ap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x600000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:00:59 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r3, 0x3)
ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000040))

09:00:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x38, 0x0})

[ 2364.523284][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2364.531305][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:00:59 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r0 = fork()
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000000)={0x1})
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:00:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:00:59 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x80ffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:00:59 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xffffffffffff9816, 0x4240)
ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000100)=ANY=[@ANYBLOB="f80b67150a14775e075f90685247d3e1000004000000000085"])

[ 2364.572967][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2364.581011][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2364.592321][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2364.600465][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:00:59 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x13, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000040)="42992d19f668afdcd0de00c3d036df540d005b", 0x0, 0x0, 0x0, 0x0, 0x0})

09:00:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x600, 0x0})

09:00:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030002", 0x0, 0x0, 0x0, 0x0, 0x0})

09:00:59 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xc0ffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2364.691579][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2364.699626][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2364.707228][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2364.715199][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:00:59 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x111a80)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x80, 0x1)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000080))

09:00:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x3800, 0x0})

[ 2364.804935][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2364.812953][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:00:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030006", 0x0, 0x0, 0x0, 0x0, 0x0})

09:00:59 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xd0ff20}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:00:59 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r0 = fork()
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000000)={0x1})
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:00:59 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x4000, 0x0})

[ 2364.912856][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2364.920914][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:00:59 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x8466, 0x4}, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1)
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x594a10fded813ea)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

09:00:59 executing program 0:
r0 = getuid()
setresuid(r0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, <r1=>0x0}, &(0x7f0000000280)=0xc)
fstat(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
r3 = getpid()
ioprio_get$pid(0x1, r3)
syz_open_dev$vcsa(&(0x7f0000000100), 0x5, 0x0)
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000340)={{0x0, r0, r1, 0x0, r2, 0x1e0, 0xf001}, 0xffffff73, 0xf5a6, 0x1ff, 0x7fffffff, 0xffffffffffffffff, r3, 0x9014})
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="4cdfa19cff540d0000", @ANYRES16=0x0, @ANYBLOB="00042abd7000fcdbdf25060000000800020000000000080003000300000008000300060000002000018008000300e000000114000400fc010000000000000000000000000001"], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x4004080)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
gettid()
r5 = fork()
get_robust_list(r5, &(0x7f0000000680)=&(0x7f0000000640)={&(0x7f0000000580)={&(0x7f0000000140)}, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)}}, &(0x7f00000006c0)=0x18)
r6 = getpid()
ioprio_get$pid(0x1, r6)
waitid(0x0, r6, &(0x7f00000003c0), 0x4, &(0x7f0000000440))
ioctl$SG_IO(r4, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f00000001c0)='/dev/sg#\x00', &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff)

09:00:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030008", 0x0, 0x0, 0x0, 0x0, 0x0})

09:00:59 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xf0ff20}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:00 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x1000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2365.020538][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.028563][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030009", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:00 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r0 = fork()
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000000)={0x1})
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:00 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x2000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:00 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x100000, 0x0})

[ 2365.111704][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.119737][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:00 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xf0ff7f, 0x0})

09:01:00 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x2040000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:00 executing program 3:
syz_io_uring_setup(0x39fe, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x10000003, 0x283}, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c79000/0x2000)=nil, 0x0, 0x0)
fork()
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000000))
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2365.187130][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.195169][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="00000003000d", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2365.296062][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.304173][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:00 executing program 0:
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x30, 0x0, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x3b7c0078}, @SEG6_ATTR_DST={0x14, 0x1, @empty}]}, 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x4000010)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:00 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x8466, 0x4}, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1)
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x594a10fded813ea)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

09:01:00 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x1000000, 0x0})

09:01:00 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x3000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="00000003000e", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:00 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x29, 0x7fffffff, 0x0, 0x9, 0x19, 0x4, "50cb93f713387a70cf2f2dc36392a4268f9d0f88ec58e03f56ccc19528b92ae167e650862962992114747df1bd1226762c072653426f72a3d3c4849e9d3691b2", "7a94b6058a54d86f60abc0af6f6e44d996df6014466d79e74c9d065b93d8f25aa93f088190fc62abdaff9e9b5ac28bd8066f2aa19943a0778c8fa53e7afe192b", "1c283fa863cceda7762925f165ba893b8b42aa6158c27e476037a43f4da75f49", [0x8, 0x5]})
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1b9, &(0x7f00000000c0)={0x0, 0x2f7c, 0x2, 0x2, 0x91})
io_uring_setup(0x15b9, &(0x7f0000000140)={0x0, 0x1e43, 0x4, 0x1, 0x2c4, 0x0, r0})

[ 2365.848512][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.856553][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2365.911842][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.919870][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2365.934227][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.942610][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:00 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0xa, 0x131541)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030010", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:00 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x2000000, 0x0})

[ 2365.961976][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2365.969990][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:01 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x4000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:01 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:01 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_GET_PACK_ID(r1, 0x227c, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:01 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030042", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:01 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x6000000, 0x0})

[ 2366.089725][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.097734][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:01 executing program 3:
wait4(0xffffffffffffffff, &(0x7f00000000c0), 0x4, &(0x7f0000000100))
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r1 = fork()
fork()
fork()
r2 = gettid()
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000100)=0xc)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000180)=0xc)
setresgid(0x0, r4, r5)
r6 = getuid()
setresuid(r6, 0x0, 0x0)
fstat(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000500)={{0x3, 0x0, r4, r6, r7, 0x86, 0xfb}, 0x2, 0x9, 0x1, 0x0, r1, r2, 0x100})
wait4(r2, &(0x7f0000000000), 0x20000000, 0x0)
waitid(0x1, r1, 0x0, 0x4, &(0x7f00000001c0))
waitid(0x2, r2, 0x0, 0x80000000, &(0x7f00000003c0))
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x3e9c, &(0x7f0000000280)={0x0, 0x5ec9, 0x4, 0x3, 0x3c8}, &(0x7f0000f1b000/0x4000)=nil, &(0x7f0000e3b000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000380)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x1, 0x0, @fd=r0, 0x1, 0x0, 0x60, 0x1}, 0x80)

09:01:01 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x38000000, 0x0})

09:01:01 executing program 4:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x4000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2366.161563][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.169602][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2366.178696][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.186715][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2366.231565][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.239590][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:01 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x6040000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2366.274207][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.282246][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:01 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
recvmmsg(r1, &(0x7f00000039c0)=[{{&(0x7f0000000040)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000100)=""/8, 0x8}, {&(0x7f0000000140)=""/235, 0xeb}, {&(0x7f0000000240)=""/129, 0x81}, {&(0x7f0000000300)=""/201, 0xc9}, {&(0x7f0000000400)=""/200, 0xc8}], 0x5}, 0x2}, {{&(0x7f0000000580)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001ac0)=[{&(0x7f0000000640)=""/9, 0x9}, {&(0x7f0000000680)=""/226, 0xe2}, {&(0x7f00000018c0)=""/204, 0xcc}, {&(0x7f0000000780)=""/143, 0x8f}, {&(0x7f00000019c0)=""/213, 0xd5}], 0x5, &(0x7f0000001b40)=""/143, 0x8f}, 0x2}, {{&(0x7f0000001c00)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/52, 0x34}, {&(0x7f0000002cc0)=""/221, 0xdd}], 0x3, &(0x7f0000002e00)=""/186, 0xba}, 0x6bca}, {{&(0x7f0000002ec0)=@can, 0x80, &(0x7f0000002f80)=[{&(0x7f0000002f40)=""/2, 0x2}], 0x1, &(0x7f0000002fc0)=""/89, 0x59}, 0x3}, {{&(0x7f0000003040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f00000032c0)=[{&(0x7f00000030c0)=""/204, 0xcc}, {&(0x7f00000031c0)=""/81, 0x51}, {&(0x7f0000003240)=""/112, 0x70}], 0x3, &(0x7f0000003300)=""/101, 0x65}, 0x6bd6}, {{&(0x7f0000003380)=@generic, 0x80, &(0x7f00000038c0)=[{&(0x7f0000003400)=""/246, 0xf6}, {&(0x7f0000003500)=""/171, 0xab}, {&(0x7f00000035c0)=""/93, 0x5d}, {&(0x7f0000003640)}, {&(0x7f0000003680)=""/87, 0x57}, {&(0x7f0000003700)=""/207, 0xcf}, {&(0x7f0000003800)=""/134, 0x86}], 0x7, &(0x7f0000003940)=""/98, 0x62}, 0x8000}], 0x6, 0x2, &(0x7f0000003b40)={0x0, 0x3938700})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000006980)={&(0x7f0000003b80)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000006940)={&(0x7f0000003bc0)={0x2d7c, r4, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x78}}}}, [@NL80211_ATTR_CSA_IES={0x14, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x6, 0x5, 0x5, 0x6, 0xffff, 0x80]}]}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1b6}], @NL80211_ATTR_CSA_IES={0x2d28, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_BEACON_TAIL={0xe3, 0xf, [@measure_req={0x26, 0x4b, {0x40, 0x81, 0x2, "3294a608215045ba66b52ac6763caaac34f11d1924c9c2a3803a2cd891ccae257c3d2d06db693f22cd8eb410f2ff80ec4ea030ba1b618d7b342a8cc3ec7edd03aaa3b4af1d0bfaa6"}}, @peer_mgmt={0x75, 0x16, {0x0, 0x1f, @void, @val=0x4, @val="e2d64059f9c3c5a0775852c66c16733a"}}, @channel_switch={0x25, 0x3, {0x0, 0x78, 0x5}}, @prep={0x83, 0x1f, @not_ext={{}, 0x1, 0x80, @device_b, 0x8, "", 0x2, 0x3, @device_a, 0x3}}, @preq={0x82, 0x3b, @not_ext={{0x1, 0x1}, 0x7f, 0x81, 0x9, @device_a, 0x1, "", 0x0, 0x6, 0x3, [{{0x1, 0x0, 0x1}, @broadcast, 0x6}, {{0x0, 0x0, 0x1}, @device_a, 0x8001}, {{0x0, 0x0, 0x1}, @broadcast, 0x6}]}}, @rann={0x7e, 0x15, {{0x0, 0x43}, 0x0, 0x71, @device_b, 0x5, 0xfff, 0x3}}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x7, 0x6, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x6, 0xbb, [0x200]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0x3ff, 0xbe94, 0x7, 0x6d34, 0x5]}, @beacon_params=[@NL80211_ATTR_IE_ASSOC_RESP={0xa, 0x80, [@peer_mgmt={0x75, 0x4, {0x0, 0x1, @void, @void, @void}}]}, @NL80211_ATTR_BEACON_HEAD={0x61b, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {0xff}, @device_b, @device_a, @from_mac, {0x4, 0xff}}, @ver_80211n={0x0, 0x1675, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, 0x7fffffff, @default, 0x1, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x3, [{0x19}, {0x16}, {0x0, 0x1}]}, @val={0x3, 0x1, 0x78}, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x74, 0x9}}, @void, @val={0x3c, 0x4, {0x1, 0x2c, 0xb7, 0x3f}}, @void, @void, @void, @val={0x76, 0x6, {0xf2, 0x20, 0x33, 0x9}}, [{0xdd, 0xc0, "f8c65b1976b43bc67b5e0b70e9881a372918af78a883c9da708f009e8a6396fe9d7ab85edfef83901c760f435f4e8e5e87f98d793562efc8c4f4ee8631e72b6e023ededa6af833eb21830745455b8e0512dc062560ffcf9a705b99027b0d0a0cacbb549f76353daa225693033d366f85f699ec53652683bfe5058b2889bdf9162fa5453f80b611b7aeb491af02021bbec1f023108d5184a7ebada96a37e707e59e243cffa2932c6e2d1e4d4d49544e409910fec22069d4c52451c7b0888ed95e"}, {0xdd, 0x6f, "b6f44cd1aa24315f454ff6115557f9571c8216343d764d8255a5b2e84e0d8159647e91c83392659e5b1208cd04ef444b1ed1eff24343c02e4aac0437ebc2f9e2596799bb37420b17b8c1f9b817dd438dda827747cb8d45876afb74e9ebcbc8d59adbc68a338594c6064ab913d0bc91"}, {0xdd, 0x21, "a3f5fdd619190035502ed93faaa0078b4975aa01030bf9b02d0861fd6d9016d703"}, {0xdd, 0xbb, "524ac2d1c874b4b50a983b4e09b4433a816ac86dede899452d97997f52a295ad6c0fa5ce363ee6b22be7b56584d5858f4faa4289292962dad8f7b661bcc69c951223ace30e5132246ff8d019bbab6c06418d8ce4d7f3544fb3a137aa1ec4ec98bb54758091255a59dbfc9922c74cf987b928157888252fb570e2ec137bb613e111ca0e1a35492c662599216c0b243def4e9071475455cc639a57937a4ac13223bfc825e46ab226e0e0592b813df76829b1fa34b688a77d44e073b7"}, {0xdd, 0xcb, "f477657e3efa1abf310493a0bb98965c6b5bcabca9906984c037e6c121d70368f0fa7064d8e9d8a9a75731f76407b50e039a6d5d7758dc6ad39a5e78f3b68f7ca2880404c58414550127598607ca12cae81598c2344bebff9ecc648341be17e424d33a1ff52c04eb8614fe8b768802e2be0bbcaf6ff45d94c6e040a41c18554d997a7ed5dc2ab5972ba1b9b261af95a8e71f9c5768077113630e2b9458cfe8561bc7a043099aeee3a010a352176de7c8e7422bbf91abf0171bf3452f61bfa58731ff13e2b1d3719f54d4fa"}, {0xdd, 0xc5, "253365c872c0cc1036f40b1d8a352673f1b310ea99b8c8584f3af3f19f99fa26a6b8ef51700c127a32aa4b37dea27a9455031cbaf06283c38fe7857c0b976704b3012b26d7aacd340b70172b5baf22d1cdd4d3b8de20625b79b79241904b40b29f37fb5598cb76e1b6dc98eca34fc854f9f952c3c8b8097c8fc82dcd7db7df8c72c7bead9fbcc5bf3c2c3344b434087e11de572d9c03bea834d6cb67a2ff5f07484b69b9994069ae3fd4a717e0c4cb1a7d00b9d825bde5bf2236d47080482f668dff4e9d86"}, {0xdd, 0xb1, "3216959832cf8a651c4c353a695e28307c26c96ea766e362842c909d3168b1f6828829cda73cd16a0f7c765352d18dc8ead6ca47dbfb95e6952b1680a9556cdbfcd4792dcbb0111f6ac1c877eb1ea4db6168197a165b4ee21e5eba5178259c9f4ca389a792d74318eb9351aba6e68da49f8c04273377c542e14f8ad6e206da0be9be9cf55ef8aae3bac7e23df0e5c5037e37d73cc47d1c2ef60ac421495068b7b1461b2c9923c58b74d25abb1ebdb0e193"}, {0xdd, 0x68, "45cfd0054c612303befd6e91240d0c0e4035993594663f242bdeb6e07e6e31c6e570cd9fdb7d3922ea4694272cf40db128c3d662703945da1d71294257e72cd80f44cb8129819a26359c15c22af5d132e973ffbfe32f8853a24bfc9a5f333eef1f39999d2f0461ce"}, {0xdd, 0xfd, "14301bf32df2e824fb47a9ffcbbc2794b5e1099c27591ec5d44dcd883303c2c5eb5cb0b70aebf813ea332fa69456857f2272287632df2d60a6c752e064cf532516eec477450f6f2a37393a255a9581c08b82ecb32cf9aa452be1d2d57d6a38927dbbbb804a5695376bc9124e9db893d94caa3e9396a5c09bcf16208f54febcf5fcf889556171ebf00ee207f45dd911a8b7f1a537bbc594496c446323cbc83137e28cdf149c1bc0642609681b146641c0fd79a98918a5a7394d36c08c16cff913c25195998d7608419a74ae3518434ca20ddebe369efc697676996b8fdda59452e01fefd3cf28d799c47b7b4563de3f19a58a58c34feac8007186a2dd28"}, {0xdd, 0x7, "39c69278f22328"}]}}, @NL80211_ATTR_IE_ASSOC_RESP={0x4}, @NL80211_ATTR_IE={0xbb, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1}}, @perr={0x84, 0x69, {0x8, 0x7, [@not_ext={{}, @device_a, 0xfffffffd, "", 0x41}, @not_ext={{}, @device_b, 0x8, "", 0x26}, @ext={{}, @device_a, 0x80, @broadcast, 0xd}, @not_ext={{}, @device_a, 0x1000, "", 0x3}, @not_ext={{}, @broadcast, 0x7, "", 0x41}, @ext={{}, @device_b, 0x5c8, @device_a, 0x33}, @not_ext={{}, @device_b, 0x1, "", 0x1e}]}}, @rann={0x7e, 0x15, {{0x0, 0x4}, 0x1, 0x8, @device_b, 0x6, 0x0, 0x8}}, @gcr_ga={0xbd, 0x6}, @perr={0x84, 0x28, {0x2, 0x2, [@ext={{}, @device_b, 0x0, @device_a, 0xd}, @ext={{}, @device_a, 0x8, @broadcast, 0x21}]}}]}, @NL80211_ATTR_IE={0x11, 0x2a, [@supported_rates={0x1, 0x7, [{0x12}, {0x12, 0x1}, {0x1, 0x1}, {0x4}, {0x9, 0x1}, {0x5, 0x1}, {0x4}]}, @ibss={0x6, 0x2, 0x8001}]}, @NL80211_ATTR_FTM_RESPONDER={0x1008, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x1004, 0x3, "b66130c1b6a662c46f2ddb4a06aaacddf4640aab53da42d073d56e780976eee676f7e0e19b08c28154cb88e86d0db4bd2fe52507d0ee19586295947e57fc584cb0d314792ea06222308b29ea14e35c2c0b90ef5459d6affb3d75e87e7347e1fe96564b8da75da857704467cf98b9861cdc5613dae7f7074991f6eeee430133e20fa74675d8348e07d513790243d29093efdb5dde4b4ccc57c431f891f38df7e850ab43a9ac1fa114a46dfc39f190f41b4f8a434afaa1183f9996a8901163f4f88cb5b0640b2f384f6dbfeedfd33802c6d17884da031fe64e41b3e546214a49e73cae0cabbed1355665db95021a899a1f4184d066a48b3c405eceed68e773c0320997aa14d07a4dcc356a31155d15871d908689085b7b22dd09d30c1a63ab3404a0434ed2acc461e4ae9be5d683423c815e691b0899468349b3539c422f4cf8b040c51276f73d34cabbfba1ba542c86e16d2dbe39b2717568c9dd7b116cfb058e4e43e30ab3fac132c86981c40d2580e9bf3e58b51f2450a5e3bb075f533af53e4ffb0206ac965ad120e9b935658615df9c6a1012892ddde62dfe627102c02616974b214a5a17e2aceabc241d00c9ad1b53b0f3fa89b2b080ac20df9fd149f50620ba460217090db59806191f4106be6f445648b911402fcd5e377143b5aba793cd198c65dc48957a8e3fce2693cb075f8524bf5c36b3e54e54e2d72afeab83c2f1a08f629ddc2f7410dd36986c3ac7bb1dda596d09bbc442f2e405878b43d26485aa2583e541a1c15d0d3358eba15ecb6aa4c8d1d1429d27aab7a2ac1f0dea34dbbccc0cd02b6e39f2d0980224a21ff25eeb1f162a58e4c0553b05d62381e93d429eef75e01435e596a42881bc19d9f9f259ef37e5f5cb350836e18b3afc0bf7e19f1ff4bde1a5a5706ca3756c08f725247403d2f4c5efbd66b4671131bdd2c6b2b1e43fb2ec500d7157e976555fed32a6869f7a210a132021d23b9765e2c844729e3d9b58310a21c414ef78585865d25d33942ef91e529fab86f45c2175e9ce178acb21ee9f4705e1d839b416463f976e2bf7d7b1a99f5aac86d0c2b38bb4570bc9cd6c7bd7c88abb511cc9bbf3c7d24c34ea8a04b61cc90ab96e48fc61325370cd3e649d410b3101e1c3d9bf8d0aa3dc0a8428a3cc90e375425355a335889a7a775086a30698020240b9bc35b92d2cb9ab2271980c6ccd07e0397f75e5d5288a0900ef9177241a2b875062ecab9e79c3cca64af102f23fb8a2bf8b2df11d7a3d402c9cfb46d979d0ed0d65cd777e6961fca7b93b412a59f90cafd3c165b837eb37ebfa102990aab8086fbb3eb89f40f371ea97b0285519ebed6856725aed3b758a905274e23cdb89a39749bde5cc8782cb535cbfa9d6eedccc7342b24e97b5ce5f3a41c554f0738865bc5ae336558539289c554ecb85750343493b753d5cd6e38f7552ef94558a17d0a3d18c60a70708fec4561e2b5875aa9bf1ee12b1f9e78d93370294116bb4cf24d8af4fbbd177a9b98750a4cc0f6969722579856720d7bd696f617139471e224369e721ab950ebe3ad3863a8954ede4da6bb868b87c1fcd480ebf4dc8807caa3e79a5b93ca0f303e37609ab55b917fe310edba6be0f2424e84f8c8b92c4504cecfbab2d8bbc881e0512fdde996d8430739a2d72b8ac59252d0977e4a97a1d2a910fd476e15716230a4d1553f4eae6e6bedf933d27f5e1dee3e6caace60debbe136f256f4b54df9465c176473f1745126b2ed245c8dcad27a2c0113e654f475a7f42e04aaa74bb2ad1322f07b4115728f077ee18b6fd08361e674f419ed8f7ccecb99e9a6270025d8309965c02b4765c526808b454a419a545991c88284c1d899a1349467784561b21c13121e7b1163bc481f9253889e80275da75efecd1f041a2273cbfc4fe8e02b540200a1193f3a4f3051c72d503a0d78ba64f5e0213103e01a327ab2f8bc853b8d3127569918b3618867507ec9011c14147144bb687bbf8c20acd69b062ec2ea811f2581b763993a0429fe0b62537ff6f8cb503779b70c4ea2fd0e7a0e56505489ea183517782fd631084b94b09e21f23f9df8d770f156d3721cb3edba1b8ad852dd7cc9f25c68e7d9f9c168cc5911fc001bdbd21b9e83320d0fc49c3323da9cf5bfb5369bf48540a52034503e25ff215cc4258975fca5f97acb5a6b7f6f17921b5187796b7c4e435432cf9889de68ceed67e7999de3e1af49b25ee80dc27e5f9a259c65e1729e9fcdcc698dd2d52b656638685125a3a7cf71e64307bbdc3109fcb28407561d5348bde9c791b9be21e780830b5609baac448c5917d19dc0b9f9ce2c47bb777beab2fefb6d9a417185c8bbb6724e01e61af0ec8d530d8633acb4892ebe05a20f02e1d3b9035898820559e0a822ca03a987cfc87634a75c4e371d3f5c63e5765804b30a2988963bfb2ae1307ec6904ce21c07709cac15a3e0dc5962da534468f0d467b13c7894e00c5a1fd11b96a90ef71b28929cd28d315e49731bde0562ba5e95ccd4e43b4f61d586bb24740a5cd86e9d963dec8e49d1a0569402a1f37427d46883e2ae9dd9c98d5d460eb61fe858275d8535ab2774e67324b4d641ebe91dff0a948c6e1edca2d03caa60be0be15a572a82bdd27710c995723e8856a3b9769822af3e5361a2d83f4e178ee0cc7196d2ec2ed2a79ffe91df865280e653369d6f8fd2c5179e62233825038b86aedc8d40058bf79352d5dfb333a1dbcdd4ed6f759253007ed0dbac065afa5bd82d8b24b62925659fa5534188ad596bf1593bf94de8c8219fa384d169c6f172354c95268a481ef584dc8142c126b81267c56fa90043946ec10b7516cff4f0caa785cbb0287d051497c78ec3b2f6eb2f06ad5e0ca8212f4280a834d0a145323e6c158f19b6ad48b9d35e39a5b22a00a54cb921c4f844deae79814ee7f3a29631fb7974757eb7ea90a69c47e55465a0238b800234b10f378f0713f3de086f24d0a213f77791211794410a52008d6d226a25e497e5df97cfb2f222b536b8c6cef2bdd029b61c91ad6a88ced111efd16969066a37fdd5163051a24019cd0aae63ba687fe11a7f1ec98513ff9c24a197cf3927fc904f1bdfd358612135bafb1899da442efa810735144953769cb7dd0047acefef739887fee71f3d315f0163602dec674752e6a5826511496131558b53851db9e0b401013d470a531f2df2d889e26e94a5c745c4012011b1de81a8c3747e1f88bd37cab31a50be17e05000c90cd78351c0a0f79477e9a58738048317be849ea2519bd71e79a76242799a34c0a36a7f6bdcf603d10fb56b5a9f253fb44d0570854fe26559e66917193b7c544f6446cbca249f095fd9a1c451844542177b8b02e604ce461d5df5fbcf906c27874891a66472cd067365d5ac414c04559d5cc960f632080e1e90845c0862886e7f25d01f88eeb25f4b6a5beb7917269ce1bf74b596519dd025139b27a3f0a26c514bf88d351946f769ae9da5df71eacb2d39a0e08dfd9582b3b66367ab065ecc05e49f387951765684a6d19ebf2bd33e97b5e1143f9de4b26678577cafab94698a9eef1bbc967df4169d34ea6d38fee1367a65a03372053ce81711aef29d7a9803bdd0563d03e1edf3e87ff0636b21e8be2278c8dc8dc9eee05c9979491c096e4a0920b9db3778162f3d6f3c4ec3bc5b6b88c5c244db860657756e8666cfb5f524a517bd0640f01ae25efb00de980f2f4b2a935d692831372a7f2c326c9664f69749b9f718652e84f35617d94a09362e5197edde5f8647c55b42145f2d902407f8338ec4ea7aa776b5f9312ae84057dcd42f495baf8b23635e82e9530f7ce53efc169026c99dc92f013ca7ec31f6012fd983a61e71dcff169f39618fd884a8a391fc3c5eb0a7b3b2146120fc368c183ead6f5d9592a14f5b7cb50873ded8f8dddd0b70599410b863d1300d7b7c4bc0360159c807085ce589d3e9e5960b92e3f9f9c054a9cf2e031c720c5065259f4557a85b6ab045b0ac69dceb07bd21c27c9548ec0ee0102f747f71556de2ea7a7184b1df26eaaa8f4879436637b24b7cc684e54de75a681c114a0787972054f8687969a2b4a07a3e1bb325331d02e13ea8c83c12bde51e1a2fc5bf1424b36a61197ca51bd86c48a44c4d0e9ac86a42e43e06d1bc0749bb559a28c500bd6eee52cfe8450da41404ccdff16d2f104a6664a497412aeb13803e84734cf0574ae754bf0caa7729763b97d3e68d0738778c9e2d88687b2a1a913ed3728c64d5b2cbdcea35f05b6d2280b8a5d25298bd295ecefa97647d7ed68445009ab5c8a0818b0565ea9d51b116ab21f0ed777c57a17c1ea82181f9d6fd104f445f38619fb507f66e01239aa0e2a764b0c6c2d5740b6b746b4b3c3783e411bc072110ae79c6e904f1044b39f03e8df4e1dae7c8d21d8e8ee3fc23a0eae38118835f06884094eb4a5dfd0f4aee2adc7d490961192699bdcf807c373a08f1b45c2c1faba523707e132756fab4eb9a62e8090022489d6dcf63df6385d5d5b393b0ba6b7a6dd7172e0f4f999f977e5c15415be19e2387142e9447f49d6ccaaa6504d7c250582ffee26593efc1d478543bb175bef26922c3d14c4b5656647e31eb5a2cc74ca4d08280c2cc7f10565989a0d8f42ec490b40342ffe4d2698f2047ad383f6bcb83c3a579b6abdeb6bdd91e51a7a86f2d9f2bbffe703452012d888aa47451022a1f5899977d4e81b5381848da1f65e38899e17849b09a0ffd6ff9618a5b16d527e3d1aa9783b308aa99cd1695610773e61912489fd1e2de1fcb83945f3658b30ae5444e595ec4e555ebb7e33076925748fc1e4c37df3447bd63e4bd58df89cb05c17e5c29032728c7a1fa4ea250c5f8fab3525532eaa86042f994fbc9d7577a65802b77e830f89132acc07032ec3a0dd1a2202283e49424d776f1e668368b63693553ec1c971db197520d34e870c80cf56d6b113d9b3dcff28fc9966e5b8724c3171c9d34fac8f0623ec0b6e637a72b62150f2366bed99e3b279004df3af1c93f71ffa25612e839e01da325147d399c8aebde2a0a1e5decf9a1c1695ce62ae56f74da0304ad8cded92aa3b422885aee095296e527c4f5b6fcef42a987ad81e2486e4cbd5523f69a5b6a828a2a302d797de50d3069921b17862960416ba5fbbd4c969aad4df5bc702fc0d22ec65013c03f6296b06d017046ef3ce8c83284c5dab8e8b12632a5d057e26e469c2209964c9079dce9d0844e63504b860c0aa981e6a7647a3b5a23eef39a433822f0bbb24f4337adba06cc3d1c322d904198b63b408612471b6cd1e1a36fc5a1ce63b14ffc7c9fcf01bb9d0344fba043c191049073a228edd92454f22884de2a3c7e675ba97d5074ebf1045e4ec647e25477a0a31199492c3d32a6586935b973b5463b1c9ffcc6962e46ae078596aac80829fc4f89f4aadac08f9dfe2fc161f5fd1ad2951d5e9248bb5f4ff3d343476c8f1e4f5fa792e9d517a7f434160d5668e3828bdc46830c619fbd3a0660297ba22fb2599bf8fd318a76e70560c1d56f47c1f90405295c6846892d8257bdadb85b869317523def87fc3e2dab93258f0785b2e798685e64aa50fad6dca5ddc7dbcfc0e748eebe306224646d839cf8fd2d622b7d021d77ffc9bd0a1d4d020ebf2dd78759497ecd3487860708cbb182f7ea10c0b82b0d843ca45e8eea91299f075482fa9dfd7c55bdfaebf814d2b5cae6f5eee61266fd8b27048e10b3dcc5352229d9e413d5e1b139a8d86d1cf9a590fb86b81530a1ae74c3b96ba021c6db2fd02"}]}, @NL80211_ATTR_BEACON_TAIL={0x1009, 0xf, [@measure_req={0x26, 0x1003, {0x7, 0x3f, 0x8, "c085bcd6df0af9af85448a20768347b2f7da618306602040e42c6b57ac1bca20d4bd681827f4d9d5b482e84451bb882bec7a2a563e67dcca0b6acfbf616d4db5b849534f25a6396c8a4a813f964ae367b4b36aa6130d8416c7e0efe055b90867d23f323529004c1b10d60698ab0bcb157a62ecd6701384a65ea0104b25c933d928df678ab13225d7ecdc168cf5a0e9a770b0fc9bd31cf914c9de77d19ae3fcb47e3088902a0cfd0b243558e05c66cfdda9134caf91bfd4de0a4f4343a0ccf8ae4bc8c633616167d01e99fa45da4ffa13fe844a2c06f786a4cca9fc61534f8d762df295a05d7ce9bd840db7be234870ac4c882036a4af581f6039d3bce1b2594525e3fc8a96b4f2b6580a519659b6dd538e06d4de5f2ded9c776cba44b74b8a95720820466f6bde46875e369d7040ad8df4ff22eeab828c152a1734b1431d24ea0f575aa2afa9135c4dab2ec75fac1af9beb228354c3bc5993d3774d2157f6e6e1ca8b3a8da48844d08acd6e959845759e251837495fe67db533993cb00dcd1e4114d0252d808cea7a18439d0dbf8e2db48993573a70826a1f67d1c6922bc25523948d57875aea2b27efb539bb09362bf9658e9bae91a8458399ebcddc6a60bde8a16dea98b0f7cd1ed7fde2e27a7ef3ff4240196c233378a87efbbd1c5d7eacbb5d2546b18f8d4ff196141e9349bc7ede6b9aeadd0dc1df6c907be9002ee8e599af69aba2719f787c93f109818c16018c6730f59390512e1187f7a2949c9ffbe5fccd2283181ca8bddb4cbd65752d8106641a27a5628d7609a91791ee9abd66890106cd5ecaefb8ad4e8311c0e97284f16649e54902ae80e65dccac217d5a8db7f7a89074045ea4bddc857ea555c3265497d2cba08fa8868797403820423a52b164a6aaa686fd41b5d3b7de5868807be5f3ba341bab5d3da1270439b3d28ae9a249be95a1ae074b1ec77bdb3b30523d906a4eee986fac569936ddba954b8fa35ffc98d12bb3535952e403767e992bc864177ed4fbd10b5da71feca03f85b81181f5baeb3c8e80b24669e7cb172ae7e5b7bb26e2787120c9edd9133dbcc304f451e6e4ad8bacde7422b21e81af6d1cb386de7a52c7afbf802d70c82b165116face18ca671baa0d5317b12c4557943ddfd43aaf8d81fb8259735da151e25e5c80603fbe1fff63fe65c6e51509d675a5823f0b047108444cd5cc3a7a512ce67dd4e3312ef340882e04019b6722479f42837e15459e8342ee262b8980c0f36e0f1a46d69c39c25e7400fc7b01173c3b2b1992a3938162cf485ff3392edc102ab731615badd53ebce1220854138a24858226c4d4dd13696df7ab2e8614ad23321744082b94cc9310a48cd156957342dab11dd87823d2310221189cfc20b3744ba76cdd344cac5588cb8575eabcea5fcda37c9b154cf56bbef8901a283079e6d9701b8a4512ae4d52ac48b99312de36e2ff0e69e072933f33f2621e0e7ffaec102b0564e4b90313bf6cde581b53baa59545163d1e32268a5f22b5c2036e4892c640e92cf971511d0f4b73ff876c34ab9edd3aebfb2a9b2dc1335af632ce1538bf5b3f3198b6b6e2a7ccb969bd33fbed32f80a3c1426b283a1b64f9bf93e0bcee78b38803b37c8b69ffbabf16836f64610ff158e610e31ac4fc47dba140cefa1f9a1a42aa970e25c4287e59e764aefb592bfb897bb30e6d7dd3dc77fc50044f77f134a2e7d655127b812b577a404ca02e6587bdbdaf7455c3b973c14218ec5b58d2d72827f22ca693e53e6fc54da792c04b79d6097786857b2b66cac8a2470cceab755c659bafe9362fa076795f36baa39171075d923ab1de9b9357f874db819c6965efaf2c1ae56928d55562174fe8407d88f2ce3b9b4e41f1d13fe34cb93305da6c70bf7f96eb50b01791fa9ce75637abbf8a453dbf9d24dd9295d02c528f7a0933f11d0a8a647fc45560d14c47d825572d21dabfb7e66a237fa2a31e85a4cf43dc623067b426c90f4ddf0c84e959ffcc76f632fc8c9c438e96ef992ba1944a2915f554c70fda59ab58b52df2de355577bd0bf3f1a79369928442008d777d6336792e9c6ae717f05e14f52d6f747e44a02816f640bf8a405de3e3f0865082811f0af426814b993c04c93a72538caf0e0a6c02616008599a18e47101b20eaa3e33618e90e6cb71538d4bec0c00458f65f017c2a937d146c9b0e289d7c4316adb17d1f3c1aa5c6bbc2669a9c150a9082dae46ec71ed4f2b087bb2a4186d4f93a3b74b5c369901f3dbfa4830eab2f1b50e3ca41ec58ed552dadab2b914023b55ee396363db6f2295c7e8682cc6fd0fc0be6bf0d1f9473e7da3a6e63648d0fa08dad5ad7c6d6bf0f3dc37080058dec8def820a6ad4553d05919f46c6e16f00d15be0e5f468e480d5c90fbce8f665c765b821dd8d5a7fe7aeced8e5abce20f456a2b096bd7965e60d21035291f16404b4bade4da3b71089221325558d4890d2b62f7f8282bca73cb2889fa1df9675febb1927378f0040a9b109583df6b7b414eab49294c16997085cd821971cbd5b0ae68d639bddd429e5448453004483c1150bc819993fe99fe4a4dc7f5085cca24655fd062d58fa335ff1f252fe8abc2adac02db05d66dde9e93e31046ea77f1c0000fdf1c8e54d4bc1e7c1e41c510d232bec06083980ab975780c827b512b184bbcdfe75f40c0f6162100305b4061a0a17fab29235aa0fd142ca7a678fc484e98b93b8563c77cb708ba32e4ae76ec4c1112cdb96591652ddb3e210a3085670bfe4745c07d98a4844ee5323923909ebbb8ecf065b50ff6df3262f9b043ef2c0829e76ac1592a46964e44caf58fd8cc3d9be51b8e89460ba3252e5c318035645872672b2f6dee5b2856100eb720eab72508f435dba769ccb814e5f5bbee390c5d5976a32307343f074104ee60075b72584c2e119f4f675a482ab645a7592632b7b18f955da9af893f58898aabaad8f9e31aa6e77fda57fc10eece3b24ee6a5bff4f5cba0d470738cee7f82efbf4b7eb29ff6a3e4341ab1e3a9f2d710a692ed11117c223b0784642418bbb41bd640429f049b598f7b853016a5381dd27990501b14aaaad5a7010cc8d4c3f3422591c14b69e2b5cf3d1c0fe15b9fb952c2cde619f3ec6200a5d8356f4022e19fcbce99a694653357e24e17414a6e3ad1ba24f569ccb79ab5c5586083d1eb005a0967a38fc0332c2406fd597b187412101fe9030ab067ade3b34378b5e737f47509eee4b55668825398eb37da436b2a00985af51139b647752b47d10ca3200d38416aa1b1ba3c4a2ac8fdeca9e67131424892672b3a397dbf5798bd862da4ce99bff2eaf40e314868d86d579fd0a811285c8a44059cecc395af7cb5c07acfe64bf0359e59c4dfaa6e3595ea0a953b47a476dc08d9cd8684078011eedbd8fe772a20fb16be262d443bd4477e0418bd88336c6c0cf4d55a985facc48f6366a72a60d1045c7af5d4d86b230deef6b20304f7b0dd00dd4b6ad0a78812594ba333619d7f13db0935dfe27a4a3683dcb6c0fb0944de802e625253a95bee4d88b35a714095b04f0f81b77a3cfb7f5831c6ac5577e9cdec8d0b63fb82608eb8d9f6cb926cf78ebdc41bdd33343cd9a64679d958978d606f9499dab49a3d23238cb8a68ecc49a246b0a008cc92c61aa5d432c2cb1167442b345030e85fbd7d57418e23209a4fc56640e98be26653c842efd91377d69d0648622a70e43f47ce2fdd00d193933707fca484d04a8e0c3c38371eca1b952f810b73f13f11ead179965e2ad421581a3e018dacae90790df5b661773d48fccc841691c72f731ec6ccdb639ca16842e0fc0a4eaf43c286052c858e405a59695776b44160b185aceb969acd7634f2b4433f9fa0d3ff5f14b23a06033e8a5408305c34fc75581afa0ebe5a9c887aecd149976d84b9bbd1cf3e9c04f2b0c13ceae0e5db63aa3c9d113df8483d05c9fe8b09ab19466fc123289e60600469a01e653add98a1b08dede91c6238e6795b6924561706f3f9dd3296d854746deaf37838f13f1c03683abe81eb36ae77bf332cd4791ac3fb677c54ef5d16e87fb5a043407342c026a8876fa5a9cc7e3a17dd8871c571cbaedaacd48d2a7f9863482ae23bee2c19365adc5575c5dd48eb672bf25cffd142c5a03b59ead8be237cdf6c2669ea81693bc72a6df801bb8bd41635d708ffa78814c31f885b7c2e6cbc1bbdc9b4dd2501973b62d97202bafcf05e36a659aee5c089111b2fbb42c5a13008bde969904c095d275806ef36a115def1b5b474f3570a6b19c993ef317cc2635a10ae594d569c42ef421b8e83bdff7ba9eb320dff3d60c1388297b02f1cfefa400ac1af681a8864b14078bb4ae7ac0347cb4d8d8905e6de81a308381fa03effb77464bdf2e64579564d868e8525dd27c85c440df9303e9dcae277aa014368752414ab069265a7df5f52feb56e05e0df3b580d3acf2116ec03ebcb9c8f4012f803706515e2250655798f4701b04e0c5109c6f72bde24ecb94f276f1b806bb18bae223d69a12b0592f6889b1758200fb1a00ff6663f50d242b7b980b1b054ab64f78e1c640f3819a285b74ec0199c0b6d9daf40f0bcd9c9967775e0d5be3af21bca79cbc5eaaa69c1b832f5f134e913cc042a0603a791d9b60bc7c114d4ed028d1c4aa270f909e8d18a9cd85abc1ce05f04b2538f5547a53b86b1d810bb194c4fd5f3549974b38ed182ce2f7346b9ea653f32cf04eef7bb6c5410653af550eada9d9bd38de9bdf26c369c9d06e66a3cc77aa445be45607aff25381cb51a9a289df8f54724f3d493e8ca57f3b5a249807e3f12afb4b1bbac17a0828b8d25de1a5a8f59bd381867d2c769e1d4e80ec8368c437c94cb2cf9290022bc261f5634bbe754820fe85aea3854f3fdb95a423ee360bedaf6b67465166d1f5b77e82e309fc551f34079a8ff878aca176f2a8e3e9ec332700fe1e5cae6e45f6a44694fb20f43987fdb2f2cd6002462ccebb6b307265937bcd6cb972d6009fd121ddebf5865f3383a93f09500cd90d069bfd2d060c128c2e3439228712ebbe112e8548918d8fc0cde7720b456eed0ae5033dadba819aa767c5cf38f453cafeca2797238f7e9e32328ac6f50e854e2b46aff9bdc0b2fdc804210c6d4f4291c25ca7bde83b8cd86d818fd8314e1a35a4140c690731a15c2893af336625495dc6b620812c29133c088f0c207cf3a106d68193dd664c1d15225dcd7364dff46546a7219e4884db7fdf0b82a97b162627f5db94abb35335c7443988ff9289987f3377ba7baadbaa4077569d1991c2c4475c00e10e5ee1f1fdb1d5f2e1faacfdb8b7695b3ee7a9126a233a795e206fc206073966bf4b74c03090a9fabb954199f5f4bc1e87c127482d48b752677e6acc06692882965fecf0a05f32e90c3516743755a512b70377bc5b8b6ef5752da4223b4733fe301f0848666ab5dcf240a7ded56468f35f215cdc3d414423237ade906f4d2e2a3be5b5cc3fe0d392c43f12a9e50aa857fd488ee984c2732c309d0cdc5b3a8fe2537eb7417d2493ba852daba1d2a1c296171b9cf59ebc5ddc467e9e126289a9ad55edcbcf6730357f5a10f7a96748dcd5423274fac7efdf95ac0f4305b7cf10779005ec505329236667ff82c6197b76a7e65555dd155698acd73cdcc82525b3b2149f42e38e32a251e8344c833e4f84b8b36b408799f24ca9746777d87456d4b8dc2a6b11d7a1ed862c2db2ffc531c99b5c2296333578b0a8806938c6e834cf51c3aab05d541af722baaed0d09dfb20a7057a69e846"}}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x9]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x12, 0xba, [0x4, 0x5, 0x3ff, 0x4, 0x6, 0x7e0b, 0x0]}, @beacon_params=[@NL80211_ATTR_IE_ASSOC_RESP={0x4}, @NL80211_ATTR_PROBE_RESP={0x4e9, 0x91, "154cebb7eca6a6850454a176b3f6ad4eb8aff79b6c69152ae40b47014a0b06c5cb9b98abb8a5ff43d29c369d05812d153bd168112cb141d1e46c690199bafb74699645d5adf8d69303e572c3cb10ec02fb51d4c71477cd60cb92c4bed4b9fc97b51ab86b2d87e0af17f6b105a806cb12fd86398fdb4635df3eb37eeb1d3ec3cddbd65259c0e2611f008956a9f6c0c00d545cdc1f1b7873006006eaf1e22496014253daf4a0c5754eaf585e776e01b03a0901b8fa60ee4bfb9e55f0d5aab711b37c72172c9edc2e06e76b66991cb27533309ae5468b35098064ad57872afcea8d8393e21aa197abc508eb708d2be823fd1059969fe120bae586d8c009260b762f4763574859c3056b02210c7431ac9748b28a84405cfe5da9fcc0b02ce4a96cdbf3dbea3ece6b9934332d72b1b727fe466da971fd14ab04219faed978e129a5a7f3cb41b64057ec2686b1ac49d42b7f3a87137c507d05f51f22ed693536f7418a0ed8ad0f57f6ca4c170c0fe9518f3e2a4257ed592ec39ffb4b0d946e62854d4ab10fe8c339899b22aa0e1aaf219d99d3c5853d9b3695259394fa5045898c6ccf515913ab2f930878ecb1591314488c9684096d556a47abcaa48c6db5101bd9ec17d227dead1203ea3e82e32277fca046ffffb166b1578f9a466e0459e5c527dcab090e3c1a431133eb7585f974b128183f825913e43cf3ce5c3b21e93ed3688c35d742ca6f33e36495e32cdb0149c524ff1800536800c97fd4ea67cc086b31337541ab5d0cf5b9f89660b134b851bd3db706431b2a48fec47430af601a1ef6bee718ce7330380a93b4611e928692073bf9d2fc81244b6d1d919bb06fd4e7c7948773ca68f6238af974c3631d2ce446fa3906731a786c21ae585f0e59f4575509c5db02a5fe2d07729782ab9aef8f9a881c1a2115747a5a808f130fb3691c1202690b5aeb930d29297907be1b55768e682126212723fdf4d40ab16f2ecd11e042b03c759adc4af6c3c0569116bbdc2ed67351610224e2f1419dbd6e01613ac97c1c52597149137690239c18fb19a6d37b3888292ab48d437139d666681d0ab36b6c1a76f9d8598ba326bab390eaee0e728eeed1a2b9ba2f82ba86b9d79312fc419616459e2f9706b0ea3b83837f7d9f62cd5b87379315751da6ede7db30a2de40d19921e5b3d50d06b0e4beda483d1b07187db7b094ea1d906c756b459dfcc14f9e511a55452ab76f3e9e10e21c6b30791e0bb4276754cd87ba24f048c698bf3ad52444428511a155dcca11c581f29ec2b337d81651034fa62171fa8cc494378e545dd0616c61a0e1313c5de4dfe8579915e65bd8f0892c4b16e23cf51397009d40ce35781eed4a0ce0199bc0bd0b3b22999e96a35e7b4642d055c4f49b0826dfe65b149a8cc0059c4fb76c8f9ffa0e8e0159ed8f076fa70b8a73e2a188867524d54c3459bebc06302292ea7bb1aaa03775d96fe141842430309470c3abc4db2544b5cc7eb5bda46d049ea931d33358fb41487df7f5bf314d1fef956949a65a4a6cdc97a27aa44860932be65b8c59ba1ec22aac0522a7a46a42d1cefcaeb1ca51de5a4826e4784eb37499516c8e6221c0689fa482560ea98c59a66a194d4d9ea6bbca69c01c204c63e76b58a89a84d5764019406f8a84d615858b2b2be478b185da82ab084f5b9604083f03811eccd0306050dff5acda7e327de2ab31cca67dde0ddf4e52fc7b82a00e7a0068d95a913aa3b4e8aee5409ca26bef738f18121501fe9c4395d1"}]]}]}, 0x2d7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
fsmount(r1, 0x1, 0x88)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:01 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:01 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:01 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x40000000, 0x0})

