0x110
[ 1414.868595]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1414.869288]  ? lock_downgrade+0x6d0/0x6d0
[ 1414.869825]  ? import_single_range+0x24d/0x2e0
[ 1414.870422]  blk_rq_map_user+0x103/0x170
[ 1414.870953]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1414.871594]  ? alloc_pages_current+0x18f/0x280
[ 1414.872190]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1414.872847]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1414.873538]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1414.874185]  ? vprintk_func+0x93/0x140
[ 1414.874697]  ? record_print_text.cold+0x16/0x16
[ 1414.875315]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1414.875979]  ? trace_hardirqs_on+0x5b/0x180
[ 1414.876550]  sg_write.part.0+0x69e/0xaa0
[ 1414.877084]  ? sg_new_write.isra.0+0x770/0x770
[ 1414.877684]  ? find_held_lock+0x2c/0x110
[ 1414.878218]  ? __might_fault+0xd3/0x180
[ 1414.878737]  ? lock_downgrade+0x6d0/0x6d0
[ 1414.879321]  ? _cond_resched+0x12/0x80
[ 1414.879834]  ? inode_security+0x107/0x140
[ 1414.880375]  ? avc_policy_seqno+0x9/0x70
[ 1414.880903]  ? selinux_file_permission+0x92/0x520
[ 1414.881535]  sg_write+0x87/0x120
[ 1414.881983]  do_iter_write+0x4f0/0x700
[ 1414.882495]  ? import_iovec+0x83/0xb0
[ 1414.882998]  vfs_writev+0x1ae/0x620
[ 1414.883494]  ? vfs_iter_write+0xa0/0xa0
[ 1414.884015]  ? __fget_files+0x2cf/0x520
[ 1414.884533]  ? lock_downgrade+0x6d0/0x6d0
[ 1414.895705]  ? find_held_lock+0x2c/0x110
[ 1414.896237]  ? ksys_write+0x12d/0x260
[ 1414.896743]  ? __fget_files+0x2f8/0x520
[ 1414.897268]  ? __fget_light+0xea/0x290
[ 1414.897780]  do_writev+0x139/0x300
[ 1414.898246]  ? vfs_writev+0x620/0x620
[ 1414.898747]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1414.899450]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1414.900124]  do_syscall_64+0x33/0x40
[ 1414.900609]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1414.901274] RIP: 0033:0x7ff981a49b19
[ 1414.901759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1414.904142] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1414.905127] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1414.906047] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1414.906968] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1414.907907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1414.908828] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:13:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02402030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1414.998807] sg_write: data in/out 197120/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1414.998807]    program syz-executor.1 not setting count and/or reply_len properly
15:14:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02403030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:03 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1432.546641] sg_write: 2 callbacks suppressed
[ 1432.546653] sg_write: data in/out 197376/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.546653]    program syz-executor.1 not setting count and/or reply_len properly
[ 1432.565987] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.565987]    program syz-executor.5 not setting count and/or reply_len properly
15:14:03 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:03 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:14:03 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 35)

15:14:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000b4e02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:03 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:14:03 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')

[ 1432.591487] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.591487]    program syz-executor.5 not setting count and/or reply_len properly
[ 1432.602394] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.602394]    program syz-executor.0 not setting count and/or reply_len properly
[ 1432.605315] FAULT_INJECTION: forcing a failure.
[ 1432.605315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1432.606951] CPU: 0 PID: 7659 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1432.607950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1432.610151] Call Trace:
[ 1432.610830]  dump_stack+0x107/0x167
[ 1432.611877]  should_fail.cold+0x5/0xa
[ 1432.612862]  copy_page_from_iter+0x40a/0x900
[ 1432.613999]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1432.615190]  ? blk_rq_unmap_user+0x750/0x750
[ 1432.616122]  ? find_held_lock+0x2c/0x110
[ 1432.616674]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1432.617386]  ? lock_downgrade+0x6d0/0x6d0
[ 1432.617945]  ? import_single_range+0x24d/0x2e0
[ 1432.618559]  blk_rq_map_user+0x103/0x170
[ 1432.619111]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1432.619753]  ? alloc_pages_current+0x18f/0x280
15:14:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02404030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1432.621197]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1432.622789]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1432.624504]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1432.626076]  ? vprintk_func+0x93/0x140
[ 1432.627306]  ? record_print_text.cold+0x16/0x16
[ 1432.628786]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1432.630397]  ? trace_hardirqs_on+0x5b/0x180
[ 1432.631791]  sg_write.part.0+0x69e/0xaa0
[ 1432.633090]  ? sg_new_write.isra.0+0x770/0x770
[ 1432.634539]  ? find_held_lock+0x2c/0x110
[ 1432.635854]  ? __might_fault+0xd3/0x180
[ 1432.637140]  ? lock_downgrade+0x6d0/0x6d0
[ 1432.638463]  ? _cond_resched+0x12/0x80
[ 1432.639705]  ? inode_security+0x107/0x140
[ 1432.641029]  ? avc_policy_seqno+0x9/0x70
[ 1432.642294]  ? selinux_file_permission+0x92/0x520
[ 1432.643822]  sg_write+0x87/0x120
[ 1432.644867]  do_iter_write+0x4f0/0x700
[ 1432.645873]  ? import_iovec+0x83/0xb0
[ 1432.646858]  vfs_writev+0x1ae/0x620
[ 1432.647790]  ? vfs_iter_write+0xa0/0xa0
[ 1432.649054]  ? __fget_files+0x2cf/0x520
[ 1432.650294]  ? lock_downgrade+0x6d0/0x6d0
[ 1432.651593]  ? find_held_lock+0x2c/0x110
[ 1432.652885]  ? ksys_write+0x12d/0x260
[ 1432.654082]  ? __fget_files+0x2f8/0x520
[ 1432.655330]  ? __fget_light+0xea/0x290
[ 1432.656551]  do_writev+0x139/0x300
[ 1432.657645]  ? vfs_writev+0x620/0x620
[ 1432.658847]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1432.660502]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1432.662116]  do_syscall_64+0x33/0x40
[ 1432.663289]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1432.664923] RIP: 0033:0x7ff981a49b19
[ 1432.666085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1432.671879] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1432.674305] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1432.676521] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1432.678414] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1432.680154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1432.681251] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1432.717519] sg_write: data in/out 197632/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.717519]    program syz-executor.1 not setting count and/or reply_len properly
15:14:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000b4e02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02409030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:03 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1432.819599] sg_write: data in/out 198912/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.819599]    program syz-executor.1 not setting count and/or reply_len properly
15:14:03 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 36)

[ 1432.854445] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.854445]    program syz-executor.5 not setting count and/or reply_len properly
15:14:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0240d030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1432.878786] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.878786]    program syz-executor.5 not setting count and/or reply_len properly
[ 1432.938795] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.938795]    program syz-executor.0 not setting count and/or reply_len properly
[ 1432.945841] sg_write: data in/out 199936/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1432.945841]    program syz-executor.1 not setting count and/or reply_len properly
[ 1432.959744] FAULT_INJECTION: forcing a failure.
[ 1432.959744] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1432.963140] CPU: 1 PID: 7678 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1432.965132] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1432.967535] Call Trace:
[ 1432.968300]  dump_stack+0x107/0x167
[ 1432.969359]  should_fail.cold+0x5/0xa
[ 1432.970456]  copy_page_from_iter+0x40a/0x900
[ 1432.971748]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1432.973079]  ? blk_rq_unmap_user+0x750/0x750
[ 1432.974354]  ? find_held_lock+0x2c/0x110
[ 1432.975527]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1432.977104]  ? lock_downgrade+0x6d0/0x6d0
[ 1432.978293]  ? import_single_range+0x24d/0x2e0
[ 1432.979608]  blk_rq_map_user+0x103/0x170
[ 1432.980792]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1432.982155]  ? alloc_pages_current+0x18f/0x280
[ 1432.983477]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1432.984930]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1432.986452]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1432.987898]  ? vprintk_func+0x93/0x140
[ 1432.989024]  ? record_print_text.cold+0x16/0x16
[ 1432.990364]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1432.991826]  ? trace_hardirqs_on+0x5b/0x180
[ 1432.993081]  sg_write.part.0+0x69e/0xaa0
[ 1432.994251]  ? sg_new_write.isra.0+0x770/0x770
[ 1432.995565]  ? find_held_lock+0x2c/0x110
[ 1432.996745]  ? __might_fault+0xd3/0x180
[ 1432.997884]  ? lock_downgrade+0x6d0/0x6d0
[ 1432.999084]  ? _cond_resched+0x12/0x80
[ 1433.000203]  ? inode_security+0x107/0x140
[ 1433.001386]  ? avc_policy_seqno+0x9/0x70
[ 1433.002550]  ? selinux_file_permission+0x92/0x520
[ 1433.003943]  sg_write+0x87/0x120
[ 1433.004916]  do_iter_write+0x4f0/0x700
[ 1433.006028]  ? import_iovec+0x83/0xb0
[ 1433.007116]  vfs_writev+0x1ae/0x620
[ 1433.008166]  ? vfs_iter_write+0xa0/0xa0
[ 1433.009302]  ? __fget_files+0x2cf/0x520
[ 1433.010437]  ? lock_downgrade+0x6d0/0x6d0
[ 1433.011618]  ? find_held_lock+0x2c/0x110
[ 1433.012794]  ? ksys_write+0x12d/0x260
[ 1433.013884]  ? __fget_files+0x2f8/0x520
[ 1433.015026]  ? __fget_light+0xea/0x290
[ 1433.016156]  do_writev+0x139/0x300
[ 1433.017191]  ? vfs_writev+0x620/0x620
[ 1433.018281]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1433.019783]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1433.021269]  do_syscall_64+0x33/0x40
[ 1433.022332]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1433.023804] RIP: 0033:0x7ff981a49b19
[ 1433.024878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1433.030232] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1433.032427] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1433.034475] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1433.036531] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1433.038584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1433.040676] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:14:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400000021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0240e030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe03000030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:22 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02430030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:22 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1452.172222] sg_write: 3 callbacks suppressed
[ 1452.172233] sg_write: data in/out 208896/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.172233]    program syz-executor.1 not setting count and/or reply_len properly
15:14:22 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')

15:14:22 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:22 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 37)

15:14:22 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=<r1=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:14:22 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0b400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:22 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
pipe(&(0x7f00000001c0))

[ 1452.205872] sg_write: data in/out 196752/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.205872]    program syz-executor.5 not setting count and/or reply_len properly
[ 1452.218450] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.218450]    program syz-executor.0 not setting count and/or reply_len properly
[ 1452.227864] FAULT_INJECTION: forcing a failure.
[ 1452.227864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1452.229465] CPU: 0 PID: 7710 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1452.230363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1452.231470] Call Trace:
[ 1452.231831]  dump_stack+0x107/0x167
[ 1452.232323]  should_fail.cold+0x5/0xa
[ 1452.232846]  copy_page_from_iter+0x40a/0x900
[ 1452.233429]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1452.234038]  ? blk_rq_unmap_user+0x750/0x750
[ 1452.234618]  ? find_held_lock+0x2c/0x110
[ 1452.235160]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1452.235858]  ? lock_downgrade+0x6d0/0x6d0
[ 1452.236398]  ? import_single_range+0x24d/0x2e0
[ 1452.237025]  blk_rq_map_user+0x103/0x170
[ 1452.237570]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1452.238213]  ? alloc_pages_current+0x18f/0x280
[ 1452.238827]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1452.239503]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1452.240213]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1452.240902]  ? vprintk_func+0x93/0x140
[ 1452.241429]  ? record_print_text.cold+0x16/0x16
[ 1452.242055]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1452.242734]  ? trace_hardirqs_on+0x5b/0x180
[ 1452.243321]  sg_write.part.0+0x69e/0xaa0
[ 1452.243870]  ? sg_new_write.isra.0+0x770/0x770
[ 1452.248506]  ? find_held_lock+0x2c/0x110
[ 1452.249096]  ? __might_fault+0xd3/0x180
[ 1452.249649]  ? lock_downgrade+0x6d0/0x6d0
[ 1452.250224]  ? _cond_resched+0x12/0x80
[ 1452.250753]  ? inode_security+0x107/0x140
[ 1452.251959]  ? avc_policy_seqno+0x9/0x70
[ 1452.252761]  ? selinux_file_permission+0x92/0x520
[ 1452.253410]  sg_write+0x87/0x120
[ 1452.253955]  do_iter_write+0x4f0/0x700
[ 1452.254721]  ? import_iovec+0x83/0xb0
[ 1452.255913]  vfs_writev+0x1ae/0x620
[ 1452.256632]  ? vfs_iter_write+0xa0/0xa0
[ 1452.257158]  ? __fget_files+0x2cf/0x520
[ 1452.257741]  ? lock_downgrade+0x6d0/0x6d0
[ 1452.258317]  ? find_held_lock+0x2c/0x110
[ 1452.258899]  ? ksys_write+0x12d/0x260
[ 1452.259445]  ? __fget_files+0x2f8/0x520
[ 1452.260014]  ? __fget_light+0xea/0x290
[ 1452.260597]  do_writev+0x139/0x300
[ 1452.261075]  ? vfs_writev+0x620/0x620
[ 1452.261591]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1452.262302]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1452.263002]  do_syscall_64+0x33/0x40
[ 1452.263508]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1452.264202] RIP: 0033:0x7ff981a49b19
[ 1452.264721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1452.267325] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1452.268405] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1452.269417] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1452.270451] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1452.271472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1452.272505] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1452.288922] sg_write: data in/out 196752/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.288922]    program syz-executor.5 not setting count and/or reply_len properly
15:14:22 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400300021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1452.351861] sg_write: data in/out 3145728/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.351861]    program syz-executor.1 not setting count and/or reply_len properly
15:14:22 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02402030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:23 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400400021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1452.409320] sg_write: data in/out 197120/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.409320]    program syz-executor.5 not setting count and/or reply_len properly
[ 1452.420327] sg_write: data in/out 197120/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.420327]    program syz-executor.5 not setting count and/or reply_len properly
15:14:23 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1452.456622] sg_write: data in/out 4194304/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.456622]    program syz-executor.1 not setting count and/or reply_len properly
15:14:23 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02403030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1452.514669] sg_write: data in/out 197376/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.514669]    program syz-executor.5 not setting count and/or reply_len properly
[ 1452.523788] sg_write: data in/out 197376/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1452.523788]    program syz-executor.5 not setting count and/or reply_len properly
15:14:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02404030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:23 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
pipe(&(0x7f00000001c0))

15:14:23 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400040021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:23 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400080021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:23 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 38)

[ 1452.722160] FAULT_INJECTION: forcing a failure.
[ 1452.722160] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1452.723661] CPU: 1 PID: 7749 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1452.724520] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1452.725562] Call Trace:
[ 1452.725890]  dump_stack+0x107/0x167
[ 1452.726333]  should_fail.cold+0x5/0xa
[ 1452.726804]  copy_page_from_iter+0x40a/0x900
[ 1452.727345]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1452.727911]  ? blk_rq_unmap_user+0x750/0x750
[ 1452.728449]  ? find_held_lock+0x2c/0x110
[ 1452.728959]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1452.729605]  ? lock_downgrade+0x6d0/0x6d0
[ 1452.730108]  ? import_single_range+0x24d/0x2e0
[ 1452.730664]  blk_rq_map_user+0x103/0x170
[ 1452.731163]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1452.731757]  ? alloc_pages_current+0x18f/0x280
[ 1452.732325]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1452.732945]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1452.733591]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1452.734215]  ? lock_downgrade+0x6d0/0x6d0
[ 1452.734735]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1452.735369]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1452.735992]  ? trace_hardirqs_on+0x5b/0x180
[ 1452.736545]  ? ___ratelimit+0x1fc/0x440
[ 1452.737050]  sg_write.part.0+0x69e/0xaa0
[ 1452.737555]  ? sg_new_write.isra.0+0x770/0x770
[ 1452.738111]  ? find_held_lock+0x2c/0x110
[ 1452.738612]  ? __might_fault+0xd3/0x180
[ 1452.739110]  ? lock_downgrade+0x6d0/0x6d0
[ 1452.739638]  ? _cond_resched+0x12/0x80
[ 1452.740121]  ? inode_security+0x107/0x140
[ 1452.740640]  ? avc_policy_seqno+0x9/0x70
[ 1452.741132]  ? selinux_file_permission+0x92/0x520
[ 1452.741739]  sg_write+0x87/0x120
[ 1452.742169]  do_iter_write+0x4f0/0x700
[ 1452.742657]  ? import_iovec+0x83/0xb0
[ 1452.743122]  vfs_writev+0x1ae/0x620
[ 1452.743564]  ? vfs_iter_write+0xa0/0xa0
[ 1452.744049]  ? __fget_files+0x2cf/0x520
[ 1452.744537]  ? lock_downgrade+0x6d0/0x6d0
[ 1452.745640]  ? find_held_lock+0x2c/0x110
[ 1452.746650]  ? ksys_write+0x12d/0x260
[ 1452.747603]  ? __fget_files+0x2f8/0x520
[ 1452.748611]  ? __fget_light+0xea/0x290
[ 1452.749538]  do_writev+0x139/0x300
[ 1452.750380]  ? vfs_writev+0x620/0x620
[ 1452.751285]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1452.752574]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1452.753908]  do_syscall_64+0x33/0x40
[ 1452.754853]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1452.756139] RIP: 0033:0x7ff981a49b19
[ 1452.756807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1452.759107] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1452.760038] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1452.761408] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1452.763196] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1452.765012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1452.766802] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:14:37 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02405030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:37 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400300021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1467.370971] sg_write: 5 callbacks suppressed
[ 1467.370984] sg_write: data in/out 3145728/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.370984]    program syz-executor.1 not setting count and/or reply_len properly
15:14:37 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:37 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
pipe(&(0x7f00000001c0))

15:14:37 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 39)