09:01:01 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2366.344966][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.353071][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:01 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x7000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2366.399581][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.407610][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2366.415096][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.423102][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:01 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:01 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x20, 0x0, 0x0})

[ 2366.506078][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.514096][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2366.542549][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2366.550923][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000020000011000000080003"], 0x28}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x7ffff000, 0x0})

09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:02 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x8000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000040))
r1 = fsmount(0xffffffffffffffff, 0x0, 0x6)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000840)={0x0, 0xfffffffffffffffb, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000584d05b2", 0x0, 0x0, 0x6, 0xfffffffe, 0x0})

09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2367.098814][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.106875][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x10000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfcffffff, 0x0})

09:01:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2367.196077][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.204270][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfeffffff, 0x0})

[ 2367.251996][ T3810] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2367.270791][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.278832][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2367.308357][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.316374][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2367.360852][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.368866][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000e3f000/0x1000)=nil, 0x1000, 0x2000004, 0x2010, r0, 0x0)
fork()
r1 = fork()
capget(&(0x7f0000000000)={0x19980330, r1}, &(0x7f00000000c0)={0x1, 0xfffff801, 0x2, 0x6, 0x6, 0x3})
fork()
r2 = syz_io_uring_setup(0x55a1, &(0x7f0000000100)={0x0, 0xf143, 0x8, 0x0, 0x313}, &(0x7f0000c66000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, r2, 0x0)