15:14:37 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=<r1=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:14:37 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1467.392638] sg_write: data in/out 197888/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.392638]    program syz-executor.5 not setting count and/or reply_len properly
[ 1467.434938] sg_write: data in/out 197888/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.434938]    program syz-executor.5 not setting count and/or reply_len properly
[ 1467.453703] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.453703]    program syz-executor.0 not setting count and/or reply_len properly
[ 1467.464834] FAULT_INJECTION: forcing a failure.
[ 1467.464834] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1467.466485] CPU: 0 PID: 7773 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1467.467437] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1467.468586] Call Trace:
[ 1467.468959]  dump_stack+0x107/0x167
[ 1467.469487]  should_fail.cold+0x5/0xa
[ 1467.470024]  copy_page_from_iter+0x40a/0x900
[ 1467.470649]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1467.471302]  ? blk_rq_unmap_user+0x750/0x750
[ 1467.471920]  ? find_held_lock+0x2c/0x110
[ 1467.472497]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1467.473252]  ? lock_downgrade+0x6d0/0x6d0
[ 1467.473829]  ? import_single_range+0x24d/0x2e0
[ 1467.474470]  blk_rq_map_user+0x103/0x170
[ 1467.475040]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1467.475706]  ? alloc_pages_current+0x18f/0x280
[ 1467.476345]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1467.477054]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1467.477799]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1467.478496]  ? vprintk_func+0x93/0x140
[ 1467.479044]  ? record_print_text.cold+0x16/0x16
[ 1467.479692]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1467.480396]  ? trace_hardirqs_on+0x5b/0x180
[ 1467.481020]  sg_write.part.0+0x69e/0xaa0
[ 1467.481598]  ? sg_new_write.isra.0+0x770/0x770
[ 1467.482240]  ? find_held_lock+0x2c/0x110
[ 1467.482813]  ? __might_fault+0xd3/0x180
[ 1467.483369]  ? lock_downgrade+0x6d0/0x6d0
[ 1467.483962]  ? _cond_resched+0x12/0x80
[ 1467.484505]  ? inode_security+0x107/0x140
[ 1467.485101]  ? avc_policy_seqno+0x9/0x70
[ 1467.485670]  ? selinux_file_permission+0x92/0x520
[ 1467.486356]  sg_write+0x87/0x120
[ 1467.486836]  do_iter_write+0x4f0/0x700
[ 1467.487387]  ? import_iovec+0x83/0xb0
[ 1467.487924]  vfs_writev+0x1ae/0x620
[ 1467.488436]  ? vfs_iter_write+0xa0/0xa0
[ 1467.489007]  ? __fget_files+0x2cf/0x520
[ 1467.489572]  ? lock_downgrade+0x6d0/0x6d0
[ 1467.490145]  ? find_held_lock+0x2c/0x110
[ 1467.490718]  ? ksys_write+0x12d/0x260
[ 1467.491255]  ? __fget_files+0x2f8/0x520
[ 1467.491813]  ? __fget_light+0xea/0x290
[ 1467.492359]  do_writev+0x139/0x300
[ 1467.492858]  ? vfs_writev+0x620/0x620
[ 1467.493415]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1467.494140]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1467.494858]  do_syscall_64+0x33/0x40
[ 1467.495381]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1467.496092] RIP: 0033:0x7ff981a49b19
[ 1467.496610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1467.499157] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1467.500217] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1467.501217] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1467.502207] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1467.503196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1467.504184] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:14:38 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02406030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:38 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030221206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1467.596227] sg_write: data in/out 198144/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.596227]    program syz-executor.5 not setting count and/or reply_len properly
[ 1467.605392] sg_write: data in/out 198144/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.605392]    program syz-executor.5 not setting count and/or reply_len properly
15:14:38 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02407030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1467.664189] sg_write: data in/out 33751040/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.664189]    program syz-executor.1 not setting count and/or reply_len properly
[ 1467.670391] sg_write: data in/out 198400/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.670391]    program syz-executor.5 not setting count and/or reply_len properly
[ 1467.680191] sg_write: data in/out 198400/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.680191]    program syz-executor.5 not setting count and/or reply_len properly
15:14:38 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r2, r2)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:38 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=<r1=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:14:38 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030321206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:38 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1467.756843] sg_write: data in/out 50528256/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1467.756843]    program syz-executor.1 not setting count and/or reply_len properly
15:14:38 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02409030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:38 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 40)

[ 1467.920536] FAULT_INJECTION: forcing a failure.
[ 1467.920536] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1467.922217] CPU: 0 PID: 7798 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1467.923163] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1467.924309] Call Trace:
[ 1467.924683]  dump_stack+0x107/0x167
[ 1467.925513]  should_fail.cold+0x5/0xa
[ 1467.926756]  copy_page_from_iter+0x40a/0x900
[ 1467.928208]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1467.929366]  ? blk_rq_unmap_user+0x750/0x750
[ 1467.929986]  ? find_held_lock+0x2c/0x110
[ 1467.930560]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1467.931300]  ? lock_downgrade+0x6d0/0x6d0
[ 1467.931877]  ? import_single_range+0x24d/0x2e0
[ 1467.932517]  blk_rq_map_user+0x103/0x170
[ 1467.933139]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1467.933802]  ? alloc_pages_current+0x18f/0x280
[ 1467.934441]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1467.935144]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1467.935881]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1467.936573]  ? lock_downgrade+0x6d0/0x6d0
[ 1467.937208]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1467.937937]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1467.938640]  ? trace_hardirqs_on+0x5b/0x180
[ 1467.939243]  ? ___ratelimit+0x1fc/0x440
[ 1467.939802]  sg_write.part.0+0x69e/0xaa0
[ 1467.940370]  ? sg_new_write.isra.0+0x770/0x770
[ 1467.941017]  ? find_held_lock+0x2c/0x110
[ 1467.941636]  ? __might_fault+0xd3/0x180
[ 1467.942190]  ? lock_downgrade+0x6d0/0x6d0
[ 1467.942781]  ? _cond_resched+0x12/0x80
[ 1467.943324]  ? inode_security+0x107/0x140
[ 1467.943901]  ? avc_policy_seqno+0x9/0x70
[ 1467.944464]  ? selinux_file_permission+0x92/0x520
[ 1467.945323]  sg_write+0x87/0x120
[ 1467.946261]  do_iter_write+0x4f0/0x700
[ 1467.947339]  ? import_iovec+0x83/0xb0
[ 1467.948399]  vfs_writev+0x1ae/0x620
[ 1467.949516]  ? vfs_iter_write+0xa0/0xa0
[ 1467.950806]  ? __fget_files+0x2cf/0x520
[ 1467.952105]  ? lock_downgrade+0x6d0/0x6d0
[ 1467.953428]  ? find_held_lock+0x2c/0x110
[ 1467.954608]  ? ksys_write+0x12d/0x260
[ 1467.955704]  ? __fget_files+0x2f8/0x520
[ 1467.956833]  ? __fget_light+0xea/0x290
[ 1467.957490]  do_writev+0x139/0x300
[ 1467.957990]  ? vfs_writev+0x620/0x620
[ 1467.958524]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1467.959252]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1467.959972]  do_syscall_64+0x33/0x40
[ 1467.960493]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1467.961444] RIP: 0033:0x7ff981a49b19
[ 1467.962472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1467.968158] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1467.970503] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1467.972545] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1467.974630] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1467.976671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1467.977853] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1486.171180] sg_write: 3 callbacks suppressed
[ 1486.171195] sg_write: data in/out 199936/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1486.171195]    program syz-executor.5 not setting count and/or reply_len properly
[ 1486.221152] sg_write: data in/out 67305472/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1486.221152]    program syz-executor.1 not setting count and/or reply_len properly
[ 1486.226872] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1486.226872]    program syz-executor.0 not setting count and/or reply_len properly
[ 1486.232830] FAULT_INJECTION: forcing a failure.
[ 1486.232830] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1486.234826] CPU: 1 PID: 7818 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1486.235785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1486.236943] Call Trace:
[ 1486.237315]  dump_stack+0x107/0x167
[ 1486.253854]  should_fail.cold+0x5/0xa
[ 1486.254393]  copy_page_from_iter+0x40a/0x900
[ 1486.255019]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1486.255665]  ? blk_rq_unmap_user+0x750/0x750
[ 1486.256282]  ? find_held_lock+0x2c/0x110
[ 1486.256850]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1486.257589]  ? lock_downgrade+0x6d0/0x6d0
[ 1486.258174]  ? import_single_range+0x24d/0x2e0
[ 1486.258819]  blk_rq_map_user+0x103/0x170
[ 1486.259388]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1486.260049]  ? alloc_pages_current+0x18f/0x280
[ 1486.260685]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1486.261390]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1486.262143]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1486.262840]  ? vprintk_func+0x93/0x140
[ 1486.263388]  ? record_print_text.cold+0x16/0x16
[ 1486.264040]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1486.264742]  ? trace_hardirqs_on+0x5b/0x180
[ 1486.265350]  sg_write.part.0+0x69e/0xaa0
[ 1486.265922]  ? sg_new_write.isra.0+0x770/0x770
[ 1486.266560]  ? find_held_lock+0x2c/0x110
[ 1486.267117]  ? __might_fault+0xd3/0x180
[ 1486.267635]  ? lock_downgrade+0x6d0/0x6d0
[ 1486.268223]  ? _cond_resched+0x12/0x80
[ 1486.268762]  ? inode_security+0x107/0x140
[ 1486.269339]  ? avc_policy_seqno+0x9/0x70
[ 1486.278001]  ? selinux_file_permission+0x92/0x520
[ 1486.278681]  sg_write+0x87/0x120
[ 1486.279156]  do_iter_write+0x4f0/0x700
[ 1486.279697]  ? import_iovec+0x83/0xb0
[ 1486.280232]  vfs_writev+0x1ae/0x620
[ 1486.280740]  ? vfs_iter_write+0xa0/0xa0
[ 1486.281298]  ? __fget_files+0x2cf/0x520
[ 1486.281858]  ? lock_downgrade+0x6d0/0x6d0
[ 1486.282437]  ? find_held_lock+0x2c/0x110
[ 1486.283002]  ? ksys_write+0x12d/0x260
[ 1486.283532]  ? __fget_files+0x2f8/0x520
[ 1486.284078]  ? __fget_light+0xea/0x290
[ 1486.284608]  do_writev+0x139/0x300
[ 1486.285100]  ? vfs_writev+0x620/0x620
[ 1486.285631]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1486.286355]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1486.287068]  do_syscall_64+0x33/0x40
[ 1486.287576]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1486.288279] RIP: 0033:0x7ff981a49b19
[ 1486.288786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1486.304290] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1486.305686] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1486.306734] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1486.307775] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1486.308812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1486.309831] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:14:56 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:56 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0240d030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:14:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030421206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:56 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 41)

15:14:56 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:14:56 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:14:56 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:14:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030921206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:14:57 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 42)

[ 1486.824387] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1486.824387]    program syz-executor.0 not setting count and/or reply_len properly
[ 1486.827046] FAULT_INJECTION: forcing a failure.
[ 1486.827046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1486.828647] CPU: 1 PID: 7830 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1486.829567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1486.830720] Call Trace:
[ 1486.831080]  dump_stack+0x107/0x167
[ 1486.831573]  should_fail.cold+0x5/0xa
[ 1486.832090]  copy_page_from_iter+0x40a/0x900
[ 1486.832688]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1486.833316]  ? blk_rq_unmap_user+0x750/0x750
[ 1486.834094]  ? find_held_lock+0x2c/0x110
[ 1486.834729]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1486.835588]  ? lock_downgrade+0x6d0/0x6d0
[ 1486.836141]  ? import_single_range+0x24d/0x2e0
[ 1486.836755]  blk_rq_map_user+0x103/0x170
[ 1486.837299]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1486.837947]  ? alloc_pages_current+0x18f/0x280
[ 1486.838561]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1486.839235]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1486.839943]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1486.840610]  ? vprintk_func+0x93/0x140
[ 1486.841141]  ? record_print_text.cold+0x16/0x16
[ 1486.841931]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1486.842641]  ? trace_hardirqs_on+0x5b/0x180
[ 1486.843225]  sg_write.part.0+0x69e/0xaa0
[ 1486.843776]  ? sg_new_write.isra.0+0x770/0x770
[ 1486.844458]  ? find_held_lock+0x2c/0x110
[ 1486.845008]  ? __might_fault+0xd3/0x180
[ 1486.845541]  ? lock_downgrade+0x6d0/0x6d0
[ 1486.846326]  ? _cond_resched+0x12/0x80
[ 1486.846826]  ? inode_security+0x107/0x140
[ 1486.847332]  ? avc_policy_seqno+0x9/0x70
[ 1486.847828]  ? selinux_file_permission+0x92/0x520
[ 1486.848420]  sg_write+0x87/0x120
[ 1486.848838]  do_iter_write+0x4f0/0x700
[ 1486.849399]  ? import_iovec+0x83/0xb0
[ 1486.849884]  vfs_writev+0x1ae/0x620
[ 1486.850330]  ? vfs_iter_write+0xa0/0xa0
[ 1486.850816]  ? __fget_files+0x2cf/0x520
[ 1486.851301]  ? lock_downgrade+0x6d0/0x6d0
[ 1486.851804]  ? find_held_lock+0x2c/0x110
[ 1486.852302]  ? ksys_write+0x12d/0x260
[ 1486.852769]  ? __fget_files+0x2f8/0x520
[ 1486.853259]  ? __fget_light+0xea/0x290
[ 1486.853744]  do_writev+0x139/0x300
[ 1486.854179]  ? vfs_writev+0x620/0x620
[ 1486.854645]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1486.855285]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1486.855915]  do_syscall_64+0x33/0x40
[ 1486.856368]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1486.856997] RIP: 0033:0x7ff981a49b19
[ 1486.857452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1486.859914] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1486.860939] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1486.861918] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1486.862880] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1486.863836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1486.864795] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1486.881455] sg_write: data in/out 151191552/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1486.881455]    program syz-executor.1 not setting count and/or reply_len properly
15:14:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030d21206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1486.940407] sg_write: data in/out 218300416/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1486.940407]    program syz-executor.1 not setting count and/or reply_len properly
15:15:19 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:15:19 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:15:19 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:15:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030e21206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:19 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 43)

15:15:19 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1508.743964] sg_write: data in/out 235077632/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1508.743964]    program syz-executor.1 not setting count and/or reply_len properly
[ 1508.746021] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1508.746021]    program syz-executor.0 not setting count and/or reply_len properly
15:15:19 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:15:19 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0240e030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1508.770942] FAULT_INJECTION: forcing a failure.
[ 1508.770942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1508.772562] CPU: 0 PID: 7846 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1508.782803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1508.783925] Call Trace:
[ 1508.784288]  dump_stack+0x107/0x167
[ 1508.784780]  should_fail.cold+0x5/0xa
[ 1508.785299]  copy_page_from_iter+0x40a/0x900
[ 1508.785903]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1508.786544]  ? blk_rq_unmap_user+0x750/0x750
[ 1508.787147]  ? find_held_lock+0x2c/0x110
[ 1508.787701]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1508.788423]  ? lock_downgrade+0x6d0/0x6d0
[ 1508.788980]  ? import_single_range+0x24d/0x2e0
[ 1508.789600]  blk_rq_map_user+0x103/0x170
[ 1508.790154]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1508.790821]  ? alloc_pages_current+0x18f/0x280
[ 1508.791443]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1508.792121]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1508.792836]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1508.793506]  ? vprintk_func+0x93/0x140
[ 1508.794031]  ? record_print_text.cold+0x16/0x16
[ 1508.794678]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1508.795365]  ? trace_hardirqs_on+0x5b/0x180
[ 1508.795961]  sg_write.part.0+0x69e/0xaa0
[ 1508.796510]  ? sg_new_write.isra.0+0x770/0x770
[ 1508.797129]  ? find_held_lock+0x2c/0x110
[ 1508.797682]  ? __might_fault+0xd3/0x180
[ 1508.798219]  ? lock_downgrade+0x6d0/0x6d0
[ 1508.798808]  ? _cond_resched+0x12/0x80
[ 1508.799335]  ? inode_security+0x107/0x140
[ 1508.799893]  ? avc_policy_seqno+0x9/0x70
[ 1508.800440]  ? selinux_file_permission+0x92/0x520
[ 1508.801093]  sg_write+0x87/0x120
[ 1508.801552]  do_iter_write+0x4f0/0x700
[ 1508.802080]  ? import_iovec+0x83/0xb0
[ 1508.802607]  vfs_writev+0x1ae/0x620
[ 1508.803100]  ? vfs_iter_write+0xa0/0xa0
[ 1508.803637]  ? __fget_files+0x2cf/0x520
[ 1508.804172]  ? lock_downgrade+0x6d0/0x6d0
[ 1508.804729]  ? find_held_lock+0x2c/0x110
[ 1508.805281]  ? ksys_write+0x12d/0x260
[ 1508.805794]  ? __fget_files+0x2f8/0x520
[ 1508.806333]  ? __fget_light+0xea/0x290
[ 1508.806883]  do_writev+0x139/0x300
[ 1508.807368]  ? vfs_writev+0x620/0x620
[ 1508.807883]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1508.808590]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1508.809289]  do_syscall_64+0x33/0x40
[ 1508.809784]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1508.810467] RIP: 0033:0x7ff981a49b19
[ 1508.810955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1508.813407] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1508.814426] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1508.815398] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1508.816329] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1508.817253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1508.818181] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1508.830044] sg_write: data in/out 200192/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1508.830044]    program syz-executor.5 not setting count and/or reply_len properly
15:15:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400033021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1508.862107] sg_write: data in/out 805502976/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1508.862107]    program syz-executor.1 not setting count and/or reply_len properly
[ 1508.863345] sg_write: data in/out 200192/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1508.863345]    program syz-executor.5 not setting count and/or reply_len properly
15:15:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030030206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:19 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02430030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1508.948252] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1508.948252]    program syz-executor.1 not setting count and/or reply_len properly
15:15:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030040206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:19 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 44)