09:01:02 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:02 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x1d965000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
recvmmsg(r1, &(0x7f00000039c0)=[{{&(0x7f0000000040)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000100)=""/8, 0x8}, {&(0x7f0000000140)=""/235, 0xeb}, {&(0x7f0000000240)=""/129, 0x81}, {&(0x7f0000000300)=""/201, 0xc9}, {&(0x7f0000000400)=""/200, 0xc8}], 0x5}, 0x2}, {{&(0x7f0000000580)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001ac0)=[{&(0x7f0000000640)=""/9, 0x9}, {&(0x7f0000000680)=""/226, 0xe2}, {&(0x7f00000018c0)=""/204, 0xcc}, {&(0x7f0000000780)=""/143, 0x8f}, {&(0x7f00000019c0)=""/213, 0xd5}], 0x5, &(0x7f0000001b40)=""/143, 0x8f}, 0x2}, {{&(0x7f0000001c00)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/52, 0x34}, {&(0x7f0000002cc0)=""/221, 0xdd}], 0x3, &(0x7f0000002e00)=""/186, 0xba}, 0x6bca}, {{&(0x7f0000002ec0)=@can, 0x80, &(0x7f0000002f80)=[{&(0x7f0000002f40)=""/2, 0x2}], 0x1, &(0x7f0000002fc0)=""/89, 0x59}, 0x3}, {{&(0x7f0000003040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f00000032c0)=[{&(0x7f00000030c0)=""/204, 0xcc}, {&(0x7f00000031c0)=""/81, 0x51}, {&(0x7f0000003240)=""/112, 0x70}], 0x3, &(0x7f0000003300)=""/101, 0x65}, 0x6bd6}, {{&(0x7f0000003380)=@generic, 0x80, &(0x7f00000038c0)=[{&(0x7f0000003400)=""/246, 0xf6}, {&(0x7f0000003500)=""/171, 0xab}, {&(0x7f00000035c0)=""/93, 0x5d}, {&(0x7f0000003640)}, {&(0x7f0000003680)=""/87, 0x57}, {&(0x7f0000003700)=""/207, 0xcf}, {&(0x7f0000003800)=""/134, 0x86}], 0x7, &(0x7f0000003940)=""/98, 0x62}, 0x8000}], 0x6, 0x2, &(0x7f0000003b40)={0x0, 0x3938700})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000006980)={&(0x7f0000003b80)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000006940)={&(0x7f0000003bc0)={0x2d7c, r4, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x78}}}}, [@NL80211_ATTR_CSA_IES={0x14, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x6, 0x5, 0x5, 0x6, 0xffff, 0x80]}]}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1b6}], @NL80211_ATTR_CSA_IES={0x2d28, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_BEACON_TAIL={0xe3, 0xf, [@measure_req={0x26, 0x4b, {0x40, 0x81, 0x2, "3294a608215045ba66b52ac6763caaac34f11d1924c9c2a3803a2cd891ccae257c3d2d06db693f22cd8eb410f2ff80ec4ea030ba1b618d7b342a8cc3ec7edd03aaa3b4af1d0bfaa6"}}, @peer_mgmt={0x75, 0x16, {0x0, 0x1f, @void, @val=0x4, @val="e2d64059f9c3c5a0775852c66c16733a"}}, @channel_switch={0x25, 0x3, {0x0, 0x78, 0x5}}, @prep={0x83, 0x1f, @not_ext={{}, 0x1, 0x80, @device_b, 0x8, "", 0x2, 0x3, @device_a, 0x3}}, @preq={0x82, 0x3b, @not_ext={{0x1, 0x1}, 0x7f, 0x81, 0x9, @device_a, 0x1, "", 0x0, 0x6, 0x3, [{{0x1, 0x0, 0x1}, @broadcast, 0x6}, {{0x0, 0x0, 0x1}, @device_a, 0x8001}, {{0x0, 0x0, 0x1}, @broadcast, 0x6}]}}, @rann={0x7e, 0x15, {{0x0, 0x43}, 0x0, 0x71, @device_b, 0x5, 0xfff, 0x3}}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x7, 0x6, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x6, 0xbb, [0x200]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0x3ff, 0xbe94, 0x7, 0x6d34, 0x5]}, @beacon_params=[@NL80211_ATTR_IE_ASSOC_RESP={0xa, 0x80, [@peer_mgmt={0x75, 0x4, {0x0, 0x1, @void, @void, @void}}]}, @NL80211_ATTR_BEACON_HEAD={0x61b, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {0xff}, @device_b, @device_a, @from_mac, {0x4, 0xff}}, @ver_80211n={0x0, 0x1675, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, 0x7fffffff, @default, 0x1, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x3, [{0x19}, {0x16}, {0x0, 0x1}]}, @val={0x3, 0x1, 0x78}, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x74, 0x9}}, @void, @val={0x3c, 0x4, {0x1, 0x2c, 0xb7, 0x3f}}, @void, @void, @void, @val={0x76, 0x6, {0xf2, 0x20, 0x33, 0x9}}, [{0xdd, 0xc0, "f8c65b1976b43bc67b5e0b70e9881a372918af78a883c9da708f009e8a6396fe9d7ab85edfef83901c760f435f4e8e5e87f98d793562efc8c4f4ee8631e72b6e023ededa6af833eb21830745455b8e0512dc062560ffcf9a705b99027b0d0a0cacbb549f76353daa225693033d366f85f699ec53652683bfe5058b2889bdf9162fa5453f80b611b7aeb491af02021bbec1f023108d5184a7ebada96a37e707e59e243cffa2932c6e2d1e4d4d49544e409910fec22069d4c52451c7b0888ed95e"}, {0xdd, 0x6f, "b6f44cd1aa24315f454ff6115557f9571c8216343d764d8255a5b2e84e0d8159647e91c83392659e5b1208cd04ef444b1ed1eff24343c02e4aac0437ebc2f9e2596799bb37420b17b8c1f9b817dd438dda827747cb8d45876afb74e9ebcbc8d59adbc68a338594c6064ab913d0bc91"}, {0xdd, 0x21, "a3f5fdd619190035502ed93faaa0078b4975aa01030bf9b02d0861fd6d9016d703"}, {0xdd, 0xbb, "524ac2d1c874b4b50a983b4e09b4433a816ac86dede899452d97997f52a295ad6c0fa5ce363ee6b22be7b56584d5858f4faa4289292962dad8f7b661bcc69c951223ace30e5132246ff8d019bbab6c06418d8ce4d7f3544fb3a137aa1ec4ec98bb54758091255a59dbfc9922c74cf987b928157888252fb570e2ec137bb613e111ca0e1a35492c662599216c0b243def4e9071475455cc639a57937a4ac13223bfc825e46ab226e0e0592b813df76829b1fa34b688a77d44e073b7"}, {0xdd, 0xcb, "f477657e3efa1abf310493a0bb98965c6b5bcabca9906984c037e6c121d70368f0fa7064d8e9d8a9a75731f76407b50e039a6d5d7758dc6ad39a5e78f3b68f7ca2880404c58414550127598607ca12cae81598c2344bebff9ecc648341be17e424d33a1ff52c04eb8614fe8b768802e2be0bbcaf6ff45d94c6e040a41c18554d997a7ed5dc2ab5972ba1b9b261af95a8e71f9c5768077113630e2b9458cfe8561bc7a043099aeee3a010a352176de7c8e7422bbf91abf0171bf3452f61bfa58731ff13e2b1d3719f54d4fa"}, {0xdd, 0xc5, "253365c872c0cc1036f40b1d8a352673f1b310ea99b8c8584f3af3f19f99fa26a6b8ef51700c127a32aa4b37dea27a9455031cbaf06283c38fe7857c0b976704b3012b26d7aacd340b70172b5baf22d1cdd4d3b8de20625b79b79241904b40b29f37fb5598cb76e1b6dc98eca34fc854f9f952c3c8b8097c8fc82dcd7db7df8c72c7bead9fbcc5bf3c2c3344b434087e11de572d9c03bea834d6cb67a2ff5f07484b69b9994069ae3fd4a717e0c4cb1a7d00b9d825bde5bf2236d47080482f668dff4e9d86"}, {0xdd, 0xb1, "3216959832cf8a651c4c353a695e28307c26c96ea766e362842c909d3168b1f6828829cda73cd16a0f7c765352d18dc8ead6ca47dbfb95e6952b1680a9556cdbfcd4792dcbb0111f6ac1c877eb1ea4db6168197a165b4ee21e5eba5178259c9f4ca389a792d74318eb9351aba6e68da49f8c04273377c542e14f8ad6e206da0be9be9cf55ef8aae3bac7e23df0e5c5037e37d73cc47d1c2ef60ac421495068b7b1461b2c9923c58b74d25abb1ebdb0e193"}, {0xdd, 0x68, "45cfd0054c612303befd6e91240d0c0e4035993594663f242bdeb6e07e6e31c6e570cd9fdb7d3922ea4694272cf40db128c3d662703945da1d71294257e72cd80f44cb8129819a26359c15c22af5d132e973ffbfe32f8853a24bfc9a5f333eef1f39999d2f0461ce"}, {0xdd, 0xfd, "14301bf32df2e824fb47a9ffcbbc2794b5e1099c27591ec5d44dcd883303c2c5eb5cb0b70aebf813ea332fa69456857f2272287632df2d60a6c752e064cf532516eec477450f6f2a37393a255a9581c08b82ecb32cf9aa452be1d2d57d6a38927dbbbb804a5695376bc9124e9db893d94caa3e9396a5c09bcf16208f54febcf5fcf889556171ebf00ee207f45dd911a8b7f1a537bbc594496c446323cbc83137e28cdf149c1bc0642609681b146641c0fd79a98918a5a7394d36c08c16cff913c25195998d7608419a74ae3518434ca20ddebe369efc697676996b8fdda59452e01fefd3cf28d799c47b7b4563de3f19a58a58c34feac8007186a2dd28"}, {0xdd, 0x7, "39c69278f22328"}]}}, @NL80211_ATTR_IE_ASSOC_RESP={0x4}, @NL80211_ATTR_IE={0xbb, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1}}, @perr={0x84, 0x69, {0x8, 0x7, [@not_ext={{}, @device_a, 0xfffffffd, "", 0x41}, @not_ext={{}, @device_b, 0x8, "", 0x26}, @ext={{}, @device_a, 0x80, @broadcast, 0xd}, @not_ext={{}, @device_a, 0x1000, "", 0x3}, @not_ext={{}, @broadcast, 0x7, "", 0x41}, @ext={{}, @device_b, 0x5c8, @device_a, 0x33}, @not_ext={{}, @device_b, 0x1, "", 0x1e}]}}, @rann={0x7e, 0x15, {{0x0, 0x4}, 0x1, 0x8, @device_b, 0x6, 0x0, 0x8}}, @gcr_ga={0xbd, 0x6}, @perr={0x84, 0x28, {0x2, 0x2, [@ext={{}, @device_b, 0x0, @device_a, 0xd}, @ext={{}, @device_a, 0x8, @broadcast, 0x21}]}}]}, @NL80211_ATTR_IE={0x11, 0x2a, [@supported_rates={0x1, 0x7, [{0x12}, {0x12, 0x1}, {0x1, 0x1}, {0x4}, {0x9, 0x1}, {0x5, 0x1}, {0x4}]}, @ibss={0x6, 0x2, 0x8001}]}, @NL80211_ATTR_FTM_RESPONDER={0x1008, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x1004, 0x3, "b66130c1b6a662c46f2ddb4a06aaacddf4640aab53da42d073d56e780976eee676f7e0e19b08c28154cb88e86d0db4bd2fe52507d0ee19586295947e57fc584cb0d314792ea06222308b29ea14e35c2c0b90ef5459d6affb3d75e87e7347e1fe96564b8da75da857704467cf98b9861cdc5613dae7f7074991f6eeee430133e20fa74675d8348e07d513790243d29093efdb5dde4b4ccc57c431f891f38df7e850ab43a9ac1fa114a46dfc39f190f41b4f8a434afaa1183f9996a8901163f4f88cb5b0640b2f384f6dbfeedfd33802c6d17884da031fe64e41b3e546214a49e73cae0cabbed1355665db95021a899a1f4184d066a48b3c405eceed68e773c0320997aa14d07a4dcc356a31155d15871d908689085b7b22dd09d30c1a63ab3404a0434ed2acc461e4ae9be5d683423c815e691b0899468349b3539c422f4cf8b040c51276f73d34cabbfba1ba542c86e16d2dbe39b2717568c9dd7b116cfb058e4e43e30ab3fac132c86981c40d2580e9bf3e58b51f2450a5e3bb075f533af53e4ffb0206ac965ad120e9b935658615df9c6a1012892ddde62dfe627102c02616974b214a5a17e2aceabc241d00c9ad1b53b0f3fa89b2b080ac20df9fd149f50620ba460217090db59806191f4106be6f445648b911402fcd5e377143b5aba793cd198c65dc48957a8e3fce2693cb075f8524bf5c36b3e54e54e2d72afeab83c2f1a08f629ddc2f7410dd36986c3ac7bb1dda596d09bbc442f2e405878b43d26485aa2583e541a1c15d0d3358eba15ecb6aa4c8d1d1429d27aab7a2ac1f0dea34dbbccc0cd02b6e39f2d0980224a21ff25eeb1f162a58e4c0553b05d62381e93d429eef75e01435e596a42881bc19d9f9f259ef37e5f5cb350836e18b3afc0bf7e19f1ff4bde1a5a5706ca3756c08f725247403d2f4c5efbd66b4671131bdd2c6b2b1e43fb2ec500d7157e976555fed32a6869f7a210a132021d23b9765e2c844729e3d9b58310a21c414ef78585865d25d33942ef91e529fab86f45c2175e9ce178acb21ee9f4705e1d839b416463f976e2bf7d7b1a99f5aac86d0c2b38bb4570bc9cd6c7bd7c88abb511cc9bbf3c7d24c34ea8a04b61cc90ab96e48fc61325370cd3e649d410b3101e1c3d9bf8d0aa3dc0a8428a3cc90e375425355a335889a7a775086a30698020240b9bc35b92d2cb9ab2271980c6ccd07e0397f75e5d5288a0900ef9177241a2b875062ecab9e79c3cca64af102f23fb8a2bf8b2df11d7a3d402c9cfb46d979d0ed0d65cd777e6961fca7b93b412a59f90cafd3c165b837eb37ebfa102990aab8086fbb3eb89f40f371ea97b0285519ebed6856725aed3b758a905274e23cdb89a39749bde5cc8782cb535cbfa9d6eedccc7342b24e97b5ce5f3a41c554f0738865bc5ae336558539289c554ecb85750343493b753d5cd6e38f7552ef94558a17d0a3d18c60a70708fec4561e2b5875aa9bf1ee12b1f9e78d93370294116bb4cf24d8af4fbbd177a9b98750a4cc0f6969722579856720d7bd696f617139471e224369e721ab950ebe3ad3863a8954ede4da6bb868b87c1fcd480ebf4dc8807caa3e79a5b93ca0f303e37609ab55b917fe310edba6be0f2424e84f8c8b92c4504cecfbab2d8bbc881e0512fdde996d8430739a2d72b8ac59252d0977e4a97a1d2a910fd476e15716230a4d1553f4eae6e6bedf933d27f5e1dee3e6caace60debbe136f256f4b54df9465c176473f1745126b2ed245c8dcad27a2c0113e654f475a7f42e04aaa74bb2ad1322f07b4115728f077ee18b6fd08361e674f419ed8f7ccecb99e9a6270025d8309965c02b4765c526808b454a419a545991c88284c1d899a1349467784561b21c13121e7b1163bc481f9253889e80275da75efecd1f041a2273cbfc4fe8e02b540200a1193f3a4f3051c72d503a0d78ba64f5e0213103e01a327ab2f8bc853b8d3127569918b3618867507ec9011c14147144bb687bbf8c20acd69b062ec2ea811f2581b763993a0429fe0b62537ff6f8cb503779b70c4ea2fd0e7a0e56505489ea183517782fd631084b94b09e21f23f9df8d770f156d3721cb3edba1b8ad852dd7cc9f25c68e7d9f9c168cc5911fc001bdbd21b9e83320d0fc49c3323da9cf5bfb5369bf48540a52034503e25ff215cc4258975fca5f97acb5a6b7f6f17921b5187796b7c4e435432cf9889de68ceed67e7999de3e1af49b25ee80dc27e5f9a259c65e1729e9fcdcc698dd2d52b656638685125a3a7cf71e64307bbdc3109fcb28407561d5348bde9c791b9be21e780830b5609baac448c5917d19dc0b9f9ce2c47bb777beab2fefb6d9a417185c8bbb6724e01e61af0ec8d530d8633acb4892ebe05a20f02e1d3b9035898820559e0a822ca03a987cfc87634a75c4e371d3f5c63e5765804b30a2988963bfb2ae1307ec6904ce21c07709cac15a3e0dc5962da534468f0d467b13c7894e00c5a1fd11b96a90ef71b28929cd28d315e49731bde0562ba5e95ccd4e43b4f61d586bb24740a5cd86e9d963dec8e49d1a0569402a1f37427d46883e2ae9dd9c98d5d460eb61fe858275d8535ab2774e67324b4d641ebe91dff0a948c6e1edca2d03caa60be0be15a572a82bdd27710c995723e8856a3b9769822af3e5361a2d83f4e178ee0cc7196d2ec2ed2a79ffe91df865280e653369d6f8fd2c5179e62233825038b86aedc8d40058bf79352d5dfb333a1dbcdd4ed6f759253007ed0dbac065afa5bd82d8b24b62925659fa5534188ad596bf1593bf94de8c8219fa384d169c6f172354c95268a481ef584dc8142c126b81267c56fa90043946ec10b7516cff4f0caa785cbb0287d051497c78ec3b2f6eb2f06ad5e0ca8212f4280a834d0a145323e6c158f19b6ad48b9d35e39a5b22a00a54cb921c4f844deae79814ee7f3a29631fb7974757eb7ea90a69c47e55465a0238b800234b10f378f0713f3de086f24d0a213f77791211794410a52008d6d226a25e497e5df97cfb2f222b536b8c6cef2bdd029b61c91ad6a88ced111efd16969066a37fdd5163051a24019cd0aae63ba687fe11a7f1ec98513ff9c24a197cf3927fc904f1bdfd358612135bafb1899da442efa810735144953769cb7dd0047acefef739887fee71f3d315f0163602dec674752e6a5826511496131558b53851db9e0b401013d470a531f2df2d889e26e94a5c745c4012011b1de81a8c3747e1f88bd37cab31a50be17e05000c90cd78351c0a0f79477e9a58738048317be849ea2519bd71e79a76242799a34c0a36a7f6bdcf603d10fb56b5a9f253fb44d0570854fe26559e66917193b7c544f6446cbca249f095fd9a1c451844542177b8b02e604ce461d5df5fbcf906c27874891a66472cd067365d5ac414c04559d5cc960f632080e1e90845c0862886e7f25d01f88eeb25f4b6a5beb7917269ce1bf74b596519dd025139b27a3f0a26c514bf88d351946f769ae9da5df71eacb2d39a0e08dfd9582b3b66367ab065ecc05e49f387951765684a6d19ebf2bd33e97b5e1143f9de4b26678577cafab94698a9eef1bbc967df4169d34ea6d38fee1367a65a03372053ce81711aef29d7a9803bdd0563d03e1edf3e87ff0636b21e8be2278c8dc8dc9eee05c9979491c096e4a0920b9db3778162f3d6f3c4ec3bc5b6b88c5c244db860657756e8666cfb5f524a517bd0640f01ae25efb00de980f2f4b2a935d692831372a7f2c326c9664f69749b9f718652e84f35617d94a09362e5197edde5f8647c55b42145f2d902407f8338ec4ea7aa776b5f9312ae84057dcd42f495baf8b23635e82e9530f7ce53efc169026c99dc92f013ca7ec31f6012fd983a61e71dcff169f39618fd884a8a391fc3c5eb0a7b3b2146120fc368c183ead6f5d9592a14f5b7cb50873ded8f8dddd0b70599410b863d1300d7b7c4bc0360159c807085ce589d3e9e5960b92e3f9f9c054a9cf2e031c720c5065259f4557a85b6ab045b0ac69dceb07bd21c27c9548ec0ee0102f747f71556de2ea7a7184b1df26eaaa8f4879436637b24b7cc684e54de75a681c114a0787972054f8687969a2b4a07a3e1bb325331d02e13ea8c83c12bde51e1a2fc5bf1424b36a61197ca51bd86c48a44c4d0e9ac86a42e43e06d1bc0749bb559a28c500bd6eee52cfe8450da41404ccdff16d2f104a6664a497412aeb13803e84734cf0574ae754bf0caa7729763b97d3e68d0738778c9e2d88687b2a1a913ed3728c64d5b2cbdcea35f05b6d2280b8a5d25298bd295ecefa97647d7ed68445009ab5c8a0818b0565ea9d51b116ab21f0ed777c57a17c1ea82181f9d6fd104f445f38619fb507f66e01239aa0e2a764b0c6c2d5740b6b746b4b3c3783e411bc072110ae79c6e904f1044b39f03e8df4e1dae7c8d21d8e8ee3fc23a0eae38118835f06884094eb4a5dfd0f4aee2adc7d490961192699bdcf807c373a08f1b45c2c1faba523707e132756fab4eb9a62e8090022489d6dcf63df6385d5d5b393b0ba6b7a6dd7172e0f4f999f977e5c15415be19e2387142e9447f49d6ccaaa6504d7c250582ffee26593efc1d478543bb175bef26922c3d14c4b5656647e31eb5a2cc74ca4d08280c2cc7f10565989a0d8f42ec490b40342ffe4d2698f2047ad383f6bcb83c3a579b6abdeb6bdd91e51a7a86f2d9f2bbffe703452012d888aa47451022a1f5899977d4e81b5381848da1f65e38899e17849b09a0ffd6ff9618a5b16d527e3d1aa9783b308aa99cd1695610773e61912489fd1e2de1fcb83945f3658b30ae5444e595ec4e555ebb7e33076925748fc1e4c37df3447bd63e4bd58df89cb05c17e5c29032728c7a1fa4ea250c5f8fab3525532eaa86042f994fbc9d7577a65802b77e830f89132acc07032ec3a0dd1a2202283e49424d776f1e668368b63693553ec1c971db197520d34e870c80cf56d6b113d9b3dcff28fc9966e5b8724c3171c9d34fac8f0623ec0b6e637a72b62150f2366bed99e3b279004df3af1c93f71ffa25612e839e01da325147d399c8aebde2a0a1e5decf9a1c1695ce62ae56f74da0304ad8cded92aa3b422885aee095296e527c4f5b6fcef42a987ad81e2486e4cbd5523f69a5b6a828a2a302d797de50d3069921b17862960416ba5fbbd4c969aad4df5bc702fc0d22ec65013c03f6296b06d017046ef3ce8c83284c5dab8e8b12632a5d057e26e469c2209964c9079dce9d0844e63504b860c0aa981e6a7647a3b5a23eef39a433822f0bbb24f4337adba06cc3d1c322d904198b63b408612471b6cd1e1a36fc5a1ce63b14ffc7c9fcf01bb9d0344fba043c191049073a228edd92454f22884de2a3c7e675ba97d5074ebf1045e4ec647e25477a0a31199492c3d32a6586935b973b5463b1c9ffcc6962e46ae078596aac80829fc4f89f4aadac08f9dfe2fc161f5fd1ad2951d5e9248bb5f4ff3d343476c8f1e4f5fa792e9d517a7f434160d5668e3828bdc46830c619fbd3a0660297ba22fb2599bf8fd318a76e70560c1d56f47c1f90405295c6846892d8257bdadb85b869317523def87fc3e2dab93258f0785b2e798685e64aa50fad6dca5ddc7dbcfc0e748eebe306224646d839cf8fd2d622b7d021d77ffc9bd0a1d4d020ebf2dd78759497ecd3487860708cbb182f7ea10c0b82b0d843ca45e8eea91299f075482fa9dfd7c55bdfaebf814d2b5cae6f5eee61266fd8b27048e10b3dcc5352229d9e413d5e1b139a8d86d1cf9a590fb86b81530a1ae74c3b96ba021c6db2fd02"}]}, @NL80211_ATTR_BEACON_TAIL={0x1009, 0xf, [@measure_req={0x26, 0x1003, {0x7, 0x3f, 0x8, "c085bcd6df0af9af85448a20768347b2f7da618306602040e42c6b57ac1bca20d4bd681827f4d9d5b482e84451bb882bec7a2a563e67dcca0b6acfbf616d4db5b849534f25a6396c8a4a813f964ae367b4b36aa6130d8416c7e0efe055b90867d23f323529004c1b10d60698ab0bcb157a62ecd6701384a65ea0104b25c933d928df678ab13225d7ecdc168cf5a0e9a770b0fc9bd31cf914c9de77d19ae3fcb47e3088902a0cfd0b243558e05c66cfdda9134caf91bfd4de0a4f4343a0ccf8ae4bc8c633616167d01e99fa45da4ffa13fe844a2c06f786a4cca9fc61534f8d762df295a05d7ce9bd840db7be234870ac4c882036a4af581f6039d3bce1b2594525e3fc8a96b4f2b6580a519659b6dd538e06d4de5f2ded9c776cba44b74b8a95720820466f6bde46875e369d7040ad8df4ff22eeab828c152a1734b1431d24ea0f575aa2afa9135c4dab2ec75fac1af9beb228354c3bc5993d3774d2157f6e6e1ca8b3a8da48844d08acd6e959845759e251837495fe67db533993cb00dcd1e4114d0252d808cea7a18439d0dbf8e2db48993573a70826a1f67d1c6922bc25523948d57875aea2b27efb539bb09362bf9658e9bae91a8458399ebcddc6a60bde8a16dea98b0f7cd1ed7fde2e27a7ef3ff4240196c233378a87efbbd1c5d7eacbb5d2546b18f8d4ff196141e9349bc7ede6b9aeadd0dc1df6c907be9002ee8e599af69aba2719f787c93f109818c16018c6730f59390512e1187f7a2949c9ffbe5fccd2283181ca8bddb4cbd65752d8106641a27a5628d7609a91791ee9abd66890106cd5ecaefb8ad4e8311c0e97284f16649e54902ae80e65dccac217d5a8db7f7a89074045ea4bddc857ea555c3265497d2cba08fa8868797403820423a52b164a6aaa686fd41b5d3b7de5868807be5f3ba341bab5d3da1270439b3d28ae9a249be95a1ae074b1ec77bdb3b30523d906a4eee986fac569936ddba954b8fa35ffc98d12bb3535952e403767e992bc864177ed4fbd10b5da71feca03f85b81181f5baeb3c8e80b24669e7cb172ae7e5b7bb26e2787120c9edd9133dbcc304f451e6e4ad8bacde7422b21e81af6d1cb386de7a52c7afbf802d70c82b165116face18ca671baa0d5317b12c4557943ddfd43aaf8d81fb8259735da151e25e5c80603fbe1fff63fe65c6e51509d675a5823f0b047108444cd5cc3a7a512ce67dd4e3312ef340882e04019b6722479f42837e15459e8342ee262b8980c0f36e0f1a46d69c39c25e7400fc7b01173c3b2b1992a3938162cf485ff3392edc102ab731615badd53ebce1220854138a24858226c4d4dd13696df7ab2e8614ad23321744082b94cc9310a48cd156957342dab11dd87823d2310221189cfc20b3744ba76cdd344cac5588cb8575eabcea5fcda37c9b154cf56bbef8901a283079e6d9701b8a4512ae4d52ac48b99312de36e2ff0e69e072933f33f2621e0e7ffaec102b0564e4b90313bf6cde581b53baa59545163d1e32268a5f22b5c2036e4892c640e92cf971511d0f4b73ff876c34ab9edd3aebfb2a9b2dc1335af632ce1538bf5b3f3198b6b6e2a7ccb969bd33fbed32f80a3c1426b283a1b64f9bf93e0bcee78b38803b37c8b69ffbabf16836f64610ff158e610e31ac4fc47dba140cefa1f9a1a42aa970e25c4287e59e764aefb592bfb897bb30e6d7dd3dc77fc50044f77f134a2e7d655127b812b577a404ca02e6587bdbdaf7455c3b973c14218ec5b58d2d72827f22ca693e53e6fc54da792c04b79d6097786857b2b66cac8a2470cceab755c659bafe9362fa076795f36baa39171075d923ab1de9b9357f874db819c6965efaf2c1ae56928d55562174fe8407d88f2ce3b9b4e41f1d13fe34cb93305da6c70bf7f96eb50b01791fa9ce75637abbf8a453dbf9d24dd9295d02c528f7a0933f11d0a8a647fc45560d14c47d825572d21dabfb7e66a237fa2a31e85a4cf43dc623067b426c90f4ddf0c84e959ffcc76f632fc8c9c438e96ef992ba1944a2915f554c70fda59ab58b52df2de355577bd0bf3f1a79369928442008d777d6336792e9c6ae717f05e14f52d6f747e44a02816f640bf8a405de3e3f0865082811f0af426814b993c04c93a72538caf0e0a6c02616008599a18e47101b20eaa3e33618e90e6cb71538d4bec0c00458f65f017c2a937d146c9b0e289d7c4316adb17d1f3c1aa5c6bbc2669a9c150a9082dae46ec71ed4f2b087bb2a4186d4f93a3b74b5c369901f3dbfa4830eab2f1b50e3ca41ec58ed552dadab2b914023b55ee396363db6f2295c7e8682cc6fd0fc0be6bf0d1f9473e7da3a6e63648d0fa08dad5ad7c6d6bf0f3dc37080058dec8def820a6ad4553d05919f46c6e16f00d15be0e5f468e480d5c90fbce8f665c765b821dd8d5a7fe7aeced8e5abce20f456a2b096bd7965e60d21035291f16404b4bade4da3b71089221325558d4890d2b62f7f8282bca73cb2889fa1df9675febb1927378f0040a9b109583df6b7b414eab49294c16997085cd821971cbd5b0ae68d639bddd429e5448453004483c1150bc819993fe99fe4a4dc7f5085cca24655fd062d58fa335ff1f252fe8abc2adac02db05d66dde9e93e31046ea77f1c0000fdf1c8e54d4bc1e7c1e41c510d232bec06083980ab975780c827b512b184bbcdfe75f40c0f6162100305b4061a0a17fab29235aa0fd142ca7a678fc484e98b93b8563c77cb708ba32e4ae76ec4c1112cdb96591652ddb3e210a3085670bfe4745c07d98a4844ee5323923909ebbb8ecf065b50ff6df3262f9b043ef2c0829e76ac1592a46964e44caf58fd8cc3d9be51b8e89460ba3252e5c318035645872672b2f6dee5b2856100eb720eab72508f435dba769ccb814e5f5bbee390c5d5976a32307343f074104ee60075b72584c2e119f4f675a482ab645a7592632b7b18f955da9af893f58898aabaad8f9e31aa6e77fda57fc10eece3b24ee6a5bff4f5cba0d470738cee7f82efbf4b7eb29ff6a3e4341ab1e3a9f2d710a692ed11117c223b0784642418bbb41bd640429f049b598f7b853016a5381dd27990501b14aaaad5a7010cc8d4c3f3422591c14b69e2b5cf3d1c0fe15b9fb952c2cde619f3ec6200a5d8356f4022e19fcbce99a694653357e24e17414a6e3ad1ba24f569ccb79ab5c5586083d1eb005a0967a38fc0332c2406fd597b187412101fe9030ab067ade3b34378b5e737f47509eee4b55668825398eb37da436b2a00985af51139b647752b47d10ca3200d38416aa1b1ba3c4a2ac8fdeca9e67131424892672b3a397dbf5798bd862da4ce99bff2eaf40e314868d86d579fd0a811285c8a44059cecc395af7cb5c07acfe64bf0359e59c4dfaa6e3595ea0a953b47a476dc08d9cd8684078011eedbd8fe772a20fb16be262d443bd4477e0418bd88336c6c0cf4d55a985facc48f6366a72a60d1045c7af5d4d86b230deef6b20304f7b0dd00dd4b6ad0a78812594ba333619d7f13db0935dfe27a4a3683dcb6c0fb0944de802e625253a95bee4d88b35a714095b04f0f81b77a3cfb7f5831c6ac5577e9cdec8d0b63fb82608eb8d9f6cb926cf78ebdc41bdd33343cd9a64679d958978d606f9499dab49a3d23238cb8a68ecc49a246b0a008cc92c61aa5d432c2cb1167442b345030e85fbd7d57418e23209a4fc56640e98be26653c842efd91377d69d0648622a70e43f47ce2fdd00d193933707fca484d04a8e0c3c38371eca1b952f810b73f13f11ead179965e2ad421581a3e018dacae90790df5b661773d48fccc841691c72f731ec6ccdb639ca16842e0fc0a4eaf43c286052c858e405a59695776b44160b185aceb969acd7634f2b4433f9fa0d3ff5f14b23a06033e8a5408305c34fc75581afa0ebe5a9c887aecd149976d84b9bbd1cf3e9c04f2b0c13ceae0e5db63aa3c9d113df8483d05c9fe8b09ab19466fc123289e60600469a01e653add98a1b08dede91c6238e6795b6924561706f3f9dd3296d854746deaf37838f13f1c03683abe81eb36ae77bf332cd4791ac3fb677c54ef5d16e87fb5a043407342c026a8876fa5a9cc7e3a17dd8871c571cbaedaacd48d2a7f9863482ae23bee2c19365adc5575c5dd48eb672bf25cffd142c5a03b59ead8be237cdf6c2669ea81693bc72a6df801bb8bd41635d708ffa78814c31f885b7c2e6cbc1bbdc9b4dd2501973b62d97202bafcf05e36a659aee5c089111b2fbb42c5a13008bde969904c095d275806ef36a115def1b5b474f3570a6b19c993ef317cc2635a10ae594d569c42ef421b8e83bdff7ba9eb320dff3d60c1388297b02f1cfefa400ac1af681a8864b14078bb4ae7ac0347cb4d8d8905e6de81a308381fa03effb77464bdf2e64579564d868e8525dd27c85c440df9303e9dcae277aa014368752414ab069265a7df5f52feb56e05e0df3b580d3acf2116ec03ebcb9c8f4012f803706515e2250655798f4701b04e0c5109c6f72bde24ecb94f276f1b806bb18bae223d69a12b0592f6889b1758200fb1a00ff6663f50d242b7b980b1b054ab64f78e1c640f3819a285b74ec0199c0b6d9daf40f0bcd9c9967775e0d5be3af21bca79cbc5eaaa69c1b832f5f134e913cc042a0603a791d9b60bc7c114d4ed028d1c4aa270f909e8d18a9cd85abc1ce05f04b2538f5547a53b86b1d810bb194c4fd5f3549974b38ed182ce2f7346b9ea653f32cf04eef7bb6c5410653af550eada9d9bd38de9bdf26c369c9d06e66a3cc77aa445be45607aff25381cb51a9a289df8f54724f3d493e8ca57f3b5a249807e3f12afb4b1bbac17a0828b8d25de1a5a8f59bd381867d2c769e1d4e80ec8368c437c94cb2cf9290022bc261f5634bbe754820fe85aea3854f3fdb95a423ee360bedaf6b67465166d1f5b77e82e309fc551f34079a8ff878aca176f2a8e3e9ec332700fe1e5cae6e45f6a44694fb20f43987fdb2f2cd6002462ccebb6b307265937bcd6cb972d6009fd121ddebf5865f3383a93f09500cd90d069bfd2d060c128c2e3439228712ebbe112e8548918d8fc0cde7720b456eed0ae5033dadba819aa767c5cf38f453cafeca2797238f7e9e32328ac6f50e854e2b46aff9bdc0b2fdc804210c6d4f4291c25ca7bde83b8cd86d818fd8314e1a35a4140c690731a15c2893af336625495dc6b620812c29133c088f0c207cf3a106d68193dd664c1d15225dcd7364dff46546a7219e4884db7fdf0b82a97b162627f5db94abb35335c7443988ff9289987f3377ba7baadbaa4077569d1991c2c4475c00e10e5ee1f1fdb1d5f2e1faacfdb8b7695b3ee7a9126a233a795e206fc206073966bf4b74c03090a9fabb954199f5f4bc1e87c127482d48b752677e6acc06692882965fecf0a05f32e90c3516743755a512b70377bc5b8b6ef5752da4223b4733fe301f0848666ab5dcf240a7ded56468f35f215cdc3d414423237ade906f4d2e2a3be5b5cc3fe0d392c43f12a9e50aa857fd488ee984c2732c309d0cdc5b3a8fe2537eb7417d2493ba852daba1d2a1c296171b9cf59ebc5ddc467e9e126289a9ad55edcbcf6730357f5a10f7a96748dcd5423274fac7efdf95ac0f4305b7cf10779005ec505329236667ff82c6197b76a7e65555dd155698acd73cdcc82525b3b2149f42e38e32a251e8344c833e4f84b8b36b408799f24ca9746777d87456d4b8dc2a6b11d7a1ed862c2db2ffc531c99b5c2296333578b0a8806938c6e834cf51c3aab05d541af722baaed0d09dfb20a7057a69e846"}}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x9]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x12, 0xba, [0x4, 0x5, 0x3ff, 0x4, 0x6, 0x7e0b, 0x0]}, @beacon_params=[@NL80211_ATTR_IE_ASSOC_RESP={0x4}, @NL80211_ATTR_PROBE_RESP={0x4e9, 0x91, "154cebb7eca6a6850454a176b3f6ad4eb8aff79b6c69152ae40b47014a0b06c5cb9b98abb8a5ff43d29c369d05812d153bd168112cb141d1e46c690199bafb74699645d5adf8d69303e572c3cb10ec02fb51d4c71477cd60cb92c4bed4b9fc97b51ab86b2d87e0af17f6b105a806cb12fd86398fdb4635df3eb37eeb1d3ec3cddbd65259c0e2611f008956a9f6c0c00d545cdc1f1b7873006006eaf1e22496014253daf4a0c5754eaf585e776e01b03a0901b8fa60ee4bfb9e55f0d5aab711b37c72172c9edc2e06e76b66991cb27533309ae5468b35098064ad57872afcea8d8393e21aa197abc508eb708d2be823fd1059969fe120bae586d8c009260b762f4763574859c3056b02210c7431ac9748b28a84405cfe5da9fcc0b02ce4a96cdbf3dbea3ece6b9934332d72b1b727fe466da971fd14ab04219faed978e129a5a7f3cb41b64057ec2686b1ac49d42b7f3a87137c507d05f51f22ed693536f7418a0ed8ad0f57f6ca4c170c0fe9518f3e2a4257ed592ec39ffb4b0d946e62854d4ab10fe8c339899b22aa0e1aaf219d99d3c5853d9b3695259394fa5045898c6ccf515913ab2f930878ecb1591314488c9684096d556a47abcaa48c6db5101bd9ec17d227dead1203ea3e82e32277fca046ffffb166b1578f9a466e0459e5c527dcab090e3c1a431133eb7585f974b128183f825913e43cf3ce5c3b21e93ed3688c35d742ca6f33e36495e32cdb0149c524ff1800536800c97fd4ea67cc086b31337541ab5d0cf5b9f89660b134b851bd3db706431b2a48fec47430af601a1ef6bee718ce7330380a93b4611e928692073bf9d2fc81244b6d1d919bb06fd4e7c7948773ca68f6238af974c3631d2ce446fa3906731a786c21ae585f0e59f4575509c5db02a5fe2d07729782ab9aef8f9a881c1a2115747a5a808f130fb3691c1202690b5aeb930d29297907be1b55768e682126212723fdf4d40ab16f2ecd11e042b03c759adc4af6c3c0569116bbdc2ed67351610224e2f1419dbd6e01613ac97c1c52597149137690239c18fb19a6d37b3888292ab48d437139d666681d0ab36b6c1a76f9d8598ba326bab390eaee0e728eeed1a2b9ba2f82ba86b9d79312fc419616459e2f9706b0ea3b83837f7d9f62cd5b87379315751da6ede7db30a2de40d19921e5b3d50d06b0e4beda483d1b07187db7b094ea1d906c756b459dfcc14f9e511a55452ab76f3e9e10e21c6b30791e0bb4276754cd87ba24f048c698bf3ad52444428511a155dcca11c581f29ec2b337d81651034fa62171fa8cc494378e545dd0616c61a0e1313c5de4dfe8579915e65bd8f0892c4b16e23cf51397009d40ce35781eed4a0ce0199bc0bd0b3b22999e96a35e7b4642d055c4f49b0826dfe65b149a8cc0059c4fb76c8f9ffa0e8e0159ed8f076fa70b8a73e2a188867524d54c3459bebc06302292ea7bb1aaa03775d96fe141842430309470c3abc4db2544b5cc7eb5bda46d049ea931d33358fb41487df7f5bf314d1fef956949a65a4a6cdc97a27aa44860932be65b8c59ba1ec22aac0522a7a46a42d1cefcaeb1ca51de5a4826e4784eb37499516c8e6221c0689fa482560ea98c59a66a194d4d9ea6bbca69c01c204c63e76b58a89a84d5764019406f8a84d615858b2b2be478b185da82ab084f5b9604083f03811eccd0306050dff5acda7e327de2ab31cca67dde0ddf4e52fc7b82a00e7a0068d95a913aa3b4e8aee5409ca26bef738f18121501fe9c4395d1"}]]}]}, 0x2d7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
fsmount(r1, 0x1, 0x88)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xffffff7f, 0x0})

09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2367.403502][ T3829] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
09:01:02 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x20000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:02 executing program 0:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000020000011000000080003"], 0x28}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2367.468744][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.476777][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffffc, 0x0})

[ 2367.583282][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.591327][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()
fork()

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffffe, 0x0})

09:01:02 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x20ffd000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:02 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x0)
ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000080)=0x2)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))

[ 2367.682359][ T3890] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2367.711826][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.719846][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 0:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r0 = shmget(0x0, 0x11000, 0x40, &(0x7f0000ea1000/0x11000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f00000000c0)=""/212)
r1 = shmget(0x1, 0x2000, 0x20, &(0x7f0000f82000/0x2000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f00000001c0)=""/244)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

[ 2367.819713][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.827743][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
fork()

09:01:02 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x20fff000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:02 executing program 0:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r0 = shmget(0x0, 0x11000, 0x40, &(0x7f0000ea1000/0x11000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f00000000c0)=""/212)
r1 = shmget(0x1, 0x2000, 0x20, &(0x7f0000f82000/0x2000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f00000001c0)=""/244)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2367.933242][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2367.941261][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:02 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x21000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:03 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()

09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 0:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r0 = shmget(0x0, 0x11000, 0x40, &(0x7f0000ea1000/0x11000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f00000000c0)=""/212)
r1 = shmget(0x1, 0x2000, 0x20, &(0x7f0000f82000/0x2000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f00000001c0)=""/244)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x28020000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2368.087330][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.095378][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

09:01:03 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x2}, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000, 0x31, r0, 0x0)
ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f0000000000))
fork()

[ 2368.168824][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.176882][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()

09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x3f000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()

[ 2368.294873][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.302912][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x40000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:03 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000004f531d9a87716320dc4cab1590e4fc3c6b564f711d034fb4400beb12985eec87e4ee1046d13de6a8c597e0904c588b557c12374f19c4944522a155a6336eee9729276df22b0000b4ffffff7f281559dcfc72b8cf1464d45b585ce14748045a391acbcf9718d9423fa3d7e95440d4d5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="3d1817e10228dbdd00000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r3, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)
r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000000)=0x3a9e5749)
syz_open_dev$sg(&(0x7f0000000580), 0x2, 0x8002)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000200))

09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2368.431440][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.439472][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f00000000c0), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:03 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()

09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x42000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:03 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000004f531d9a87716320dc4cab1590e4fc3c6b564f711d034fb4400beb12985eec87e4ee1046d13de6a8c597e0904c588b557c12374f19c4944522a155a6336eee9729276df22b0000b4ffffff7f281559dcfc72b8cf1464d45b585ce14748045a391acbcf9718d9423fa3d7e95440d4d5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="3d1817e10228dbdd00000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r3, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)
r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000000)=0x3a9e5749)
syz_open_dev$sg(&(0x7f0000000580), 0x2, 0x8002)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000200))

09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x5be00fff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2368.568219][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.576242][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

09:01:03 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()

09:01:03 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000004f531d9a87716320dc4cab1590e4fc3c6b564f711d034fb4400beb12985eec87e4ee1046d13de6a8c597e0904c588b557c12374f19c4944522a155a6336eee9729276df22b0000b4ffffff7f281559dcfc72b8cf1464d45b585ce14748045a391acbcf9718d9423fa3d7e95440d4d5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="3d1817e10228dbdd00000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r3, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)
r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000000)=0x3a9e5749)
syz_open_dev$sg(&(0x7f0000000580), 0x2, 0x8002)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000200))

[ 2368.659261][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.667291][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000004f531d9a87716320dc4cab1590e4fc3c6b564f711d034fb4400beb12985eec87e4ee1046d13de6a8c597e0904c588b557c12374f19c4944522a155a6336eee9729276df22b0000b4ffffff7f281559dcfc72b8cf1464d45b585ce14748045a391acbcf9718d9423fa3d7e95440d4d5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="3d1817e10228dbdd00000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r3, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)
r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000000)=0x3a9e5749)
syz_open_dev$sg(&(0x7f0000000580), 0x2, 0x8002)

09:01:03 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000000c0), 0x2, &(0x7f0000000140))

09:01:03 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()

09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x5bffffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

[ 2368.801187][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.809209][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000004f531d9a87716320dc4cab1590e4fc3c6b564f711d034fb4400beb12985eec87e4ee1046d13de6a8c597e0904c588b557c12374f19c4944522a155a6336eee9729276df22b0000b4ffffff7f281559dcfc72b8cf1464d45b585ce14748045a391acbcf9718d9423fa3d7e95440d4d5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="3d1817e10228dbdd00000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r3, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)
r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000000)=0x3a9e5749)

09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:03 executing program 4:
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

[ 2368.887103][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2368.895220][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:03 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x5f800fff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300ff", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:03 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

09:01:04 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x5f920fff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:04 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f0000000000))
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r1, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x52}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}]}, 0x30}, 0x1, 0x0, 0x0, 0x4855}, 0x10)
getsockname(r0, &(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000280)=0x80)

09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000004f531d9a87716320dc4cab1590e4fc3c6b564f711d034fb4400beb12985eec87e4ee1046d13de6a8c597e0904c588b557c12374f19c4944522a155a6336eee9729276df22b0000b4ffffff7f281559dcfc72b8cf1464d45b585ce14748045a391acbcf9718d9423fa3d7e95440d4d5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="3d1817e10228dbdd00000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r3, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)

09:01:04 executing program 4:
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:04 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xbe010000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2369.044142][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.052193][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300ff", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xd6010000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000004f531d9a87716320dc4cab1590e4fc3c6b564f711d034fb4400beb12985eec87e4ee1046d13de6a8c597e0904c588b557c12374f19c4944522a155a6336eee9729276df22b0000b4ffffff7f281559dcfc72b8cf1464d45b585ce14748045a391acbcf9718d9423fa3d7e95440d4d5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="3d1817e10228dbdd00000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r3, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:04 executing program 4:
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

[ 2369.229636][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.237682][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300ff", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x124, r3, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x28ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

[ 2369.317037][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.325054][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 3:
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:04 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xd8010000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300ff", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 4:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

[ 2369.455253][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.463298][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300ff", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:04 executing program 4:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:04 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = getpid()
ioprio_get$pid(0x1, r4)
getpgid(r4)
syz_open_dev$vcsa(&(0x7f0000000340), 0x1f, 0x2)

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2369.600943][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.608975][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300fd", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xe3000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:04 executing program 4:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

[ 2369.719524][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.727549][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="00000003007f", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 3:
r0 = fsmount(0xffffffffffffffff, 0x0, 0x72)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9, 0x5, 0x0, 0xa, 0x16, 0xd, "c3c9c687bd5238d1cf904af21f4a14d21b4ec27120e4a62b3aac6063f0f93485afcc1860f7de166944790f3f655689fa0905ccaec1d8fcee338468072176c0af", "7dcaadf1e56291e40d30abba970275eb37ed2aeefe91b06e27f03249a94efa3b803412ed695835fe0e122f7b605c7d6abe4abc6e9289e4e11f20f34f96cfcc73", "e5af0a78b0feb8dd4f833156f186dd49de11516e8bbfbebb30f739ec1e2622d9", [0x7]})
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000d00000/0x3000)=nil, 0x3000, 0x0, 0x100010, 0xffffffffffffffff, 0x0)

09:01:04 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xfeffffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:04 executing program 4:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300f5", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2369.865166][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.873199][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2369.885898][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.893926][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

[ 2369.936759][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2369.944890][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:04 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xff0f805f}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="0000000300fb", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:04 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:05 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000000)={'syztnl1\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x29, 0x0, 0x5, 0x3, 0x29, @dev={0xfe, 0x80, '\x00', 0xd}, @empty, 0x8, 0x1, 0xe5cb, 0x101}})

09:01:05 executing program 4:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xff0f925f}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

[ 2370.087588][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.095604][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xff0fe05b}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

09:01:05 executing program 4:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

[ 2370.227367][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.235485][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800})

09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xffff8000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2370.298268][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.306287][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

09:01:05 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="973f8c91d5bb72ea98ad", @ANYRES16=r1, @ANYBLOB="00032dbd7000fddbdf252700000006000600ffff000006000600000000000c0005000203aaaaaaf4db9b349877181200"/58, @ANYRES32=r2, @ANYBLOB="2418b958715bc29cf900000000000000000500000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4040800}, 0x4040000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r3, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x14, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x881}, 0x240000c4)
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x40)
sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000280)={0x14, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8014}, 0x8000)
fork()
fork()
fork()
r5 = socket(0xb, 0x6, 0x4)
syz_genetlink_get_family_id$mptcp(&(0x7f00000006c0), r5)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r4)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x74, r6, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0x80}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0xe1}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x5d}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x84)

09:01:05 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xffffc000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2370.426425][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.434467][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:05 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xffffff5b}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

[ 2370.603618][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.611648][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:05 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xfffffffe}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:05 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:05 executing program 3:
ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205)
syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0xf6f, 0x4, 0x4, 0x3d9}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0)
fork()
fork()
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = getpid()
ioprio_get$pid(0x1, r0)
syz_open_procfs$namespace(r0, &(0x7f00000000c0)='ns/user\x00')
fork()
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x100, &(0x7f0000000000)=0x800, 0x0, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2370.727146][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.735162][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

[ 2370.816941][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.824954][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:05 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x2d50, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:05 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

09:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2370.955597][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2370.963739][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:05 executing program 3:
syz_io_uring_setup(0x3a01, &(0x7f0000000040)={0x0, 0x200000}, &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
r0 = fork()
r1 = fork()
waitid(0x1, r0, &(0x7f00000000c0), 0x1, &(0x7f0000000140))
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000000)='ns/user\x00')

09:01:05 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800})

09:01:06 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, 0x0, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

09:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:06 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2371.102651][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.110718][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:06 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:06 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, 0x0, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:06 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x4}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:06 executing program 3:
syz_io_uring_setup(0x39ff, &(0x7f0000000040)={0x0, 0x2dae, 0x4, 0x0, 0x217}, &(0x7f0000f88000/0x1000)=nil, &(0x7f0000f85000/0x4000)=nil, 0x0, 0x0)
fork()
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
io_uring_setup(0x72e1, &(0x7f00000000c0)={0x0, 0xf4a8, 0x2, 0x3, 0x19c, 0x0, r0})
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:06 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2371.247630][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.255666][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:06 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, 0x0, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:06 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:06 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x7}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2371.346681][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.354704][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, 0x0, 0x4004000)