[ 1509.029838] sg_write: data in/out 208896/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1509.029838]    program syz-executor.5 not setting count and/or reply_len properly
[ 1509.030181] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1509.030181]    program syz-executor.1 not setting count and/or reply_len properly
[ 1509.036298] sg_write: data in/out 208896/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1509.036298]    program syz-executor.5 not setting count and/or reply_len properly
15:15:19 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1509.058309] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1509.058309]    program syz-executor.0 not setting count and/or reply_len properly
[ 1509.074841] FAULT_INJECTION: forcing a failure.
[ 1509.074841] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1509.076339] CPU: 1 PID: 7872 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1509.077201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1509.078246] Call Trace:
[ 1509.078605]  dump_stack+0x107/0x167
[ 1509.079051]  should_fail.cold+0x5/0xa
[ 1509.079524]  copy_page_from_iter+0x40a/0x900
[ 1509.080075]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1509.080663]  ? blk_rq_unmap_user+0x750/0x750
[ 1509.081227]  ? find_held_lock+0x2c/0x110
[ 1509.081744]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1509.082415]  ? lock_downgrade+0x6d0/0x6d0
[ 1509.082949]  ? import_single_range+0x24d/0x2e0
[ 1509.083527]  blk_rq_map_user+0x103/0x170
[ 1509.084040]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1509.084637]  ? alloc_pages_current+0x18f/0x280
[ 1509.085214]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1509.085851]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1509.086536]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1509.087167]  ? vprintk_func+0x93/0x140
[ 1509.087664]  ? record_print_text.cold+0x16/0x16
[ 1509.088258]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1509.088899]  ? trace_hardirqs_on+0x5b/0x180
[ 1509.089449]  sg_write.part.0+0x69e/0xaa0
[ 1509.089965]  ? sg_new_write.isra.0+0x770/0x770
[ 1509.090564]  ? find_held_lock+0x2c/0x110
[ 1509.091082]  ? __might_fault+0xd3/0x180
[ 1509.091581]  ? lock_downgrade+0x6d0/0x6d0
[ 1509.092117]  ? _cond_resched+0x12/0x80
[ 1509.092621]  ? inode_security+0x107/0x140
[ 1509.093145]  ? avc_policy_seqno+0x9/0x70
[ 1509.093656]  ? selinux_file_permission+0x92/0x520
[ 1509.094268]  sg_write+0x87/0x120
[ 1509.094722]  do_iter_write+0x4f0/0x700
[ 1509.095223]  ? import_iovec+0x83/0xb0
[ 1509.095714]  vfs_writev+0x1ae/0x620
[ 1509.096178]  ? vfs_iter_write+0xa0/0xa0
[ 1509.096680]  ? __fget_files+0x2cf/0x520
[ 1509.097181]  ? lock_downgrade+0x6d0/0x6d0
[ 1509.097704]  ? find_held_lock+0x2c/0x110
[ 1509.098222]  ? ksys_write+0x12d/0x260
[ 1509.098724]  ? __fget_files+0x2f8/0x520
[ 1509.099231]  ? __fget_light+0xea/0x290
[ 1509.099728]  do_writev+0x139/0x300
[ 1509.100174]  ? vfs_writev+0x620/0x620
[ 1509.100657]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1509.101321]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1509.101970]  do_syscall_64+0x33/0x40
[ 1509.102451]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1509.103103] RIP: 0033:0x7ff981a49b19
[ 1509.103576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1509.105876] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1509.106822] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1509.107692] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1509.108593] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1509.109463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1509.110349] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:15:19 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02448030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:15:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030030206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:42 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:15:42 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0244c030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1531.515286] sg_write: 3 callbacks suppressed
[ 1531.515299] sg_write: data in/out 216064/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.515299]    program syz-executor.5 not setting count and/or reply_len properly
[ 1531.540875] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.540875]    program syz-executor.1 not setting count and/or reply_len properly
15:15:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021036cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:42 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 45)

15:15:42 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:15:42 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:15:42 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:15:42 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1531.562322] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.562322]    program syz-executor.0 not setting count and/or reply_len properly
15:15:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021076cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1531.566185] sg_write: data in/out 216064/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.566185]    program syz-executor.5 not setting count and/or reply_len properly
[ 1531.577556] FAULT_INJECTION: forcing a failure.
[ 1531.577556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1531.583329] CPU: 0 PID: 7894 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1531.584218] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1531.585292] Call Trace:
[ 1531.585638]  dump_stack+0x107/0x167
[ 1531.586114]  should_fail.cold+0x5/0xa
[ 1531.586612]  copy_page_from_iter+0x40a/0x900
[ 1531.587207]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1531.587815]  ? blk_rq_unmap_user+0x750/0x750
[ 1531.588391]  ? find_held_lock+0x2c/0x110
[ 1531.588924]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1531.589614]  ? lock_downgrade+0x6d0/0x6d0
[ 1531.590149]  ? import_single_range+0x24d/0x2e0
[ 1531.590745]  blk_rq_map_user+0x103/0x170
[ 1531.591288]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1531.591905]  ? alloc_pages_current+0x18f/0x280
[ 1531.592500]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1531.593154]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1531.593841]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1531.594487]  ? vprintk_func+0x93/0x140
[ 1531.594996]  ? record_print_text.cold+0x16/0x16
[ 1531.595615]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1531.596271]  ? trace_hardirqs_on+0x5b/0x180
[ 1531.596839]  sg_write.part.0+0x69e/0xaa0
[ 1531.597369]  ? sg_new_write.isra.0+0x770/0x770
[ 1531.597965]  ? find_held_lock+0x2c/0x110
[ 1531.598496]  ? __might_fault+0xd3/0x180
[ 1531.599013]  ? lock_downgrade+0x6d0/0x6d0
[ 1531.599578]  ? _cond_resched+0x12/0x80
[ 1531.600084]  ? inode_security+0x107/0x140
[ 1531.600622]  ? avc_policy_seqno+0x9/0x70
[ 1531.601148]  ? selinux_file_permission+0x92/0x520
[ 1531.601778]  sg_write+0x87/0x120
[ 1531.602221]  do_iter_write+0x4f0/0x700
[ 1531.602728]  ? import_iovec+0x83/0xb0
[ 1531.603236]  vfs_writev+0x1ae/0x620
[ 1531.603715]  ? vfs_iter_write+0xa0/0xa0
[ 1531.604230]  ? __fget_files+0x2cf/0x520
[ 1531.604748]  ? lock_downgrade+0x6d0/0x6d0
[ 1531.605286]  ? find_held_lock+0x2c/0x110
[ 1531.605817]  ? ksys_write+0x12d/0x260
[ 1531.606203] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.606203]    program syz-executor.1 not setting count and/or reply_len properly
[ 1531.606314]  ? __fget_files+0x2f8/0x520
[ 1531.611718]  ? __fget_light+0xea/0x290
[ 1531.612251]  do_writev+0x139/0x300
[ 1531.612730]  ? vfs_writev+0x620/0x620
[ 1531.613245]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1531.613945]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1531.614637]  do_syscall_64+0x33/0x40
[ 1531.615136]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1531.615831] RIP: 0033:0x7ff981a49b19
[ 1531.616315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1531.618690] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1531.619710] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1531.620659] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1531.621614] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1531.622563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1531.623529] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:15:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021096cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:42 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02468030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1531.715660] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.715660]    program syz-executor.1 not setting count and/or reply_len properly
[ 1531.725651] sg_write: data in/out 223232/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.725651]    program syz-executor.5 not setting count and/or reply_len properly
[ 1531.734099] sg_write: data in/out 223232/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.734099]    program syz-executor.5 not setting count and/or reply_len properly
15:15:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe024000300210c6cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:42 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1531.787942] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.787942]    program syz-executor.1 not setting count and/or reply_len properly
15:15:42 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 46)

[ 1531.858490] sg_write: data in/out 224256/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1531.858490]    program syz-executor.5 not setting count and/or reply_len properly
15:15:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021306cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:42 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0246c030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1531.964542] FAULT_INJECTION: forcing a failure.
[ 1531.964542] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1531.966037] CPU: 1 PID: 7929 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1531.966875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1531.967912] Call Trace:
[ 1531.968241]  dump_stack+0x107/0x167
[ 1531.968688]  should_fail.cold+0x5/0xa
[ 1531.969160]  copy_page_from_iter+0x40a/0x900
[ 1531.969707]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1531.970278]  ? blk_rq_unmap_user+0x750/0x750
[ 1531.970821]  ? find_held_lock+0x2c/0x110
[ 1531.971344]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1531.971996]  ? lock_downgrade+0x6d0/0x6d0
[ 1531.972500]  ? import_single_range+0x24d/0x2e0
[ 1531.973061]  blk_rq_map_user+0x103/0x170
[ 1531.973558]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1531.974141]  ? alloc_pages_current+0x18f/0x280
[ 1531.974701]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1531.975343]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1531.975990]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1531.976599]  ? lock_downgrade+0x6d0/0x6d0
[ 1531.977114]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1531.977757]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1531.978377]  ? trace_hardirqs_on+0x5b/0x180
[ 1531.978910]  ? ___ratelimit+0x1fc/0x440
[ 1531.983433]  sg_write.part.0+0x69e/0xaa0
[ 1531.983931]  ? sg_new_write.isra.0+0x770/0x770
[ 1531.984491]  ? find_held_lock+0x2c/0x110
[ 1531.984989]  ? __might_fault+0xd3/0x180
[ 1531.985474]  ? lock_downgrade+0x6d0/0x6d0
[ 1531.985995]  ? _cond_resched+0x12/0x80
[ 1531.986470]  ? inode_security+0x107/0x140
[ 1531.986975]  ? avc_policy_seqno+0x9/0x70
[ 1531.987483]  ? selinux_file_permission+0x92/0x520
[ 1531.988077]  sg_write+0x87/0x120
[ 1531.988494]  do_iter_write+0x4f0/0x700
[ 1531.988971]  ? import_iovec+0x83/0xb0
[ 1531.989438]  vfs_writev+0x1ae/0x620
[ 1531.989884]  ? vfs_iter_write+0xa0/0xa0
[ 1531.990369]  ? __fget_files+0x2cf/0x520
[ 1531.990853]  ? lock_downgrade+0x6d0/0x6d0
[ 1531.991378]  ? find_held_lock+0x2c/0x110
[ 1531.991876]  ? ksys_write+0x12d/0x260
[ 1531.992345]  ? __fget_files+0x2f8/0x520
[ 1531.992834]  ? __fget_light+0xea/0x290
[ 1531.993312]  do_writev+0x139/0x300
[ 1531.993746]  ? vfs_writev+0x620/0x620
[ 1531.994220]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1531.994856]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1531.995507]  do_syscall_64+0x33/0x40
[ 1531.995960]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1531.996585] RIP: 0033:0x7ff981a49b19
[ 1531.997041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1531.999300] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1532.000226] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1532.001094] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1532.001963] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1532.002830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1532.003715] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:15:57 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:15:57 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:15:57 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 47)

15:15:57 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02474030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:15:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb23535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:57 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:15:57 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:15:57 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1546.821377] sg_write: 3 callbacks suppressed
[ 1546.821393] sg_write: data in/out 226304/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1546.821393]    program syz-executor.5 not setting count and/or reply_len properly
[ 1546.825074] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1546.825074]    program syz-executor.1 not setting count and/or reply_len properly
[ 1546.828395] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1546.828395]    program syz-executor.0 not setting count and/or reply_len properly
[ 1546.834026] FAULT_INJECTION: forcing a failure.
[ 1546.834026] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1546.835704] CPU: 0 PID: 7944 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1546.836079] sg_write: data in/out 226304/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1546.836079]    program syz-executor.5 not setting count and/or reply_len properly
[ 1546.836679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1546.836684] Call Trace:
[ 1546.836706]  dump_stack+0x107/0x167
[ 1546.836723]  should_fail.cold+0x5/0xa
[ 1546.841116]  copy_page_from_iter+0x40a/0x900
[ 1546.841749]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1546.842413]  ? blk_rq_unmap_user+0x750/0x750
[ 1546.843039]  ? find_held_lock+0x2c/0x110
[ 1546.843616]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1546.844383]  ? lock_downgrade+0x6d0/0x6d0
[ 1546.844968]  ? import_single_range+0x24d/0x2e0
[ 1546.845621]  blk_rq_map_user+0x103/0x170
[ 1546.846197]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1546.846881]  ? alloc_pages_current+0x18f/0x280
[ 1546.847523]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1546.848248]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1546.849031]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1546.849760]  ? vprintk_func+0x93/0x140
[ 1546.850317]  ? record_print_text.cold+0x16/0x16
[ 1546.850970]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1546.851690]  ? trace_hardirqs_on+0x5b/0x180
[ 1546.852308]  sg_write.part.0+0x69e/0xaa0
[ 1546.852880]  ? sg_new_write.isra.0+0x770/0x770
[ 1546.853522]  ? find_held_lock+0x2c/0x110
[ 1546.854095]  ? __might_fault+0xd3/0x180
[ 1546.854666]  ? lock_downgrade+0x6d0/0x6d0
[ 1546.855284]  ? _cond_resched+0x12/0x80
[ 1546.855860]  ? inode_security+0x107/0x140
[ 1546.856440]  ? avc_policy_seqno+0x9/0x70
[ 1546.857009]  ? selinux_file_permission+0x92/0x520
[ 1546.857741]  sg_write+0x87/0x120
[ 1546.858236]  do_iter_write+0x4f0/0x700
[ 1546.858806]  ? import_iovec+0x83/0xb0
[ 1546.859343]  vfs_writev+0x1ae/0x620
[ 1546.859896]  ? vfs_iter_write+0xa0/0xa0
[ 1546.860453]  ? __fget_files+0x2cf/0x520
[ 1546.861013]  ? lock_downgrade+0x6d0/0x6d0
[ 1546.861591]  ? find_held_lock+0x2c/0x110
[ 1546.862164]  ? ksys_write+0x12d/0x260
[ 1546.862702]  ? __fget_files+0x2f8/0x520
[ 1546.863265]  ? __fget_light+0xea/0x290
[ 1546.863884]  do_writev+0x139/0x300
[ 1546.864413]  ? vfs_writev+0x620/0x620
[ 1546.864951]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1546.865685]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1546.866444]  do_syscall_64+0x33/0x40
[ 1546.866982]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1546.867744] RIP: 0033:0x7ff981a49b19
[ 1546.868269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1546.870822] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1546.871905] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1546.872897] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1546.873942] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1546.874939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1546.875949] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:15:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb29535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:15:57 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe0247a030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:15:57 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 48)

[ 1546.997665] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1546.997665]    program syz-executor.0 not setting count and/or reply_len properly
[ 1547.000218] FAULT_INJECTION: forcing a failure.
[ 1547.000218] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1547.001804] CPU: 1 PID: 7959 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1547.002730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1547.003491] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1547.003491]    program syz-executor.1 not setting count and/or reply_len properly
[ 1547.003796] Call Trace:
[ 1547.003820]  dump_stack+0x107/0x167
[ 1547.003835]  should_fail.cold+0x5/0xa
[ 1547.003855]  copy_page_from_iter+0x40a/0x900
[ 1547.007845]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1547.008468]  ? blk_rq_unmap_user+0x750/0x750
[ 1547.009080]  ? find_held_lock+0x2c/0x110
[ 1547.009620]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1547.010310]  ? lock_downgrade+0x6d0/0x6d0
[ 1547.010901]  ? import_single_range+0x24d/0x2e0
[ 1547.011524]  blk_rq_map_user+0x103/0x170
[ 1547.012100]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1547.012775]  ? alloc_pages_current+0x18f/0x280
[ 1547.013378]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1547.014041]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1547.014733]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1547.015382]  ? vprintk_func+0x93/0x140
[ 1547.015914]  ? record_print_text.cold+0x16/0x16
[ 1547.016410] sg_write: data in/out 227840/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1547.016410]    program syz-executor.5 not setting count and/or reply_len properly
[ 1547.016518]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1547.019171]  ? trace_hardirqs_on+0x5b/0x180
[ 1547.019822]  sg_write.part.0+0x69e/0xaa0
[ 1547.020361]  ? sg_new_write.isra.0+0x770/0x770
[ 1547.020964]  ? find_held_lock+0x2c/0x110
[ 1547.021499]  ? __might_fault+0xd3/0x180
[ 1547.022015]  ? lock_downgrade+0x6d0/0x6d0
[ 1547.022545]  ? _cond_resched+0x12/0x80
[ 1547.023026]  ? inode_security+0x107/0x140
[ 1547.023574]  ? avc_policy_seqno+0x9/0x70
[ 1547.024125]  ? selinux_file_permission+0x92/0x520
[ 1547.024769]  sg_write+0x87/0x120
[ 1547.025224]  do_iter_write+0x4f0/0x700
[ 1547.025745]  ? import_iovec+0x83/0xb0
[ 1547.026245]  vfs_writev+0x1ae/0x620
[ 1547.026725]  ? vfs_iter_write+0xa0/0xa0
[ 1547.027246]  ? __fget_files+0x2cf/0x520
[ 1547.027778]  ? lock_downgrade+0x6d0/0x6d0
[ 1547.028321]  ? find_held_lock+0x2c/0x110
[ 1547.028855]  ? ksys_write+0x12d/0x260
[ 1547.029356]  ? __fget_files+0x2f8/0x520
[ 1547.029879]  ? __fget_light+0xea/0x290
[ 1547.030391]  do_writev+0x139/0x300
[ 1547.030904]  ? vfs_writev+0x620/0x620
[ 1547.031410]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1547.032111]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1547.032787]  do_syscall_64+0x33/0x40
[ 1547.033274]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1547.033936] RIP: 0033:0x7ff981a49b19
[ 1547.034422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1547.036842] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1547.037829] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1547.038786] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1547.039769] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1547.040694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1547.041622] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1547.230795] sg_write: data in/out 227840/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1547.230795]    program syz-executor.5 not setting count and/or reply_len properly
15:16:17 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:16:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb30535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:17 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
[ 1566.595761] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1566.595761]    program syz-executor.1 not setting count and/or reply_len properly
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1566.627031] sg_write: data in/out 3145728/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1566.627031]    program syz-executor.5 not setting count and/or reply_len properly
[ 1566.635863] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1566.635863]    program syz-executor.0 not setting count and/or reply_len properly
15:16:17 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:17 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400300021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:16:17 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:17 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:17 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 49)

[ 1566.684861] FAULT_INJECTION: forcing a failure.
[ 1566.684861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1566.686399] CPU: 0 PID: 7983 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1566.687291] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1566.688409] Call Trace:
[ 1566.688769]  dump_stack+0x107/0x167
[ 1566.689261]  should_fail.cold+0x5/0xa
[ 1566.689778]  copy_page_from_iter+0x40a/0x900
[ 1566.690375]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1566.690996]  ? blk_rq_unmap_user+0x750/0x750
[ 1566.691593]  ? find_held_lock+0x2c/0x110
[ 1566.692144]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1566.693671]  ? lock_downgrade+0x6d0/0x6d0
[ 1566.694895]  ? import_single_range+0x24d/0x2e0
[ 1566.696246]  blk_rq_map_user+0x103/0x170
[ 1566.697468]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1566.698645]  ? alloc_pages_current+0x18f/0x280
[ 1566.699778]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1566.701208]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1566.702541]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1566.703979]  ? vprintk_func+0x93/0x140
[ 1566.704695]  ? record_print_text.cold+0x16/0x16
[ 1566.705324]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1566.706007]  ? trace_hardirqs_on+0x5b/0x180
[ 1566.706594]  sg_write.part.0+0x69e/0xaa0
[ 1566.707141]  ? sg_new_write.isra.0+0x770/0x770
[ 1566.707759]  ? find_held_lock+0x2c/0x110
[ 1566.708312]  ? __might_fault+0xd3/0x180
[ 1566.709344]  ? lock_downgrade+0x6d0/0x6d0
[ 1566.710375]  ? _cond_resched+0x12/0x80
[ 1566.711334]  ? inode_security+0x107/0x140
[ 1566.712384]  ? avc_policy_seqno+0x9/0x70
[ 1566.713578]  ? selinux_file_permission+0x92/0x520
[ 1566.714774]  sg_write+0x87/0x120
[ 1566.715608]  do_iter_write+0x4f0/0x700
[ 1566.716662]  ? import_iovec+0x83/0xb0
[ 1566.717652]  vfs_writev+0x1ae/0x620
[ 1566.718608]  ? vfs_iter_write+0xa0/0xa0
[ 1566.719640]  ? __fget_files+0x2cf/0x520
[ 1566.720695]  ? lock_downgrade+0x6d0/0x6d0
[ 1566.721719]  ? find_held_lock+0x2c/0x110
[ 1566.722721]  ? ksys_write+0x12d/0x260
[ 1566.723659]  ? __fget_files+0x2f8/0x520
[ 1566.724725]  ? __fget_light+0xea/0x290
[ 1566.725686]  do_writev+0x139/0x300
[ 1566.726591]  ? vfs_writev+0x620/0x620
[ 1566.727572]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1566.729567]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1566.730845]  do_syscall_64+0x33/0x40
[ 1566.731762]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1566.732750] RIP: 0033:0x7ff981a49b19
[ 1566.733250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1566.735775] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1566.736814] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1566.737747] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1566.738680] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1566.739614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1566.740578] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1566.766507] sg_write: data in/out 3145728/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1566.766507]    program syz-executor.5 not setting count and/or reply_len properly
15:16:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0243a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1566.805229] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1566.805229]    program syz-executor.1 not setting count and/or reply_len properly
[ 1566.853916] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1566.853916]    program syz-executor.1 not setting count and/or reply_len properly
15:16:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0343a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0443a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:17 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400400021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:16:17 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1567.006668] sg_write: data in/out 4194304/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1567.006668]    program syz-executor.5 not setting count and/or reply_len properly
[ 1567.020996] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1567.020996]    program syz-executor.1 not setting count and/or reply_len properly
15:16:17 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 50)

[ 1567.074653] sg_write: data in/out 4194304/88 bytes for SCSI command 0xbd-- guessing data in;
15:16:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0943a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1567.074653]    program syz-executor.5 not setting count and/or reply_len properly
[ 1567.098880] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1567.098880]    program syz-executor.0 not setting count and/or reply_len properly
[ 1567.104940] FAULT_INJECTION: forcing a failure.
[ 1567.104940] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1567.106508] CPU: 1 PID: 8009 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1567.107373] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1567.108440] Call Trace:
[ 1567.108780]  dump_stack+0x107/0x167
[ 1567.109244]  should_fail.cold+0x5/0xa
[ 1567.109737]  copy_page_from_iter+0x40a/0x900
[ 1567.110306]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1567.110906]  ? blk_rq_unmap_user+0x750/0x750
[ 1567.111473]  ? find_held_lock+0x2c/0x110
[ 1567.112001]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1567.112709]  ? lock_downgrade+0x6d0/0x6d0
[ 1567.113236]  ? import_single_range+0x24d/0x2e0
[ 1567.113812]  blk_rq_map_user+0x103/0x170
[ 1567.114335]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1567.114940]  ? alloc_pages_current+0x18f/0x280
[ 1567.115524]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1567.116157]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1567.116859]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1567.117489]  ? vprintk_func+0x93/0x140
[ 1567.117982]  ? record_print_text.cold+0x16/0x16
[ 1567.118581]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1567.119222]  ? trace_hardirqs_on+0x5b/0x180
[ 1567.119772]  sg_write.part.0+0x69e/0xaa0
[ 1567.120291]  ? sg_new_write.isra.0+0x770/0x770
[ 1567.120910]  ? find_held_lock+0x2c/0x110
[ 1567.121425]  ? __might_fault+0xd3/0x180
[ 1567.121925]  ? lock_downgrade+0x6d0/0x6d0
[ 1567.122462]  ? _cond_resched+0x12/0x80
[ 1567.122956]  ? inode_security+0x107/0x140
[ 1567.123483]  ? avc_policy_seqno+0x9/0x70
[ 1567.123999]  ? selinux_file_permission+0x92/0x520
[ 1567.124656]  sg_write+0x87/0x120
[ 1567.125095]  do_iter_write+0x4f0/0x700
[ 1567.125604]  ? import_iovec+0x83/0xb0
[ 1567.126094]  vfs_writev+0x1ae/0x620
[ 1567.126557]  ? vfs_iter_write+0xa0/0xa0
[ 1567.127062]  ? __fget_files+0x2cf/0x520
[ 1567.127565]  ? lock_downgrade+0x6d0/0x6d0
[ 1567.128099]  ? find_held_lock+0x2c/0x110
[ 1567.128659]  ? ksys_write+0x12d/0x260
[ 1567.129160]  ? __fget_files+0x2f8/0x520
[ 1567.129668]  ? __fget_light+0xea/0x290
[ 1567.130172]  do_writev+0x139/0x300
[ 1567.130626]  ? vfs_writev+0x620/0x620
[ 1567.131117]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1567.131786]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1567.132479]  do_syscall_64+0x33/0x40
[ 1567.132953]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1567.133580] RIP: 0033:0x7ff981a49b19
[ 1567.134052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1567.136465] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1567.137429] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1567.138332] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1567.139239] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1567.140142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1567.141106] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:16:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0d43a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:17 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400b40021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:16:17 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 51)

[ 1567.297472] FAULT_INJECTION: forcing a failure.
[ 1567.297472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1567.299073] CPU: 1 PID: 8019 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1567.299940] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1567.301005] Call Trace:
[ 1567.301346]  dump_stack+0x107/0x167
[ 1567.301807]  should_fail.cold+0x5/0xa
[ 1567.302295]  copy_page_from_iter+0x40a/0x900
[ 1567.302858]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1567.303446]  ? blk_rq_unmap_user+0x750/0x750
[ 1567.304006]  ? find_held_lock+0x2c/0x110
[ 1567.304546]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1567.305217]  ? lock_downgrade+0x6d0/0x6d0
[ 1567.305740]  ? import_single_range+0x24d/0x2e0
[ 1567.306321]  blk_rq_map_user+0x103/0x170
[ 1567.306835]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1567.307440]  ? alloc_pages_current+0x18f/0x280
[ 1567.308019]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1567.308670]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1567.309341]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1567.309974]  ? lock_downgrade+0x6d0/0x6d0
[ 1567.310506]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1567.311168]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1567.311806]  ? trace_hardirqs_on+0x5b/0x180
[ 1567.312367]  ? ___ratelimit+0x1fc/0x440
[ 1567.312884]  sg_write.part.0+0x69e/0xaa0
[ 1567.313400]  ? sg_new_write.isra.0+0x770/0x770
[ 1567.313981]  ? find_held_lock+0x2c/0x110
[ 1567.314499]  ? __might_fault+0xd3/0x180
[ 1567.315002]  ? lock_downgrade+0x6d0/0x6d0
[ 1567.315536]  ? _cond_resched+0x12/0x80
[ 1567.316026]  ? inode_security+0x107/0x140
[ 1567.316567]  ? avc_policy_seqno+0x9/0x70
[ 1567.317080]  ? selinux_file_permission+0x92/0x520
[ 1567.317694]  sg_write+0x87/0x120
[ 1567.318126]  do_iter_write+0x4f0/0x700
[ 1567.318621]  ? import_iovec+0x83/0xb0
[ 1567.319110]  vfs_writev+0x1ae/0x620
[ 1567.319572]  ? vfs_iter_write+0xa0/0xa0
[ 1567.320075]  ? __fget_files+0x2cf/0x520
[ 1567.320597]  ? lock_downgrade+0x6d0/0x6d0
[ 1567.321119]  ? find_held_lock+0x2c/0x110
[ 1567.321635]  ? ksys_write+0x12d/0x260
[ 1567.322120]  ? __fget_files+0x2f8/0x520
[ 1567.322630]  ? __fget_light+0xea/0x290
[ 1567.323123]  do_writev+0x139/0x300
[ 1567.323575]  ? vfs_writev+0x620/0x620
[ 1567.324057]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1567.324741]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1567.325393]  do_syscall_64+0x33/0x40
[ 1567.325865]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1567.326511] RIP: 0033:0x7ff981a49b19
[ 1567.326983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1567.329325] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1567.330283] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1567.331189] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1567.332084] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1567.332998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1567.333902] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:16:34 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0e43a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:34 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 52)

15:16:34 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1583.918493] sg_write: 5 callbacks suppressed
[ 1583.918506] sg_write: data in/out 131072/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1583.918506]    program syz-executor.5 not setting count and/or reply_len properly
[ 1583.921883] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1583.921883]    program syz-executor.0 not setting count and/or reply_len properly
[ 1583.924071] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1583.924071]    program syz-executor.1 not setting count and/or reply_len properly
[ 1583.927926] FAULT_INJECTION: forcing a failure.
[ 1583.927926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1583.929558] CPU: 0 PID: 8026 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1583.930474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1583.931598] Call Trace:
[ 1583.931961]  dump_stack+0x107/0x167
[ 1583.932455]  should_fail.cold+0x5/0xa
[ 1583.932991]  copy_page_from_iter+0x40a/0x900
[ 1583.933582]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1583.934191]  ? blk_rq_unmap_user+0x750/0x750
[ 1583.934788]  ? find_held_lock+0x2c/0x110
[ 1583.935344]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1583.936064]  ? lock_downgrade+0x6d0/0x6d0
[ 1583.936620]  ? import_single_range+0x24d/0x2e0
[ 1583.937254]  blk_rq_map_user+0x103/0x170
[ 1583.937802]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1583.938446]  ? alloc_pages_current+0x18f/0x280
[ 1583.939060]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1583.939738]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1583.940450]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1583.941139]  ? vprintk_func+0x93/0x140
[ 1583.941655]  ? record_print_text.cold+0x16/0x16
[ 1583.942266]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1583.942950]  ? trace_hardirqs_on+0x5b/0x180
[ 1583.943539]  sg_write.part.0+0x69e/0xaa0
[ 1583.944090]  ? sg_new_write.isra.0+0x770/0x770
[ 1583.944710]  ? find_held_lock+0x2c/0x110
[ 1583.945279]  ? __might_fault+0xd3/0x180
[ 1583.945818]  ? lock_downgrade+0x6d0/0x6d0
[ 1583.946386]  ? _cond_resched+0x12/0x80
[ 1583.946912]  ? inode_security+0x107/0x140
[ 1583.947471]  ? avc_policy_seqno+0x9/0x70
[ 1583.948018]  ? selinux_file_permission+0x92/0x520
[ 1583.948673]  sg_write+0x87/0x120
[ 1583.949152]  do_iter_write+0x4f0/0x700
[ 1583.949665]  ? import_iovec+0x83/0xb0
[ 1583.950168]  vfs_writev+0x1ae/0x620
[ 1583.950657]  ? vfs_iter_write+0xa0/0xa0
[ 1583.951195]  ? __fget_files+0x2cf/0x520
[ 1583.951730]  ? lock_downgrade+0x6d0/0x6d0
[ 1583.952289]  ? find_held_lock+0x2c/0x110
[ 1583.952839]  ? ksys_write+0x12d/0x260
[ 1583.953385]  ? __fget_files+0x2f8/0x520
[ 1583.953924]  ? __fget_light+0xea/0x290
[ 1583.954448]  do_writev+0x139/0x300
[ 1583.954923]  ? vfs_writev+0x620/0x620
[ 1583.955435]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1583.956125]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1583.956804]  do_syscall_64+0x33/0x40
[ 1583.957325]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1583.958015] RIP: 0033:0x7ff981a49b19
[ 1583.958515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1583.961032] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1583.962062] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1583.963009] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1583.963964] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1583.968943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1583.969913] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:16:34 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:34 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:34 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:16:34 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:16:34 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400020021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:16:34 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff3043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1584.147846] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1584.147846]    program syz-executor.1 not setting count and/or reply_len properly
15:16:34 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb302fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:35 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400040021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1584.489869] sg_write: data in/out 262144/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1584.489869]    program syz-executor.5 not setting count and/or reply_len properly
[ 1584.502532] sg_write: data in/out 262144/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1584.502532]    program syz-executor.5 not setting count and/or reply_len properly
15:16:35 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400300021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1584.663400] sg_write: data in/out 3145728/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1584.663400]    program syz-executor.5 not setting count and/or reply_len properly
15:16:35 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb2330b81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:35 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 53)

[ 1584.807656] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1584.807656]    program syz-executor.1 not setting count and/or reply_len properly
[ 1584.811438] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1584.811438]    program syz-executor.0 not setting count and/or reply_len properly
[ 1584.814789] sg_write: data in/out 3145728/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1584.814789]    program syz-executor.5 not setting count and/or reply_len properly
[ 1584.818618] FAULT_INJECTION: forcing a failure.
[ 1584.818618] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1584.820231] CPU: 0 PID: 8059 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1584.821202] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1584.822296] Call Trace:
[ 1584.822651]  dump_stack+0x107/0x167
[ 1584.823129]  should_fail.cold+0x5/0xa
[ 1584.823635]  copy_page_from_iter+0x40a/0x900
[ 1584.824225]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1584.824838]  ? blk_rq_unmap_user+0x750/0x750
[ 1584.825441]  ? find_held_lock+0x2c/0x110
[ 1584.825983]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1584.826681]  ? lock_downgrade+0x6d0/0x6d0
[ 1584.827239]  ? import_single_range+0x24d/0x2e0
[ 1584.827860]  blk_rq_map_user+0x103/0x170
[ 1584.828410]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1584.829076]  ? alloc_pages_current+0x18f/0x280
[ 1584.829680]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1584.830345]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1584.831040]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1584.831720]  ? vprintk_func+0x93/0x140
[ 1584.832250]  ? record_print_text.cold+0x16/0x16
[ 1584.832875]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1584.833588]  ? trace_hardirqs_on+0x5b/0x180
[ 1584.834161]  sg_write.part.0+0x69e/0xaa0
[ 1584.834697]  ? sg_new_write.isra.0+0x770/0x770
[ 1584.835298]  ? find_held_lock+0x2c/0x110
[ 1584.835837]  ? __might_fault+0xd3/0x180
[ 1584.836371]  ? lock_downgrade+0x6d0/0x6d0
[ 1584.836969]  ? _cond_resched+0x12/0x80
[ 1584.837521]  ? inode_security+0x107/0x140
[ 1584.838080]  ? avc_policy_seqno+0x9/0x70
[ 1584.838623]  ? selinux_file_permission+0x92/0x520
[ 1584.839276]  sg_write+0x87/0x120
[ 1584.839735]  do_iter_write+0x4f0/0x700
[ 1584.840261]  ? import_iovec+0x83/0xb0
[ 1584.840790]  vfs_writev+0x1ae/0x620
[ 1584.841323]  ? vfs_iter_write+0xa0/0xa0
[ 1584.841908]  ? __fget_files+0x2cf/0x520
[ 1584.842434]  ? lock_downgrade+0x6d0/0x6d0
[ 1584.842973]  ? find_held_lock+0x2c/0x110
[ 1584.843506]  ? ksys_write+0x12d/0x260
[ 1584.844007]  ? __fget_files+0x2f8/0x520
[ 1584.844531]  ? __fget_light+0xea/0x290
[ 1584.845065]  do_writev+0x139/0x300
[ 1584.845530]  ? vfs_writev+0x620/0x620
[ 1584.846031]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1584.846737]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1584.847430]  do_syscall_64+0x33/0x40
[ 1584.847929]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1584.848619] RIP: 0033:0x7ff981a49b19
[ 1584.849142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1584.851555] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1584.852578] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1584.853547] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1584.854506] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1584.855465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1584.856395] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:16:35 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb830f74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:35 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1608.784189] sg_write: 1 callbacks suppressed
15:16:59 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:16:59 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400b40021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1608.784201] sg_write: data in/out 11796480/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1608.784201]    program syz-executor.5 not setting count and/or reply_len properly
15:16:59 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:59 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:16:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd5300a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:59 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 54)