09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:06 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

[ 2371.447741][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.455782][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2371.513251][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.521275][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2371.530889][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.538915][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:06 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:06 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x8}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, 0x0, 0x4004000)

09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:06 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

[ 2371.638051][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.646067][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2371.668409][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.676408][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, 0x0, 0x4004000)

09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:06 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = getpid()
ioprio_get$pid(0x1, r4)
getpgid(r4)
syz_open_dev$vcsa(&(0x7f0000000340), 0x1f, 0x2)

09:01:06 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x10}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:06 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2371.789166][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.797314][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:06 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x21}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

09:01:06 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = getpid()
ioprio_get$pid(0x1, r4)
getpgid(r4)
syz_open_dev$vcsa(&(0x7f0000000340), 0x1f, 0x2)

09:01:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:06 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x0, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

[ 2371.896694][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.904733][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:06 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x42}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:06 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800})

[ 2371.980087][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2371.988125][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:07 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x0, 0x0, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x60}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2372.112180][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.120206][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = getpid()
ioprio_get$pid(0x1, r4)
getpgid(r4)
syz_open_dev$vcsa(&(0x7f0000000340), 0x1f, 0x2)

09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xe3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x2, 0x0, 0x0, 0x0})

[ 2372.210621][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.218645][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:07 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000})

09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x6, 0x0, 0x0, 0x0})

[ 2372.308099][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.316118][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x1be}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f})

09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:07 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = getpid()
ioprio_get$pid(0x1, r4)
getpgid(r4)

09:01:07 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x8, 0x0, 0x0, 0x0})

[ 2372.411244][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.419272][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x1d6}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = getpid()
ioprio_get$pid(0x1, r4)

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})

09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x9, 0x0, 0x0, 0x0})

[ 2372.531889][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.539956][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, 0x0, &(0x7f0000000140))
fork()
fork()

09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x1d8}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000})

[ 2372.626397][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.636336][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xd, 0x0, 0x0, 0x0})

09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x204}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
getpid()

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38000000})

09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xe, 0x0, 0x0, 0x0})

[ 2372.745692][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.753744][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x228}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, 0x0, &(0x7f0000000140))
fork()
fork()

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000})

09:01:07 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

[ 2372.870738][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.878758][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x10, 0x0, 0x0, 0x0})

09:01:07 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0)

09:01:07 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x300}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:07 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000})

[ 2372.972524][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2372.980540][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x42, 0x0, 0x0, 0x0})

09:01:08 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, 0x0, &(0x7f0000000140))
fork()
fork()

09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x402}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff})

09:01:08 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

[ 2373.100103][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.108405][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x600, 0x0, 0x0, 0x0})

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff})

09:01:08 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), 0x0)
fork()
fork()

09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})

09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x406}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2373.232312][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.240431][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x900, 0x0, 0x0, 0x0})

09:01:08 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc})

09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x604}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xd00, 0x0, 0x0, 0x0})

09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x0, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

[ 2373.363416][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.371450][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x1a92, &(0x7f00000000c0)={0x0, 0x2d50, 0x0, 0x1, 0xa5, 0x0, r0}, &(0x7f0000e50000/0x4000)=nil, &(0x7f0000c60000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
fork()
fork()

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})

09:01:08 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x700}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xe00, 0x0, 0x0, 0x0})

[ 2373.446742][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.454763][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x2000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:08 executing program 4:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x10}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x2000, 0x0, 0x0, 0x0})

[ 2373.569223][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.577270][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x0, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x2802}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x0, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:08 executing program 4:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x5f920fff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x4000, 0x0, 0x0, 0x0})

[ 2373.691234][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.699252][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x4200, 0x0, 0x0, 0x0})

[ 2373.791198][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.799246][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x0, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:08 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000180)={0x9})
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

[ 2373.890567][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2373.898626][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x3f00}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x200000, 0x0, 0x0, 0x0})

09:01:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

09:01:08 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x6e}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x78}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x50508)
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)

09:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x3, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:08 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r2 = getpid()
getpid()
ioprio_get$pid(0x1, r2)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:08 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x4000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

[ 2374.037096][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.045120][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x0, 0x74}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x1000000, 0x0, 0x0, 0x0})

09:01:09 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x422f, &(0x7f00000000c0)={0x0, 0x3a5, 0x4, 0x1, 0x57}, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000c7b000/0x6000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:09 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x4200}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800})

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x80, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
getpid()
getpid()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2374.178398][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.186419][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x2000000, 0x0, 0x0, 0x0})

09:01:09 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
r0 = fork()
r1 = getpgid(r0)
waitid(0x0, r1, &(0x7f00000000c0), 0x80000000, &(0x7f0000000140))
getpid()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x74, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x6000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

09:01:09 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
getpid()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2374.308779][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.316789][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x6000000, 0x0, 0x0, 0x0})

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x68, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xbe01}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000})

09:01:09 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:09 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x8000000, 0x0, 0x0, 0x0})

[ 2374.437792][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.445814][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f})

09:01:09 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:09 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

09:01:09 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xd601}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x9000000, 0x0, 0x0, 0x0})

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

[ 2374.573986][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.582109][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0xfdfdffff)

[ 2374.658703][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.666710][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})

09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xd000000, 0x0, 0x0, 0x0})

09:01:09 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xd801}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000})

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xe000000, 0x0, 0x0, 0x0})

09:01:09 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2374.820341][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.828465][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38000000})

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:09 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xe300}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x10000000, 0x0, 0x0, 0x0})

09:01:09 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000})

[ 2374.904002][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2374.912124][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:09 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000})

[ 2374.997356][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.005449][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x40000000, 0x0, 0x0, 0x0})

09:01:10 executing program 4:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x40000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff})

09:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:10 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x42000000, 0x0, 0x0, 0x0})

09:01:10 executing program 4:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0xfdfdffff)

[ 2375.124515][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.132556][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff})

09:01:10 executing program 4:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2375.210938][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.218972][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4000045}, 0x4004000)

09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x80000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:10 executing program 4:
r0 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xf5ffffff, 0x0, 0x0, 0x0})

09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})

09:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x2c}}, 0x4004000)

09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x200000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2375.355157][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.363181][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xfbffffff, 0x0, 0x0, 0x0})

09:01:10 executing program 4:
r0 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x400000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc})

09:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x2c}}, 0x0)

09:01:10 executing program 4:
r0 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xfdfdffff, 0x0, 0x0, 0x0})

[ 2375.514696][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.522710][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})

09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x50961d}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:10 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:10 executing program 4:
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xffefffff, 0x0, 0x0, 0x0})

[ 2375.614869][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.622892][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:10 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x600000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xffffefff, 0x0, 0x0, 0x0})

[ 2375.688161][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.696189][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:10 executing program 4:
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 3:
syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2375.789476][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.797505][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x80ffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xfffffdfd, 0x0, 0x0, 0x0})

09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:10 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xc0ffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:10 executing program 4:
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0xfdfdffff)

09:01:10 executing program 3:
syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:10 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2375.920121][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2375.928145][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xffffff7f, 0x0, 0x0, 0x0})

09:01:10 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xd0ff20}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)

09:01:11 executing program 3:
syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2376.025983][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.034031][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:11 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xfffffff5, 0x0, 0x0, 0x0})

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xf0ff20}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38})

09:01:11 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)

[ 2376.164642][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.172664][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x1000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0xfffffffb, 0x0, 0x0, 0x0})

09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)

[ 2376.289392][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.297419][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:11 executing program 3:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x2000f91f}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x2000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800})

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))

09:01:11 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x2040000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2376.440412][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.448460][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x2, 0x0, 0x0})

09:01:11 executing program 3:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x2000f91f}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000})

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x3000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))

09:01:11 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x6, 0x0, 0x0})

[ 2376.562811][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.570851][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f})

[ 2376.657587][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.665733][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x8, 0x0, 0x0})

09:01:11 executing program 3:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x2000f91f}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x4000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x9, 0x0, 0x0})

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

[ 2376.805242][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.813273][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x6040000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
r1 = syz_io_uring_setup(0x3a02, &(0x7f0000000040)={0x0, 0x2000f91f, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r1}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r1}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2376.906638][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2376.914674][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xd, 0x0, 0x0})

09:01:11 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:11 executing program 3:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x7000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:11 executing program 0:
syz_open_dev$vcsa(&(0x7f00000002c0), 0x10000, 0x8180c1)
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:11 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})

09:01:12 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x8000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:12 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xe, 0x0, 0x0})

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000})

09:01:12 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x10000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:12 executing program 0:
syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2377.160028][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.168078][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 3:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x10, 0x0, 0x0})

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38000000})

09:01:12 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:12 executing program 0:
syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x42, 0x0, 0x0})

[ 2377.271997][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.280031][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000})

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x1d965000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x600, 0x0, 0x0})

[ 2377.352701][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.360744][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 4:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0x40000)

09:01:12 executing program 3:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 0:
syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000})

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x20000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2377.454357][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.462388][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x900, 0x0, 0x0})

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff})

09:01:12 executing program 0:
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x20ffd000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2377.563591][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.571613][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xd00, 0x0, 0x0})

09:01:12 executing program 4:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0x40000)

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff})

09:01:12 executing program 0:
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x20fff000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})

[ 2377.703142][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.711158][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xe00, 0x0, 0x0})

09:01:12 executing program 4:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0x40000)

09:01:12 executing program 0:
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x21000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc})

09:01:12 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x2000, 0x0, 0x0})

[ 2377.824086][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.832118][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 4:
r0 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:12 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})

09:01:12 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x28020000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2377.930338][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2377.938446][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x4000, 0x0, 0x0})

09:01:12 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
getsockopt$packet_buf(r2, 0x107, 0x16, &(0x7f0000000200)=""/124, &(0x7f0000000280)=0x7c)
r3 = fsmount(r0, 0x0, 0x0)
ioctl$MON_IOCX_GETX(r3, 0x4018920a, &(0x7f0000000080)={&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000100)=""/211, 0xd3})
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x4, 0x6, 0x0, @buffer={0x2, 0x1008, &(0x7f00000018c0)=""/4104}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x10, 0x0, 0x0})

09:01:12 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:12 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x3f000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x4200, 0x0, 0x0})

[ 2378.072125][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.080175][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x32e}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x4, 0x98400)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffffe, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x1ff, 0x141001)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_GET_LOW_DMA(r1, 0x227a, &(0x7f0000000100))
r2 = syz_open_dev$sg(&(0x7f0000000040), 0xffffffffffffffc0, 0x200)
ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f0000000080)=0x5)

09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x40000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 4:
r0 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:13 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0xe6f1, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2378.184406][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.192534][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x200000, 0x0, 0x0})

09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000100)={0x5c, ""/92})
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x1, 0x0, 0x0})
ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000040)=0x3)

[ 2378.277096][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.285162][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x1000000, 0x0, 0x0})

09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x42000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 4:
r0 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:13 executing program 5:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, @phonet={0x23, 0x9, 0xfe, 0x9}, @can, @llc={0x1a, 0x30e, 0xef, 0x1f, 0x40, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, 0x2, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)='vlan0\x00', 0x5, 0x1, 0x81})
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2378.387759][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.395790][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x2000000, 0x0, 0x0})

09:01:13 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x5be00fff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:13 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x6000000, 0x0, 0x0})

[ 2378.509929][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.518566][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:13 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x5bffffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = fsmount(r1, 0x1, 0x7b)
sendmsg$TIPC_NL_MON_GET(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xac, 0x0, 0x4, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x40, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "02e3524a7cdd51385a55a7bda0734777781830e112f545ad"}}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x948}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x4048005}, 0xc0)
ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000040))

09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x8000000, 0x0, 0x0})

[ 2378.605116][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.613729][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x5f800fff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x9000000, 0x0, 0x0})

[ 2378.681841][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.689873][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5)
ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000040))
r2 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000100)=0xc)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x2, 0x0})

09:01:13 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000280), 0x7, 0x80)
sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x70, 0x0, 0x2, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x60}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x20000001)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2378.771214][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.779266][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x5f920fff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xd000000, 0x0, 0x0})

09:01:13 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:13 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xe000000, 0x0, 0x0})

[ 2378.877886][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.885939][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xbe010000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:13 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xfffffffffffffffd, 0x48000)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffe, 0x36, 0x6, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000040)="0000000300003bcf9a6b0ca5c118635dbdad7cebd62f3b5f9d730bb9bf7e69a123d439abbf8d772fa3e6edd4fe000000000000000000", 0x0, 0xfffffffc, 0x2, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)

09:01:13 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:13 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x10000000, 0x0, 0x0})

[ 2378.974734][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2378.982965][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:13 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x1, 0x90884)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x400000)
ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000080))

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xd6010000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2379.088840][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2379.097197][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0xe, 0x40, @buffer={0x0, 0xd, &(0x7f0000000080)=""/13}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x10001, 0x80000001, 0x0})

09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x40000000, 0x0, 0x0})

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xd8010000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2379.180948][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2379.189076][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2379.207328][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2379.215356][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, &(0x7f0000000040))

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2379.227127][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2379.235177][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x42000000, 0x0, 0x0})

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000))
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xe3000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:14 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x32e, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000100))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xf5ffffff, 0x0, 0x0})

[ 2379.340168][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2379.348554][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000))
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xfeffffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000))
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x40000)

09:01:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xfbffffff, 0x0, 0x0})

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0x40000)

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xff0f805f}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000080))
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xfdfdffff, 0x0, 0x0})

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0x40000)

09:01:14 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xff0f925f}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:14 executing program 5:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000600), 0x100000, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="ac000000", @ANYRES16=0x0, @ANYBLOB="200029bd7000fbdbdf251b0000008800228034000080080005009e090000080007000900000008000500750000000800050047000000080007000800000008000700000000001400008008000300feffffff08000500080000001c0000800800040000010008000100f20d0f000014000080080006000500000008000400070000000c0000800800020003000000070021006262000008009a0000000000000000000000000000dd3227c793b6dfc60b7a8d62f7b1122580e9ccbedd98c21658e00f53083aeb6153e41f36d8a08e7cb5415da9f98c5a8665a8b66f0caedd1ca2f5765070df25bed0f8531de8d421410c3e0096cd23e85a37b0a3a39cf711e21bd04704bd0e6995194590560b35520f0077f615388e2505"], 0xac}, 0x1, 0x0, 0x0, 0x20000025}, 0x4001000)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000440), 0x20c0, 0x0)
ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f0000000180)={&(0x7f0000000140), &(0x7f0000000380)=""/137, 0x89})
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
ioctl$SG_EMULATED_HOST(r4, 0x2203, &(0x7f0000000480))
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xffefffff, 0x0, 0x0})

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xff0fe05b}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet(0x2, 0x0, 0x5)

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000200)=0x40000)

09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xffffefff, 0x0, 0x0})

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)

09:01:14 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xfffffdfd, 0x0, 0x0})

09:01:14 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xffff8000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:14 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:14 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0x4)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:14 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)

09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xffffff7f, 0x0, 0x0})

09:01:15 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xffffc000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:15 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan0\x00'})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000041, &(0x7f0000006f00)={0x77359400})
r1 = syz_open_dev$sg(&(0x7f0000000000), 0xfffffffffffffffb, 0xa4004)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f00000004c0)=0x15)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x4, 0x0, 0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r3, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4c094}, 0x40804)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000300)={0x0, 0x7, 0x1000, 0x8, @buffer={0x0, 0xbb, &(0x7f0000000180)=""/187}, &(0x7f00000018c0)="c21dc54f7d1e8a995d4a3262211df25453d14356eec2ad3fbb7d791f1bc12db7904b2467d7460e90a0428e2dd97f21fd33fd7faa6f1dd7bac0e09254c0bef0241d57d707bfcc4df8a61b223bd90a36fb6020f0c82a1695aed3a704e3f7b3c327a0af4a783de5e75b2d8d28a2e8eac1ce6973989f46655fa1ac34ce043c13675c746965697291001e8b9cd1797969b3169af44ace6900f11e7e6d6303f8f0f03671711796538ab309a36f2328529d9def2d997598c996a2be715a662c44fa3560ca7a4469959f31d9abc0d381afe4b564137caac07adaa5e7adf14eb9f21ddaff38e4e571adb3254ee2db314b3d741101fbe7e5dbac3ebcf68b30953cc32b8f6c31780501c0a35a4413405de1b3f75a22979eedeee4aa9ee1af32ea8585c61c7a98a1253dc001dfe442c897c1063a6ab719c9e1b1441711e3e44f99bd9873b5bae1a558cc015ec7be2b802c19f7c0eaf9bd0a9f904e4535d025e366ee5fce18d0ba068eb2d61b758c5eca172b7dcc87688b68314a03438c23697fdf00eb1362948da7f42c128ac05341fb2aa37ddfb94492b29a8e256d24accec6be66b516c8ddc5fcc1e720ad5d43e58774841d996c5095823f7a36e8d159c8b379dd03e0dc0757d4bad16cf877ee3e6d61893c213d4228813e793d2e76cf3a274c38ea7a543dd15308d9ae1e07f542afcac3ca4769c7ee474fef95f006f154deb23e3ec8e8d427b7776bae4c78730e06e21e1b588af83001a0777e2dd98abe9c567341faf40e2b212a68394c03fb26071cca44c4ab7642d4c4f92851feadaa11a4daa608b6bd59144dd0d6fc3e63a57a3077239430a2fb67cce35c6bf0ce5694ede753636aad16835a1caed9df931b5745870b52236ca1fd5d7d74845a3109d7ea32edab8318b4b0cf089012d42d66f8acb87f0c1096920c516349ea448033d44feb626e04d69c6ab9595b7266cbc8f1019770eb1228feb5c4ebfeb55b31eae96a6b37e1c10c00e0fb7c601e44fee7f15661c8c5af457bf0730036cb9924220d719e9da37eb2ab8eeab00b3e4d016b0ba0c6a19e91ee321c2171da9f3c8563a6b2c2b3bb7eda3806dea37949f9aa60770605dbdcb8166d9d4f4002510aeacd7432261850b85572756b3616af07844a911e0558f65f088bd6e1a542df34b0ec74c10ee71ec3e45a274672ad4ea0e188dc5ce14fb709b1a43feffa0e93f3c9933bb6f3a2b200611b00698c87b6b0040eb475a0dfae85024b03713ec74dba8ec506dccb4e28ccbc0dc73a1d7e53689cf9a098f16d58629de296611320a2f6b87cffb6442c35c6f13bead953c210a8700060ed47ab4c67c1e13bfa089e90428bae2fdf616689bccc2f8c679b077342bafc0215e837bf4a4c74312bffc0ec42ae7ec6f141742a5a3ced6f1c868bf71fdb1f4cb0ef7d56e81064461c101d2feb1bc82a7155dd697b56ebf303421f38e3220dd72ad05c200b145d7881148c4ba2c25eda550ae6b8e30fea276fbc38794048582efd6e475693e1d6b0efa8648c7e41ab97c90880ad34315b93b090c349d57660b6378b5651e6b12caa16db62b43ff4bf3b1a9baa388c31691cab9e46860601cf7659d24c2dab3163bc77e7ba60406ea06428b79bd4bcb123766bab8bca48e096e1d0218ffa9f0e90d2c0636f7d0113ae9d7b3ff92415bcb2306638105e059b33ad76d9d85cd7c25808ce35bfb3deff04ed4841ab16f97d453b58a9e17d235ee2f4b6ebb38af55ec98d09dc1f61a54b91e6340393bbd8fefc443abb11941aa8a62b7f704d85c1ed483fd36670cf7753af6f37125d812d857b1e9f778284fbb30dc9c2e141ef91790cafdf01f77b69cd0c774362b11d2d0bf458f5e133d04a8ab3b43c1dd095fe5fff5e28a588d29d6256c9cd9a12c6083e6fc161fae7b28dea4d4b5e6aa6119b664d7d058a3000cf381d1379eb46d42c1fb70a4d90245c5e9f6bc640f577624ef9ceb95cadf05071d476029d712204821da7cff28e96c2e58b00be6981adfadc4787051bae8bbf7b355457f0b84053def936d6446eb10f5e8aef0b7ecbf603d6bafba22a74cb032899d7eaa1198cd9bef3c3c29455eb6fb7edb47a8e28ef31194581b77a1ff69c0ce964bfbf05148046032504aa883088fe9eec2ad7a25bf659ba945d585a5d074d97a75d70aba51476fcd722929576193f78b39db6e35fc5430fc075263e08c50fa9e2ec2b296afdbbc105744be675393565cf215f7b21fc69a23d2057b5ce757ec850a5f5b1482bd1ebce1ce5b39ca7adbcaf06b94bf1fad66d858cd17f2ad2cd5515bea13bd32168875a50bf24c31323dc1047e4d50c52e98997391fd9dcc71ebc7ac1d027ae5a7139213d7595263099c9037470e5c7b5e559ce9677571a14049023c9c7e92ee22b38db3795dff86036dceb8ce3470927040ba34db2a722f0031dc509a6290382343fd7a64070fbd205f80f31bced47370b22af3ba94fb62bde5851dc312afcace23dbbec6305ea3f7ca3cb35e14fffb48fd7d5e6671a05319bad3c6869d1c671b20ceafa9568b963a381441e3749077dd6ce04a657514855194466fcde62fa5942894a191e08bc2c23f29e99d8dfb3605c844e0f506b481b85c74b0425f337f9fa65e677db694ae81d25f4cf15433609181a2aa282568314fa5d2ce71917cc1f7f518b240354032586da1fd7a0e22a659a74373952b7a02ce12f5454a996f2395edee28d1a52aa2651d270b6dfa1bcacb9719849e3fd68c493ef93d00f82abd0f4551b30915f09a8ff51dc81336dfbca4979b6e0c2c5dfc79953ef64772a1b3546bc16f1ded60380906fe406ff1d8b517c03f8335431c16da67cfaada2def1ca55b2f1a2c93f119bb7de17bb5edf24d9f46a42d79beec56575d1fbbbed22a2deadc6ad1a54192964bc8bb8bb335fd49c2baeae156f606ce2fd7a6be537c322c5719a9199fb42c1ff42cdbef424ce93139ec340c43815a4c91588b25d9fed5ffa648188f99780f347b971f123a780e990b48fc33ed23970987fc582647abb57ac06f03cbc37f970c28caefae2ca78dd102e40c7b2630b1a13cf69c74b000be0e527a0e88220c8f1d692b151b4cfcb925cdb9bfe3a42e8c828efa177666827cc8d97888d7dfd80a5158142f64d1b017d813d79e1ecafbc31d7fe140f7dbc078e6351a3c9750585d903a3aa9bd33a847c04bfdef635caba9e223d0a30b52dad77fd8b9d416ec97b615b36a9f06a926a94d723244969fae454152bdaa8dea48cc15012cfa2d8b6934efb41615ede02f749a7e951135fc176092c8282955ee436e208dc0354ef856a3372da0dab27d27ffb2ee821d53ae9b16ea05893aaef1f217a765059b0a3ca2355216ce0bd93ad9ea1eed13a67f0139db28ff4f6d95af46ef19b9c9f8958a78c9d1319c4e3b9ad82392e7b0b96930e7f4e8907f3aad945c5d21f9a7959e6ba1f383e056d03a02ab46b3c6a76af38ed68e3769ddeb676a706c58cc2c213d9a38dd1e64de3718da99e31e4a8c22a10d480959f73ad291064e820fdd3c89ee441b3e2b7b21debb060e66d29d888dd1c2da5b2ba32f7fe446a2cbddae2a26b108874e0eff4aec11056ea5a316e23e7256c313ff44bca7900ed3d3b892c3e55dbc8048c5367085bdc4b9f560acac8af649e965ae84f31c6d6081e2c8f64ff42f136c4f79a9b6688957b6f885f0cd537a92047d8d9eed5ba4e06c44951e1d9c39e7afa4d267f6f4f08ce44fa6ee092314c918f88caf2679caab64f7c4fb57e54bc093d016e1badb10dbac90b1d494ab4f9b9136e9a8e84a91b7dcf48aac80ca591d6d07f9157c5e8cea7d8d870e3da3e92fc5fe84dc6b8cba28e89aed0bdf37047b9e0af9de88e015df69097791b8501e513142551abd047ec48014b37d4e57f620a4543224e6e90f48941f94e3d9b7b01f05cc6b1207a68ecbb40cc94c9c00afde41e7b446b83accd10fc889875e0dcaef9519dd0916c1429372377f2bafca1e4a51147c037421795016abe78030e2b0597f9dc8a68778618e4da03a7ae943eb5e97799fe92ea05005a8423ec6e5a350dabd4e734a5cc1bb643f36d13fc4d44002482a30e82df404cb99b9c6d762a42be83ce107800274df39590940c3e826be7dfe08aca2c50459fa1fff765a1c8de1632136984f0b00b96449dd2e8209e3a3a64ec8649a73aac7c9a79fe30cb9d478e434570d82502b507ef214e28ca947e08b55280552d844b79403078800a25e384e46b70a493c2e9f6cce82c3319a5dea872b0273f158e8af46f822fc6426a788ee258ce4a15f847d5b95b6193c897823521289acc1f231b92a1277c360b79f9f865c895192221fa53d4d5894a5b89ba7f3bcb37ebb302f9bec8690720b4e50d76653bb0ba6d61527c7d21679241a1f26db879b08ea85427e6fe5103db2f8bb06b5a9c31ccf6902f6f2d175f068ed96bbe828cc3dbe266dc72a09d25db37e472b0316376eed8fcdf2d89f424c8accb060ac20f2278815c049893eb9b5fd5eee6097e3ac8dafbf2264ebece8f5b65e3ba15da2aae04eb79458706ccfcdebd57475a823cc6751e6288b240e4cadf098f3cc189906bef47740b844bea902fbbfbe010973e1d72bcca2f01c9bc7f2dff5fe1edc1e6d98b5144cfa3bfd805757ecd9e98bce04ab6c3beaa07c4b72cf7d3e8fc4f5e61ea2610fdc7eeae92cb456d062a7e940a766184ebc5a91c4ff73a297bc0b2d915657ea7237ff0e36b4fa5d05c6ecd94611ce2bbfbef42bf13a0dc05344717bba85dfe29fd56dcbe7770a52ebca3e3c97f2bd1091140e226cbe6cd9c3a89958ad6e09c4fa25d406bb5b0d5e76b87650f205c5548f7901395188fdfd8d8c918c17923ae31f091e198486c27d6d8d09e039e9a8aef0774e87397924af313a3d08017385bc500f280d3e1bbfdb69bf166e9c25e53d00630887a73e0f92b01576cdc254b48555eae424ddc5240094c4dbf8f9a096c179468a014e0f7ceb127e3c0f0220849c30269d001c02220f5dd7514002a6aca3b5cda144091c02614b80803854229f2f0703b4580c2e8f8951a764095ce3a0f29c504b710fcbb95daec0ee0d0145fa4e5d06405da94cf025f0dffa51d49b9f840911a4bd8109f684aae04e07ebba0317145f05ec4eed9e3477ec229708af372f770d21037200a383db0f1c40c644b4bf524a4e10aa302f1469532ee5d1ff002be49f53215f5000b5ea2ebc230460b105841b5587c9d3944c4e54f2f537234910f836c0f0200dbaec9c9458918b42d43de16ee73397672c2d5a37efe6cb2e32eebf56f1f9832e84ad6215973f2ad9d41baac79d1269f4e18dd9eb289cf53142345348c383671a5fe0c105610cfb2128bc81b2dfb8bb03fccbd983061fab9fc033bea50279f901c8704b0f2503eaf2f564381e3e0e13d707e7d5b138a3f4bb8475579227c294ba1f288d1dbffd101be8183344950a2a12c7691bafca61eed871b6e14d22dc25ac2ce6140fac18bf7d40a3c1034da23de851e36e946c1c1c87264f01b4db516f1e6adcb44ce208b5ab00370bf5f80a20365783f672e86ce83c6d037bacec13101dd2b6c07480b04c29e98263d3ad99d649ad067cd6f7f234c29c70b4784746b1d793e780bfc0ad7b0715d8e65602a8673a6096a6cad0f08438636551ff9153e1f440efd5f3909d54c4f33d14935dbd54807cfb55e8669944f02e6384ac00ee9b67f26f1a7b67302f3014514d6162480a3997cd6ddae5aaf6a3d01933d03a0921efa32df6069b1793314c1042d6b23095b8dd322f516dc129d02005d730a5e53c1369b7fd5", &(0x7f0000000240)=""/176, 0x101, 0x4, 0xffffffffffffffff, &(0x7f0000000080)})
ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000040))

09:01:15 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0)

09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xfffffff5, 0x0, 0x0})

09:01:15 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))

09:01:15 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xffffff5b}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:15 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xfffffffe}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:15 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x1aaab511f6bf6d88)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x38240, 0x0)
ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f0000000080)=0x1)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0xfffffffb, 0x0, 0x0})

09:01:15 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))

09:01:15 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x81}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7d}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40084)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffffe, 0x0})
socket$nl_generic(0x10, 0x3, 0x10)

09:01:15 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x3a9e5749)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200))

09:01:15 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4fc0, &(0x7f0000000080)={0x0, 0xfd2c, 0x4, 0x3, 0x29b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000)=<r0=>0x0, &(0x7f0000000100))
r1 = syz_open_dev$sg(&(0x7f0000000140), 0x9, 0x88100)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000340)={0x0, 0xfffffffffffffffb, 0x28, 0x3, @buffer={0x0, 0xa5, &(0x7f0000000180)=""/165}, &(0x7f0000000240)="3a96e2b4a9b436812f659b0c1ae43400131aef931984a8414ae5ab95d7e48df2b83e08a26d94c63d", &(0x7f0000000280)=""/91, 0x4, 0x10020, 0x1, &(0x7f0000000300)})
ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f00000003c0)=0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x110, &(0x7f0000000040)=0x2, 0x0, 0x4)

[ 2380.324187][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2380.333001][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2380.348700][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2380.356990][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:15 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:15 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000100), 0xffffffff, 0x62003)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000080)=0x30)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r2)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$SG_SCSI_RESET(r3, 0x2284, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040))

09:01:15 executing program 2:
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x3ff, 0x6, 0x80]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x200}, @SEG6_ATTR_DST={0x14, 0x1, @local}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2380.475157][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2380.483615][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x2, 0x0})

09:01:15 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:15 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xe91ec)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0xca6c, 0x10}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:15 executing program 5:
clock_getres(0x1, &(0x7f0000000040))
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5)

09:01:15 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2380.641884][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2380.649991][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:15 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:15 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1005, &(0x7f00000018c0)=""/4101}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x10030, 0x0, 0x0})

09:01:15 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x6, 0x0})

09:01:15 executing program 2:
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000002300))

09:01:15 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0xc40)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffa000/0x3000)=nil)
shmctl$SHM_LOCK(r1, 0xb)

09:01:15 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x8, 0x0})

[ 2380.827969][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2380.836328][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:15 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x7cd4, 0x181603)
ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000280))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000100))

09:01:15 executing program 2:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x100, &(0x7f0000000000)=0x7, 0x0, 0x4)

[ 2380.918919][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2380.927360][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:15 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x9, 0x0})

09:01:15 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:15 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))
r1 = fsmount(0xffffffffffffffff, 0x1, 0x4)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f00000001c0))

[ 2381.060951][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.069120][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:16 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xd, 0x0})

09:01:16 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5caf, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x8c}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2381.179649][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.188588][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x1, 0x10010, r2, 0x0)

09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xe, 0x0})

09:01:16 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:16 executing program 2:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x23456}, 0x9e1)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r2=>0x0)
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r3, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0xa, 0x10, r1, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, 0x0, 0x0)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x10000000)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r6}}, 0x7)
syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r6}}, 0xe8)

09:01:16 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xfffffffffffffffe, 0x0)
ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2381.306115][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.314444][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x10, 0x0})

09:01:16 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x11)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000680)={0x53, 0xffffffffffffffff, 0x3f, 0x3, @scatter={0x8, 0x0, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/229, 0xe5}, {}, {&(0x7f00000001c0)=""/145, 0x91}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000000280)=""/184, 0xb8}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000440)=""/33, 0x21}]}, &(0x7f0000000500)="2a2a16a142cbbf983a9dca9c193214f43955f4cd264b7f5600c7e67c0cf01f7e27f729c24f8f774d9880e4c14250b0b13e861ada66c835f9f83253830680a7", &(0x7f0000000540)=""/239, 0x10001, 0x2, 0x1, &(0x7f0000000640)})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000000))
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:16 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5caf, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x8c}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:16 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\b\x00%\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00'], 0x24}, 0x1, 0x0, 0x0, 0x4804}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:16 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x42ca41)
ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2381.477005][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.485048][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x42, 0x0})

09:01:16 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x81, 0x40a441)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000080))

[ 2381.597650][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.605856][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x600, 0x0})

09:01:16 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2381.727410][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.735623][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x900, 0x0})

09:01:16 executing program 0:
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:16 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000000000))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000240), 0xffffffffffffffff)
r1 = syz_io_uring_setup(0x5031, &(0x7f00000000c0)={0x0, 0xa66b, 0x0, 0x3, 0x13a, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000008, 0x4010, r1, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
io_uring_setup(0x2822, &(0x7f00000001c0)={0x0, 0x45c0, 0x2, 0x40, 0x2a9, 0x0, r2})

09:01:16 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:16 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0xff7, &(0x7f00000008c0)=""/4087}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xd00, 0x0})

[ 2381.860425][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.868617][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xe00, 0x0})