15:16:59 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1608.829770] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1608.829770]    program syz-executor.0 not setting count and/or reply_len properly
[ 1608.831991] FAULT_INJECTION: forcing a failure.
[ 1608.831991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1608.833411] CPU: 1 PID: 8084 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1608.834306] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1608.835365] Call Trace:
[ 1608.835719]  dump_stack+0x107/0x167
[ 1608.836193]  should_fail.cold+0x5/0xa
[ 1608.836708]  copy_page_from_iter+0x40a/0x900
[ 1608.837294]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1608.837945]  ? blk_rq_unmap_user+0x750/0x750
[ 1608.838525]  ? find_held_lock+0x2c/0x110
[ 1608.839127]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1608.839875]  ? lock_downgrade+0x6d0/0x6d0
[ 1608.840478]  ? import_single_range+0x24d/0x2e0
[ 1608.841164]  blk_rq_map_user+0x103/0x170
[ 1608.841765]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1608.842562]  ? alloc_pages_current+0x18f/0x280
[ 1608.843304]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1608.844071]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1608.844840]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1608.845563]  ? vprintk_func+0x93/0x140
[ 1608.846168]  ? record_print_text.cold+0x16/0x16
[ 1608.846844]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1608.847580]  ? trace_hardirqs_on+0x5b/0x180
[ 1608.848206]  sg_write.part.0+0x69e/0xaa0
[ 1608.848781]  ? sg_new_write.isra.0+0x770/0x770
[ 1608.849425]  ? find_held_lock+0x2c/0x110
[ 1608.850017]  ? __might_fault+0xd3/0x180
[ 1608.850579]  ? lock_downgrade+0x6d0/0x6d0
[ 1608.851171]  ? _cond_resched+0x12/0x80
[ 1608.851714]  ? inode_security+0x107/0x140
[ 1608.852288]  ? avc_policy_seqno+0x9/0x70
[ 1608.852852]  ? selinux_file_permission+0x92/0x520
[ 1608.853531]  sg_write+0x87/0x120
[ 1608.854022]  do_iter_write+0x4f0/0x700
[ 1608.854576]  ? import_iovec+0x83/0xb0
[ 1608.855104]  vfs_writev+0x1ae/0x620
[ 1608.855613]  ? vfs_iter_write+0xa0/0xa0
[ 1608.856167]  ? __fget_files+0x2cf/0x520
[ 1608.856720]  ? lock_downgrade+0x6d0/0x6d0
[ 1608.857291]  ? find_held_lock+0x2c/0x110
[ 1608.857870]  ? ksys_write+0x12d/0x260
[ 1608.858402]  ? __fget_files+0x2f8/0x520
[ 1608.858957]  ? __fget_light+0xea/0x290
[ 1608.859504]  do_writev+0x139/0x300
[ 1608.860003]  ? vfs_writev+0x620/0x620
[ 1608.860538]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1608.861269]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1608.861985]  do_syscall_64+0x33/0x40
[ 1608.862478]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1608.863148] RIP: 0033:0x7ff981a49b19
[ 1608.863628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1608.866064] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1608.867105] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1608.868049] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1608.868986] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1608.874326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1608.875245] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1608.879606] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1608.879606]    program syz-executor.1 not setting count and/or reply_len properly
[ 1608.881078] sg_write: data in/out 11796480/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1608.881078]    program syz-executor.5 not setting count and/or reply_len properly
[ 1608.987214] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1608.987214]    program syz-executor.1 not setting count and/or reply_len properly
15:16:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e307eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030221206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1609.021018] sg_write: data in/out 33751040/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1609.021018]    program syz-executor.5 not setting count and/or reply_len properly
[ 1609.026352] sg_write: data in/out 33751040/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1609.026352]    program syz-executor.5 not setting count and/or reply_len properly
15:16:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030321206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:16:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b3049ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:59 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1609.103970] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1609.103970]    program syz-executor.1 not setting count and/or reply_len properly
15:16:59 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 55)

[ 1609.110832] sg_write: data in/out 50528256/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1609.110832]    program syz-executor.5 not setting count and/or reply_len properly
[ 1609.136875] sg_write: data in/out 50528256/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1609.136875]    program syz-executor.5 not setting count and/or reply_len properly
15:16:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee3730155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:16:59 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1609.210026] FAULT_INJECTION: forcing a failure.
[ 1609.210026] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1609.211656] CPU: 0 PID: 8110 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1609.212605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1609.213738] Call Trace:
[ 1609.214121]  dump_stack+0x107/0x167
[ 1609.214591]  should_fail.cold+0x5/0xa
[ 1609.215101]  copy_page_from_iter+0x40a/0x900
[ 1609.215719]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1609.216365]  ? blk_rq_unmap_user+0x750/0x750
[ 1609.216998]  ? find_held_lock+0x2c/0x110
[ 1609.217587]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1609.218343]  ? lock_downgrade+0x6d0/0x6d0
[ 1609.218913]  ? import_single_range+0x24d/0x2e0
[ 1609.219548]  blk_rq_map_user+0x103/0x170
[ 1609.220077]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1609.220736]  ? alloc_pages_current+0x18f/0x280
[ 1609.221380]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1609.222101]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1609.222841]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1609.223538]  ? lock_downgrade+0x6d0/0x6d0
[ 1609.224126]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1609.224855]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1609.225559]  ? trace_hardirqs_on+0x5b/0x180
[ 1609.226177]  ? ___ratelimit+0x1fc/0x440
[ 1609.226738]  sg_write.part.0+0x69e/0xaa0
[ 1609.227311]  ? sg_new_write.isra.0+0x770/0x770
[ 1609.227954]  ? find_held_lock+0x2c/0x110
[ 1609.228526]  ? __might_fault+0xd3/0x180
[ 1609.229083]  ? lock_downgrade+0x6d0/0x6d0
[ 1609.229677]  ? _cond_resched+0x12/0x80
[ 1609.230245]  ? inode_security+0x107/0x140
[ 1609.230826]  ? avc_policy_seqno+0x9/0x70
[ 1609.231391]  ? selinux_file_permission+0x92/0x520
[ 1609.232069]  sg_write+0x87/0x120
[ 1609.232550]  do_iter_write+0x4f0/0x700
[ 1609.233101]  ? import_iovec+0x83/0xb0
[ 1609.233640]  vfs_writev+0x1ae/0x620
[ 1609.234172]  ? vfs_iter_write+0xa0/0xa0
[ 1609.234729]  ? __fget_files+0x2cf/0x520
[ 1609.235283]  ? lock_downgrade+0x6d0/0x6d0
[ 1609.235859]  ? find_held_lock+0x2c/0x110
[ 1609.236431]  ? ksys_write+0x12d/0x260
[ 1609.236968]  ? __fget_files+0x2f8/0x520
[ 1609.237530]  ? __fget_light+0xea/0x290
[ 1609.238098]  do_writev+0x139/0x300
[ 1609.238597]  ? vfs_writev+0x620/0x620
[ 1609.239130]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1609.239859]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1609.240578]  do_syscall_64+0x33/0x40
[ 1609.241098]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1609.241826] RIP: 0033:0x7ff981a49b19
[ 1609.242354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1609.244894] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1609.246023] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1609.247013] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1609.248003] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1609.248992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1609.250010] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:16:59 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:16:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030421206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:16:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b305ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:17:18 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:17:18 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:17:18 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1627.873883] sg_write: 5 callbacks suppressed
[ 1627.873905] sg_write: data in/out 84082688/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1627.873905]    program syz-executor.5 not setting count and/or reply_len properly
15:17:18 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030521206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:17:18 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')

15:17:18 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:17:18 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 56)

15:17:18 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b03015edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1627.899777] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1627.899777]    program syz-executor.1 not setting count and/or reply_len properly
[ 1627.907831] sg_write: data in/out 84082688/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1627.907831]    program syz-executor.5 not setting count and/or reply_len properly
[ 1627.912775] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1627.912775]    program syz-executor.0 not setting count and/or reply_len properly
[ 1627.942519] FAULT_INJECTION: forcing a failure.
[ 1627.942519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1627.945981] CPU: 1 PID: 8147 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1627.947962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1627.950352] Call Trace:
[ 1627.951098]  dump_stack+0x107/0x167
[ 1627.952113]  should_fail.cold+0x5/0xa
[ 1627.953193]  copy_page_from_iter+0x40a/0x900
[ 1627.954258]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1627.955385]  ? blk_rq_unmap_user+0x750/0x750
[ 1627.956455]  ? find_held_lock+0x2c/0x110
[ 1627.957441]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1627.958807]  ? lock_downgrade+0x6d0/0x6d0
[ 1627.959921]  ? import_single_range+0x24d/0x2e0
[ 1627.961172]  blk_rq_map_user+0x103/0x170
[ 1627.962138]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1627.963282]  ? alloc_pages_current+0x18f/0x280
[ 1627.964360]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1627.965550]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1627.966678]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1627.968117]  ? vprintk_func+0x93/0x140
[ 1627.969240]  ? record_print_text.cold+0x16/0x16
[ 1627.970593]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1627.972050]  ? trace_hardirqs_on+0x5b/0x180
[ 1627.973298]  sg_write.part.0+0x69e/0xaa0
[ 1627.974486]  ? sg_new_write.isra.0+0x770/0x770
[ 1627.975798]  ? find_held_lock+0x2c/0x110
[ 1627.976975]  ? __might_fault+0xd3/0x180
[ 1627.978122]  ? lock_downgrade+0x6d0/0x6d0
[ 1627.979340]  ? _cond_resched+0x12/0x80
[ 1627.980461]  ? inode_security+0x107/0x140
[ 1627.981658]  ? avc_policy_seqno+0x9/0x70
[ 1627.982838]  ? selinux_file_permission+0x92/0x520
[ 1627.984237]  sg_write+0x87/0x120
[ 1627.985191]  do_iter_write+0x4f0/0x700
[ 1627.986109]  ? import_iovec+0x83/0xb0
[ 1627.987013]  vfs_writev+0x1ae/0x620
[ 1627.987867]  ? vfs_iter_write+0xa0/0xa0
[ 1627.988801]  ? __fget_files+0x2cf/0x520
[ 1627.989745]  ? lock_downgrade+0x6d0/0x6d0
[ 1627.990822]  ? find_held_lock+0x2c/0x110
[ 1627.991928]  ? ksys_write+0x12d/0x260
[ 1627.992968]  ? __fget_files+0x2f8/0x520
[ 1627.993623]  ? __fget_light+0xea/0x290
[ 1627.994119]  do_writev+0x139/0x300
[ 1627.994677]  ? vfs_writev+0x620/0x620
[ 1627.995165]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1627.996667]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1627.998158]  do_syscall_64+0x33/0x40
[ 1627.999236]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1628.000717] RIP: 0033:0x7ff981a49b19
[ 1628.001791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1628.007168] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1628.009377] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1628.009638] sg_write: data in/out 100859904/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1628.009638]    program syz-executor.5 not setting count and/or reply_len properly
[ 1628.011442] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1628.011450] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1628.011457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1628.011472] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:17:18 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030621206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:17:18 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02330edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1628.043372] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1628.043372]    program syz-executor.1 not setting count and/or reply_len properly
[ 1628.096345] sg_write: data in/out 100859904/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1628.096345]    program syz-executor.5 not setting count and/or reply_len properly
15:17:18 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea030cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1628.168387] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1628.168387]    program syz-executor.1 not setting count and/or reply_len properly
15:17:18 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea070cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:17:18 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030721206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1628.306760] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1628.306760]    program syz-executor.1 not setting count and/or reply_len properly
[ 1628.336894] sg_write: data in/out 117637120/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1628.336894]    program syz-executor.5 not setting count and/or reply_len properly
15:17:18 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea090cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:17:18 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')

15:17:18 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030921206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1646.382836] sg_write: 4 callbacks suppressed
[ 1646.382848] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.382848]    program syz-executor.1 not setting count and/or reply_len properly
[ 1646.407463] sg_write: data in/out 218300416/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.407463]    program syz-executor.5 not setting count and/or reply_len properly
[ 1646.419202] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.419202]    program syz-executor.0 not setting count and/or reply_len properly
[ 1646.429291] FAULT_INJECTION: forcing a failure.
[ 1646.429291] name fail_usercopy, interval 1, probability 0, space 0, times 0
15:17:36 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:17:36 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:17:36 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:17:36 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 57)

15:17:36 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:17:36 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030d21206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:17:36 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea0c0cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:17:37 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])

[ 1646.430866] CPU: 0 PID: 8194 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1646.431813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1646.432926] Call Trace:
[ 1646.433287]  dump_stack+0x107/0x167
[ 1646.433778]  should_fail.cold+0x5/0xa
[ 1646.434295]  copy_page_from_iter+0x40a/0x900
[ 1646.434895]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1646.443554]  ? blk_rq_unmap_user+0x750/0x750
[ 1646.444148]  ? find_held_lock+0x2c/0x110
[ 1646.444695]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1646.445408]  ? lock_downgrade+0x6d0/0x6d0
[ 1646.445948]  ? import_single_range+0x24d/0x2e0
[ 1646.446551]  blk_rq_map_user+0x103/0x170
[ 1646.447102]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1646.447742]  ? alloc_pages_current+0x18f/0x280
[ 1646.448355]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1646.449028]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1646.449738]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1646.450388]  ? vprintk_func+0x93/0x140
[ 1646.450900]  ? record_print_text.cold+0x16/0x16
[ 1646.451529]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1646.452207]  ? trace_hardirqs_on+0x5b/0x180
[ 1646.452791]  sg_write.part.0+0x69e/0xaa0
[ 1646.453337]  ? sg_new_write.isra.0+0x770/0x770
[ 1646.453951]  ? find_held_lock+0x2c/0x110
[ 1646.454499]  ? __might_fault+0xd3/0x180
[ 1646.455036]  ? lock_downgrade+0x6d0/0x6d0
[ 1646.455595]  ? _cond_resched+0x12/0x80
[ 1646.456102]  ? inode_security+0x107/0x140
[ 1646.456642]  ? avc_policy_seqno+0x9/0x70
[ 1646.457171]  ? selinux_file_permission+0x92/0x520
[ 1646.457806]  sg_write+0x87/0x120
[ 1646.458252]  do_iter_write+0x4f0/0x700
[ 1646.458763]  ? import_iovec+0x83/0xb0
[ 1646.459279]  vfs_writev+0x1ae/0x620
[ 1646.459758]  ? vfs_iter_write+0xa0/0xa0
[ 1646.460283]  ? __fget_files+0x2cf/0x520
[ 1646.460817]  ? lock_downgrade+0x6d0/0x6d0
[ 1646.461369]  ? find_held_lock+0x2c/0x110
[ 1646.461903]  ? ksys_write+0x12d/0x260
[ 1646.462417]  ? __fget_files+0x2f8/0x520
[ 1646.462952]  ? __fget_light+0xea/0x290
[ 1646.463498]  do_writev+0x139/0x300
[ 1646.463974]  ? vfs_writev+0x620/0x620
[ 1646.464487]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1646.465186]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1646.465876]  do_syscall_64+0x33/0x40
[ 1646.466374]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1646.471130] RIP: 0033:0x7ff981a49b19
[ 1646.471633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1646.474091] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1646.475129] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1646.476085] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1646.477039] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1646.477993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
15:17:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea300cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1646.478947] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1646.483661] sg_write: data in/out 218300416/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.483661]    program syz-executor.5 not setting count and/or reply_len properly
15:17:37 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030e21206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1646.530222] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.530222]    program syz-executor.1 not setting count and/or reply_len properly
15:17:37 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 58)

[ 1646.656503] sg_write: data in/out 235077632/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.656503]    program syz-executor.5 not setting count and/or reply_len properly
[ 1646.659209] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.659209]    program syz-executor.0 not setting count and/or reply_len properly
[ 1646.673811] sg_write: data in/out 235077632/88 bytes for SCSI command 0xbd-- guessing data in;
15:17:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea2010db1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1646.673811]    program syz-executor.5 not setting count and/or reply_len properly
[ 1646.687745] FAULT_INJECTION: forcing a failure.
[ 1646.687745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1646.689229] CPU: 1 PID: 8207 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1646.690088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1646.691143] Call Trace:
[ 1646.691482]  dump_stack+0x107/0x167
[ 1646.691942]  should_fail.cold+0x5/0xa
[ 1646.692425]  copy_page_from_iter+0x40a/0x900
[ 1646.692987]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1646.693575]  ? blk_rq_unmap_user+0x750/0x750
[ 1646.694140]  ? find_held_lock+0x2c/0x110
[ 1646.694657]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1646.695338]  ? lock_downgrade+0x6d0/0x6d0
[ 1646.695855]  ? import_single_range+0x24d/0x2e0
[ 1646.696430]  blk_rq_map_user+0x103/0x170
[ 1646.696938]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1646.697535]  ? alloc_pages_current+0x18f/0x280
[ 1646.698108]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1646.698741]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1646.699415]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1646.700039]  ? vprintk_func+0x93/0x140
[ 1646.700530]  ? record_print_text.cold+0x16/0x16
[ 1646.701114]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1646.701746]  ? trace_hardirqs_on+0x5b/0x180
[ 1646.702295]  sg_write.part.0+0x69e/0xaa0
[ 1646.702806]  ? sg_new_write.isra.0+0x770/0x770
[ 1646.703397]  ? find_held_lock+0x2c/0x110
[ 1646.703907]  ? __might_fault+0xd3/0x180
[ 1646.704403]  ? lock_downgrade+0x6d0/0x6d0
[ 1646.704931]  ? _cond_resched+0x12/0x80
[ 1646.705419]  ? inode_security+0x107/0x140
[ 1646.705937]  ? avc_policy_seqno+0x9/0x70
[ 1646.706440]  ? selinux_file_permission+0x92/0x520
[ 1646.707059]  sg_write+0x87/0x120
[ 1646.707491]  do_iter_write+0x4f0/0x700
[ 1646.707981]  ? import_iovec+0x83/0xb0
[ 1646.708462]  vfs_writev+0x1ae/0x620
[ 1646.708919]  ? vfs_iter_write+0xa0/0xa0
[ 1646.709417]  ? __fget_files+0x2cf/0x520
[ 1646.709915]  ? lock_downgrade+0x6d0/0x6d0
[ 1646.710430]  ? find_held_lock+0x2c/0x110
[ 1646.710943]  ? ksys_write+0x12d/0x260
[ 1646.719451]  ? __fget_files+0x2f8/0x520
[ 1646.719953]  ? __fget_light+0xea/0x290
[ 1646.720439]  do_writev+0x139/0x300
[ 1646.720881]  ? vfs_writev+0x620/0x620
[ 1646.721360]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1646.722013]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1646.722657]  do_syscall_64+0x33/0x40
[ 1646.723135]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1646.723784] RIP: 0033:0x7ff981a49b19
[ 1646.724250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1646.726545] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1646.727507] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1646.728393] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1646.729278] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1646.730161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1646.731058] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1646.795104] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1646.795104]    program syz-executor.1 not setting count and/or reply_len properly
15:17:53 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:17:53 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:17:53 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:17:53 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 59)

15:17:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea2030db1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:17:53 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400033021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1663.105606] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
15:17:53 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:17:53 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])

[ 1663.105606]    program syz-executor.1 not setting count and/or reply_len properly
[ 1663.123403] sg_write: data in/out 805502976/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1663.123403]    program syz-executor.5 not setting count and/or reply_len properly
[ 1663.132464] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1663.132464]    program syz-executor.0 not setting count and/or reply_len properly
15:17:53 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1663.165143] sg_write: data in/out 805502976/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1663.165143]    program syz-executor.5 not setting count and/or reply_len properly
[ 1663.166148] FAULT_INJECTION: forcing a failure.
[ 1663.166148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1663.168836] CPU: 0 PID: 8231 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1663.169736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1663.170829] Call Trace:
[ 1663.171183]  dump_stack+0x107/0x167
[ 1663.171679]  should_fail.cold+0x5/0xa
[ 1663.172188]  copy_page_from_iter+0x40a/0x900
[ 1663.172773]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1663.173387]  ? blk_rq_unmap_user+0x750/0x750
[ 1663.173977]  ? find_held_lock+0x2c/0x110
[ 1663.174535]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1663.175255]  ? lock_downgrade+0x6d0/0x6d0
[ 1663.175836]  ? import_single_range+0x24d/0x2e0
[ 1663.176455]  blk_rq_map_user+0x103/0x170
[ 1663.177004]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1663.177646]  ? alloc_pages_current+0x18f/0x280
[ 1663.178266]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1663.178938]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1663.179644]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1663.180308]  ? vprintk_func+0x93/0x140
[ 1663.180822]  ? record_print_text.cold+0x16/0x16
[ 1663.181433]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1663.182095]  ? trace_hardirqs_on+0x5b/0x180
[ 1663.182667]  sg_write.part.0+0x69e/0xaa0
[ 1663.183205]  ? sg_new_write.isra.0+0x770/0x770
[ 1663.183840]  ? find_held_lock+0x2c/0x110
[ 1663.184376]  ? __might_fault+0xd3/0x180
[ 1663.184894]  ? lock_downgrade+0x6d0/0x6d0
[ 1663.185445]  ? _cond_resched+0x12/0x80
[ 1663.185955]  ? inode_security+0x107/0x140
[ 1663.186497]  ? avc_policy_seqno+0x9/0x70
[ 1663.187024]  ? selinux_file_permission+0x92/0x520
[ 1663.187675]  sg_write+0x87/0x120
[ 1663.188124]  do_iter_write+0x4f0/0x700
[ 1663.188635]  ? import_iovec+0x83/0xb0
[ 1663.189135]  vfs_writev+0x1ae/0x620
[ 1663.189612]  ? vfs_iter_write+0xa0/0xa0
[ 1663.190132]  ? __fget_files+0x2cf/0x520
[ 1663.190651]  ? lock_downgrade+0x6d0/0x6d0
[ 1663.191189]  ? find_held_lock+0x2c/0x110
[ 1663.191747]  ? ksys_write+0x12d/0x260
[ 1663.192252]  ? __fget_files+0x2f8/0x520
[ 1663.192778]  ? __fget_light+0xea/0x290
[ 1663.193288]  do_writev+0x139/0x300
[ 1663.193752]  ? vfs_writev+0x620/0x620
[ 1663.194250]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1663.194934]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1663.195621]  do_syscall_64+0x33/0x40
[ 1663.196109]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1663.196786] RIP: 0033:0x7ff981a49b19
[ 1663.197275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1663.199716] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1663.200709] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1663.201634] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1663.202568] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1663.203495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1663.204442] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1663.345246] cgroup: fork rejected by pids controller in /syz6
15:18:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea20fcdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:18:08 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680))
syz_io_uring_submit(r1, r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:18:08 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])

15:18:08 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:18:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400034821206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:18:08 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 60)

15:18:08 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:18:08 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1677.686518] sg_write: data in/out 1208156160/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.686518]    program syz-executor.5 not setting count and/or reply_len properly
[ 1677.694690] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.694690]    program syz-executor.0 not setting count and/or reply_len properly
[ 1677.696735] sg_write: data in/out 1208156160/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.696735]    program syz-executor.5 not setting count and/or reply_len properly
[ 1677.709449] FAULT_INJECTION: forcing a failure.
[ 1677.709449] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1677.711054] CPU: 0 PID: 8261 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1677.711985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1677.713128] Call Trace:
[ 1677.713494]  dump_stack+0x107/0x167
[ 1677.713989]  should_fail.cold+0x5/0xa
[ 1677.714510]  copy_page_from_iter+0x40a/0x900
[ 1677.715114]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1677.715738]  ? blk_rq_unmap_user+0x750/0x750
[ 1677.716344]  ? find_held_lock+0x2c/0x110
[ 1677.716891]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1677.717610]  ? lock_downgrade+0x6d0/0x6d0
[ 1677.718166]  ? import_single_range+0x24d/0x2e0
[ 1677.718785]  blk_rq_map_user+0x103/0x170
[ 1677.719334]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1677.719976]  ? alloc_pages_current+0x18f/0x280
[ 1677.720619]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1677.721301]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1677.722014]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1677.722687]  ? vprintk_func+0x93/0x140
[ 1677.723216]  ? record_print_text.cold+0x16/0x16
[ 1677.723846]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1677.724560]  ? trace_hardirqs_on+0x5b/0x180
[ 1677.725155]  sg_write.part.0+0x69e/0xaa0
[ 1677.725711]  ? sg_new_write.isra.0+0x770/0x770
[ 1677.726334]  ? find_held_lock+0x2c/0x110
[ 1677.726891]  ? __might_fault+0xd3/0x180
[ 1677.727430]  ? lock_downgrade+0x6d0/0x6d0
[ 1677.728005]  ? _cond_resched+0x12/0x80
[ 1677.728568]  ? inode_security+0x107/0x140
[ 1677.729128]  ? avc_policy_seqno+0x9/0x70
[ 1677.729674]  ? selinux_file_permission+0x92/0x520
[ 1677.730331]  sg_write+0x87/0x120
[ 1677.730792]  do_iter_write+0x4f0/0x700
[ 1677.731320]  ? import_iovec+0x83/0xb0
[ 1677.731838]  vfs_writev+0x1ae/0x620
[ 1677.732349]  ? vfs_iter_write+0xa0/0xa0
[ 1677.732886]  ? __fget_files+0x2cf/0x520
[ 1677.733421]  ? lock_downgrade+0x6d0/0x6d0
[ 1677.733979]  ? find_held_lock+0x2c/0x110
[ 1677.734531]  ? ksys_write+0x12d/0x260
[ 1677.735048]  ? __fget_files+0x2f8/0x520
[ 1677.735588]  ? __fget_light+0xea/0x290
[ 1677.736125]  do_writev+0x139/0x300
[ 1677.736608]  ? vfs_writev+0x620/0x620
[ 1677.737125]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1677.737831]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1677.738527]  do_syscall_64+0x33/0x40
[ 1677.739029]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1677.739726] RIP: 0033:0x7ff981a49b19
[ 1677.740248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1677.742742] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1677.743771] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1677.744759] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1677.745722] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1677.746683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1677.747645] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1677.754443] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.754443]    program syz-executor.1 not setting count and/or reply_len properly
15:18:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb30e8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1677.822753] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.822753]    program syz-executor.1 not setting count and/or reply_len properly
[ 1677.853995] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.853995]    program syz-executor.1 not setting count and/or reply_len properly
15:18:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352460333376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1677.884865] sg_write: data in/out 1275265024/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.884865]    program syz-executor.5 not setting count and/or reply_len properly
15:18:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400034c21206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:18:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352460733376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:18:08 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:18:08 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 61)

[ 1677.970164] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.970164]    program syz-executor.1 not setting count and/or reply_len properly
[ 1677.995145] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1677.995145]    program syz-executor.0 not setting count and/or reply_len properly
[ 1678.007089] sg_write: data in/out 1275265024/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1678.007089]    program syz-executor.5 not setting count and/or reply_len properly
15:18:08 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1678.053833] FAULT_INJECTION: forcing a failure.
[ 1678.053833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1678.057024] CPU: 1 PID: 8279 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1678.058691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1678.060870] Call Trace:
[ 1678.061486]  dump_stack+0x107/0x167
[ 1678.062348]  should_fail.cold+0x5/0xa
[ 1678.063257]  copy_page_from_iter+0x40a/0x900
[ 1678.064351]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1678.065469]  ? blk_rq_unmap_user+0x750/0x750
[ 1678.066547]  ? find_held_lock+0x2c/0x110
[ 1678.067572]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1678.069053]  ? lock_downgrade+0x6d0/0x6d0
[ 1678.070023]  ? import_single_range+0x24d/0x2e0
[ 1678.071097]  blk_rq_map_user+0x103/0x170
[ 1678.072049]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1678.072687]  ? alloc_pages_current+0x18f/0x280
[ 1678.073259]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1678.073876]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1678.074542]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1678.075182]  ? vprintk_func+0x93/0x140
[ 1678.075685]  ? record_print_text.cold+0x16/0x16
[ 1678.076478]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1678.077672]  ? trace_hardirqs_on+0x5b/0x180
[ 1678.078713]  sg_write.part.0+0x69e/0xaa0
[ 1678.079682]  ? sg_new_write.isra.0+0x770/0x770
[ 1678.080944]  ? find_held_lock+0x2c/0x110
[ 1678.081972]  ? __might_fault+0xd3/0x180
[ 1678.082930]  ? lock_downgrade+0x6d0/0x6d0
[ 1678.083939]  ? _cond_resched+0x12/0x80
[ 1678.085047]  ? inode_security+0x107/0x140
[ 1678.086021]  ? avc_policy_seqno+0x9/0x70
[ 1678.086979]  ? selinux_file_permission+0x92/0x520
[ 1678.088143]  sg_write+0x87/0x120
[ 1678.088570]  do_iter_write+0x4f0/0x700
[ 1678.089068]  ? import_iovec+0x83/0xb0
[ 1678.089550]  vfs_writev+0x1ae/0x620
[ 1678.090010]  ? vfs_iter_write+0xa0/0xa0
[ 1678.090502]  ? __fget_files+0x2cf/0x520
[ 1678.090994]  ? lock_downgrade+0x6d0/0x6d0
[ 1678.091498]  ? find_held_lock+0x2c/0x110
15:18:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400036821206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1678.091997]  ? ksys_write+0x12d/0x260
[ 1678.096558]  ? __fget_files+0x2f8/0x520
[ 1678.097129]  ? __fget_light+0xea/0x290
[ 1678.097691]  do_writev+0x139/0x300
[ 1678.098201]  ? vfs_writev+0x620/0x620
[ 1678.098746]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1678.099501]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1678.100242]  do_syscall_64+0x33/0x40
[ 1678.100783]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1678.101514] RIP: 0033:0x7ff981a49b19
[ 1678.102048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1678.104714] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1678.105644] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1678.106514] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1678.107389] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1678.108281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1678.109153] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1694.370220] sg_write: 2 callbacks suppressed
[ 1694.370236] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.370236]    program syz-executor.1 not setting count and/or reply_len properly
[ 1694.382170] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
15:18:24 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352460933376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:18:24 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:18:24 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])

15:18:24 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680))
syz_io_uring_submit(r1, r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:18:24 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400036c21206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:18:24 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 62)

15:18:24 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:18:24 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1694.382170]    program syz-executor.0 not setting count and/or reply_len properly
[ 1694.389197] sg_write: data in/out 1812135936/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.389197]    program syz-executor.5 not setting count and/or reply_len properly
[ 1694.409367] FAULT_INJECTION: forcing a failure.
[ 1694.409367] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1694.410930] CPU: 1 PID: 8307 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1694.411819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1694.412915] Call Trace:
[ 1694.413267]  dump_stack+0x107/0x167
[ 1694.413746]  should_fail.cold+0x5/0xa
[ 1694.414243]  copy_page_from_iter+0x40a/0x900
[ 1694.414821]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1694.415435]  ? blk_rq_unmap_user+0x750/0x750
[ 1694.416017]  ? find_held_lock+0x2c/0x110
[ 1694.416552]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1694.417264]  ? lock_downgrade+0x6d0/0x6d0
[ 1694.417800]  ? import_single_range+0x24d/0x2e0
[ 1694.418399]  blk_rq_map_user+0x103/0x170
[ 1694.418933]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1694.419554]  ? alloc_pages_current+0x18f/0x280
[ 1694.420154]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1694.420835]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1694.421525]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1694.422175]  ? vprintk_func+0x93/0x140
[ 1694.422689]  ? record_print_text.cold+0x16/0x16
[ 1694.423297]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1694.423956]  ? trace_hardirqs_on+0x5b/0x180
[ 1694.424530]  sg_write.part.0+0x69e/0xaa0
[ 1694.425085]  ? sg_new_write.isra.0+0x770/0x770
[ 1694.425685]  ? find_held_lock+0x2c/0x110
[ 1694.426221]  ? __might_fault+0xd3/0x180
[ 1694.426739]  ? lock_downgrade+0x6d0/0x6d0
[ 1694.427285]  ? _cond_resched+0x12/0x80
[ 1694.427768]  ? inode_security+0x107/0x140
[ 1694.428309]  ? avc_policy_seqno+0x9/0x70
[ 1694.428357] sg_write: data in/out 1812135936/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.428357]    program syz-executor.5 not setting count and/or reply_len properly
[ 1694.428835]  ? selinux_file_permission+0x92/0x520
[ 1694.428861]  sg_write+0x87/0x120
[ 1694.432000]  do_iter_write+0x4f0/0x700
[ 1694.432510]  ? import_iovec+0x83/0xb0
[ 1694.433029]  vfs_writev+0x1ae/0x620
[ 1694.433501]  ? vfs_iter_write+0xa0/0xa0
[ 1694.434016]  ? __fget_files+0x2cf/0x520
[ 1694.434534]  ? lock_downgrade+0x6d0/0x6d0
[ 1694.435073]  ? find_held_lock+0x2c/0x110
[ 1694.435606]  ? ksys_write+0x12d/0x260
[ 1694.436107]  ? __fget_files+0x2f8/0x520
[ 1694.436639]  ? __fget_light+0xea/0x290
[ 1694.437162]  do_writev+0x139/0x300
[ 1694.437628]  ? vfs_writev+0x620/0x620
[ 1694.438129]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1694.438811]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1694.439485]  do_syscall_64+0x33/0x40
[ 1694.439972]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1694.440615] RIP: 0033:0x7ff981a49b19
[ 1694.441128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1694.443496] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1694.444474] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1694.445419] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1694.446342] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1694.447269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
15:18:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352460c33376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1694.448187] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1694.499379] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.499379]    program syz-executor.1 not setting count and/or reply_len properly
15:18:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400037421206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:18:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352463033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1694.587208] sg_write: data in/out 1946353664/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.587208]    program syz-executor.5 not setting count and/or reply_len properly
[ 1694.595212] sg_write: data in/out 1946353664/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.595212]    program syz-executor.5 not setting count and/or reply_len properly
15:18:25 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 63)

15:18:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400037a21206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

[ 1694.678215] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.678215]    program syz-executor.0 not setting count and/or reply_len properly
[ 1694.685893] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.685893]    program syz-executor.1 not setting count and/or reply_len properly
[ 1694.695072] sg_write: data in/out 2047016960/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1694.695072]    program syz-executor.5 not setting count and/or reply_len properly
[ 1694.697961] FAULT_INJECTION: forcing a failure.
[ 1694.697961] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1694.699641] CPU: 0 PID: 8323 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1694.700597] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1694.701773] Call Trace:
[ 1694.702147]  dump_stack+0x107/0x167
[ 1694.702658]  should_fail.cold+0x5/0xa
[ 1694.703199]  copy_page_from_iter+0x40a/0x900
[ 1694.703836]  blk_rq_map_user_iov+0x138b/0x1a60
[ 1694.704489]  ? blk_rq_unmap_user+0x750/0x750
[ 1694.705131]  ? find_held_lock+0x2c/0x110
[ 1694.705700]  ? sg_common_write.constprop.0+0x9b6/0x1a30
[ 1694.706445]  ? lock_downgrade+0x6d0/0x6d0
[ 1694.707024]  ? import_single_range+0x24d/0x2e0
[ 1694.707666]  blk_rq_map_user+0x103/0x170
[ 1694.708238]  ? blk_rq_map_user_iov+0x1a60/0x1a60
[ 1694.708930]  ? alloc_pages_current+0x18f/0x280
[ 1694.709572]  ? sg_build_indirect.isra.0+0x448/0x710
[ 1694.710276]  sg_common_write.constprop.0+0x10ed/0x1a30
[ 1694.711019]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1694.711719]  ? vprintk_func+0x93/0x140
[ 1694.712275]  ? record_print_text.cold+0x16/0x16
[ 1694.712950]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1694.713662]  ? trace_hardirqs_on+0x5b/0x180
[ 1694.714278]  sg_write.part.0+0x69e/0xaa0
[ 1694.714853]  ? sg_new_write.isra.0+0x770/0x770
[ 1694.715497]  ? find_held_lock+0x2c/0x110
[ 1694.716073]  ? __might_fault+0xd3/0x180
[ 1694.716651]  ? lock_downgrade+0x6d0/0x6d0
[ 1694.717257]  ? _cond_resched+0x12/0x80
[ 1694.717805]  ? inode_security+0x107/0x140
[ 1694.718388]  ? avc_policy_seqno+0x9/0x70
[ 1694.718955]  ? selinux_file_permission+0x92/0x520
[ 1694.719645]  sg_write+0x87/0x120
[ 1694.720130]  do_iter_write+0x4f0/0x700
[ 1694.720701]  ? import_iovec+0x83/0xb0
[ 1694.721245]  vfs_writev+0x1ae/0x620
[ 1694.721759]  ? vfs_iter_write+0xa0/0xa0
[ 1694.722316]  ? __fget_files+0x2cf/0x520
[ 1694.722878]  ? lock_downgrade+0x6d0/0x6d0
[ 1694.723458]  ? find_held_lock+0x2c/0x110
[ 1694.724032]  ? ksys_write+0x12d/0x260
[ 1694.724569]  ? __fget_files+0x2f8/0x520
[ 1694.725155]  ? __fget_light+0xea/0x290
[ 1694.725705]  do_writev+0x139/0x300
[ 1694.726206]  ? vfs_writev+0x620/0x620
[ 1694.726743]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1694.727475]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1694.728195]  do_syscall_64+0x33/0x40
[ 1694.728736]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1694.729460] RIP: 0033:0x7ff981a49b19
[ 1694.729985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1694.732534] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1694.733619] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1694.734613] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1694.735608] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1694.736602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1694.737624] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:18:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda002cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:18:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030030206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:18:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda003cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:18:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda004cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:18:40 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 64)

[ 1710.307801] sg_write: 6 callbacks suppressed
[ 1710.307813] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.307813]    program syz-executor.1 not setting count and/or reply_len properly
15:18:40 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:18:40 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030040206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:18:40 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])