[ 2381.919047][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2381.927117][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:16 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:17 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0x1}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x1f}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008810}, 0x20000844)

[ 2382.005610][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2382.013742][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:17 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x9de, 0x200000)

09:01:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x2000, 0x0})

09:01:17 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))
r1 = fsmount(0xffffffffffffffff, 0x1, 0x4)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f00000001c0))

09:01:17 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:17 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000040)=0x1)

09:01:17 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = io_uring_setup(0x3454, &(0x7f00000000c0)={0x0, 0x8f80, 0x2, 0x0, 0x1f2, 0x0, r0})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, 0x0)

09:01:17 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))
r1 = fsmount(0xffffffffffffffff, 0x1, 0x4)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f00000001c0))

[ 2382.183959][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2382.192174][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x4000, 0x0})

09:01:17 executing program 5:
r0 = getpgid(0x0)
ioprio_get$pid(0x2, r0)
r1 = getpgid(0x0)
ioprio_get$pid(0x2, r1)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0xfd, @buffer={0x2, 0x100c, &(0x7f00000028c0)=""/4108}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:17 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:17 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:17 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x5, 0x82000)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000240)={0x53, 0xfffffffffffffffb, 0x36, 0x4, @buffer={0x0, 0x86, &(0x7f0000000100)=""/134}, &(0x7f0000000080)="8c786638855d3c1d076ea84b5949062a6178323d722942c43fd3044792ef27c40543b8df8a19e5bfdc3afeb2e7a13fe8b93202c5ae13", &(0x7f00000001c0)=""/49, 0x4, 0x32, 0x3, &(0x7f0000000200)})

[ 2382.307089][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2382.316096][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:17 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))
r1 = fsmount(0xffffffffffffffff, 0x1, 0x4)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f00000001c0))

09:01:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x4200, 0x0})

09:01:17 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f00000000c0)={0x0, 0x5040, 0x1, 0x0, 0x5}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000000140))
r0 = shmget(0x1, 0x4000, 0x1, &(0x7f0000ffc000/0x4000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/156)

09:01:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x200000, 0x0})

09:01:17 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2382.412067][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2382.420132][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:17 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))
fsmount(0xffffffffffffffff, 0x1, 0x4)

09:01:17 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000040))

09:01:17 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x503c, 0x0, 0x0, 0x297}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2382.513700][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2382.521911][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:17 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:17 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x1000000, 0x0})

09:01:17 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))

[ 2382.558958][ T6364] cgroup: fork rejected by pids controller in /system.slice/ssh.service
09:01:17 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x4)
io_uring_setup(0x5443, &(0x7f00000000c0)={0x0, 0x97e0, 0x2, 0x0, 0x209, 0x0, r0})
recvmmsg(r0, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/118, 0x76}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/103, 0x67}, {&(0x7f0000000240)=""/165, 0xa5}], 0x4}, 0x400}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000300)=""/140, 0x8c}, {&(0x7f00000003c0)=""/36, 0x24}, {&(0x7f0000000400)=""/187, 0xbb}, {&(0x7f00000004c0)=""/183, 0xb7}, {&(0x7f0000000580)=""/132, 0x84}], 0x5, &(0x7f00000006c0)=""/72, 0x48}, 0x7}, {{&(0x7f0000000740)=@hci, 0x80, &(0x7f0000000a40)=[{&(0x7f00000007c0)=""/226, 0xe2}, {&(0x7f00000008c0)=""/137, 0x89}, {&(0x7f0000000980)=""/30, 0x1e}, {&(0x7f00000009c0)=""/104, 0x68}], 0x4, &(0x7f0000000a80)=""/114, 0x72}, 0x1}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000b00)=""/148, 0x94}, {&(0x7f0000000bc0)=""/223, 0xdf}], 0x2, &(0x7f0000001dc0)=""/234, 0xea}, 0x80000001}], 0x4, 0x40, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:22 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x1)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x290000, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x8d, &(0x7f0000000100)=""/141}, &(0x7f00000000c0)="140000000600", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:22 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))

09:01:22 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:22 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x9, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000040)="00005dfb8300030000", 0x0, 0x0, 0x0, 0x24, 0x0})

09:01:22 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:22 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:22 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x111402)
syz_open_dev$sg(&(0x7f0000000080), 0x4, 0xfe65c67a7d039a2f)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:22 executing program 2:
syz_io_uring_setup(0x5325, &(0x7f0000000000)={0x0, 0x503e, 0x8}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
mmap$usbmon(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7, 0x100010, r2, 0x4)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)

09:01:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000040)=0x4)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2389.251110][ T6491] cgroup: Unknown subsys name 'perf_event'
[ 2389.257257][ T6491] cgroup: Unknown subsys name 'net_cls'
09:01:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x2000000, 0x0})

09:01:25 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000080), 0x20000002, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f00000001c0)=0x8)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_GET_RESERVED_SIZE(r1, 0x2272, &(0x7f0000000040))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
ioctl$sock_SIOCDELRT(r2, 0x890c, &(0x7f0000000100)={0x0, @vsock, @llc={0x1a, 0x20, 0x10, 0x2, 0x7, 0x2, @multicast}, @ax25={0x3, @bcast, 0x5}, 0xa460, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)='tunl0\x00', 0x1eac8b68, 0xffffffffffffff8e, 0x1})

09:01:25 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x20, 0x1000, 0x80}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000d80)=<r1=>0x0, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x110, r0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x10000000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r4}}, 0x7)
syz_io_uring_submit(r1, r3, &(0x7f0000000340)=@IORING_OP_WRITEV={0x2, 0x4, 0x2007, @fd_index=0x5, 0x30e2, &(0x7f00000002c0)=[{&(0x7f00000000c0)="415c777eeea2fb0ba23d47030e5b588944c7e41aa41446e10aa9819fe06df628a602321e49d09d42e242e5d1f734bbba2db3", 0x32}, {&(0x7f0000000100)="d13666503576b4b6c2edc43b614586b4249200359c393fc81d62dd2d6ce7883af70cf987f65037127ac459aebf0740dc7af08f2547e7b8437fafc55f5fee707a58686967eebbdd8eb616ad99f56c49ceec370a5d70f49e66bcfca68039bcf1c3aa18d1e22573761157e7f7615ad1d158687b663bc1c1567a6727fa2810d5885eeaa0a56cf10593a531e0cd24df0d36597192f15b2bbcb5dbc690e523433660d905df6dd8e93ee43c6100b5673a2bcee6d1de41d2bc42e0afc0c9baa1d00bc44490b29708e8dbc2ad23fe24fe13202733c5b8aac2e3c37aadfc750048b36dc8799065e9951a869ea7edcb75cdd07a19cb54a1310f8aa840440942d2a56de14a", 0xff}, {&(0x7f0000000200)="529a90774af0169742a5192a090483196e79c1f82a71fd9691c46d24de", 0x1d}, {&(0x7f0000000240)="b91b5ff8719d838961b6f9186a6ba307a88032e99d6fd28a1506115bfaef168c79594a0c26d6c6010dd1e1bd", 0x2c}, {&(0x7f0000000280)="da89e80f2f991450603e7cb6bdae42ee6b18f2dedcc48eeb11ff8f9b35deaa5055dea40d7c", 0x25}], 0x5, 0x6, 0x0, {0x2}}, 0xffffff5c)

[ 2390.340716][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.348723][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2390.401714][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.409822][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x6000000, 0x0})

09:01:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x1, 0x0})

09:01:25 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:25 executing program 4:
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2390.524343][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.532368][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x8000000, 0x0})

09:01:25 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x200000)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$sg(&(0x7f0000000040), 0xffffffffffffffff, 0x2000)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000080))

09:01:25 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5365, &(0x7f0000000040)={0x0, 0x5040, 0x4, 0x3, 0x3a9}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000d80), &(0x7f0000000000))
r1 = getpgid(0x0)
waitid(0x2, r1, &(0x7f00000000c0), 0x1, &(0x7f0000000140))
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x12, r0, 0x10000000)

09:01:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x9000000, 0x0})

[ 2390.651938][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.659944][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:25 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000040)=0xa7)

09:01:25 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:25 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x6b33, &(0x7f0000000140), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000006c0), &(0x7f0000000700))
io_uring_setup(0x7db5, &(0x7f00000000c0)={0x0, 0xf8de, 0x1, 0x3, 0x2b8, 0x0, r0})
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x803, 0x9e000)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2390.768507][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.776712][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xd000000, 0x0})

09:01:25 executing program 4:
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @scatter={0x2, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000500)=""/249, 0xf9}, {&(0x7f0000000600)=""/136, 0x88}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = getpid()
ioprio_get$pid(0x1, r1)
process_vm_readv(r1, &(0x7f00000003c0)=[{&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000040)=""/9, 0x9}, {&(0x7f0000000100)=""/135, 0x87}, {&(0x7f0000000080)=""/14, 0xe}, {&(0x7f00000001c0)=""/14, 0xe}, {&(0x7f0000000200)=""/41, 0x29}, {&(0x7f0000000240)=""/139, 0x8b}, {&(0x7f0000000300)=""/98, 0x62}, {&(0x7f0000000380)=""/14, 0xe}], 0x9, &(0x7f00000004c0)=[{&(0x7f0000000480)=""/3, 0x3}], 0x1, 0x0)

09:01:25 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xe000000, 0x0})

[ 2390.892337][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.900355][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:25 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

[ 2390.960898][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.968911][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2390.980222][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2390.988350][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2390.998435][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
09:01:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = accept$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000440)=0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'batadv_slave_0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000740)="7070d84577c2dfe62867eed9e48899fafc008f5f3de9811831f207ecf9b8f33c090000000000000041dba4ddf21e934aa71233c340f54677e60cc3838497b6381ce3398b365391f631beaafcd88ce801507afb79f363bf762a899bf4347fef234ec5fbcf8c6e0067b6c997fed120aa08f2d7a91f9836c5b71a24160197e91b01653793716f26989de7eff9b5e3b45b8f33c0adc0d0dc670c6186d5312d0874f8c13eab7e44806998bc692afeafe2c26ecb0f9b21a6f8e411ec51aa8f2226ece53a5f", 0xc2, 0x20000011, &(0x7f0000000480)={0x11, 0x16, r2, 0x1, 0x7f, 0x6, @local}, 0x14)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$SG_GET_ACCESS_COUNT(r3, 0x2289, &(0x7f00000005c0))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffb, 0x6, 0x0, @scatter={0x5, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f0000000100)=""/150, 0x96}, {&(0x7f00000001c0)=""/52, 0x34}, {&(0x7f0000000200)=""/238, 0xee}, {&(0x7f0000000300)=""/73, 0x49}]}, &(0x7f00000000c0)="000000030000", 0x0, 0xfffffff9, 0x0, 0x0, 0x0})

09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x10000000, 0x0})

[ 2391.006486][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000004, 0x10010, r0, 0x0)
syz_io_uring_setup(0x26fe, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000000)='\x00', &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c)

[ 2391.059064][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.067113][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x408400, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000140)=0x1)
ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x420080, 0x0)
ioctl$SCSI_IOCTL_SYNC(r2, 0x4)

09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x40000000, 0x0})

09:01:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f00000001c0), 0x2, 0x105002)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000000c0)=0x1)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000000))
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022dbd7000fedbdf25380000000c00580037000000000000000c00580011000000000000000c00580032000000000000000c0058005c000000000000000c00580046000000000000000c00585f000000000000000c0058005700000000000000"], 0x74}, 0x1, 0x0, 0x0, 0x8c4}, 0x24008044)

[ 2391.128484][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.136594][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 4:
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x8040, 0x0)
syz_io_uring_setup(0x31e8, &(0x7f00000000c0)={0x0, 0x750d, 0x0, 0x3, 0x4a, 0x0, r0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x10}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
socket$packet(0x11, 0x2, 0x300)

[ 2391.225524][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.233554][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x42000000, 0x0})

09:01:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0xd79f, 0x4000)
ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000080))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0xa, 0x11, 0x8, "864e95b365a1d23a35f209e8cd356290256a5d114c4fb980b33461efc315910beb66025215669de5a8ff614b77dd3dab95254e3381cfc97979840d0232b5d5f7", "acccc97bee5ab13d06c56deb5aae123caeeb82d1c6986bcd0282b77dec1e3d96d91c1f91a3e79d308e103a99e02e10f5ff8930faecb5ee006049719f817c6acd", "7e5b9c1ab493cdb37287ad353baa176824680bab174a74b893a4f26b40ee836a", [0xfffffffffffffffd, 0x9]})
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:26 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

[ 2391.354325][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.362342][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xf5ffffff, 0x0})

09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x5325, 0x0, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet6_udplite(0xa, 0x2, 0x88)

09:01:26 executing program 4:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80)=<r0=>0x0, &(0x7f0000002300))
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, 0x0, 0x0)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x10000000)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r3}}, 0x7)
syz_io_uring_submit(r0, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0xf19252b5fc6f4e44, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000000c0)=@hci={0x1f, 0x0, 0x1}, 0x0, 0x0, 0x1}, 0x7)

[ 2391.480968][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.489007][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfbffffff, 0x0})

09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x5325, 0x0, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000180), 0x6e40, 0x340903)
ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000140)=0x1)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040)=0x1)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0x0, 0x6, 0x98, @buffer={0x2, 0xff8, &(0x7f00000008c0)=""/4088}, &(0x7f00000000c0)="000000030000", 0x0, 0x2, 0x0, 0x3, 0x0})
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x200, 0x280241)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07)
ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f0000000080))

[ 2391.584104][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.592127][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfdfdffff, 0x0})

09:01:26 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), r1)
mmap$usbmon(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3000004, 0x2010, r1, 0xcc3b)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, r0, 0x0)
ioctl$MON_IOCT_RING_SIZE(r1, 0x9204, 0x2b736)
syz_io_uring_setup(0xc74, &(0x7f0000000040)={0x0, 0x5043, 0x0, 0x2201, 0x128, 0x0, r0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000000))
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140), 0x100000, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000340)={0x53, 0xffffffffffffffff, 0x7b, 0x0, @buffer={0x0, 0xf5, &(0x7f0000000180)=""/245}, &(0x7f0000000280)="3890d3b6c84e0eb35d50db3f8333fa99151f9ba5ab4d93b44b519023dcf9da6df3545b44d93be10d4131cc9d3e737cc607c6a77452ab1109a42cb2cfbdd3df308e36cf08d6a5881c51e71770fbf50f6e87ea9139d0d79e288ad117861baae88b785261d8d23cc6c1b51bc12c3489ff2d88b5f93614e6ce8f15cdb2", &(0x7f0000000640)=""/4096, 0xfffffffd, 0x1002e, 0xffffffffffffffff, &(0x7f0000000300)})

09:01:26 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x5325, 0x0, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x9, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000100)=""/65, 0x41}, {&(0x7f0000000180)=""/149, 0x95}, {&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000000)=""/49, 0x31}, {&(0x7f0000000240)=""/67, 0x43}, {&(0x7f00000002c0)=""/109, 0x6d}, {&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000440)=""/120, 0x78}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:26 executing program 4:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xffefffff, 0x0})

[ 2391.706859][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.715053][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0xb}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x2}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x5}, @IEEE802154_ATTR_COORD_PAN_ID={0x6}, @IEEE802154_ATTR_BAT_EXT={0x5, 0x1a, 0xff}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x81}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0x1e}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48884}, 0x20004000)

09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xffffefff, 0x0})

[ 2391.789652][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.797762][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:26 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="3b176caa03f1b45678fe10ed9555f40d2d0000001ecdc9f1b12757f8532aebd347d6a4295041d9a4d2a69b3f10639cd4fed47c89395e661d5820433667dec43ea70647734dc5701bfc8bf0", @ANYRES16=r1, @ANYBLOB="02002bbd7000fcdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900200000003600000008006b003c00000008006b007800000008006b006e00000008006b005a00000008006b003700000008006b0078000000"], 0x58}, 0x1, 0x0, 0x0, 0x28155}, 0x20000084)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SYNC(r2, 0x4)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x21, &(0x7f0000000400), &(0x7f0000000440)=0x10)
ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f0000000100))
ioctl$SCSI_IOCTL_DOORUNLOCK(r0, 0x5381)
ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000040)={0x63, ""/99})

09:01:26 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffdfd, 0x0})

[ 2391.900522][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2391.908644][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:26 executing program 4:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:26 executing program 2:
r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)
r1 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/41)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f00000000c0)=""/216)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r2 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r3 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r3, 0x0)
shmat(r3, &(0x7f0000ffe000/0x1000)=nil, 0x0)
io_uring_setup(0x119f, &(0x7f00000001c0)={0x0, 0xf09b, 0x10, 0x2, 0x9, 0x0, r2})

09:01:27 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0x3f, 0x20000)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000140))
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
getsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000000040), &(0x7f0000000080)=0x10)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, r5, 0x800, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x4c}}, 0x404c010)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:27 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000004, 0x10010, r0, 0x0)
syz_io_uring_setup(0x26fe, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000000)='\x00', &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c)

09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xffffff7f, 0x0})

[ 2392.017011][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.025137][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
recvmmsg(r0, &(0x7f0000000500)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000140)=""/111, 0x6f}, {&(0x7f00000001c0)=""/141, 0x8d}, {&(0x7f0000000000)=""/51, 0x33}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000000280)=""/116, 0x74}, {&(0x7f0000000300)=""/65, 0x41}, {&(0x7f0000000380)=""/254, 0xfe}], 0x7}, 0x7fffffff}], 0x1, 0x0, &(0x7f0000000540)={0x0, 0x989680})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f00000005c0)={&(0x7f0000000580), &(0x7f0000000640)=""/248, 0xf8})

09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffff5, 0x0})

09:01:27 executing program 4:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2392.114924][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.123004][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x4, 0x80)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000080))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r1)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r2, 0x3)

09:01:27 executing program 3:
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffffb, 0x0})

[ 2392.217774][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.225889][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 4:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 2:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f00000000c0)=0x7fff, 0x0, 0x4)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0xfffffffe)

09:01:27 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2cfffc9746d2ca2dea69e8e9af8279fbc946e519f1fe631184e5cb00f1061f7087d3696cde08a505c022fe36e3622d7c2237ab2ea03e614eec80612c579e63a6b53e1850dcb152e47a55e847a6888535c396a47e8eab404a", @ANYRESOCT=r1, @ANYBLOB="20002abd7000fcdbdf2528050000060008b20819fec2de8d9d733cb869c1394e722239b69b8fead2f6699c0c3219a0fb9ac43494025973c24ae927758b7aeb4215894371cc689b15fdb0f44107ad0a0c541276a87e05000000000000003c02e219b5d9d927b76c7b0b0952b8f8267dd077891f8a8180bcafb96db506125aed90b936482da34b3f6e358fbcb5cca7fd41f884fa792f185ea294808cfa948501319b9276b8306c9113ebc4e2aa83c3414196ed41ae0da69c661949dda47903ebf89d8ed60a490595d645d6c3eb73fc12f6411ef98ddd91"], 0x24}, 0x1, 0x0, 0x0, 0x2008044}, 0x44)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2392.336452][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.344486][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 2:
syz_io_uring_setup(0x2b91, &(0x7f00000000c0)={0x0, 0x15ea, 0x10, 0x3, 0x25a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), 0xffffffffffffffff)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x43}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1005, &(0x7f00000018c0)=""/4101}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x3, 0x0})

09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:27 executing program 4:
r0 = syz_io_uring_setup(0x3a02, 0x0, &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2392.491049][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.499074][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000000))

09:01:27 executing program 5:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000080)=0xffff)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x8, 0x0, @buffer={0x0, 0xfd, &(0x7f0000000100)=""/253}, &(0x7f0000000040)="0000000000014f00", 0x0, 0x0, 0x3, 0x4, 0x0})

[ 2392.610573][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.618673][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:27 executing program 3:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2392.709367][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.717405][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2392.733207][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.741275][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2392.748828][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.756846][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

09:01:27 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000080), 0x80000001, 0x100)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x1, @scatter={0x0, 0x0, &(0x7f0000000040)}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x10021, 0x0, 0x0})

09:01:27 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x0, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000001740)={'ip6gre0\x00', &(0x7f00000016c0)={'ip6tnl0\x00', <r2=>0x0, 0x2f, 0x7, 0x6, 0x400, 0xc, @remote, @remote, 0x700, 0x700, 0x2, 0x80000000}})
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001780)={r2, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
recvmsg(r0, &(0x7f00000015c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f00000017c0)=[{&(0x7f0000000080)=""/4096, 0x1000}, {&(0x7f0000001080)=""/139, 0x8b}, {&(0x7f0000001140)=""/130, 0x82}, {&(0x7f0000001200)=""/32, 0x20}, {&(0x7f0000001240)=""/189, 0xbd}, {&(0x7f0000001340)=""/103, 0x67}, {&(0x7f00000013c0)=""/152, 0x98}, {&(0x7f0000001600)=""/143, 0x8f}], 0x8, &(0x7f0000001500)=""/186, 0xba}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2392.889412][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2392.897462][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

09:01:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:27 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x0, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:27 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x800000)

09:01:27 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x5a63, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

09:01:28 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
io_uring_setup(0x2700, &(0x7f0000000100)={0x0, 0x83fa, 0x20, 0x1, 0x127, 0x0, r1})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x6419, 0x4, 0x0, 0x7e, 0x0, r0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000d80), &(0x7f0000000000))

[ 2393.000666][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.008715][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:28 executing program 5:
pselect6(0x40, &(0x7f00000001c0)={0x4, 0x4, 0x2, 0x0, 0x3, 0x200, 0x4, 0x5}, &(0x7f0000000200)={0xfffffffffffff9a1, 0x5, 0x8, 0x4, 0x80000001, 0x3f, 0x100000001, 0x6}, &(0x7f0000000240)={0xffff, 0x7fffffff, 0x3, 0x6, 0x3, 0x100, 0x81, 0x97}, &(0x7f0000000280)={0x77359400}, &(0x7f0000000300)={&(0x7f00000002c0)={[0x4]}, 0x8})
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000040))
r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x4, 0x40)
ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000180))
r2 = syz_open_dev$sg(&(0x7f0000000080), 0x2, 0x46201)
ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f0000000100))

09:01:28 executing program 0:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, 0x0, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2393.117539][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.125656][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:28 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x0, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

09:01:28 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = shmget$private(0x0, 0x1000, 0x1004, &(0x7f0000ffc000/0x1000)=nil)
shmctl$SHM_UNLOCK(r0, 0xc)

09:01:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0x2, 0x6, 0x0, @buffer={0x2, 0x1007, &(0x7f00000018c0)=""/4103}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0x411)

09:01:28 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000d1d000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
fork()
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x100000000000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:28 executing program 0:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, 0x0, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2393.262975][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.271330][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000040))
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:28 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0025bd7000fddbdf25250000000600061b40000000000e6443c441b1270f8cf778b05493c17940fd360885f79fefea87d297b74f1053db0a9d34b510e882d4b075a0cfca58f89b139448405ae932cfbb0a10e183a8d307e45375fbe916bddadcf00fc035f88a9f63639bd99fec917cc6352e1af0bedd00ce43af37c74e3e16d20f4db202fa514d3f3bd593e706806f6c72bbb603a8c4c8c2afb3c88b69f2fcfd659c2fb7ed340f5a1c9d8b65d657d12380e7f0f4c4ff065e89927463a17ff6822cac6356ff7079e8bfb8bf764b4fc8ae842b12908cbe9d9dcb51829b5592734ecb726f6e9d339ada7591da07eb9bc7caec144f090fb4b5dd06591ad26367b60c1c18a0a179565ea05dea9614e85a2ef4d8fd8053a14e884a75b9c6859155fc3930e7ba5704e596b564a7498c37ade972d40bf86c733c"], 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4008014)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x3, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="862a0b", 0x0, 0xfffffffa, 0x4, 0x0, 0x0})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:28 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2393.340545][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.348574][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:28 executing program 3 (fault-call:5 fault-nth:0):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:01:28 executing program 0:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, 0x0, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @buffer={0x2, 0x1007, &(0x7f00000018c0)=""/4103}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x16, 0x0, 0x0})

09:01:28 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5678, &(0x7f00000000c0)={0x0, 0x5042, 0x20}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x300000f, 0x10, r0, 0x10000000)

[ 2393.509031][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.517749][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2393.541623][ T7503] FAULT_INJECTION: forcing a failure.
[ 2393.541623][ T7503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2393.554715][ T7503] CPU: 1 PID: 7503 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2393.563814][ T7503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2393.573953][ T7503] Call Trace:
[ 2393.577233][ T7503]  dump_stack+0x137/0x19d
[ 2393.583131][ T7503]  should_fail+0x23c/0x250
[ 2393.587569][ T7503]  should_fail_usercopy+0x16/0x20
[ 2393.592597][ T7503]  _copy_from_user+0x1c/0xd0
[ 2393.597237][ T7503]  __x64_sys_io_uring_setup+0x4b/0x120
[ 2393.602778][ T7503]  ? fput+0x2d/0x130
[ 2393.606676][ T7503]  ? ksys_write+0x157/0x180
[ 2393.611266][ T7503]  ? fpregs_assert_state_consistent+0x7d/0x90
[ 2393.617775][ T7503]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2393.623519][ T7503]  do_syscall_64+0x4a/0x90
[ 2393.628023][ T7503]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2393.633913][ T7503] RIP: 0033:0x4665d9
[ 2393.638046][ T7503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:01:28 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000001480)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001440)={&(0x7f0000001340)={0x24, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x4000001)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x0, 0xfffffffffffffffc, 0x6, 0x0, @scatter={0x6, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)=""/32, 0x20}, {&(0x7f0000001380)=""/129, 0x81}, {&(0x7f0000000280)=""/39, 0x27}, {&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/27, 0x1b}, {&(0x7f00000001c0)=""/142, 0x8e}]}, &(0x7f00000000c0)="000100010000", 0x0, 0x8, 0x6, 0x4, 0x0})

09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:28 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='\x00', &(0x7f00000000c0)='.\x00', 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2393.657704][ T7503] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2393.666290][ T7503] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2393.674262][ T7503] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2393.682224][ T7503] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2393.690544][ T7503] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2393.698507][ T7503] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x781840)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000080)={0x5, ""/5})
ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000040)=0x6)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:28 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2393.706728][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.714738][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