15:18:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda005cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1710.320889] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.320889]    program syz-executor.0 not setting count and/or reply_len properly
15:18:40 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:18:40 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:18:40 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680))
syz_io_uring_submit(r1, r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

[ 1710.333707] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.333707]    program syz-executor.5 not setting count and/or reply_len properly
[ 1710.339117] FAULT_INJECTION: forcing a failure.
[ 1710.339117] name failslab, interval 1, probability 0, space 0, times 0
[ 1710.340699] CPU: 0 PID: 8352 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1710.341656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1710.342778] Call Trace:
[ 1710.343147]  dump_stack+0x107/0x167
[ 1710.343647]  should_fail.cold+0x5/0xa
[ 1710.344166]  ? mempool_alloc+0x148/0x360
[ 1710.344712]  ? mempool_free_pages+0x20/0x20
[ 1710.345322]  should_failslab+0x5/0x20
[ 1710.345840]  kmem_cache_alloc+0x5b/0x310
[ 1710.346396]  ? mempool_free_pages+0x20/0x20
[ 1710.346980]  mempool_alloc+0x148/0x360
[ 1710.347515]  ? mempool_resize+0x7d0/0x7d0
[ 1710.348092]  ? mark_lock+0xf5/0x2df0
[ 1710.348609]  __sg_alloc_table+0x24e/0x390
[ 1710.353200]  sg_alloc_table_chained+0x9b/0x1f0
[ 1710.353853]  ? sg_alloc_table_chained+0x1f0/0x1f0
[ 1710.354516]  scsi_alloc_sgtables+0x236/0xaf0
[ 1710.355131]  ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0
[ 1710.355815]  ? scsi_init_command+0x4ee/0x750
[ 1710.356420]  scsi_queue_rq+0x1dc9/0x27f0
[ 1710.356986]  blk_mq_dispatch_rq_list+0x372/0x1c40
[ 1710.357667]  ? target_unblock+0x21/0x60
[ 1710.358227]  ? __blk_mq_sched_dispatch_requests+0x236/0x450
[ 1710.359010]  ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0
[ 1710.359688]  ? do_raw_spin_lock+0x121/0x260
[ 1710.360284]  ? rwlock_bug.part.0+0x90/0x90
[ 1710.360874]  ? hctx_lock+0x7f/0x200
[ 1710.361416]  __blk_mq_sched_dispatch_requests+0x263/0x450
[ 1710.362179]  ? blk_mq_do_dispatch_sched+0xa00/0xa00
[ 1710.362883]  blk_mq_sched_dispatch_requests+0xfd/0x1e0
[ 1710.363611]  __blk_mq_run_hw_queue+0x12c/0x290
[ 1710.364246]  ? blk_mq_start_request+0x3f0/0x3f0
[ 1710.364904]  __blk_mq_delay_run_hw_queue+0x53f/0x5a0
[ 1710.365633]  blk_mq_run_hw_queue+0x170/0x2f0
[ 1710.366255]  ? blk_mq_delay_run_hw_queues+0x1f0/0x1f0
[ 1710.366968]  ? do_raw_spin_unlock+0x4f/0x220
[ 1710.367579]  ? _raw_spin_unlock+0x1a/0x30
[ 1710.368147]  blk_mq_sched_insert_request+0x384/0x440
[ 1710.368838]  ? __blk_mq_sched_bio_merge+0x3d0/0x3d0
[ 1710.373557]  ? sg_remove_sfp_usercontext+0x420/0x420
[ 1710.374257]  ? blk_account_io_start+0x11b/0x170
[ 1710.374897]  sg_common_write.constprop.0+0xee9/0x1a30
[ 1710.375607]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1710.376299]  ? vprintk_func+0x93/0x140
[ 1710.376848]  ? record_print_text.cold+0x16/0x16
[ 1710.377518]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1710.378200]  ? trace_hardirqs_on+0x5b/0x180
[ 1710.378798]  sg_write.part.0+0x69e/0xaa0
[ 1710.379348]  ? sg_new_write.isra.0+0x770/0x770
[ 1710.379969]  ? find_held_lock+0x2c/0x110
[ 1710.380522]  ? __might_fault+0xd3/0x180
[ 1710.381059]  ? lock_downgrade+0x6d0/0x6d0
[ 1710.381653]  ? _cond_resched+0x12/0x80
[ 1710.382181]  ? inode_security+0x107/0x140
[ 1710.382742]  ? avc_policy_seqno+0x9/0x70
[ 1710.383299]  ? selinux_file_permission+0x92/0x520
[ 1710.383959]  sg_write+0x87/0x120
[ 1710.384425]  do_iter_write+0x4f0/0x700
15:18:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda006cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1710.384960]  ? import_iovec+0x83/0xb0
[ 1710.393528]  vfs_writev+0x1ae/0x620
[ 1710.394036]  ? vfs_iter_write+0xa0/0xa0
[ 1710.394585]  ? __fget_files+0x2cf/0x520
[ 1710.395135]  ? lock_downgrade+0x6d0/0x6d0
[ 1710.395703]  ? find_held_lock+0x2c/0x110
[ 1710.396274]  ? ksys_write+0x12d/0x260
[ 1710.396813]  ? __fget_files+0x2f8/0x520
[ 1710.397391]  ? __fget_light+0xea/0x290
[ 1710.397928]  do_writev+0x139/0x300
[ 1710.398423]  ? vfs_writev+0x620/0x620
[ 1710.398954]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1710.399677]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1710.400375]  do_syscall_64+0x33/0x40
[ 1710.400876]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1710.401582] RIP: 0033:0x7ff981a49b19
[ 1710.402088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1710.404552] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1710.405619] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1710.406600] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1710.407580] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1710.408557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1710.409526] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1710.424212] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.424212]    program syz-executor.5 not setting count and/or reply_len properly
[ 1710.446328] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.446328]    program syz-executor.1 not setting count and/or reply_len properly
15:18:41 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe024000300b4206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:18:41 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda007cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1710.551146] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.551146]    program syz-executor.1 not setting count and/or reply_len properly
[ 1710.554802] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.554802]    program syz-executor.5 not setting count and/or reply_len properly
[ 1710.563224] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.563224]    program syz-executor.5 not setting count and/or reply_len properly
15:18:41 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda008cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1710.642785] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1710.642785]    program syz-executor.1 not setting count and/or reply_len properly
15:19:00 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030030206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:19:00 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, 0x0, 0xc0b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x10}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000014c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189373, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000cde12c2adf553b84bcb6a6f0bd3640b91e6db5e70c919d6a0d5d128bb5814f1b893fa283882ec4373f899d4b8301dbdb56813736d2d5130c9c08a399465a74362a573b91f74ac75e799b553b878048279b9527e940afd45d54f590cc16ddc25eeeca055e7ae3ff322d2ce7274178a754cb7fc7e1c5ff0b3ab3a2", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="01020000075ecb73a48b8af0d82a1ac0000046912176a70f038da2103d326a98a9b1a2c985d42fd4c3c709a9fa29003f5d17673e8c94dc150f7faf05ab5d892c9e67d4a24bae3e649ae21e21c1a138fe5e2f4d328b43b55343ecd710a98871bc6b62608e9b8423b6e933b335708637ddb44d20fe7c", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000, 0xffffffffffffffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r3, r3)
syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

15:19:00 executing program 4:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:19:00 executing program 3:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pipe(&(0x7f00000001c0))

15:19:00 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 65)

[ 1729.721835] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1729.721835]    program syz-executor.5 not setting count and/or reply_len properly
[ 1729.723277] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1729.723277]    program syz-executor.1 not setting count and/or reply_len properly
[ 1729.728799] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1729.728799]    program syz-executor.0 not setting count and/or reply_len properly
15:19:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda009cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:19:00 executing program 7:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x100c5, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72863d3078303030303030303030303030346532302c756e616d653d7b2c76657273696f6e3d3970323030302c6f626a5f747970653d7b7b5e242c7569643e906bbd76efd5da0d988de98657ec4f3f2219a9d02d9ccec17f83c0bb7ab377c0e466263137fbe9dbc266c6cc1a690e74dc4e4b1b4f05e84a79c526012271fc3632178e3f83406254f48ae5dbc4dab7432f4f0638b5fcfb3d6aa8", @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r6, @ANYBLOB=',hash,permit_directio,appraise,appraise,obj_type=@&[&,\x00'])
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r6, @ANYBLOB=',version=9p2000.L,\x00'])
syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')

15:19:00 executing program 2:
iopl(0x80)
mkdirat(0xffffffffffffffff, 0x0, 0x2)
lseek(0xffffffffffffffff, 0xfa2b, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)="fe", 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x100, 0x200, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10822, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d667363616368652c61636365730000616e792c64666c747569643d2f80c92c1c4423ba12bc48ad46aa929a49182a336989f34f6055d9bdca13581443867d85137708b7c74ba9247f8476041f9b92a184952ff81c4997feef34c4a2d2abaf75c897a7824eb3d05639d6959d06b3644d7ba5dbd8b3634bf57f232c2b27222e357e4a330b6973eac34dedb7b99334e05fa46395fef8f923775127f2e3fe807664219aef6cbf31b411222aad9b90c70700d0ac3ec912354dd5aa95854b695a213557c54695b4fd7cd14b056782bfa73c9ef9502f0d1a72e673f4e9b4a495949d788ea904abb55c66f410ddd48da4dd406dd2dd8a3e701d1bd1fe0d4c1d183cdfd0cf31b5", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000.L,\x00'])

[ 1729.751488] FAULT_INJECTION: forcing a failure.
[ 1729.751488] name failslab, interval 1, probability 0, space 0, times 0
[ 1729.753003] CPU: 0 PID: 8391 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1729.753913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1729.755061] Call Trace:
[ 1729.755413]  dump_stack+0x107/0x167
[ 1729.755893]  should_fail.cold+0x5/0xa
[ 1729.756418]  ? __lock_acquire+0x1657/0x5b00
[ 1729.756985]  ? create_object.isra.0+0x3a/0xa20
[ 1729.757586]  should_failslab+0x5/0x20
[ 1729.758106]  kmem_cache_alloc+0x5b/0x310
[ 1729.758647]  create_object.isra.0+0x3a/0xa20
[ 1729.759220]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1729.759887]  kmem_cache_alloc+0x159/0x310
[ 1729.760435]  ? mempool_free_pages+0x20/0x20
[ 1729.761000]  mempool_alloc+0x148/0x360
[ 1729.761519]  ? mempool_resize+0x7d0/0x7d0
[ 1729.762101]  ? mark_lock+0xf5/0x2df0
[ 1729.762660]  __sg_alloc_table+0x24e/0x390
[ 1729.763279]  sg_alloc_table_chained+0x9b/0x1f0
[ 1729.763957]  ? sg_alloc_table_chained+0x1f0/0x1f0
[ 1729.764668]  scsi_alloc_sgtables+0x236/0xaf0
[ 1729.765266]  ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0
[ 1729.765946]  ? scsi_init_command+0x4ee/0x750
[ 1729.766530]  scsi_queue_rq+0x1dc9/0x27f0
[ 1729.767080]  blk_mq_dispatch_rq_list+0x372/0x1c40
[ 1729.767716]  ? target_unblock+0x21/0x60
[ 1729.768242]  ? __blk_mq_sched_dispatch_requests+0x236/0x450
[ 1729.768984]  ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0
[ 1729.769623]  ? do_raw_spin_lock+0x121/0x260
[ 1729.774231]  ? rwlock_bug.part.0+0x90/0x90
[ 1729.774787]  ? hctx_lock+0x7f/0x200
[ 1729.775269]  __blk_mq_sched_dispatch_requests+0x263/0x450
[ 1729.775990]  ? blk_mq_do_dispatch_sched+0xa00/0xa00
[ 1729.776650]  blk_mq_sched_dispatch_requests+0xfd/0x1e0
[ 1729.777345]  __blk_mq_run_hw_queue+0x12c/0x290
[ 1729.777953]  ? blk_mq_start_request+0x3f0/0x3f0
[ 1729.778568]  __blk_mq_delay_run_hw_queue+0x53f/0x5a0
[ 1729.779233]  blk_mq_run_hw_queue+0x170/0x2f0
[ 1729.779808]  ? blk_mq_delay_run_hw_queues+0x1f0/0x1f0
[ 1729.780482]  ? do_raw_spin_unlock+0x4f/0x220
[ 1729.781058]  ? _raw_spin_unlock+0x1a/0x30
[ 1729.781601]  blk_mq_sched_insert_request+0x384/0x440
[ 1729.782288]  ? __blk_mq_sched_bio_merge+0x3d0/0x3d0
[ 1729.782940]  ? sg_remove_sfp_usercontext+0x420/0x420
[ 1729.783599]  ? blk_account_io_start+0x11b/0x170
[ 1729.784209]  sg_common_write.constprop.0+0xee9/0x1a30
[ 1729.784886]  ? sg_build_indirect.isra.0+0x710/0x710
[ 1729.785536]  ? vprintk_func+0x93/0x140
[ 1729.790085]  ? record_print_text.cold+0x16/0x16
[ 1729.790692]  ? _raw_spin_unlock_irqrestore+0x38/0x40
[ 1729.791352]  ? trace_hardirqs_on+0x5b/0x180
[ 1729.791922]  sg_write.part.0+0x69e/0xaa0
[ 1729.792454]  ? sg_new_write.isra.0+0x770/0x770
[ 1729.793054]  ? find_held_lock+0x2c/0x110
[ 1729.793588]  ? __might_fault+0xd3/0x180
[ 1729.794149]  ? lock_downgrade+0x6d0/0x6d0
[ 1729.794703]  ? _cond_resched+0x12/0x80
[ 1729.795212]  ? inode_security+0x107/0x140
[ 1729.795752]  ? avc_policy_seqno+0x9/0x70
[ 1729.796283]  ? selinux_file_permission+0x92/0x520
[ 1729.796918]  sg_write+0x87/0x120
[ 1729.797365]  do_iter_write+0x4f0/0x700
[ 1729.797894]  ? import_iovec+0x83/0xb0
[ 1729.798400]  vfs_writev+0x1ae/0x620
[ 1729.798877]  ? vfs_iter_write+0xa0/0xa0
[ 1729.799401]  ? __fget_files+0x2cf/0x520
[ 1729.799923]  ? lock_downgrade+0x6d0/0x6d0
[ 1729.800463]  ? find_held_lock+0x2c/0x110
[ 1729.800998]  ? ksys_write+0x12d/0x260
[ 1729.801498]  ? __fget_files+0x2f8/0x520
[ 1729.802040]  ? __fget_light+0xea/0x290
[ 1729.802555]  do_writev+0x139/0x300
[ 1729.803022]  ? vfs_writev+0x620/0x620
[ 1729.803521]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1729.804206]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1729.804880]  do_syscall_64+0x33/0x40
[ 1729.805365]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1729.806051] RIP: 0033:0x7ff981a49b19
[ 1729.806539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1729.808942] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1729.809950] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1729.810881] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1729.811811] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1729.812741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1729.813677] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
[ 1729.852537] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1729.852537]    program syz-executor.1 not setting count and/or reply_len properly
[ 1729.877164] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1729.877164]    program syz-executor.5 not setting count and/or reply_len properly
15:19:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda00acda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:19:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda00bcda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1729.910450] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1729.910450]    program syz-executor.1 not setting count and/or reply_len properly
15:19:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda00ccda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1729.943036] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1729.943036]    program syz-executor.1 not setting count and/or reply_len properly
15:19:00 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe024000300b4206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:19:00 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2) (fail_nth: 66)

[ 1730.000948] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1730.000948]    program syz-executor.0 not setting count and/or reply_len properly
[ 1730.009705] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1730.009705]    program syz-executor.1 not setting count and/or reply_len properly
15:19:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda00dcda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1730.017188] sg_write: data in/out 196608/88 bytes for SCSI command 0xbd-- guessing data in;
[ 1730.017188]    program syz-executor.5 not setting count and/or reply_len properly
[ 1730.017594] FAULT_INJECTION: forcing a failure.
[ 1730.017594] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1730.020706] CPU: 1 PID: 8410 Comm: syz-executor.0 Not tainted 5.10.233 #1
[ 1730.021540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1730.022573] Call Trace:
[ 1730.022903]  dump_stack+0x107/0x167
[ 1730.023354]  should_fail.cold+0x5/0xa
[ 1730.023831]  _copy_from_user+0x2e/0x1b0
[ 1730.024321]  sg_write.part.0+0x1cf/0xaa0
[ 1730.024821]  ? sg_new_write.isra.0+0x770/0x770
[ 1730.025385]  ? find_held_lock+0x2c/0x110
[ 1730.025895]  ? __might_fault+0xd3/0x180
[ 1730.026389]  ? lock_downgrade+0x6d0/0x6d0
[ 1730.026906]  ? _cond_resched+0x12/0x80
[ 1730.027383]  ? inode_security+0x107/0x140
[ 1730.027888]  ? avc_policy_seqno+0x9/0x70
[ 1730.028384]  ? selinux_file_permission+0x92/0x520
[ 1730.028975]  ? iov_iter_advance+0x23b/0xec0
[ 1730.029502]  sg_write+0x87/0x120
[ 1730.029941]  do_iter_write+0x4f0/0x700
[ 1730.030417]  ? import_iovec+0x83/0xb0
[ 1730.030890]  vfs_writev+0x1ae/0x620
[ 1730.031334]  ? vfs_iter_write+0xa0/0xa0
[ 1730.031820]  ? __fget_files+0x2cf/0x520
[ 1730.032307]  ? lock_downgrade+0x6d0/0x6d0
[ 1730.032808]  ? find_held_lock+0x2c/0x110
[ 1730.033305]  ? ksys_write+0x12d/0x260
[ 1730.033846]  ? __fget_files+0x2f8/0x520
[ 1730.034345]  ? __fget_light+0xea/0x290
[ 1730.034823]  do_writev+0x139/0x300
[ 1730.035258]  ? vfs_writev+0x620/0x620
[ 1730.035725]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1730.036366]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1730.036994]  do_syscall_64+0x33/0x40
[ 1730.037449]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1730.038084] RIP: 0033:0x7ff981a49b19
[ 1730.038540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1730.040780] RSP: 002b:00007ff97efbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1730.041710] RAX: ffffffffffffffda RBX: 00007ff981b5cf60 RCX: 00007ff981a49b19
[ 1730.042594] RDX: 0000000000000002 RSI: 00000000200003c0 RDI: 0000000000000003
[ 1730.043462] RBP: 00007ff97efbf1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1730.044334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1730.045205] R13: 00007ffcf42300af R14: 00007ff97efbf300 R15: 0000000000022000
15:19:00 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021036cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda030cda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e008bdeec025f24", 0x30}], 0x2)