[ 2393.836862][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.844896][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:28 executing program 3 (fault-call:5 fault-nth:1):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 5:
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r0, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
syz_io_uring_setup(0x45d3, &(0x7f00000001c0)={0x0, 0x4fd4, 0x10, 0x0, 0xd6}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280)=<r1=>0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x10000000)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
sendto$packet(r4, &(0x7f0000000340)="28fa87df5a98f5b032855aca435de38c1c276b43ecaeb2eef75610073c67bfbf750939c292bb92e58c6023506cfe", 0x2e, 0x1, &(0x7f0000000380)={0x11, 0xf8, 0x0, 0x1, 0x2, 0x6, @broadcast}, 0x14)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r5}}, 0x7)
syz_io_uring_submit(r0, r1, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x4, 0x4004, @fd_index, 0x369f, &(0x7f00000002c0)=[{&(0x7f00000018c0)="5be172f0159f95ef47614a5df2d0421e1b6d52d009d41e5d05d0684f8c54085bc8a58bc0d2b74c97ceb118dd9238eddd0956d9d882d3f80f4eaf987733df04da4507169a82db180b0abdb786e9937cfec4f5083e34e01cc60c0a6b3c5631d9b2bd3eff9bce91d5ec9dda26994e65f2fdab6fb0adfa9f6fc0fe333dd11703a39b84dfc6662adad9b03e203f6653059acd629dcc7c20f08c9d5d9a418106a2fb69c57af98dbb7bc442f23d4c739a99f37441f8900931091990e25f44267680e017896b6eb7edb7a80b33833a74ca20632d61720319dce88db33ba014be02762bdd961a348e606f020068e3f6528e17c011a8f5e1406179dedd578e52d96c66089cfc3b7c909eaaacf4689245ab8d009202320801e1af5a60ecea0ff3a5b27bd67affa8976180b8146c577efe4ed0bc146d9c1cd9ae382c273c00d6afbaa81a1e182864467e7e5fcbc92bb2e6c67bc02c86290a7b275ef52561f3265b8d8a13071945d3458cf83fbbb592f14c64a4b967a1e3850ed8a1947255808ea001a380b22d9b7ad7d7a0426452b14b5c48c4dbad608942261b05a12c7d789495aab3215af14d47093a3352a5f250e2c4575c8123f87dd320ce4290440d75501c52c428a307958b24835833893ee46394e7a2799e2cbb91603e42dc40d3c932886bc7abb353faae48fc27f417e607ef6717039eb9da09aa6baa6ab36a08fb157a241e9389ae5276f4d757ae8142a21f5f9c26f277a8492dfa07500f2723a2f7c399ddb2d2109e65151c64d8d0e8b5f9750dffd589f7eb58bcc22dcd1a9e84fd1b43999507caa34820139b423b5bad55517b717253573a45333cbfcc3127347605f441c05087679cfb91c6f3e56dc33e834e5dcd32238798a44e61169dc185fa40d8b9ad142f476f46e18fee2c4107996b3339905ebc83745259aa9851b30249c39027c9b5f368a0dca9f61dac363b2f1b7f3d2f1f1fe656863e1a5019b1fcbc1f1a893533e0377c6eef60177de2e79ce96bb7b6254e7745381f23c7f387722234abea4615220b82f78b191b8c7ef40998dc70617916f0c72a68edb491748048706ebaff087f55023827252ef65c45488914be1108cba7e28026e0703f64a1e745d61d07090014b8e5e7bff91b5ba6dd6b8eb941e03383a27ef204f28b0b88cab878832bb31f1120e61c3130cd82827b4faa5a5aa7afc08588818d7a1f92ea002ebee2790e4f93b7d6d1e66cc09aba7a2192f5d4c28290697eaaeb27dfcf7db7e336c9334731cc1ef925077583f43f84481194cd1ab14c211d7e0db72a2c18b653144e57a88620caf3d0b876627d66e80f3e51534fdffee4c73a9e1b7fa05c97bca692454865f32ce27e7ed605aba24921c3d4f0d7176646551083d26dfd71889d8ceb6ae4c0c84e1cd961871aa5d3cf6af98698a79f64329dfd2c459905138ab34bfdcb52c65dfa015ebb92a6e25745a0ccefddf8855275d07ab86a3b6cac619a4d3d61199d56cb65d8596aaf23c735cee850bb33c59275f727c4ffcce58d2f49323a6d94dbe2cb9fa6e61bd993fbf0e1bb163c06bcc97dcb50cf9b38c998fda06e3ee408f926b55ddf300ebcc2b1499c55b15921587d8dbf26e10e8f63917d13ff45c7e461e7a685e283bc0f94c9f2c4e30c522a338988e126f2211408f25ac7e2a69c98bdf96c35b9c14912d8816a32c486a2afe3cc5306b29cea9d96f36bdc51ffa1dbb77cf9758e2e838842dedfe51a73c469cffe977a43941b978ba5e321da70e9201e86ad27e4feb0147497ddbbd61d4a2768351aa7c772b33b1cef966091c23c8b0f3f41db941ad87cd4352e09f17b1dea391ce3381caed443a39f765f290223be2f02c1653092354d230896cd520462b090e28fea88a04df22245fce1b92e65dd3f478a001143517ec1ef260bba94b38384a20d338c5b77905adc6c5e9cbb1ebc5bbf01a4f07fc6f87d1221115f8046afb0dba6db3e506f735da9f720ba5cba5a361063757e1ffd693641fd0ccc4025fb6704669889d50fc7975f816a470ebf713c5370a51257bfa496834204223d4e4c594382eec233e1dcfcd8b028143d94f1429aa224ec1e5d84581015fdd126c2246b21faa461b50d5305f9c215ae4ebbf536eef7bc81b91810d60feef4b6a88b9a6c3fa32c359b28dc2d2aeaf10a2ec5d0473228ea5f3dd430a104fed5b1e4121c8af3077c79af9979d86bf2d49b37c383dd65ff62b7f2b380e5ecc03a341ad93a247657d1e9030033bfaba523b8bce82378dfff684c10baf2c5f1aff56851d5044271e5872c57dc56924ba3720985e779e17fa36bef1e015ae89f7c394e79b3a40ed18f7c5d5bbb32a5dfac6e4fc199e3067b417e34a800933a9277df70759080edab078b397eece2f7658a304639d401de33a30d7ea5aea2c288413d8184147c3bb91ec174ae8f893c9323b042064648720ea0621ed1efa38d467505d96d5fec6fd059c906faadc116d6231443990b240b11a7dd271dc4a21cf8bda6220079ee7fbed01eaea2cd200230d7d19b52414994d9745ded7eae015d975dae77acdea99c9b39db874adb6b230de050d453bfca98836995aafd38dc57b8510c485fa1938175e042f7d2893e25c90e9bab1e3af8c1d29e3bcf991774ca9c677c4002e350599286c6dbff4cd6e15c5240b8a4dde443834d79a205d3b18bc05494ed27702196c4b8c01ac362a5f95effa63b7238e3a6cf36bf0f93a9de3a3cacff72b27129c59566ca1f829b22d83774300ed553cfc877ab18ce8bfdaed21e7045c5f9bc59a3eb672f68f635087e2ee6ddf89f40703b3d5e0f403ba70d9b5da5833088b6f62318eadeb38d444d4c85662f6294c895fdd246d8e90364e30213e2f0546994732872aa30b236e55c019d6305b4e272b541f064e2756e4764a44435f90ee99e9a8c17c73790ce5aaad90dc071ec0c9e21433fc026f9e5ce347c390bb27797772beb9227ca4ab8503ed519ceff5a0455d782793261fb0fe35f4e14bdc44336b9a73765fed3d7f875449fb58d71ab06d32b83827de604b030eddbe0310325cbc168d84b00c7293c7eab1d7d95efccb1ab4e8795276fb2cd434792ba9933c015ad5d59fda11fc30fc76889e05f65bb5bd6e909c5feb3dad9756114882ddc82e3da9541adffd86fabe18ff975907acbac739ed84757564e6a501ea8fb673557ab444f41cbbabb6bfb6d4cec48cbf544c96cbc7265971f87b3207fe0c365d7a4f215b540045d8056d6e65c498d432829286a72a6cb7f28d661d9a7e442dae48ac95ead6e60b1d99105f883f8c7f57800543111a92d79e5088071e8f14f139adf4bf80df19d08c621a7a6e40aa04d4e4b82bb833d936f4ee80f5b6c3693bff000d3f2d5965298e004c82fe69025e55917857f4e80acc2eb5285f9d3dcfc64051d89af6fc6bd5d0530e01b54fabc310657e49559eb41e0aac46218d6636e89dd4f6d452dc467d81e413b0c6910a0554552fb0d6e2ff73871b9da849205f15da0679fab2f7c908cd9b226b056be66c9e58160c81d198e27a1de435d6c504d0a7ea13bce0a639007711ab00f4a7da7a1a3a88f8eea1f778ac94f14daa78899473ea7b5f33252d82fb6a123d6f9b654f473acf7c2dd2deb1d2c0b5384b87ab9d20821e6820e5e0dfbe81f0c6a57d6cb20d284cb399aeacc6ff214381293e09d4b2500b64b5529930b2c734dcdbe6e577e752ea7e0f5e03775f1c9868ba8f7ec90a2b8e0f5e3f5e7c32285cd6c5d0a999974d2728834c5fa350d4f4b2dd32bc51ef443b61f0c6548e452b9ad30d3e19c6e5011bbabf3af86e357eaff14988d056ea89dce1081eb130c2a6214a0eef0326ee4e2a544c7a6f6c9d32d259b5a7ece64997b0ba244d42dcb10692f1f2447926209a63bcb2fb2f976918ae2148b37f06aeeb142c8a168195550dd5cee7be9e53dd62f4d8a559f8affb93f5ef8a10516db62b855ece7e7c0974dd9167d6488e8fe03997d9ffdf7508b0a901684ea82e4317757868d048a2cc48dd8ece37d2e0b349db595845a56b5644a52702a12533d01777dc81a7b65a488daed8185ffdcac938fef6d73bdbbc1b293e094ccad82d32e2368435d20fa3eb8ccc7afe2d4363b14b9cb22539caf75109a835e7450a0e47e243e311ff79577d3c61347cf259b203d1e4974c7c839df2eedd22b952122f5364d9b0ac99c90b74d05ff91e31f38db54ba2a59524d145b62f43abe81d782b0226eb8d47bdb1a3ed7cd9c5d0b2c7f64277c1efb5923f196181e966302fc21ab98809356ab92ec10ffa771a6360f4768f6c1d3469bb4e349c41ab2f63352e973c38d44757a4ebc78a841f54bc809425a5b2d5dc5c41bdf203151285da98255e68866a345ad1b8d83293e31406d43514bc9b2d820a4a692b1cea2d0355833cb388ad6d9839fe7eb5d277efa62bba7b9f4e0a9060cb239f2f06ed8efc8290e9923eb3a45e39fc596eb7753b6b68e83027647db1b2a218a0c186bc31f4b685d8e084436a04d31b1a9aa5d2fa6edb64a1cc0b702ef78cb0ac40469e7ff25dbafc3e6463ed594caf15c450ca13aa0e90379a16a65f47b00aad405a9178b8b3adb0bc87d0c9a203c4734d87de7c1a61b8b711c24f4e1410940d5504c2719c93036f29d586a323d08bf6bd5e9d2cbc636e4988ffba93b3e495a19d068e9a6863ec415b6119490e3c887c7f074262f53e523845858a533893d2045864bd56691a646d8a7f3d739000a9848ab309a804882f014b7ef2fa26e7560150314b42146cca433bb3a7bf5a0c10dc0e802acfebfb04218080fb92363d93f71ea1766dcf304c0be955798fff2f39af98a3e47ef6c2cb1f6982784b8e4e0961521f5076a3ba1106733ee9e62a92eabb7d0a543af03c99669c3a5f9cb25a887670ef4af9fd00009881e3734ca0af331af4ddf57688425b75c567636ac495186b20ed8ec36074d6bd7a8c5d2a9519cfbe98cd270c66e6070172082492fedbcebbd4472004636f7bb70ef40632501389eb8a8165f6ee8eecc5730bca1dffa06419e99c3bbfe61e858d9cedc97b405dad91166d6687b8aa5769f6a703beee230dce229e4aee5b02a67d3a7c6107aae64575f1c53e83272bd25aaff2311d39323fb2f61c9c7fe8344a39cad3782854d01627014ab865a5855140d2a7d0ec19155a5568402b5a231119ab5db96542f9db296b71a2c0db2a4fc461a19c2b45dc40dd3bb2bdb67a598ee81977fffcaca66ff6e1a3f602748d77ef25b31e6c6bf0750c15d85727678083694cef3997f7d6b0c93e48e8cef125b77bafe69c83d407d43e6211d25ce1f9292bedb4790bb194b0ee7712a628fa3c48a4fe21e84e0fdcadca9135450f1bc2fccee795b562297609f65961a7418eefc81137b27f130dbf10bfca3219016844a98b1b29d6e9235aaeb6386ab3bfd5be76562fa4434d113b4b0afdfba7d61f3b566b03e1d760b5b2a2a65b56011a654003c9c84f89ba85183ef3aa7ab436db263a9b0c3036a564fdb528fd11833958d3467dd32985773c0cfa71a33d8fe520c981c6bca1ebf0ef18a191c95caab3108875596f20d81c9dd6cbef71c03ef929f58ebd4ed0ef1fcb4685c567eecc65cb02788033986aea1393fc614712ff4816d147cb2ae96acdc67801410aa60317135284a4e9cdeadbde256aa7e7efcf569e2161b364f5502c73034173d706064143a4b43895602cc499ffae224096731cccb44d5f283d0bde68a2b76937ab997fff585c535b11e5422473fe806748aca14e9ef060a32b25bbc3acf22bb4a8278f99aaa02f50829d31bdb87309e71", 0x1000}], 0x1, 0x8, 0x0, {0x3, r5}}, 0x9)
recvmsg(r2, &(0x7f0000000500)={&(0x7f00000003c0)=@xdp={0x2c, 0x0, <r6=>0x0}, 0x80, &(0x7f0000000480)=[{&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f0000000440)=""/2, 0x2}], 0x2, &(0x7f00000038c0)=""/4096, 0x1000}, 0x10000)
setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000540)={r6, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000428bd7000fddbdf25010000000800020100000000140001806500000009040100060000004e220000440001800800060006000000050002004000000b20d189e10014000400fc0100000000000000000014000400fc020000000000000000000000000008060001"], 0x74}}, 0x0)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:28 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:28 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x70)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r2=>0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x110, r1, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000640))
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032cbd70000000008000000000", @ANYRES32=0x0, @ANYBLOB="0c00990005000000550000000800b700dd00000008002600301600000800b7005a00000008009f0001000000"], 0x48}, 0x1, 0x0, 0x0, 0x4c051}, 0x4)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x2, 0x0, r4, 0x0, &(0x7f00000001c0)="3542ac92a54e86061200a2f671838d8f7e8a09086ca55543a6d35062132dd40813ec86d1cfe2ce0c8f48450d7cc7d7a6adfe5ccf726d4449eaf64474edfd826c6c0215c155637feae7a84c51d9cba3cead7fe36e1d62a1e833b18e5ba58bcedde61259368a7fcf1db07d4467c06a42d5901e50e5196a4843cc67e185b1da44c487aa1d32faad00f608d60ceba403dbc19b76619e41cf131d1f773c19e89bd1cca1efde7333d8992ff39ed757e12aaa80779ad220735eab91b9c584aa305933b4551eb5d1c340633d626ba257c83080463cc601ecc19372bf5493f7a81bb6aad604ca71c4db9b64f670bbb799822a88d0a0c7b1ff372b137060", 0xf9, 0x80, 0x1}, 0x81)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xa, 0x80010, r0, 0x10000000)
sendmsg$IEEE802154_ASSOCIATE_REQ(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r7, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r5)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x40040402}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x14, r6, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40400}, 0x24000040)
sendmsg$IEEE802154_ASSOCIATE_REQ(r7, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r8, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c090}, 0x4000)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r5, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r6, 0x4, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20048000}, 0xc000)

09:01:28 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

[ 2393.937005][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2393.945125][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2394.015038][ T7572] FAULT_INJECTION: forcing a failure.
[ 2394.015038][ T7572] name failslab, interval 1, probability 0, space 0, times 0
[ 2394.027721][ T7572] CPU: 0 PID: 7572 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2394.036391][ T7572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2394.046442][ T7572] Call Trace:
[ 2394.049714][ T7572]  dump_stack+0x137/0x19d
[ 2394.054052][ T7572]  should_fail+0x23c/0x250
[ 2394.058470][ T7572]  __should_failslab+0x81/0x90
09:01:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x8c6, 0x80000)
ioctl$SG_GET_PACK_ID(r1, 0x227c, &(0x7f0000000080))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x3, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2394.063323][ T7572]  ? io_uring_create+0x120/0x18d0
[ 2394.068344][ T7572]  should_failslab+0x5/0x20
[ 2394.068365][ T7572]  kmem_cache_alloc_trace+0x49/0x310
[ 2394.068385][ T7572]  io_uring_create+0x120/0x18d0
[ 2394.083135][ T7572]  ? vfs_write+0x50c/0x770
[ 2394.087543][ T7572]  ? should_fail+0xd6/0x250
[ 2394.092040][ T7572]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2394.097586][ T7572]  do_syscall_64+0x4a/0x90
09:01:29 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

09:01:29 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2394.097653][ T7572]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2394.097674][ T7572] RIP: 0033:0x4665d9
[ 2394.097686][ T7572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:01:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

[ 2394.097700][ T7572] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2394.097713][ T7572] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2394.097723][ T7572] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2394.097732][ T7572] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2394.097741][ T7572] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2394.097751][ T7572] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:29 executing program 3 (fault-call:5 fault-nth:2):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5)
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000100))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2394.105825][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2394.105848][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2394.109964][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2394.109984][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2394.192214][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2394.192234][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:29 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x8)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
syz_io_uring_setup(0x1325, &(0x7f0000000040)={0x0, 0x558c, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x0, 0x101)
io_uring_setup(0x651f, &(0x7f0000000100)={0x0, 0xdc9a, 0x20, 0x3, 0xb6})
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f00000000c0))

09:01:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

[ 2394.267707][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2394.370186][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:29 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x216, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x2ab, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="8c400000f640", 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$sg(&(0x7f0000000040), 0xfffffffffffffff9, 0x12000)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
syz_open_dev$sg(&(0x7f0000000100), 0x2, 0x4000)
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5387, &(0x7f0000000140))
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)

[ 2394.448013][ T7623] FAULT_INJECTION: forcing a failure.
[ 2394.448013][ T7623] name failslab, interval 1, probability 0, space 0, times 0
[ 2394.460716][ T7623] CPU: 0 PID: 7623 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
09:01:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:29 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 3 (fault-call:5 fault-nth:3):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2394.460789][ T7623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2394.460868][ T7623] Call Trace:
[ 2394.460873][ T7623]  dump_stack+0x137/0x19d
[ 2394.460896][ T7623]  should_fail+0x23c/0x250
09:01:29 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:29 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[ 2394.460915][ T7623]  ? io_uring_create+0x190/0x18d0
09:01:29 executing program 0:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2394.460934][ T7623]  __should_failslab+0x81/0x90
[ 2394.460955][ T7623]  should_failslab+0x5/0x20
09:01:29 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2394.460968][ T7623]  __kmalloc+0x66/0x340
[ 2394.460986][ T7623]  ? kmem_cache_alloc_trace+0x215/0x310
[ 2394.461079][ T7623]  ? io_uring_create+0x120/0x18d0
[ 2394.461093][ T7623]  io_uring_create+0x190/0x18d0
[ 2394.461109][ T7623]  ? vfs_write+0x50c/0x770
[ 2394.461120][ T7623]  ? should_fail+0xd6/0x250
[ 2394.461133][ T7623]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2394.461156][ T7623]  do_syscall_64+0x4a/0x90
[ 2394.461226][ T7623]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2394.461256][ T7623] RIP: 0033:0x4665d9
[ 2394.461266][ T7623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2394.461339][ T7623] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2394.461355][ T7623] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2394.461364][ T7623] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2394.461373][ T7623] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2394.461382][ T7623] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2394.461390][ T7623] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2394.470633][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2394.470649][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2394.571380][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2394.571399][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2394.667999][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2394.668023][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2394.671458][ T7660] FAULT_INJECTION: forcing a failure.
[ 2394.671458][ T7660] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2394.671480][ T7660] CPU: 1 PID: 7660 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2394.671500][ T7660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2394.671531][ T7660] Call Trace:
[ 2394.671549][ T7660]  dump_stack+0x137/0x19d
[ 2394.671570][ T7660]  should_fail+0x23c/0x250
[ 2394.671586][ T7660]  __alloc_pages+0x102/0x320
[ 2394.671603][ T7660]  kmem_getpages+0x1a/0xd0
[ 2394.671624][ T7660]  cache_grow_begin+0x4c/0x1a0
[ 2394.671659][ T7660]  cache_alloc_refill+0x326/0x3d0
[ 2394.671683][ T7660]  ? should_fail+0xd6/0x250
[ 2394.671699][ T7660]  ? io_uring_create+0x190/0x18d0
[ 2394.671718][ T7660]  __kmalloc+0x2ba/0x340
[ 2394.671744][ T7660]  ? io_uring_create+0x190/0x18d0
[ 2394.671875][ T7660]  io_uring_create+0x190/0x18d0
[ 2394.671894][ T7660]  ? vfs_write+0x50c/0x770
[ 2394.671907][ T7660]  ? should_fail+0xd6/0x250
[ 2394.671920][ T7660]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2394.671939][ T7660]  do_syscall_64+0x4a/0x90
[ 2394.672031][ T7660]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2394.672049][ T7660] RIP: 0033:0x4665d9
[ 2394.672059][ T7660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2394.672076][ T7660] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2394.672094][ T7660] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2394.672106][ T7660] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2394.672119][ T7660] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2394.672146][ T7660] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
09:01:30 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8, 0x810, 0xffffffffffffffff, 0x10000000)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:30 executing program 3 (fault-call:5 fault-nth:4):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:30 executing program 0:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:30 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2394.672158][ T7660] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x0, @scatter={0x3, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/76, 0x4c}, {&(0x7f0000000100)=""/139, 0x8b}, {&(0x7f00000001c0)=""/19, 0x13}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x3, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_GET_PACK_ID(r1, 0x227c, &(0x7f00000002c0))

09:01:30 executing program 2:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x4102, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000140)={0x0, 0x5040, 0x0, 0x0, 0xffffffff}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
io_uring_setup(0x6c80, &(0x7f00000000c0)={0x0, 0x21, 0x1, 0x2, 0x1b7, 0x0, r1})

09:01:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

[ 2395.180362][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.188393][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2395.249545][ T7702] FAULT_INJECTION: forcing a failure.
[ 2395.249545][ T7702] name failslab, interval 1, probability 0, space 0, times 0
[ 2395.262571][ T7702] CPU: 1 PID: 7702 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2395.271353][ T7702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2395.281542][ T7702] Call Trace:
[ 2395.284832][ T7702]  dump_stack+0x137/0x19d
[ 2395.289337][ T7702]  should_fail+0x23c/0x250
[ 2395.293831][ T7702]  __should_failslab+0x81/0x90
09:01:30 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:30 executing program 0:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2395.298658][ T7702]  ? percpu_ref_init+0x9e/0x210
[ 2395.303619][ T7702]  should_failslab+0x5/0x20
[ 2395.308120][ T7702]  kmem_cache_alloc_trace+0x49/0x310
[ 2395.313440][ T7702]  percpu_ref_init+0x9e/0x210
[ 2395.318196][ T7702]  ? io_uring_create+0x18d0/0x18d0
[ 2395.323294][ T7702]  io_uring_create+0x228/0x18d0
[ 2395.328159][ T7702]  ? vfs_write+0x50c/0x770
[ 2395.332570][ T7702]  ? should_fail+0xd6/0x250
[ 2395.337054][ T7702]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2395.342606][ T7702]  do_syscall_64+0x4a/0x90
[ 2395.347078][ T7702]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2395.353134][ T7702] RIP: 0033:0x4665d9
[ 2395.357022][ T7702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2395.376716][ T7702] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2395.385124][ T7702] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2395.393093][ T7702] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2395.401054][ T7702] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2395.409011][ T7702] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2395.417154][ T7702] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2395.425418][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.433406][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2395.440891][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
09:01:30 executing program 2:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x39d2, &(0x7f00000000c0)={0x0, 0x4c33, 0x10, 0x3, 0x168}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r2 = syz_io_uring_setup(0x745e, &(0x7f0000000180)={0x0, 0x6266, 0x16, 0x0, 0xbe, 0x0, r1}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000240))
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x40010, r4, 0x0)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x1, 0x2010, r2, 0x10000000)
syz_io_uring_submit(r0, r5, &(0x7f0000000280)=@IORING_OP_POLL_REMOVE={0x7, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x101)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SCSI_IOCTL_SYNC(r4, 0x4)
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ff1000/0x4000)=nil, 0x4000, 0x800006, 0x4000010, r1, 0x10000000)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r7, 0x0, 0x0)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r7, 0x10000000)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r8, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r9}}, 0x7)
syz_io_uring_submit(r3, r6, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x5, 0x0, r4, 0x0, &(0x7f00000002c0)="9d8d4914795f11149fee161909b04f47c1369790cbed5f21bd359326281aaa6d75f39a6d26f73678f1ab0aee83104ee265f68ce8", 0x34, 0x41, 0x1, {0x0, r9}}, 0xffffffdb)

[ 2395.448876][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:30 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

[ 2395.491782][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.499804][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2395.551119][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.559157][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:30 executing program 3 (fault-call:5 fault-nth:5):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:30 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, 0x0, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

09:01:30 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:30 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5329, &(0x7f0000000040)={0x0, 0xc51f, 0x20, 0x3, 0x48}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000002300))
r1 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmat(r1, &(0x7f0000ffa000/0x6000)=nil, 0x1000)
ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f00000000c0)=0x6)
r2 = syz_io_uring_setup(0x1ec3, &(0x7f0000000100)={0x0, 0xff17, 0x0, 0x1, 0x22f, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x10, r2, 0x10000000)

09:01:30 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:30 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:30 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000540), 0x0, 0x0)
ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000480)=ANY=[@ANYBLOB="860000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"/138])
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x218280)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)
ioctl$SG_GET_PACK_ID(r1, 0x227c, &(0x7f0000000580))
r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000001180)={0x53, 0x0, 0x11, 0xcb, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="e53be986ff48364af2c8110794285e130b", &(0x7f00000010c0)=""/67, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @scatter={0x5, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/2, 0x2}, {&(0x7f0000000100)=""/241, 0xf1}, {&(0x7f0000000400)=""/7, 0x7}, {&(0x7f0000000200)=""/189, 0xbd}, {&(0x7f00000002c0)=""/140, 0x8c}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000440)=0x1)
ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000080)=0x80000001)

[ 2395.714811][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.722935][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:30 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

[ 2395.804532][ T7775] FAULT_INJECTION: forcing a failure.
[ 2395.804532][ T7775] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2395.809834][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.817807][ T7775] CPU: 0 PID: 7775 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2395.825777][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid command operation code
[ 2395.834411][ T7775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2395.834421][ T7775] Call Trace:
[ 2395.834428][ T7775]  dump_stack+0x137/0x19d
[ 2395.845998][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.852787][ T7775]  should_fail+0x23c/0x250
[ 2395.856075][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2395.860349][ T7775]  __alloc_pages+0x102/0x320
[ 2395.871556][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.872716][ T7775]  alloc_pages+0x21d/0x310
[ 2395.880200][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid command operation code
[ 2395.884749][ T7775]  __get_free_pages+0x8/0x30
[ 2395.892730][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2395.897088][ T7775]  io_uring_create+0x887/0x18d0
[ 2395.905400][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2395.909983][ T7775]  ? should_fail+0xd6/0x250
[ 2395.934800][ T7775]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2395.940299][ T7775]  do_syscall_64+0x4a/0x90
[ 2395.944716][ T7775]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2395.950605][ T7775] RIP: 0033:0x4665d9
[ 2395.954497][ T7775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2395.974097][ T7775] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2395.982492][ T7775] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2395.990551][ T7775] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
09:01:30 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:30 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:31 executing program 3 (fault-call:5 fault-nth:6):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

09:01:31 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000080))
recvmmsg(r0, &(0x7f0000000740)=[{{&(0x7f0000000100)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f00000002c0)=[{&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000180)=""/80, 0x50}, {&(0x7f0000000200)=""/171, 0xab}, {&(0x7f00000008c0)=""/4096, 0x1000}], 0x4, &(0x7f0000000300)=""/67, 0x43}, 0x6}, {{&(0x7f0000000380)=@generic, 0x80, &(0x7f0000000440), 0x10000000000001a2, &(0x7f0000000480)=""/158, 0x9e}}, {{&(0x7f0000000540)=@nl=@unspec, 0x80, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/11, 0xb}, {&(0x7f0000000800)=""/136, 0x88}], 0x2, &(0x7f0000000700)=""/1, 0x1}, 0x260}], 0x3, 0x10000, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r2, &(0x7f0000000680)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000440)={0x2c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x2000c084)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0xc80, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r4, 0x2286, &(0x7f00000028c0))

09:01:31 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000140)=0xc)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
io_uring_setup(0x5f10, &(0x7f00000000c0)={0x0, 0x6a0b, 0x8, 0x2, 0x1d1, 0x0, r1})

[ 2395.998501][ T7775] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2396.006448][ T7775] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2396.014399][ T7775] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:31 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

[ 2396.103744][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2396.111784][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

[ 2396.164612][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2396.172624][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:31 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:31 executing program 5:
ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5)
ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000005c0)={&(0x7f0000000100)={0x49c, r1, 0x100, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x40}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x401}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffff800}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffff8}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MEDIA={0x10, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}]}, @TIPC_NLA_NODE={0x228, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xca, 0x3, "cb0f7db50e1ec3ea1fe8664e1696679386f9d9eede97b9ba3f2f0cedac163f63c49b58c34aa23755e2c9a97b0d5bbad4b288f12c973380380c03dbc3aa45be62f7b05901cf3261cb521ca2e890325dffa34711372b008148bd85cfb087d98ed986b5a6c2b36961cdb6806fb4a805b59e1504b6bdd8795ba146fda898137686f4702abffedeea2de9735f066fad5b4c772abbb5d869e2a013a8dc63ff7905fd5e8fe8a7163c6fcf03fc8028ca43208abc9524a0c621c1138a9591ed5eee88c51f0624f44160c9"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x6a, 0x3, "8f8f393dcb99cbd0da47d754232a42629726403135371e23d4ed308db08298a6175dc426ade98479163b6c20de14e19a4299fc0865f10edd1fdf827193e233a21f71f25fef093036f04a357b69b47f8e2fb2525d12f00e184a2ee160f06fc3af2940861178c9"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8bf}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x8c, 0x3, "b7f5671156087c3d0d6925740bc7b693b4b7c93211308e39c40484553d27e401789316b3b060ef0b40e3ee0158240767a1ab4ca70ae9ac954af27d4d0137371f96692c4a3bd29efb485c917304ebd593a9ebcf350ffe46b8aabdf5736f08dd27f48aab86bca3cc644b850f5fb5ec808b16c2d28f7aab1614772333de9d3572ba41216075c4dbed54"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "68aa6f0898263de30959482949c4ba1daab1beaf60efb5e6"}}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK={0xb4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5f30}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x60}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffff}]}, @TIPC_NLA_BEARER={0x100, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x9, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x40}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @private1, 0x9}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7e}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0xca9d, @mcast2, 0x4000}}, {0x14, 0x2, @in={0x2, 0x4e20, @local}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x14, 0x2, @in={0x2, 0x4e21, @broadcast}}}}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x96d}]}]}, 0x49c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004005)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:31 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:31 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), 0x0)

[ 2396.242612][ T7817] FAULT_INJECTION: forcing a failure.
[ 2396.242612][ T7817] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2396.255868][ T7817] CPU: 1 PID: 7817 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2396.264539][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2396.274580][ T7817] Call Trace:
[ 2396.277844][ T7817]  dump_stack+0x137/0x19d
[ 2396.282358][ T7817]  should_fail+0x23c/0x250
[ 2396.286918][ T7817]  __alloc_pages+0x102/0x320
[ 2396.291487][ T7817]  alloc_pages+0x21d/0x310
[ 2396.295983][ T7817]  __get_free_pages+0x8/0x30
[ 2396.300549][ T7817]  io_uring_create+0x9b9/0x18d0
[ 2396.305378][ T7817]  ? should_fail+0xd6/0x250
[ 2396.309956][ T7817]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2396.315398][ T7817]  do_syscall_64+0x4a/0x90
[ 2396.319794][ T7817]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2396.325741][ T7817] RIP: 0033:0x4665d9
[ 2396.329614][ T7817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2396.349489][ T7817] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2396.357905][ T7817] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2396.365909][ T7817] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2396.373860][ T7817] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2396.382361][ T7817] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2396.390486][ T7817] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:31 executing program 5:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000005c0), 0xc8401, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000800)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x42881)
getrandom(&(0x7f00000018c0)=""/4096, 0x1000, 0x3)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042bbd7000fedbdf25030000000c0009000200aaaaaaaaaaaa0600080074f300000500120006000000060008100000000006000800ca69b33f67a25a767b9f8a17585881ba0000000006c0702883b09a000800030000000c0009000200aaaabaaaaaaa0c0009548030ead02639d3220f23ec5215183b5a6a6192008ea4f53e95dc9ff2985c92a0f3ec016912cbad81c9564a8b9b37af68ff61ba959ab53a2727aa91221ddecf9f69332947e62a5e20cebd2eefb22a0899c399f727a9cc0c96acb843ee1e6017b5d8f03e12f1f62f920bc1e55cb52f3370171c"], 0x60}, 0x1, 0x0, 0x0, 0x20000080}, 0x40100)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
sendmsg$IEEE802154_ASSOCIATE_RESP(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="0000005e08cd13232a0392499117aa67dccf", @ANYRES64=r2, @ANYBLOB="000326bd7000fedbdf25130000000c0009000202aaaaaaaaaaaa"], 0x20}, 0x1, 0x0, 0x0, 0x24048894}, 0x4000091)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000700)={&(0x7f0000000540)=ANY=[@ANYBLOB="38000000f31ea84258c8b4dbc2b765ed1d5818aaa7eac372af8c4ba5799a13a45e4ca4fba609", @ANYRES16=0x0, @ANYBLOB="000826bd7000fbdbdf252d000000060006000300000006000400a1aa000006000600030000000a0001007770616e31000000"], 0x38}}, 0x40050)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$sg(&(0x7f0000000480), 0x8, 0x20002)
ioctl$SG_SET_DEBUG(r6, 0x227e, &(0x7f0000000640)=0x1)
sendmsg$IEEE802154_ASSOCIATE_REQ(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r5, &(0x7f0000000400)={&(0x7f0000000100), 0xc, &(0x7f00000003c0)={&(0x7f0000000140)={0x14, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, ["", ""]}, 0x14}}, 0x4000040)
r7 = syz_open_dev$sg(&(0x7f0000000440), 0x100000001, 0x40001)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x14, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x840}, 0x4004)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r7, 0x3)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000840)={0x0, 0x4, 0x6, 0x8, @scatter={0x1, 0x0, &(0x7f0000000440)}, &(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00', 0x0, 0x3, 0x179ea63ef98d2d9f, 0xfffffffe, 0x0})

09:01:31 executing program 3 (fault-call:5 fault-nth:7):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:01:31 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:31 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x7344, &(0x7f0000000040)={0x0, 0xde8a, 0x20, 0x3, 0xda})
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000100)={0x0, 0x846c, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180), &(0x7f0000002300))
accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, 0x0)

09:01:31 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:31 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000040)=0x100)

09:01:31 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2396.575098][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2396.583113][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:31 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
clock_getres(0x5, &(0x7f0000002cc0))
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x800, 0x70bd2b, 0x25dfdbff, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x803)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2396.643005][ T7876] FAULT_INJECTION: forcing a failure.
[ 2396.643005][ T7876] name failslab, interval 1, probability 0, space 0, times 0
[ 2396.656012][ T7876] CPU: 0 PID: 7876 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2396.664725][ T7876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2396.674772][ T7876] Call Trace:
[ 2396.678051][ T7876]  dump_stack+0x137/0x19d
[ 2396.682389][ T7876]  should_fail+0x23c/0x250
[ 2396.687585][ T7876]  __should_failslab+0x81/0x90
[ 2396.690376][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2396.692343][ T7876]  ? io_uring_create+0x13f7/0x18d0
[ 2396.700531][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2396.705637][ T7876]  should_failslab+0x5/0x20
[ 2396.705658][ T7876]  kmem_cache_alloc_trace+0x49/0x310
[ 2396.722915][ T7876]  ? alloc_pages+0x21d/0x310
[ 2396.727589][ T7876]  io_uring_create+0x13f7/0x18d0
[ 2396.732577][ T7876]  ? should_fail+0xd6/0x250
[ 2396.737078][ T7876]  __x64_sys_io_uring_setup+0xe1/0x120
09:01:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:31 executing program 4:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2396.742632][ T7876]  do_syscall_64+0x4a/0x90
[ 2396.747092][ T7876]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2396.752974][ T7876] RIP: 0033:0x4665d9
[ 2396.756938][ T7876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2396.776635][ T7876] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2396.785069][ T7876] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
09:01:31 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2396.793478][ T7876] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2396.794777][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2396.801544][ T7876] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2396.801558][ T7876] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2396.801569][ T7876] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2396.809545][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:31 executing program 3 (fault-call:5 fault-nth:8):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:31 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:31 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f00000000c0)={0x74, ""/116})

09:01:31 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:31 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000400), 0x400065c, 0x40002)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000340), 0x3, 0x0)
ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000380)=0xa6)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$MON_IOCG_STATS(r3, 0x80089203, &(0x7f00000000c0))
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000300)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x3})
r5 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x200000000000063, 0x9c202)
ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x6, 0x0, @buffer={0x0, 0x17, &(0x7f00000002c0)=""/23}, &(0x7f0000000040)='\x00!\x00C\x00\x00', 0x0, 0x7ffffffe, 0x0, 0x0, 0x0})
syz_open_dev$vcsa(&(0x7f0000000080), 0x10000003, 0x480)
socketpair(0x28, 0x1, 0x3, &(0x7f0000000100))
getpeername(0xffffffffffffffff, &(0x7f0000000140)=@x25, &(0x7f00000001c0)=0x80)

09:01:31 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:32 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:32 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

[ 2397.016763][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2397.024883][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:32 executing program 2:
ioctl$SG_SET_DEBUG(0xffffffffffffffff, 0x227e, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x80010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x2720, &(0x7f00000000c0)={0x0, 0x830a, 0x1, 0x3, 0xa7}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = syz_io_uring_setup(0x5324, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xfffffffe, 0x4}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x1010, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x1d8, &(0x7f00000001c0)=0x77, 0x0, 0x4)

[ 2397.073711][ T7933] FAULT_INJECTION: forcing a failure.
[ 2397.073711][ T7933] name failslab, interval 1, probability 0, space 0, times 0
[ 2397.086901][ T7933] CPU: 0 PID: 7933 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2397.095593][ T7933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2397.105695][ T7933] Call Trace:
[ 2397.108980][ T7933]  dump_stack+0x137/0x19d
[ 2397.113413][ T7933]  should_fail+0x23c/0x250
[ 2397.117865][ T7933]  __should_failslab+0x81/0x90
09:01:32 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

[ 2397.122659][ T7933]  ? percpu_ref_init+0x9e/0x210
[ 2397.127604][ T7933]  should_failslab+0x5/0x20
[ 2397.132093][ T7933]  kmem_cache_alloc_trace+0x49/0x310
[ 2397.137431][ T7933]  percpu_ref_init+0x9e/0x210
[ 2397.142136][ T7933]  ? __io_register_rsrc_update+0x1260/0x1260
[ 2397.148109][ T7933]  io_uring_create+0x1419/0x18d0
[ 2397.153040][ T7933]  ? should_fail+0xd6/0x250
[ 2397.157537][ T7933]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2397.162996][ T7933]  do_syscall_64+0x4a/0x90
[ 2397.167467][ T7933]  entry_SYSCALL_64_after_hwframe+0x44/0xae
09:01:32 executing program 2:
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="21002cbd7000fbdbdf253100004005003400200000000a0001007770616e3300000005003400090000000500340030000000e2a658df5f67de434552a3e710cd0cee5f03fe40d565295bf23c1120f4f268469309528a822a08b812179cb746ebe9b994149d93d97be8da720d191f395bdbb0523c29ffb10b34d0b847a8ed88e3b10a09e1ce613d0a10a49de1e4b7cca7e6c9791568b2405c814f8648de310e42227a59c3a8893c611fd7664348e2f4a5723d0ab1ce69aeb633fac8395d5ba4b15e45ea6e35c2428ca8df178c20f7f38aecd570020ad78b1259448dcfb9be1a1c5739010a8322aa47339671fd03bde5dafd2310d98f2bba7f725ba69b78c128598d4df1c24938399f8c0e04948f0f6550ba1ad8196b7011abbc659c60c8ea3f09977988f35c9bcca8bde1a1a6045099f6acd028f16c23a1dbc992d8cd715de2145dc04963c21b314d10de14c93697220ea588338c4a3170426afb4997dd4fafea69e43655e2b76ee18ed5e42c398b689ff361f8fa06d4c60075776f1b8676d28e2e10eb8e72cec97fcb039e6127949b99fec7c205462b7085b1ba067a6adf4236e37b40e72774378a052c14dc982eb1c5cfdbab0b5d"], 0x38}, 0x1, 0x0, 0x0, 0x4048044}, 0x20008011)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2397.173428][ T7933] RIP: 0033:0x4665d9
[ 2397.177316][ T7933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2397.197117][ T7933] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2397.205533][ T7933] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2397.213600][ T7933] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
09:01:32 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[ 2397.221624][ T7933] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2397.229757][ T7933] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2397.237721][ T7933] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2397.283978][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2397.292010][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:32 executing program 3 (fault-call:5 fault-nth:9):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:32 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

09:01:32 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x20002, 0x2d0200)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000040))

09:01:32 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

09:01:32 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5abc, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)

09:01:32 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

09:01:32 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

[ 2397.376578][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2397.384696][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2397.453790][ T7978] FAULT_INJECTION: forcing a failure.
[ 2397.453790][ T7978] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2397.466869][ T7978] CPU: 0 PID: 7978 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2397.475715][ T7978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2397.485831][ T7978] Call Trace:
[ 2397.489101][ T7978]  dump_stack+0x137/0x19d
[ 2397.493735][ T7978]  should_fail+0x23c/0x250
[ 2397.498317][ T7978]  should_fail_usercopy+0x16/0x20
[ 2397.503429][ T7978]  _copy_to_user+0x1c/0x90
[ 2397.507861][ T7978]  io_uring_create+0x159f/0x18d0
[ 2397.512798][ T7978]  ? should_fail+0xd6/0x250
[ 2397.517343][ T7978]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2397.522951][ T7978]  do_syscall_64+0x4a/0x90
[ 2397.527612][ T7978]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2397.533613][ T7978] RIP: 0033:0x4665d9
[ 2397.537634][ T7978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2397.557585][ T7978] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2397.566092][ T7978] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2397.574146][ T7978] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2397.582280][ T7978] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2397.590306][ T7978] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
09:01:32 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:32 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000580)={0x53, 0x0, 0x6, 0x0, @scatter={0x3, 0x0, &(0x7f0000000540)=[{&(0x7f0000000380)=""/182, 0xb6}, {&(0x7f0000000440)=""/223, 0xdf}, {&(0x7f00000018c0)=""/4096, 0x1000}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
recvmsg(r1, &(0x7f0000000340)={&(0x7f0000000040)=@l2tp={0x2, 0x0, @private}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/156, 0x9c}, {&(0x7f00000001c0)=""/36, 0x24}, {&(0x7f0000000200)=""/92, 0x5c}, {&(0x7f0000000280)=""/17, 0x11}], 0x4, &(0x7f0000000300)=""/29, 0x1d}, 0x40012122)

09:01:32 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

09:01:32 executing program 3 (fault-call:5 fault-nth:10):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:32 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, 0x0, &(0x7f0000000140))

[ 2397.598262][ T7978] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:32 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

09:01:32 executing program 0:
r0 = syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, 0x0, &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xf046, 0x10, 0x3, 0x3b9, 0x0, r0}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2397.666754][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2397.674785][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2397.688152][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2397.696165][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:32 executing program 5:
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000200)='gtp\x00', &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c)
r0 = socket(0x27, 0x5, 0x5)
syz_genetlink_get_family_id$gtp(&(0x7f0000000180), r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_io_uring_setup(0x89a, &(0x7f0000000040)={0x0, 0xdfd2, 0x1, 0x3, 0xfe, 0x0, r1}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100), &(0x7f0000000140))
ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f00000001c0))
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:32 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2397.782456][ T8018] FAULT_INJECTION: forcing a failure.
[ 2397.782456][ T8018] name failslab, interval 1, probability 0, space 0, times 0
[ 2397.795162][ T8018] CPU: 1 PID: 8018 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2397.803929][ T8018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2397.814263][ T8018] Call Trace:
[ 2397.817546][ T8018]  dump_stack+0x137/0x19d
[ 2397.821871][ T8018]  should_fail+0x23c/0x250
[ 2397.826283][ T8018]  ? sock_alloc_inode+0x23/0x90
[ 2397.831166][ T8018]  __should_failslab+0x81/0x90
[ 2397.836150][ T8018]  ? sockfs_init_fs_context+0x70/0x70
[ 2397.841513][ T8018]  should_failslab+0x5/0x20
[ 2397.846017][ T8018]  kmem_cache_alloc+0x46/0x2f0
[ 2397.850770][ T8018]  ? selinux_socket_create+0x7c/0x170
[ 2397.856145][ T8018]  ? sockfs_init_fs_context+0x70/0x70
[ 2397.861600][ T8018]  sock_alloc_inode+0x23/0x90
[ 2397.866255][ T8018]  ? sockfs_init_fs_context+0x70/0x70
[ 2397.871896][ T8018]  new_inode_pseudo+0x38/0x1c0
[ 2397.876646][ T8018]  __sock_create+0x122/0x4f0
[ 2397.881218][ T8018]  ? should_fail+0xd6/0x250
[ 2397.885700][ T8018]  sock_create_kern+0x34/0x40
[ 2397.890364][ T8018]  io_uring_create+0x15e5/0x18d0
[ 2397.895304][ T8018]  ? should_fail+0xd6/0x250
[ 2397.899872][ T8018]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2397.905353][ T8018]  do_syscall_64+0x4a/0x90
[ 2397.909751][ T8018]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2397.915627][ T8018] RIP: 0033:0x4665d9
[ 2397.919509][ T8018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2397.939207][ T8018] RSP: 002b:00007f067827b108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2397.947717][ T8018] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9
[ 2397.955751][ T8018] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2397.963743][ T8018] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2397.971752][ T8018] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
09:01:32 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

[ 2397.979711][ T8018] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2397.987749][ T8018] socket: no more sockets
[ 2397.992115][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2398.000113][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:33 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:33 executing program 0 (fault-call:0 fault-nth:0):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:33 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040), 0xf)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
fstat(r1, &(0x7f0000000080))
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000100)='/dev/vga_arbiter\x00', &(0x7f0000000140)='./file0\x00', r2)

[ 2398.086364][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2398.094379][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2398.114845][ T8050] FAULT_INJECTION: forcing a failure.
[ 2398.114845][ T8050] name failslab, interval 1, probability 0, space 0, times 0
[ 2398.127476][ T8050] CPU: 1 PID: 8050 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2398.136187][ T8050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2398.146230][ T8050] Call Trace:
[ 2398.149599][ T8050]  dump_stack+0x137/0x19d
[ 2398.153942][ T8050]  should_fail+0x23c/0x250
[ 2398.158407][ T8050]  ? vm_area_dup+0x44/0x120
[ 2398.162937][ T8050]  __should_failslab+0x81/0x90
[ 2398.168048][ T8050]  should_failslab+0x5/0x20
[ 2398.172549][ T8050]  kmem_cache_alloc+0x46/0x2f0
[ 2398.177365][ T8050]  vm_area_dup+0x44/0x120
[ 2398.181753][ T8050]  ? mntput_no_expire+0x64/0x730
[ 2398.186686][ T8050]  ? mntput+0x45/0x70
[ 2398.190783][ T8050]  __split_vma+0x82/0x320
[ 2398.195152][ T8050]  ? vmacache_find+0x2df/0x320
[ 2398.199905][ T8050]  __do_munmap+0x27c/0x1330
[ 2398.204538][ T8050]  ? __mod_memcg_lruvec_state+0xaa/0x190
[ 2398.210209][ T8050]  mmap_region+0x58a/0x13e0
[ 2398.214708][ T8050]  ? security_mmap_addr+0x78/0x90
[ 2398.219725][ T8050]  do_mmap+0x77d/0xc90
[ 2398.224306][ T8050]  vm_mmap_pgoff+0xf9/0x1d0
[ 2398.228805][ T8050]  ksys_mmap_pgoff+0xe1/0x380
09:01:33 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:01:33 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2398.228823][ T8050]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2398.228843][ T8050]  do_syscall_64+0x4a/0x90
[ 2398.243616][ T8050]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2398.249669][ T8050] RIP: 0033:0x4665d9
09:01:33 executing program 3 (fault-call:5 fault-nth:11):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:33 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0xfff, 0x0)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000080))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:33 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:33 executing program 0 (fault-call:0 fault-nth:1):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2398.249686][ T8050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:01:33 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:33 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0xb9, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000100)="0000aeeedea71800f22802bd502b1d1bdabf5b67e015bb016f3a51d151afebefa5ec163cca08cc485cd96edf2fbdae5d5f7c776e96019904a7e40b2c8f27d49ad22be6e45d0f5fbcbac98f4050d3823064a0bb04bbd993393471e3270a84fe260ff8c1fb1f5406afb4ab89d90a5250da6b7e06a6dde5c74f2173f4415a2159f70e07a9dc6de4feb23cf3411bd407cb920ab93a7057eb4b0bd46fae1f723f6c2d9abbc9da7e78ffada72c2e63d77e8e17e676833f8509ac24b0", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:33 executing program 0 (fault-call:0 fault-nth:2):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2398.249703][ T8050] RSP: 002b:00007f7e1ed27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
09:01:33 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), 0x0)

09:01:33 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

[ 2398.249763][ T8050] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2398.249775][ T8050] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2398.249852][ T8050] RBP: 00007f7e1ed271d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2398.249867][ T8050] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2398.249950][ T8050] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2398.251360][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2398.251391][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2398.355011][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2398.355028][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2398.417635][ T8085] FAULT_INJECTION: forcing a failure.
[ 2398.417635][ T8085] name failslab, interval 1, probability 0, space 0, times 0
[ 2398.417671][ T8085] CPU: 0 PID: 8085 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2398.417687][ T8085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2398.417695][ T8085] Call Trace:
[ 2398.417701][ T8085]  dump_stack+0x137/0x19d
[ 2398.417728][ T8085]  should_fail+0x23c/0x250
[ 2398.417742][ T8085]  ? vm_area_alloc+0x28/0xa0
[ 2398.417766][ T8085]  __should_failslab+0x81/0x90
[ 2398.417860][ T8085]  should_failslab+0x5/0x20
[ 2398.417877][ T8085]  kmem_cache_alloc+0x46/0x2f0
[ 2398.417918][ T8085]  vm_area_alloc+0x28/0xa0
[ 2398.417940][ T8085]  mmap_region+0x721/0x13e0
[ 2398.417959][ T8085]  ? security_mmap_addr+0x78/0x90
[ 2398.417975][ T8085]  do_mmap+0x77d/0xc90
[ 2398.417988][ T8085]  vm_mmap_pgoff+0xf9/0x1d0
[ 2398.418001][ T8085]  ksys_mmap_pgoff+0xe1/0x380
[ 2398.418032][ T8085]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2398.418053][ T8085]  do_syscall_64+0x4a/0x90
[ 2398.418073][ T8085]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2398.418096][ T8085] RIP: 0033:0x4665d9
[ 2398.418109][ T8085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2398.418125][ T8085] RSP: 002b:00007f7e1ed27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2398.418189][ T8085] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2398.418201][ T8085] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2398.418242][ T8085] RBP: 00007f7e1ed271d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2398.418254][ T8085] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2398.418266][ T8085] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2398.461334][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2398.461357][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2398.513581][ T8089] FAULT_INJECTION: forcing a failure.
[ 2398.513581][ T8089] name failslab, interval 1, probability 0, space 0, times 0
[ 2398.513606][ T8089] CPU: 0 PID: 8089 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2398.513625][ T8089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2398.513635][ T8089] Call Trace:
[ 2398.513642][ T8089]  dump_stack+0x137/0x19d
[ 2398.513749][ T8089]  should_fail+0x23c/0x250
[ 2398.513768][ T8089]  ? security_inode_alloc+0x30/0x180
[ 2398.513793][ T8089]  __should_failslab+0x81/0x90
[ 2398.513862][ T8089]  should_failslab+0x5/0x20
[ 2398.513878][ T8089]  kmem_cache_alloc+0x46/0x2f0
[ 2398.513899][ T8089]  security_inode_alloc+0x30/0x180
[ 2398.513922][ T8089]  inode_init_always+0x20b/0x420
[ 2398.513940][ T8089]  ? sockfs_init_fs_context+0x70/0x70
[ 2398.514030][ T8089]  new_inode_pseudo+0x73/0x1c0
[ 2398.514048][ T8089]  __sock_create+0x122/0x4f0
[ 2398.514071][ T8089]  ? should_fail+0xd6/0x250
[ 2398.514088][ T8089]  sock_create_kern+0x34/0x40
[ 2398.514182][ T8089]  io_uring_create+0x15e5/0x18d0
[ 2398.514200][ T8089]  ? should_fail+0xd6/0x250
[ 2398.514272][ T8089]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2398.514321][ T8089]  do_syscall_64+0x4a/0x90
[ 2398.514346][ T8089]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2398.514370][ T8089] RIP: 0033:0x4665d9
[ 2398.514382][ T8089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2398.514397][ T8089] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2398.514450][ T8089] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2398.514462][ T8089] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2398.514473][ T8089] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2398.514484][ T8089] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2398.514496][ T8089] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2398.514528][ T8089] socket: no more sockets
[ 2398.517037][ T8102] FAULT_INJECTION: forcing a failure.
[ 2398.517037][ T8102] name failslab, interval 1, probability 0, space 0, times 0
[ 2398.517056][ T8102] CPU: 1 PID: 8102 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2398.517074][ T8102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2398.517084][ T8102] Call Trace:
[ 2398.517092][ T8102]  dump_stack+0x137/0x19d
[ 2398.517115][ T8102]  should_fail+0x23c/0x250
[ 2398.517134][ T8102]  ? shmem_alloc_inode+0x22/0x30
[ 2398.517154][ T8102]  __should_failslab+0x81/0x90
[ 2398.517230][ T8102]  ? shmem_match+0xa0/0xa0
[ 2398.517250][ T8102]  should_failslab+0x5/0x20
[ 2398.517265][ T8102]  kmem_cache_alloc+0x46/0x2f0
[ 2398.517282][ T8102]  ? unmap_region+0x199/0x1d0
[ 2398.517295][ T8102]  ? shmem_match+0xa0/0xa0
[ 2398.517315][ T8102]  shmem_alloc_inode+0x22/0x30
[ 2398.517333][ T8102]  new_inode_pseudo+0x38/0x1c0
[ 2398.517402][ T8102]  new_inode+0x21/0x120
[ 2398.517418][ T8102]  shmem_get_inode+0xa1/0x480
[ 2398.517454][ T8102]  __shmem_file_setup+0xf1/0x1d0
[ 2398.517471][ T8102]  shmem_zero_setup+0x5f/0xe0
[ 2398.517488][ T8102]  mmap_region+0xd65/0x13e0
[ 2398.517502][ T8102]  do_mmap+0x77d/0xc90
[ 2398.517517][ T8102]  vm_mmap_pgoff+0xf9/0x1d0
[ 2398.517596][ T8102]  ksys_mmap_pgoff+0xe1/0x380
[ 2398.517612][ T8102]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2398.517633][ T8102]  do_syscall_64+0x4a/0x90
[ 2398.517649][ T8102]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2398.517669][ T8102] RIP: 0033:0x4665d9
[ 2398.517680][ T8102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2398.517722][ T8102] RSP: 002b:00007f7e1ed27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2398.517735][ T8102] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2398.517746][ T8102] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2398.517757][ T8102] RBP: 00007f7e1ed271d0 R08: ffffffffffffffff R09: 0000000000000000
09:01:34 executing program 3 (fault-call:5 fault-nth:12):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:34 executing program 0 (fault-call:0 fault-nth:3):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:34 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

09:01:34 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x15d5, &(0x7f00000000c0)={0x0, 0x4c5e, 0x4, 0x2, 0x15d}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000000d80), &(0x7f00000001c0))

09:01:34 executing program 4 (fault-call:5 fault-nth:0):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:34 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0xfffffffffffffffd, 0x80200)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
clock_gettime(0x0, &(0x7f0000004640)={<r2=>0x0, <r3=>0x0})
recvmmsg(r1, &(0x7f0000004280)=[{{&(0x7f0000000040)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000100)=""/55, 0x37}, {&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/27, 0x1b}], 0x3, &(0x7f00000001c0)=""/12, 0xc}, 0x8001}, {{&(0x7f0000000200)=@nl=@proc, 0x80, &(0x7f0000000640)=[{&(0x7f0000000280)=""/200, 0xc8}, {&(0x7f0000000380)=""/25, 0x19}, {&(0x7f00000003c0)=""/124, 0x7c}, {&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f0000000440)=""/165, 0xa5}, {&(0x7f00000006c0)=""/227, 0xe3}, {&(0x7f0000000600)}], 0x7, &(0x7f000001d7c0)=""/256, 0x100}, 0x5}, {{&(0x7f00000007c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f00000039c0)=[{&(0x7f00000038c0)=""/74, 0x4a}, {&(0x7f0000003940)=""/74, 0x4a}], 0x2, &(0x7f0000003a00)=""/46, 0x2e}, 0x3}, {{&(0x7f0000003a40)=@qipcrtr, 0x80, &(0x7f0000003e40)=[{&(0x7f0000003ac0)=""/66, 0x42}, {&(0x7f00000040c0)}, {&(0x7f00000040c0)=""/124, 0x7c}, {&(0x7f0000003c00)=""/88, 0x58}, {&(0x7f0000003c80)=""/137, 0x89}, {&(0x7f0000003d40)=""/208, 0xd0}], 0x6, &(0x7f0000003ec0)=""/141, 0x8d}, 0x5}, {{&(0x7f0000003f80)=@xdp, 0x80, &(0x7f0000004180)=[{&(0x7f0000004000)=""/98, 0x62}, {&(0x7f0000004680)=""/102400, 0x19000}, {&(0x7f000001d680)=""/114, 0x72}, {&(0x7f0000004140)=""/29, 0x1d}], 0x4, &(0x7f000001d700)=""/145, 0x91}, 0x1}], 0x5, 0x20, &(0x7f00000043c0)={r2, r3+60000000})
r4 = fsmount(r0, 0x0, 0x8e)
ioctl$LOOP_SET_FD(r4, 0x4c00, r1)
r5 = socket(0x23, 0xa, 0x7)
getpeername$packet(0xffffffffffffffff, &(0x7f0000003b40)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000004080)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r5, 0x89f6, &(0x7f0000004480)={'ip6gre0\x00', &(0x7f0000004400)={'ip6tnl0\x00', r6, 0x4, 0x3, 0x7, 0x0, 0x10, @mcast2, @remote, 0x1, 0x80, 0x3ff, 0x22}})
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000004500), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_KEY(0xffffffffffffffff, &(0x7f00000045c0)={&(0x7f00000044c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000004580)={&(0x7f0000004540)={0x14, r7, 0x0, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x9b657114ef308a25)
r8 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x410200)
ioctl$MON_IOCQ_RING_SIZE(r8, 0x9205)

[ 2398.517769][ T8102] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2398.517779][ T8102] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2398.603312][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2398.603330][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2399.362629][ T8133] FAULT_INJECTION: forcing a failure.
[ 2399.362629][ T8133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2399.376043][ T8133] CPU: 1 PID: 8133 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2399.379098][ T8132] FAULT_INJECTION: forcing a failure.
[ 2399.379098][ T8132] name failslab, interval 1, probability 0, space 0, times 0
[ 2399.384702][ T8133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2399.384715][ T8133] Call Trace:
[ 2399.384722][ T8133]  dump_stack+0x137/0x19d
[ 2399.384745][ T8133]  should_fail+0x23c/0x250
[ 2399.419382][ T8133]  should_fail_usercopy+0x16/0x20
[ 2399.424392][ T8133]  _copy_from_user+0x1c/0xd0
[ 2399.429018][ T8133]  __x64_sys_io_uring_setup+0x4b/0x120
[ 2399.434481][ T8133]  ? fput+0x2d/0x130
[ 2399.438396][ T8133]  ? ksys_write+0x157/0x180
[ 2399.443048][ T8133]  ? fpregs_assert_state_consistent+0x7d/0x90
[ 2399.449121][ T8133]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2399.454905][ T8133]  do_syscall_64+0x4a/0x90
[ 2399.459363][ T8133]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2399.465327][ T8133] RIP: 0033:0x4665d9
[ 2399.469197][ T8133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2399.488895][ T8133] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2399.497562][ T8133] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2399.505523][ T8133] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2399.513477][ T8133] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2399.521438][ T8133] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2399.529475][ T8133] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2399.537515][ T8132] CPU: 0 PID: 8132 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2399.546282][ T8132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2399.556353][ T8132] Call Trace:
[ 2399.559622][ T8132]  dump_stack+0x137/0x19d
[ 2399.564022][ T8132]  should_fail+0x23c/0x250
[ 2399.568438][ T8132]  ? security_inode_alloc+0x30/0x180
[ 2399.573800][ T8132]  __should_failslab+0x81/0x90
[ 2399.578561][ T8132]  should_failslab+0x5/0x20
[ 2399.583063][ T8132]  kmem_cache_alloc+0x46/0x2f0
[ 2399.587818][ T8132]  security_inode_alloc+0x30/0x180
[ 2399.592985][ T8132]  inode_init_always+0x20b/0x420
[ 2399.597914][ T8132]  ? shmem_match+0xa0/0xa0
[ 2399.602329][ T8132]  new_inode_pseudo+0x73/0x1c0
[ 2399.607083][ T8132]  new_inode+0x21/0x120
09:01:34 executing program 4 (fault-call:5 fault-nth:1):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2399.611238][ T8132]  shmem_get_inode+0xa1/0x480
[ 2399.616001][ T8132]  __shmem_file_setup+0xf1/0x1d0
[ 2399.620935][ T8132]  shmem_zero_setup+0x5f/0xe0
[ 2399.625690][ T8132]  mmap_region+0xd65/0x13e0
[ 2399.630188][ T8132]  do_mmap+0x77d/0xc90
[ 2399.634265][ T8132]  vm_mmap_pgoff+0xf9/0x1d0
[ 2399.638762][ T8132]  ksys_mmap_pgoff+0xe1/0x380
[ 2399.643453][ T8132]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2399.649173][ T8132]  do_syscall_64+0x4a/0x90
[ 2399.653663][ T8132]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2399.659666][ T8132] RIP: 0033:0x4665d9
[ 2399.663620][ T8132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2399.683318][ T8132] RSP: 002b:00007f7e1ed27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2399.691788][ T8132] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2399.695140][ T8143] FAULT_INJECTION: forcing a failure.
[ 2399.695140][ T8143] name failslab, interval 1, probability 0, space 0, times 0
[ 2399.699782][ T8132] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2399.699797][ T8132] RBP: 00007f7e1ed271d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2399.699808][ T8132] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2399.736198][ T8132] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2399.744158][ T8143] CPU: 1 PID: 8143 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2399.752867][ T8143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2399.762999][ T8143] Call Trace:
[ 2399.766280][ T8143]  dump_stack+0x137/0x19d
[ 2399.770716][ T8143]  should_fail+0x23c/0x250
[ 2399.775127][ T8143]  ? security_inode_alloc+0x30/0x180
[ 2399.780428][ T8143]  __should_failslab+0x81/0x90
[ 2399.785230][ T8143]  should_failslab+0x5/0x20
[ 2399.789795][ T8143]  kmem_cache_alloc+0x46/0x2f0
[ 2399.794562][ T8143]  security_inode_alloc+0x30/0x180
[ 2399.799072][ T8157] FAULT_INJECTION: forcing a failure.
[ 2399.799072][ T8157] name failslab, interval 1, probability 0, space 0, times 0
[ 2399.799731][ T8143]  inode_init_always+0x20b/0x420
[ 2399.817223][ T8143]  ? sockfs_init_fs_context+0x70/0x70
[ 2399.822595][ T8143]  new_inode_pseudo+0x73/0x1c0
[ 2399.827345][ T8143]  __sock_create+0x122/0x4f0
[ 2399.832064][ T8143]  ? should_fail+0xd6/0x250
[ 2399.836627][ T8143]  sock_create_kern+0x34/0x40
[ 2399.841378][ T8143]  io_uring_create+0x15e5/0x18d0
[ 2399.846393][ T8143]  ? should_fail+0xd6/0x250
[ 2399.850926][ T8143]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2399.856900][ T8143]  do_syscall_64+0x4a/0x90
[ 2399.861296][ T8143]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2399.867229][ T8143] RIP: 0033:0x4665d9
[ 2399.871101][ T8143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2399.890883][ T8143] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2399.899273][ T8143] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2399.907241][ T8143] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2399.915199][ T8143] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2399.923195][ T8143] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2399.931238][ T8143] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2399.939204][ T8157] CPU: 0 PID: 8157 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2399.939250][ T8143] socket: no more sockets
[ 2399.948127][ T8157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
09:01:34 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

[ 2399.948138][ T8157] Call Trace:
[ 2399.948144][ T8157]  dump_stack+0x137/0x19d
[ 2399.970225][ T8157]  should_fail+0x23c/0x250
[ 2399.974710][ T8157]  __should_failslab+0x81/0x90
[ 2399.979471][ T8157]  ? io_uring_create+0x120/0x18d0
[ 2399.984622][ T8157]  should_failslab+0x5/0x20
[ 2399.989114][ T8157]  kmem_cache_alloc_trace+0x49/0x310
[ 2399.994404][ T8157]  io_uring_create+0x120/0x18d0
[ 2399.999261][ T8157]  ? vfs_write+0x50c/0x770
[ 2400.003777][ T8157]  ? should_fail+0xd6/0x250
[ 2400.008316][ T8157]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2400.013889][ T8157]  do_syscall_64+0x4a/0x90
[ 2400.018352][ T8157]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2400.024309][ T8157] RIP: 0033:0x4665d9
[ 2400.028192][ T8157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2400.047924][ T8157] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2400.056407][ T8157] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
09:01:35 executing program 0 (fault-call:0 fault-nth:4):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:35 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x800004, 0x301242)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffe, 0x58, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000100)="1f845f0be572883263c0278ef9b92e721da7802f2c7c3556d58a24b3d9a2ef163a4b0d2ef814f749e650455721b232a82159ea8ba43d9f8c5dd73f4d1a6cf83970f34367f60b336665c3b33a9900"/88, 0x0, 0x0, 0x0, 0x2, 0x0})
r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x408000)
ioctl$MON_IOCT_RING_SIZE(r1, 0x9204, 0x576e0)

09:01:35 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0xfffffffc}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2400.064371][ T8157] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2400.072395][ T8157] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2400.080360][ T8157] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2400.088324][ T8157] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:35 executing program 3 (fault-call:5 fault-nth:13):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:35 executing program 4 (fault-call:5 fault-nth:2):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2400.140342][ T8170] FAULT_INJECTION: forcing a failure.
[ 2400.140342][ T8170] name failslab, interval 1, probability 0, space 0, times 0
[ 2400.152983][ T8170] CPU: 0 PID: 8170 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2400.161715][ T8170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2400.171762][ T8170] Call Trace:
[ 2400.175035][ T8170]  dump_stack+0x137/0x19d
[ 2400.179369][ T8170]  should_fail+0x23c/0x250
[ 2400.183775][ T8170]  ? __d_alloc+0x36/0x370
[ 2400.188097][ T8170]  __should_failslab+0x81/0x90
[ 2400.192863][ T8170]  should_failslab+0x5/0x20
[ 2400.197372][ T8170]  kmem_cache_alloc+0x46/0x2f0
[ 2400.202129][ T8170]  ? __init_rwsem+0x59/0x70
[ 2400.206662][ T8170]  __d_alloc+0x36/0x370
[ 2400.210837][ T8170]  ? current_time+0xdb/0x190
[ 2400.215436][ T8170]  d_alloc_pseudo+0x1a/0x50
[ 2400.219977][ T8170]  alloc_file_pseudo+0x63/0x130
[ 2400.224824][ T8170]  __shmem_file_setup+0x14c/0x1d0
[ 2400.229843][ T8170]  shmem_zero_setup+0x5f/0xe0
[ 2400.232069][ T8175] FAULT_INJECTION: forcing a failure.
[ 2400.232069][ T8175] name failslab, interval 1, probability 0, space 0, times 0
[ 2400.234787][ T8170]  mmap_region+0xd65/0x13e0
[ 2400.251872][ T8170]  do_mmap+0x77d/0xc90
[ 2400.255926][ T8170]  vm_mmap_pgoff+0xf9/0x1d0
[ 2400.260411][ T8170]  ksys_mmap_pgoff+0xe1/0x380
[ 2400.265081][ T8170]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2400.270816][ T8170]  do_syscall_64+0x4a/0x90
[ 2400.275221][ T8170]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2400.281142][ T8170] RIP: 0033:0x4665d9
[ 2400.285390][ T8170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2400.305668][ T8170] RSP: 002b:00007f7e1ed27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2400.314057][ T8170] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2400.322020][ T8170] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2400.329986][ T8170] RBP: 00007f7e1ed271d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2400.337937][ T8170] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2400.345893][ T8170] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2400.353846][ T8175] CPU: 1 PID: 8175 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2400.362603][ T8175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2400.372794][ T8175] Call Trace:
[ 2400.376065][ T8175]  dump_stack+0x137/0x19d
[ 2400.380414][ T8175]  should_fail+0x23c/0x250
[ 2400.384370][ T8176] FAULT_INJECTION: forcing a failure.
[ 2400.384370][ T8176] name failslab, interval 1, probability 0, space 0, times 0
[ 2400.384887][ T8175]  ? sk_prot_alloc+0x41/0x190
[ 2400.402110][ T8175]  __should_failslab+0x81/0x90
[ 2400.406925][ T8175]  should_failslab+0x5/0x20
[ 2400.411566][ T8175]  kmem_cache_alloc+0x46/0x2f0
[ 2400.416312][ T8175]  sk_prot_alloc+0x41/0x190
[ 2400.420855][ T8175]  sk_alloc+0x2e/0x220
[ 2400.424903][ T8175]  unix_create1+0x74/0x3c0
[ 2400.429388][ T8175]  unix_create+0xdc/0x100
[ 2400.433772][ T8175]  __sock_create+0x2c7/0x4f0
[ 2400.438354][ T8175]  sock_create_kern+0x34/0x40
[ 2400.443098][ T8175]  io_uring_create+0x15e5/0x18d0
[ 2400.448012][ T8175]  ? should_fail+0xd6/0x250
[ 2400.452682][ T8175]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2400.458235][ T8175]  do_syscall_64+0x4a/0x90
[ 2400.462684][ T8175]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2400.468564][ T8175] RIP: 0033:0x4665d9
[ 2400.472435][ T8175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2400.492556][ T8175] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2400.500946][ T8175] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2400.509142][ T8175] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2400.517102][ T8175] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2400.525060][ T8175] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2400.533015][ T8175] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2400.541110][ T8176] CPU: 0 PID: 8176 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2400.542195][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2400.549978][ T8176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2400.549991][ T8176] Call Trace:
[ 2400.549998][ T8176]  dump_stack+0x137/0x19d
[ 2400.557999][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2400.567994][ T8176]  should_fail+0x23c/0x250
[ 2400.587481][ T8176]  ? io_uring_create+0x190/0x18d0
[ 2400.592552][ T8176]  __should_failslab+0x81/0x90
[ 2400.597324][ T8176]  should_failslab+0x5/0x20
[ 2400.601826][ T8176]  __kmalloc+0x66/0x340
[ 2400.605981][ T8176]  ? kmem_cache_alloc_trace+0x215/0x310
[ 2400.611533][ T8176]  ? io_uring_create+0x120/0x18d0
[ 2400.616552][ T8176]  io_uring_create+0x190/0x18d0
[ 2400.621408][ T8176]  ? vfs_write+0x50c/0x770
[ 2400.625833][ T8176]  ? should_fail+0xd6/0x250
[ 2400.630331][ T8176]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2400.635999][ T8176]  do_syscall_64+0x4a/0x90
09:01:35 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3800000089ddd584d01ae5ff858b9851dbaf61ae0e5c871befef19a7d3e03cb1366c9cf64d2bd8f1d8a32d61c7030dd1627101e815066169a3fb73879be733e5", @ANYRES16=0x0, @ANYBLOB="000027bd7000ffdbdf250100000008000300030000001c000180060005004e240000080006000400000008000700", @ANYRES32=0x0, @ANYBLOB], 0x38}}, 0x20000011)

09:01:35 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x460e, &(0x7f0000000040)={0x0, 0x645d, 0x10, 0x0, 0x252}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2400.640410][ T8176]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2400.646324][ T8176] RIP: 0033:0x4665d9
[ 2400.650218][ T8176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2400.669813][ T8176] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2400.678240][ T8176] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
09:01:35 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