15:19:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda00ecda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

15:19:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000700)="0000abe02400030021206cda3b5e5672b89aeddb2a535fff0043a9d7cceb232fb81bf74ebdd05b767733f0bc43dbd51e0a7eebfb648b2749ee370b155ed7b02315edea200cdb1be8e352462033376bfda00fcda0e4c8384ee17ff7a3149c44066000000000000065c50c967d81bbc33b060c26b3cf558a5883075b82c03da6ae648bcc4af0b88ab5", 0x88}, {&(0x7f0000000680)="7fd41c0455030012000000000000000001004ced2ed2616f72657d044129471d4fd47924fd0900e09e00", 0x2a}], 0x2)

[ 1764.402987] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.6:8390]
[ 1764.404047] Modules linked in:
[ 1764.404465] irq event stamp: 6701515
[ 1764.404959] hardirqs last  enabled at (6701514): [<ffffffff84000d02>] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1764.406275] hardirqs last disabled at (6701515): [<ffffffff83e657eb>] sysvec_apic_timer_interrupt+0xb/0xa0
[ 1764.407546] softirqs last  enabled at (6682272): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[ 1764.408745] softirqs last disabled at (6682275): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[ 1764.409935] CPU: 0 PID: 8390 Comm: syz-executor.6 Not tainted 5.10.233 #1
[ 1764.410824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1764.411929] RIP: 0010:__orc_find+0x54/0xf0
[ 1764.412476] Code: bf 00 00 00 00 00 fc ff df 49 89 fe 48 89 fd eb 0c 48 8d 6b 04 49 89 de 49 39 ec 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f <48> c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03
[ 1764.414870] RSP: 0018:ffff88806ce09828 EFLAGS: 00000256
[ 1764.415825] RAX: 0000000000000000 RBX: ffffffff85724890 RCX: ffffffff816c52e5
[ 1764.416758] RDX: 0000000000000004 RSI: ffffffff85a14ec6 RDI: ffffffff85724888
[ 1764.417683] RBP: ffffffff85724894 R08: ffffffff85a14ec6 R09: ffffffff85a14ee4
[ 1764.418615] R10: 0000000000032042 R11: 1ffff1100d9c1316 R12: ffffffff85724898
[ 1764.419563] R13: ffffffff85724888 R14: ffffffff85724890 R15: dffffc0000000000
[ 1764.420915] FS:  00007ffa86253700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 1764.421971] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1764.422739] CR2: 00007ffeb5051f88 CR3: 000000004f8e4000 CR4: 0000000000350ef0
[ 1764.423685] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1764.424636] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000dd060a
[ 1764.425583] Call Trace:
[ 1764.425931]  <IRQ>
[ 1764.426219]  ? watchdog_timer_fn+0x33d/0x400
[ 1764.426810]  ? lockup_detector_update_enable+0x90/0x90
[ 1764.428740]  ? __hrtimer_run_queues+0x1ca/0xb40
[ 1764.429354]  ? enqueue_hrtimer+0x2e0/0x2e0
[ 1764.429906]  ? ktime_get_update_offsets_now+0x25c/0x360
[ 1764.430607]  ? hrtimer_interrupt+0x2fd/0x9b0
[ 1764.431199]  ? mark_held_locks+0x9e/0xe0
[ 1764.431734]  ? __sysvec_apic_timer_interrupt+0xfb/0x310
[ 1764.432422]  ? sysvec_apic_timer_interrupt+0x3e/0xa0
[ 1764.433129]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1764.433868]  ? __kmalloc_node_track_caller+0x1a5/0x3b0
[ 1764.434546]  ? __orc_find+0x54/0xf0
[ 1764.435098]  ? arch_stack_walk+0x5f/0xf0
[ 1764.435635]  ? __kmalloc_node_track_caller+0x1a5/0x3b0
[ 1764.436317]  unwind_next_frame+0x2b3/0x1a90
[ 1764.436880]  ? __kmalloc_node_track_caller+0x1a6/0x3b0
[ 1764.437561]  ? alloc_inode+0x84/0x240
[ 1764.438062]  ? deref_stack_reg+0x160/0x160
[ 1764.438617]  ? __unwind_start+0x523/0x7e0
[ 1764.439364]  ? create_prof_cpu_mask+0x20/0x20
[ 1764.439944]  arch_stack_walk+0x83/0xf0
[ 1764.440453]  ? __kmalloc_node_track_caller+0x1a6/0x3b0
[ 1764.441146]  stack_trace_save+0x8c/0xc0
[ 1764.441666]  ? stack_trace_consume_entry+0x160/0x160
[ 1764.442320]  ? lockdep_init_map_type+0x2c7/0x780
[ 1764.442943]  ? __raw_spin_lock_init+0x36/0x110
[ 1764.443558]  create_object.isra.0+0x372/0xa20
[ 1764.444142]  __kmalloc_node_track_caller+0x1a6/0x3b0
[ 1764.444808]  ? skb_copy+0x183/0x350
[ 1764.445286]  __alloc_skb+0xb1/0x5b0
[ 1764.445764]  skb_copy+0x183/0x350
[ 1764.446217]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 1764.447009]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 1764.448846]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 1764.449505]  mac80211_hwsim_tx_frame+0x152/0x1e0
[ 1764.450132]  mac80211_hwsim_beacon_tx+0x494/0x940
[ 1764.450767]  __iterate_interfaces+0x1f0/0x550
[ 1764.451372]  ? mac80211_hwsim_tx_frame+0x1e0/0x1e0
[ 1764.452020]  ? mac80211_hwsim_tx_frame+0x1e0/0x1e0
[ 1764.452689]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0
[ 1764.453497]  mac80211_hwsim_beacon+0xd1/0x1d0
[ 1764.454075]  ? mac80211_hwsim_tx_frame_no_nl.isra.0+0x13d0/0x13d0
[ 1764.454921]  __hrtimer_run_queues+0x632/0xb40
[ 1764.455614]  ? enqueue_hrtimer+0x2e0/0x2e0
[ 1764.456164]  ? ktime_get_update_offsets_now+0x25c/0x360
[ 1764.456858]  hrtimer_run_softirq+0x148/0x310
[ 1764.457431]  __do_softirq+0x1b8/0x7c9
[ 1764.457940]  asm_call_irq_on_stack+0x12/0x20
[ 1764.458510]  </IRQ>
[ 1764.458809]  do_softirq_own_stack+0x80/0xa0
[ 1764.459384]  irq_exit_rcu+0x114/0x1b0
[ 1764.459886]  sysvec_apic_timer_interrupt+0x43/0xa0
[ 1764.460527]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1764.461202] RIP: 0010:qlist_free_all+0x59/0xe0
[ 1764.461799] Code: 00 fc ff df eb 2c 48 63 87 c0 00 00 00 4c 8b 3e 48 c7 c2 e5 b2 6c 81 48 29 c6 48 89 f0 48 c1 e8 03 c6 04 28 fb e8 27 c6 ff ff <4d> 85 ff 74 44 4c 89 fe 48 89 df 48 85 db 75 cc 48 89 f0 4c 01 e8
[ 1764.464240] RSP: 0018:ffff88804fe47510 EFLAGS: 00000246
[ 1764.464938] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000c0002
[ 1764.465866] RDX: 00000000000c0003 RSI: 0000000000000000 RDI: ffffea0001222320
[ 1764.466796] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff816cb200
[ 1764.467913] R10: ffff88804888db80 R11: 0000000000000001 R12: ffff88804fe47548
[ 1764.468846] R13: 0000000080000000 R14: ffffffff80000000 R15: ffff88804401d5f0
[ 1764.469785]  ? get_bug_type+0x140/0x1d0
[ 1764.470307]  quarantine_reduce+0x184/0x210
[ 1764.470855]  __kasan_kmalloc.constprop.0+0xa2/0xd0
[ 1764.471501]  ? kmem_cache_alloc+0x309/0x310
[ 1764.472107]  kmem_cache_alloc+0x13b/0x310
[ 1764.472681]  security_inode_alloc+0x34/0x160
[ 1764.473250]  inode_init_always+0xa4e/0xd10
[ 1764.473801]  alloc_inode+0x84/0x240
[ 1764.474270]  new_inode_pseudo+0x14/0xe0
[ 1764.474829]  sock_alloc+0x3c/0x270
[ 1764.475303]  __sock_create+0xbd/0x7f0
[ 1764.475827]  ? __sock_create+0x2/0x7f0
[ 1764.476333]  inet_ctl_sock_create+0x89/0x1e0
[ 1764.476905]  ? ipip_gro_complete+0x100/0x100
[ 1764.477476]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 1764.478160]  icmpv6_sk_init+0xf6/0x2a0
[ 1764.478671]  ? icmpv6_mask_allow.part.0+0x40/0x40
[ 1764.479311]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1764.480016]  ? icmpv6_mask_allow.part.0+0x40/0x40
[ 1764.480640]  ops_init+0xbb/0x6b0
[ 1764.481089]  setup_net+0x2d8/0x810
[ 1764.481556]  ? ops_init+0x6b0/0x6b0
[ 1764.482026]  ? kasan_unpoison_shadow+0x33/0x50
[ 1764.482615]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1764.483300]  copy_net_ns+0x2c0/0x5d0
[ 1764.483792]  create_new_namespaces+0x3f6/0xb20
[ 1764.484387]  copy_namespaces+0x3fb/0x4f0
[ 1764.484916]  copy_process+0x385b/0x7800
[ 1764.485431]  ? lock_downgrade+0x6d0/0x6d0
[ 1764.486023]  ? lock_acquire+0x197/0x470
[ 1764.486576]  ? __cleanup_sighand+0xb0/0xb0
[ 1764.487148]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1764.487825]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1764.488525]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1764.489240]  ? kernel_clone+0x266/0x980
[ 1764.489762]  kernel_clone+0xe7/0x980
[ 1764.490245]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1764.490931]  ? create_io_thread+0xf0/0xf0
[ 1764.491499]  __do_sys_clone3+0x1e5/0x320
[ 1764.492027]  ? __do_sys_clone+0x110/0x110
[ 1764.492563]  ? recalibrate_cpu_khz+0x10/0x10
[ 1764.493140]  ? tick_program_event+0xa8/0x140
[ 1764.493752]  ? hrtimer_interrupt+0x771/0x9b0
[ 1764.494337]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1764.495061]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1764.495731]  ? trace_hardirqs_on+0x5b/0x180
[ 1764.496290]  do_syscall_64+0x33/0x40
[ 1764.496780]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1764.497449] RIP: 0033:0x7ffa88cddb19
[ 1764.497938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1764.500344] RSP: 002b:00007ffa86253188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1764.501332] RAX: ffffffffffffffda RBX: 00007ffa88df0f60 RCX: 00007ffa88cddb19
[ 1764.502305] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020000200
[ 1764.503280] RBP: 00007ffa88d37f6d R08: 0000000000000000 R09: 0000000000000000
[ 1764.504203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1764.505135] R13: 00007ffc8b61bd9f R14: 00007ffa86253300 R15: 0000000000022000
[ 1764.506076] Sending NMI from CPU 0 to CPUs 1:
[ 1764.507250] NMI backtrace for cpu 1
[ 1764.507255] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.10.233 #1
[ 1764.507261] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1764.507265] RIP: 0010:queued_spin_lock_slowpath+0x122/0x8c0
[ 1764.507277] Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 09 07 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 e0 8f f8 02 f3 90 <e9> 73 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e1 00 00
[ 1764.507281] RSP: 0018:ffff88806cf09a38 EFLAGS: 00000202
[ 1764.507289] RAX: 0000000000000000 RBX: ffffffff87a06080 RCX: ffffffff8127af67
[ 1764.507294] RDX: fffffbfff0f40c11 RSI: 0000000000000004 RDI: ffffffff87a06080
[ 1764.507298] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff87a06083
[ 1764.507303] R10: fffffbfff0f40c10 R11: 0000000000000001 R12: 0000000000000003
[ 1764.507308] R13: fffffbfff0f40c10 R14: 0000000000000001 R15: 1ffff1100d9e1348
[ 1764.507314] FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[ 1764.507318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1764.507323] CR2: 0000559c5270f678 CR3: 000000000d5e6000 CR4: 0000000000350ee0
[ 1764.507326] Call Trace:
[ 1764.507328]  <NMI>
[ 1764.507331]  ? nmi_cpu_backtrace.cold+0x21/0xbe
[ 1764.507335]  ? nmi_cpu_backtrace_handler+0x8/0x10
[ 1764.507338]  ? nmi_handle+0x142/0x360
[ 1764.507342]  ? trace_rcu_dyntick+0x2f/0x170
[ 1764.507345]  ? default_do_nmi+0x40/0x100
[ 1764.507348]  ? exc_nmi+0xea/0x110
[ 1764.507351]  ? end_repeat_nmi+0x16/0x67
[ 1764.507355]  ? queued_spin_lock_slowpath+0xa7/0x8c0
[ 1764.507359]  ? queued_spin_lock_slowpath+0x122/0x8c0
[ 1764.507363]  ? queued_spin_lock_slowpath+0x122/0x8c0
[ 1764.507367]  ? queued_spin_lock_slowpath+0x122/0x8c0
[ 1764.507369]  </NMI>
[ 1764.507371]  <IRQ>
[ 1764.507374]  ? osq_unlock+0x1a0/0x1a0
[ 1764.507377]  ? lock_acquire+0x197/0x470
[ 1764.507382]  ? mac80211_hwsim_tx_frame_no_nl.isra.0+0x695/0x13d0
[ 1764.507385]  ? lock_release+0x680/0x680
[ 1764.507388]  do_raw_spin_lock+0x1dc/0x260
[ 1764.507392]  ? rwlock_bug.part.0+0x90/0x90
[ 1764.507396]  ? ktime_get_with_offset+0x1a8/0x260
[ 1764.507400]  mac80211_hwsim_tx_frame_no_nl.isra.0+0x695/0x13d0
[ 1764.507405]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 1764.507409]  ? lock_downgrade+0x6d0/0x6d0
[ 1764.507413]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1764.507416]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 1764.507420]  mac80211_hwsim_tx_frame+0x152/0x1e0
[ 1764.507424]  mac80211_hwsim_beacon_tx+0x494/0x940
[ 1764.507428]  __iterate_interfaces+0x1f0/0x550
[ 1764.507432]  ? mac80211_hwsim_tx_frame+0x1e0/0x1e0
[ 1764.507435]  ? mac80211_hwsim_tx_frame+0x1e0/0x1e0
[ 1764.507440]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0
[ 1764.507444]  mac80211_hwsim_beacon+0xd1/0x1d0
[ 1764.507448]  ? mac80211_hwsim_tx_frame_no_nl.isra.0+0x13d0/0x13d0
[ 1764.507452]  __hrtimer_run_queues+0x632/0xb40
[ 1764.507455]  ? enqueue_hrtimer+0x2e0/0x2e0
[ 1764.507459]  ? ktime_get_update_offsets_now+0x25c/0x360
[ 1764.507463]  hrtimer_run_softirq+0x148/0x310
[ 1764.507466]  __do_softirq+0x1b8/0x7c9
[ 1764.507470]  asm_call_irq_on_stack+0x12/0x20
[ 1764.507472]  </IRQ>
[ 1764.507476]  do_softirq_own_stack+0x80/0xa0
[ 1764.507479]  irq_exit_rcu+0x114/0x1b0
[ 1764.507483]  sysvec_apic_timer_interrupt+0x43/0xa0
[ 1764.507487]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1764.507491] RIP: 0010:default_idle+0xe/0x20
[ 1764.507506] Code: 4e ff ff ff 4c 89 e7 e8 10 c6 84 fd eb 8f 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 07 00 00 00 0f 00 2d d4 55 5a 00 fb f4 <e9> 0d 56 38 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 41 55 41 54
[ 1764.507510] RSP: 0018:ffff888008987e70 EFLAGS: 00000206
[ 1764.507518] RAX: ffffffff83e7e9a0 RBX: 0000000000000001 RCX: ffffffff83e6657c
[ 1764.507523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff83e7efa8
[ 1764.507528] RBP: 0000000000000001 R08: 0000000000000001 R09: ffff88806cf3c12b
[ 1764.507534] R10: ffffed100d9e7825 R11: 0000000000000001 R12: 0000000000000001
[ 1764.507539] R13: ffffffff85677788 R14: 0000000000000000 R15: dffffc0000000000
[ 1764.507542]  ? mwait_idle+0x110/0x110
[ 1764.507546]  ? rcu_eqs_enter.constprop.0+0xbc/0xe0
[ 1764.507550]  ? default_idle_call+0x98/0x2c0
[ 1764.507553]  default_idle_call+0xbf/0x2c0
[ 1764.507555]  do_idle+0x3b3/0x520
[ 1764.507559]  ? arch_cpu_idle_exit+0x30/0x30
[ 1764.507562]  cpu_startup_entry+0x14/0x20
[ 1764.507566]  secondary_startup_64_no_verify+0xbe/0xcb

VM DIAGNOSIS:
15:19:35  Registers:
info registers vcpu 0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff822ddc7c RDI=ffffffff879f1140 RBP=ffffffff879f1100 RSP=ffff88806ce08ff0
R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001
R12=0000000000000020 R13=fffffbfff0f3e275 R14=fffffbfff0f3e22a R15=dffffc0000000000
RIP=ffffffff822ddcd0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007ffa86253700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffeb5051f88 CR3=000000004f8e4000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000dd060a
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000004168becf00000000 XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffffffff87a06080 RCX=ffffffff8127af67 RDX=fffffbfff0f40c11
RSI=0000000000000004 RDI=ffffffff87a06080 RBP=0000000000000001 RSP=ffff88806cf09a38
R8 =0000000000000000 R9 =ffffffff87a06083 R10=fffffbfff0f40c10 R11=0000000000000001
R12=0000000000000003 R13=fffffbfff0f40c10 R14=0000000000000001 R15=1ffff1100d9e1348
RIP=ffffffff8127afe2 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000559c5270f678 CR3=000000000d5e6000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000004168becf00000000 XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000