09:01:35 executing program 3 (fault-call:5 fault-nth:14):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:35 executing program 0 (fault-call:0 fault-nth:5):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2400.686206][ T8176] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2400.694178][ T8176] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2400.702484][ T8176] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2400.710451][ T8176] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:35 executing program 5:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000340)=0x9c2)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @scatter={0x3, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)=""/148, 0x94}, {&(0x7f0000000140)=""/193, 0xc1}, {&(0x7f0000000240)=""/168, 0xa8}]}, &(0x7f0000000040)="000000030000", 0x0, 0x8000, 0x0, 0x1, 0x0})
ioctl$SCSI_IOCTL_DOORUNLOCK(r0, 0x5381)

09:01:35 executing program 2:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x22c002, 0x0)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000140)=0x6)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f0000000180))

09:01:35 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

[ 2400.766804][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2400.774833][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:35 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:35 executing program 4 (fault-call:5 fault-nth:3):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2400.824696][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2400.832741][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2400.846361][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2400.854377][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2400.881230][ T8208] FAULT_INJECTION: forcing a failure.
[ 2400.881230][ T8208] name failslab, interval 1, probability 0, space 0, times 0
[ 2400.893883][ T8208] CPU: 1 PID: 8208 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2400.902643][ T8208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2400.912981][ T8208] Call Trace:
[ 2400.916248][ T8208]  dump_stack+0x137/0x19d
[ 2400.920577][ T8208]  should_fail+0x23c/0x250
[ 2400.925245][ T8208]  ? __alloc_file+0x2e/0x1a0
[ 2400.929905][ T8208]  __should_failslab+0x81/0x90
[ 2400.934678][ T8208]  should_failslab+0x5/0x20
[ 2400.937665][ T8217] FAULT_INJECTION: forcing a failure.
[ 2400.937665][ T8217] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2400.939246][ T8208]  kmem_cache_alloc+0x46/0x2f0
[ 2400.957188][ T8208]  __alloc_file+0x2e/0x1a0
[ 2400.961586][ T8208]  alloc_empty_file+0xcd/0x1c0
[ 2400.966407][ T8208]  alloc_file+0x3a/0x280
[ 2400.970695][ T8208]  alloc_file_pseudo+0xe2/0x130
[ 2400.975525][ T8208]  __shmem_file_setup+0x14c/0x1d0
[ 2400.980535][ T8208]  shmem_zero_setup+0x5f/0xe0
[ 2400.985371][ T8208]  mmap_region+0xd65/0x13e0
[ 2400.989940][ T8208]  do_mmap+0x77d/0xc90
[ 2400.994025][ T8208]  vm_mmap_pgoff+0xf9/0x1d0
[ 2400.998595][ T8208]  ksys_mmap_pgoff+0xe1/0x380
[ 2401.003335][ T8208]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2401.009034][ T8208]  do_syscall_64+0x4a/0x90
[ 2401.013533][ T8208]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2401.019637][ T8208] RIP: 0033:0x4665d9
[ 2401.023509][ T8208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2401.043158][ T8208] RSP: 002b:00007f7e1ed27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2401.051585][ T8208] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2401.059717][ T8208] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2401.067720][ T8208] RBP: 00007f7e1ed271d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2401.076181][ T8208] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2401.084131][ T8208] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2401.092138][ T8217] CPU: 0 PID: 8217 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2401.100806][ T8217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.109269][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2401.111112][ T8217] Call Trace:
[ 2401.111121][ T8217]  dump_stack+0x137/0x19d
09:01:36 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040))

[ 2401.119192][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2401.122432][ T8217]  should_fail+0x23c/0x250
[ 2401.126951][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2401.134636][ T8217]  __alloc_pages+0x102/0x320
[ 2401.139353][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2401.147328][ T8217]  kmem_getpages+0x1a/0xd0
[ 2401.163816][ T8217]  cache_grow_begin+0x4c/0x1a0
[ 2401.168609][ T8217]  cache_alloc_refill+0x326/0x3d0
[ 2401.173678][ T8217]  ? should_fail+0xd6/0x250
[ 2401.178439][ T8217]  ? io_uring_create+0x190/0x18d0
[ 2401.183467][ T8217]  __kmalloc+0x2ba/0x340
[ 2401.187948][ T8217]  ? io_uring_create+0x190/0x18d0
[ 2401.193673][ T8217]  io_uring_create+0x190/0x18d0
[ 2401.198600][ T8217]  ? vfs_write+0x50c/0x770
[ 2401.203100][ T8217]  ? should_fail+0xd6/0x250
[ 2401.207610][ T8217]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2401.209419][ T8215] FAULT_INJECTION: forcing a failure.
[ 2401.209419][ T8215] name failslab, interval 1, probability 0, space 0, times 0
[ 2401.213155][ T8217]  do_syscall_64+0x4a/0x90
[ 2401.230214][ T8217]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2401.236150][ T8217] RIP: 0033:0x4665d9
[ 2401.240028][ T8217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2401.259621][ T8217] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2401.268012][ T8217] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2401.275970][ T8217] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2401.284123][ T8217] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2401.292252][ T8217] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2401.300219][ T8217] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2401.308269][ T8215] CPU: 1 PID: 8215 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2401.317027][ T8215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.327350][ T8215] Call Trace:
[ 2401.330625][ T8215]  dump_stack+0x137/0x19d
[ 2401.334965][ T8215]  should_fail+0x23c/0x250
[ 2401.339401][ T8215]  ? __d_alloc+0x36/0x370
[ 2401.343725][ T8215]  __should_failslab+0x81/0x90
[ 2401.348625][ T8215]  should_failslab+0x5/0x20
[ 2401.353296][ T8215]  kmem_cache_alloc+0x46/0x2f0
[ 2401.358107][ T8215]  __d_alloc+0x36/0x370
[ 2401.362252][ T8215]  d_alloc_pseudo+0x1a/0x50
[ 2401.366741][ T8215]  alloc_file_pseudo+0x63/0x130
[ 2401.371587][ T8215]  anon_inode_getfile+0x9f/0x120
[ 2401.376523][ T8215]  io_uring_create+0x163b/0x18d0
[ 2401.381502][ T8215]  ? should_fail+0xd6/0x250
[ 2401.386075][ T8215]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2401.391540][ T8215]  do_syscall_64+0x4a/0x90
[ 2401.396162][ T8215]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2401.402141][ T8215] RIP: 0033:0x4665d9
[ 2401.406035][ T8215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:01:36 executing program 0 (fault-call:0 fault-nth:6):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:36 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x9b658f47c9964814, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000001}, 0x4040080)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x3b}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:36 executing program 4 (fault-call:5 fault-nth:4):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:36 executing program 5:
getuid()
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x450100)
ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2401.425728][ T8215] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2401.434144][ T8215] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2401.442660][ T8215] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2401.450718][ T8215] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2401.458698][ T8215] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2401.466686][ T8215] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2401.523322][ T8243] FAULT_INJECTION: forcing a failure.
[ 2401.523322][ T8243] name failslab, interval 1, probability 0, space 0, times 0
[ 2401.536571][ T8243] CPU: 0 PID: 8243 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2401.545258][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.555311][ T8243] Call Trace:
[ 2401.558583][ T8243]  dump_stack+0x137/0x19d
[ 2401.562936][ T8243]  should_fail+0x23c/0x250
[ 2401.567420][ T8243]  ? security_file_alloc+0x30/0x190
09:01:36 executing program 3 (fault-call:5 fault-nth:15):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:36 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:01:36 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000100), 0xffffffffffffffff, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @scatter={0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000140)=""/44, 0x2c}, {&(0x7f0000000200)=""/61, 0x3d}, {&(0x7f0000000980)=""/184, 0xb8}, {&(0x7f0000000300)=""/228, 0xe4}, {&(0x7f0000000400)=""/158, 0x9e}, {&(0x7f00000004c0)=""/39, 0x27}, {&(0x7f0000000500)=""/116, 0x74}, {&(0x7f0000000640)=""/179, 0xb3}, {&(0x7f0000000700)=""/151, 0x97}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x20000000, 0x0, 0x0, 0x0})
fsmount(0xffffffffffffffff, 0x1, 0x84)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x401)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x20004, 0x0)
ioctl$SG_GET_ACCESS_COUNT(r2, 0x2289, &(0x7f00000001c0))
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0xb4cc0, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5387, &(0x7f0000000080))

09:01:36 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5320, &(0x7f0000000040)={0x0, 0xae4d, 0x0, 0x0, 0x61}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000000)='\x00', &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff)
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0x10000000)

[ 2401.572704][ T8243]  __should_failslab+0x81/0x90
[ 2401.577483][ T8243]  should_failslab+0x5/0x20
[ 2401.582094][ T8243]  kmem_cache_alloc+0x46/0x2f0
[ 2401.585498][ T8237] FAULT_INJECTION: forcing a failure.
[ 2401.585498][ T8237] name failslab, interval 1, probability 0, space 0, times 0
[ 2401.586892][ T8243]  security_file_alloc+0x30/0x190
[ 2401.604781][ T8243]  __alloc_file+0x83/0x1a0
[ 2401.609504][ T8243]  alloc_empty_file+0xcd/0x1c0
[ 2401.614253][ T8243]  alloc_file+0x3a/0x280
[ 2401.618525][ T8243]  alloc_file_pseudo+0xe2/0x130
[ 2401.623430][ T8243]  __shmem_file_setup+0x14c/0x1d0
[ 2401.628642][ T8243]  shmem_zero_setup+0x5f/0xe0
[ 2401.633499][ T8243]  mmap_region+0xd65/0x13e0
[ 2401.637985][ T8243]  do_mmap+0x77d/0xc90
[ 2401.642052][ T8243]  vm_mmap_pgoff+0xf9/0x1d0
[ 2401.646595][ T8243]  ksys_mmap_pgoff+0xe1/0x380
[ 2401.651251][ T8243]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2401.657128][ T8243]  do_syscall_64+0x4a/0x90
[ 2401.661557][ T8243]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2401.667984][ T8243] RIP: 0033:0x4665d9
[ 2401.671971][ T8243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2401.691559][ T8243] RSP: 002b:00007f7e1ed27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2401.700124][ T8243] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2401.708164][ T8243] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2401.716472][ T8243] RBP: 00007f7e1ed271d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2401.724472][ T8243] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2401.733382][ T8243] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2401.741422][ T8237] CPU: 1 PID: 8237 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2401.750169][ T8237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.760523][ T8237] Call Trace:
[ 2401.763794][ T8237]  dump_stack+0x137/0x19d
[ 2401.768147][ T8237]  should_fail+0x23c/0x250
[ 2401.772558][ T8237]  __should_failslab+0x81/0x90
[ 2401.777330][ T8237]  ? percpu_ref_init+0x9e/0x210
[ 2401.782170][ T8237]  should_failslab+0x5/0x20
[ 2401.786659][ T8237]  kmem_cache_alloc_trace+0x49/0x310
[ 2401.791944][ T8237]  percpu_ref_init+0x9e/0x210
[ 2401.796617][ T8237]  ? io_uring_create+0x18d0/0x18d0
[ 2401.801838][ T8237]  io_uring_create+0x228/0x18d0
[ 2401.806688][ T8237]  ? vfs_write+0x50c/0x770
[ 2401.811118][ T8237]  ? should_fail+0xd6/0x250
[ 2401.815609][ T8237]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2401.821134][ T8237]  do_syscall_64+0x4a/0x90
[ 2401.825543][ T8237]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2401.831495][ T8237] RIP: 0033:0x4665d9
[ 2401.835374][ T8237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2401.854991][ T8237] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2401.863393][ T8237] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
09:01:36 executing program 2:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r1=>0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x10000000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
socketpair(0x21, 0x1, 0xffffe9dd, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xc1, 0x2d}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x24000840)
syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r4}}, 0x7)
syz_io_uring_submit(r0, r1, &(0x7f0000000140)=@IORING_OP_OPENAT2={0x1c, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)={0x292201, 0x20, 0x10}, &(0x7f0000000100)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r4}}, 0x2)
prctl$PR_GET_FPEMU(0x9, &(0x7f0000000000))

09:01:36 executing program 0 (fault-call:0 fault-nth:7):
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2401.871353][ T8237] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2401.879318][ T8237] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2401.887384][ T8237] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2401.895439][ T8237] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2401.923573][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2401.924560][ T8266] FAULT_INJECTION: forcing a failure.
[ 2401.924560][ T8266] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2401.931609][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2401.944643][ T8266] CPU: 0 PID: 8266 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2401.960915][ T8266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.965805][ T8260] FAULT_INJECTION: forcing a failure.
[ 2401.965805][ T8260] name failslab, interval 1, probability 0, space 0, times 0
[ 2401.971044][ T8266] Call Trace:
[ 2401.971053][ T8266]  dump_stack+0x137/0x19d
[ 2401.991177][ T8266]  should_fail+0x23c/0x250
[ 2401.995630][ T8266]  should_fail_usercopy+0x16/0x20
[ 2402.000635][ T8266]  _copy_to_user+0x1c/0x90
[ 2402.005032][ T8266]  simple_read_from_buffer+0xab/0x120
[ 2402.010402][ T8266]  proc_fail_nth_read+0xf6/0x140
[ 2402.015321][ T8266]  ? rw_verify_area+0x136/0x250
[ 2402.020195][ T8266]  ? proc_fault_inject_write+0x200/0x200
[ 2402.025831][ T8266]  vfs_read+0x154/0x5d0
[ 2402.030051][ T8266]  ? up_write+0x25/0xc0
[ 2402.034283][ T8266]  ? __fget_light+0x21b/0x260
[ 2402.038943][ T8266]  ? __cond_resched+0x11/0x40
[ 2402.043663][ T8266]  ksys_read+0xce/0x180
[ 2402.047795][ T8266]  __x64_sys_read+0x3e/0x50
[ 2402.052307][ T8266]  do_syscall_64+0x4a/0x90
[ 2402.056776][ T8266]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2402.062776][ T8266] RIP: 0033:0x41935c
[ 2402.066664][ T8266] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2402.086777][ T8266] RSP: 002b:00007f7e1ed27170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2402.095264][ T8266] RAX: ffffffffffffffda RBX: 0000000020c00000 RCX: 000000000041935c
[ 2402.103328][ T8266] RDX: 000000000000000f RSI: 00007f7e1ed271e0 RDI: 0000000000000003
[ 2402.111381][ T8266] RBP: 00007f7e1ed271d0 R08: 0000000000000000 R09: 0000000000000000
09:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

[ 2402.119336][ T8266] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2402.127375][ T8266] R13: 00007fff8322104f R14: 00007f7e1ed27300 R15: 0000000000022000
[ 2402.135589][ T8260] CPU: 1 PID: 8260 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2402.144444][ T8260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2402.154498][ T8260] Call Trace:
[ 2402.157770][ T8260]  dump_stack+0x137/0x19d
[ 2402.162094][ T8260]  should_fail+0x23c/0x250
[ 2402.166507][ T8260]  ? __alloc_file+0x2e/0x1a0
[ 2402.171095][ T8260]  __should_failslab+0x81/0x90
09:01:37 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2402.175855][ T8260]  should_failslab+0x5/0x20
[ 2402.180416][ T8260]  kmem_cache_alloc+0x46/0x2f0
[ 2402.185198][ T8260]  __alloc_file+0x2e/0x1a0
[ 2402.189690][ T8260]  alloc_empty_file+0xcd/0x1c0
[ 2402.194453][ T8260]  alloc_file+0x3a/0x280
[ 2402.194528][ T8260]  alloc_file_pseudo+0xe2/0x130
[ 2402.194542][ T8260]  anon_inode_getfile+0x9f/0x120
[ 2402.194596][ T8260]  io_uring_create+0x163b/0x18d0
[ 2402.194617][ T8260]  ? should_fail+0xd6/0x250
09:01:37 executing program 2:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f00000000c0)=@IORING_OP_WRITE={0x17, 0x4, 0x4004, @fd=r1, 0x0, &(0x7f0000000000)="be0fe23c1c6f9a36560b43646ef5e536054e025e06064675089cecdd19f047e6ed4a8926cbe9a500959b9336", 0x2c, 0x1, 0x0, {0x0, r2}}, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2402.194700][ T8260]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2402.194719][ T8260]  do_syscall_64+0x4a/0x90
[ 2402.194741][ T8260]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2402.194759][ T8260] RIP: 0033:0x4665d9
[ 2402.194770][ T8260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2402.194802][ T8260] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
09:01:37 executing program 4 (fault-call:5 fault-nth:5):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:37 executing program 3 (fault-call:5 fault-nth:16):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:37 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400004, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2402.194817][ T8260] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2402.194826][ T8260] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2402.194835][ T8260] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2402.194847][ T8260] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2402.194859][ T8260] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2402.205081][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2402.317702][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900})

[ 2402.368020][ T8287] FAULT_INJECTION: forcing a failure.
[ 2402.368020][ T8287] name failslab, interval 1, probability 0, space 0, times 0
[ 2402.368044][ T8287] CPU: 1 PID: 8287 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2402.368064][ T8287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2402.368074][ T8287] Call Trace:
[ 2402.368082][ T8287]  dump_stack+0x137/0x19d
[ 2402.407610][ T8287]  should_fail+0x23c/0x250
[ 2402.412029][ T8287]  __should_failslab+0x81/0x90
[ 2402.416786][ T8287]  ? percpu_ref_init+0x9e/0x210
[ 2402.421641][ T8287]  should_failslab+0x5/0x20
[ 2402.421658][ T8287]  kmem_cache_alloc_trace+0x49/0x310
[ 2402.421676][ T8287]  percpu_ref_init+0x9e/0x210
[ 2402.421693][ T8287]  ? io_uring_create+0x18d0/0x18d0
[ 2402.421711][ T8287]  io_uring_create+0x228/0x18d0
[ 2402.446041][ T8287]  ? vfs_write+0x50c/0x770
[ 2402.450452][ T8287]  ? should_fail+0xd6/0x250
[ 2402.454960][ T8287]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2402.460448][ T8287]  do_syscall_64+0x4a/0x90
[ 2402.464857][ T8287]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2402.470750][ T8287] RIP: 0033:0x4665d9
[ 2402.474633][ T8287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2402.490802][ T8298] FAULT_INJECTION: forcing a failure.
[ 2402.490802][ T8298] name failslab, interval 1, probability 0, space 0, times 0
[ 2402.494233][ T8287] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2402.515285][ T8287] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2402.523328][ T8287] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2402.531288][ T8287] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2402.539241][ T8287] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2402.547277][ T8287] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2402.555334][ T8298] CPU: 0 PID: 8298 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2402.561137][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2402.564092][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2402.564103][ T8298] Call Trace:
[ 2402.564110][ T8298]  dump_stack+0x137/0x19d
[ 2402.572356][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2402.582448][ T8298]  should_fail+0x23c/0x250
[ 2402.582468][ T8298]  ? __d_alloc+0x36/0x370
[ 2402.606268][ T8298]  __should_failslab+0x81/0x90
[ 2402.611183][ T8298]  should_failslab+0x5/0x20
09:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00})

[ 2402.615685][ T8298]  kmem_cache_alloc+0x46/0x2f0
[ 2402.615712][ T8298]  __d_alloc+0x36/0x370
[ 2402.615727][ T8298]  d_alloc_pseudo+0x1a/0x50
[ 2402.615739][ T8298]  alloc_file_pseudo+0x63/0x130
[ 2402.615762][ T8298]  anon_inode_getfile+0x9f/0x120
[ 2402.615778][ T8298]  io_uring_create+0x163b/0x18d0
[ 2402.615795][ T8298]  ? should_fail+0xd6/0x250
[ 2402.615815][ T8298]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2402.615837][ T8298]  do_syscall_64+0x4a/0x90
[ 2402.615880][ T8298]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2402.615900][ T8298] RIP: 0033:0x4665d9
[ 2402.615913][ T8298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2402.615930][ T8298] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2402.616013][ T8298] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2402.616022][ T8298] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2402.616032][ T8298] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2402.616044][ T8298] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2402.616053][ T8298] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:37 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9, 0x400)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0xffffffffffffff23, &(0x7f00000018c0)=""/4075}, &(0x7f00000000c0)="00f6ee103aac", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381)

09:01:37 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x1eb26000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:37 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0xf)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00})

09:01:37 executing program 3 (fault-call:5 fault-nth:17):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:37 executing program 4 (fault-call:5 fault-nth:6):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2402.673356][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2402.673392][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000})

[ 2402.842868][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2402.850900][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2402.908578][ T8325] FAULT_INJECTION: forcing a failure.
[ 2402.908578][ T8325] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2402.918139][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2402.921846][ T8325] CPU: 0 PID: 8325 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2402.929822][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2402.938439][ T8325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2402.938450][ T8325] Call Trace:
[ 2402.938456][ T8325]  dump_stack+0x137/0x19d
[ 2402.963592][ T8325]  should_fail+0x23c/0x250
[ 2402.968007][ T8325]  __alloc_pages+0x102/0x320
[ 2402.972595][ T8325]  alloc_pages+0x21d/0x310
[ 2402.977447][ T8325]  __get_free_pages+0x8/0x30
[ 2402.982045][ T8325]  io_uring_create+0x887/0x18d0
[ 2402.985385][ T8330] FAULT_INJECTION: forcing a failure.
[ 2402.985385][ T8330] name failslab, interval 1, probability 0, space 0, times 0
[ 2402.987140][ T8325]  ? should_fail+0xd6/0x250
[ 2402.987162][ T8325]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2402.987182][ T8325]  do_syscall_64+0x4a/0x90
[ 2402.987212][ T8325]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2402.987230][ T8325] RIP: 0033:0x4665d9
[ 2403.023825][ T8325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2403.043588][ T8325] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
09:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

09:01:38 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000300)={0x0, @vsock={0x28, 0x0, 0x2711, @host}, @in={0x2, 0x4e21, @local}, @tipc=@id={0x1e, 0x3, 0x0, {0x4e21, 0x2}}, 0x1, 0x0, 0x0, 0x0, 0x7, &(0x7f00000002c0)='veth1_to_bond\x00', 0x200, 0x1, 0x8000})
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000200))
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x10, r0, 0x0)
r1 = io_uring_setup(0x1c28, &(0x7f00000000c0)={0x0, 0x98e1, 0x4, 0x2, 0x228})
syz_io_uring_setup(0x181d, &(0x7f0000000140)={0x0, 0xd8f5, 0x1, 0x1, 0x318, 0x0, r1}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000001c0))

[ 2403.052395][ T8325] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2403.060345][ T8325] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2403.068294][ T8325] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2403.076329][ T8325] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2403.084383][ T8325] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2403.092334][ T8330] CPU: 1 PID: 8330 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2403.101088][ T8330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2403.111140][ T8330] Call Trace:
[ 2403.114412][ T8330]  dump_stack+0x137/0x19d
[ 2403.118750][ T8330]  should_fail+0x23c/0x250
[ 2403.123192][ T8330]  __should_failslab+0x81/0x90
[ 2403.127948][ T8330]  ? io_uring_add_task_file+0xdc/0x200
[ 2403.133414][ T8330]  should_failslab+0x5/0x20
[ 2403.138043][ T8330]  kmem_cache_alloc_trace+0x49/0x310
[ 2403.143432][ T8330]  ? xa_load+0x249/0x260
[ 2403.143496][ T8330]  io_uring_add_task_file+0xdc/0x200
09:01:38 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x7fffdf3ff000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:38 executing program 4 (fault-call:5 fault-nth:7):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2403.143517][ T8330]  io_uring_create+0x1734/0x18d0
[ 2403.143533][ T8330]  ? should_fail+0xd6/0x250
[ 2403.143548][ T8330]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2403.143567][ T8330]  do_syscall_64+0x4a/0x90
[ 2403.143654][ T8330]  ? irqentry_exit_to_user_mode+0x5/0x20
[ 2403.143711][ T8330]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2403.143733][ T8330] RIP: 0033:0x4665d9
09:01:38 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000780)={0x53, 0x0, 0x6, 0x2, @buffer={0x0, 0x0, &(0x7f00000000c0)=""/13}, &(0x7f0000000800)="055a6820102f8f11c3ff91009d993dc0172f28c7e2cab3ec027415f40debf57310afbd4395d0a490c73c33d594493527e0124c9fa767432f3543e0644e90c92ddc4b1d47b917d4720f7a5772fa75560ac4", 0x0, 0x80000002, 0x10, 0x0, 0x0})

[ 2403.143747][ T8330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2403.143763][ T8330] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2403.143797][ T8330] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2403.143809][ T8330] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2403.143820][ T8330] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2403.143832][ T8330] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2403.143843][ T8330] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:38 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4200})

[ 2403.152129][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2403.267213][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:38 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x23b9, &(0x7f0000000000)={0x0, 0xb02d, 0x10, 0x0, 0xfe}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140))
syz_io_uring_setup(0x5325, &(0x7f00000000c0)={0x0, 0x5040, 0x8}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:38 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x7ffffffff000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:38 executing program 4 (fault-call:5 fault-nth:8):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:38 executing program 3 (fault-call:5 fault-nth:18):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2403.342543][ T8359] FAULT_INJECTION: forcing a failure.
[ 2403.342543][ T8359] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2403.355862][ T8359] CPU: 1 PID: 8359 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
09:01:38 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:38 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4, 0x31, 0xffffffffffffffff, 0x0)

[ 2403.355888][ T8359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
09:01:38 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x202200, 0x0)
syz_io_uring_setup(0x7388, &(0x7f0000000140)={0x0, 0x4dc, 0x20, 0x1, 0x232, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r1)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
syz_io_uring_setup(0x5321, &(0x7f00000000c0)={0x0, 0x3221, 0x2, 0x10000002, 0xff, 0x0, r2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000040))

[ 2403.355899][ T8359] Call Trace:
[ 2403.355904][ T8359]  dump_stack+0x137/0x19d
[ 2403.355938][ T8359]  should_fail+0x23c/0x250
09:01:38 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:38 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xc020, 0x31, 0xffffffffffffffff, 0x0)

09:01:38 executing program 3 (fault-call:5 fault-nth:19):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2403.355953][ T8359]  __alloc_pages+0x102/0x320
[ 2403.355971][ T8359]  alloc_pages+0x21d/0x310
[ 2403.355989][ T8359]  __get_free_pages+0x8/0x30
[ 2403.356006][ T8359]  io_uring_create+0x9b9/0x18d0
[ 2403.356025][ T8359]  ? should_fail+0xd6/0x250
[ 2403.356090][ T8359]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2403.356109][ T8359]  do_syscall_64+0x4a/0x90
[ 2403.356124][ T8359]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2403.356142][ T8359] RIP: 0033:0x4665d9
[ 2403.356152][ T8359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2403.356221][ T8359] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2403.356239][ T8359] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2403.356281][ T8359] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2403.356290][ T8359] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2403.356301][ T8359] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2403.356314][ T8359] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2403.373447][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2403.373468][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2403.439782][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2403.439801][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2403.501832][ T8379] FAULT_INJECTION: forcing a failure.
[ 2403.501832][ T8379] name failslab, interval 1, probability 0, space 0, times 0
[ 2403.501852][ T8379] CPU: 1 PID: 8379 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2403.501866][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2403.501874][ T8379] Call Trace:
[ 2403.501880][ T8379]  dump_stack+0x137/0x19d
[ 2403.501905][ T8379]  should_fail+0x23c/0x250
[ 2403.501932][ T8379]  __should_failslab+0x81/0x90
[ 2403.501954][ T8379]  ? io_uring_create+0x13f7/0x18d0
[ 2403.502044][ T8379]  should_failslab+0x5/0x20
[ 2403.502057][ T8379]  kmem_cache_alloc_trace+0x49/0x310
[ 2403.502099][ T8379]  ? alloc_pages+0x21d/0x310
[ 2403.502114][ T8379]  io_uring_create+0x13f7/0x18d0
[ 2403.502167][ T8379]  ? should_fail+0xd6/0x250
[ 2403.502182][ T8379]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2403.502203][ T8379]  do_syscall_64+0x4a/0x90
[ 2403.502272][ T8379]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2403.502293][ T8379] RIP: 0033:0x4665d9
[ 2403.502303][ T8379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2403.502318][ T8379] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2403.502334][ T8379] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2403.502343][ T8379] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2403.502352][ T8379] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2403.502361][ T8379] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2403.502388][ T8379] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2403.519615][ T8380] FAULT_INJECTION: forcing a failure.
[ 2403.519615][ T8380] name failslab, interval 1, probability 0, space 0, times 0
[ 2403.519641][ T8380] CPU: 1 PID: 8380 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2403.519660][ T8380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2403.519668][ T8380] Call Trace:
[ 2403.519674][ T8380]  dump_stack+0x137/0x19d
[ 2403.519693][ T8380]  should_fail+0x23c/0x250
[ 2403.519709][ T8380]  ? xas_create+0x96b/0xb30
[ 2403.519726][ T8380]  __should_failslab+0x81/0x90
[ 2403.519762][ T8380]  should_failslab+0x5/0x20
[ 2403.519774][ T8380]  kmem_cache_alloc+0x46/0x2f0
[ 2403.519807][ T8380]  xas_create+0x96b/0xb30
[ 2403.519889][ T8380]  xas_store+0x70/0xca0
[ 2403.519905][ T8380]  ? selinux_file_alloc_security+0x9c/0xb0
[ 2403.519923][ T8380]  ? security_file_alloc+0x12e/0x190
[ 2403.519938][ T8380]  ? percpu_counter_add_batch+0x69/0xd0
[ 2403.519955][ T8380]  __xa_store+0xcb/0x320
[ 2403.520049][ T8380]  xa_store+0x30/0x70
[ 2403.520076][ T8380]  io_uring_add_task_file+0x111/0x200
[ 2403.520098][ T8380]  io_uring_create+0x1734/0x18d0
[ 2403.520117][ T8380]  ? should_fail+0xd6/0x250
[ 2403.520134][ T8380]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2403.520159][ T8380]  do_syscall_64+0x4a/0x90
[ 2403.520179][ T8380]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2403.520225][ T8380] RIP: 0033:0x4665d9
[ 2403.520237][ T8380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2403.520250][ T8380] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2403.520263][ T8380] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2403.520344][ T8380] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2403.520356][ T8380] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2403.520366][ T8380] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2403.520375][ T8380] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2403.573236][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2403.643838][ T8404] FAULT_INJECTION: forcing a failure.
[ 2403.643838][ T8404] name failslab, interval 1, probability 0, space 0, times 0
[ 2403.650682][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2403.658666][ T8404] CPU: 0 PID: 8404 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2404.097351][ T8404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.097362][ T8404] Call Trace:
[ 2404.097369][ T8404]  dump_stack+0x137/0x19d
[ 2404.097392][ T8404]  should_fail+0x23c/0x250
[ 2404.097447][ T8404]  ? xas_create+0x96b/0xb30
[ 2404.097487][ T8404]  __should_failslab+0x81/0x90
[ 2404.097509][ T8404]  should_failslab+0x5/0x20
[ 2404.097526][ T8404]  kmem_cache_alloc+0x46/0x2f0
[ 2404.097562][ T8404]  ? xas_create+0x96b/0xb30
[ 2404.097578][ T8404]  xas_create+0x96b/0xb30
[ 2404.097646][ T8404]  xas_store+0x70/0xca0
[ 2404.097664][ T8404]  ? selinux_file_alloc_security+0x9c/0xb0
[ 2404.097697][ T8404]  ? security_file_alloc+0x12e/0x190
[ 2404.097714][ T8404]  ? percpu_counter_add_batch+0x69/0xd0
[ 2404.097794][ T8404]  __xa_store+0xcb/0x320
[ 2404.097814][ T8404]  xa_store+0x30/0x70
[ 2404.097837][ T8404]  io_uring_add_task_file+0x111/0x200
[ 2404.097850][ T8404]  io_uring_create+0x1734/0x18d0
[ 2404.097861][ T8404]  ? should_fail+0xd6/0x250
[ 2404.097932][ T8404]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2404.097947][ T8404]  do_syscall_64+0x4a/0x90
[ 2404.097962][ T8404]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2404.098002][ T8404] RIP: 0033:0x4665d9
[ 2404.098011][ T8404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2404.098021][ T8404] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
09:01:39 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0xfffffffb, 0x82)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000080)=0x5)
ioctl$SG_GET_PACK_ID(r1, 0x227c, &(0x7f0000000100))

09:01:39 executing program 4 (fault-call:5 fault-nth:9):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:39 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x60b21e, 0x31, 0xffffffffffffffff, 0x0)

09:01:39 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:39 executing program 3 (fault-call:5 fault-nth:20):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2404.098057][ T8404] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2404.098064][ T8404] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2404.098071][ T8404] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2404.098078][ T8404] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2404.098085][ T8404] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:39 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4796, &(0x7f0000000040)={0x0, 0x5044}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000000000))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x1, 0x2a4080)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x13, r0, 0x10000000)

[ 2404.350176][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2404.358215][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:39 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

09:01:39 executing program 4 (fault-call:5 fault-nth:10):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2404.385626][ T8431] FAULT_INJECTION: forcing a failure.
[ 2404.385626][ T8431] name failslab, interval 1, probability 0, space 0, times 0
09:01:39 executing program 3 (fault-call:5 fault-nth:21):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2404.385735][ T8431] CPU: 0 PID: 8431 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2404.385752][ T8431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
09:01:39 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x800000, 0x31, 0xffffffffffffffff, 0x0)

09:01:39 executing program 4 (fault-call:5 fault-nth:11):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:39 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x20}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
r1 = syz_genetlink_get_family_id$net_dm(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x14, r1, 0x200, 0x70bd27, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8c1}, 0x4000880)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, r3, 0x20, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xa299, 0x42}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x59}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x55}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xf}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}]}, 0x5c}}, 0x804)

[ 2404.385762][ T8431] Call Trace:
[ 2404.385768][ T8431]  dump_stack+0x137/0x19d
[ 2404.385870][ T8431]  should_fail+0x23c/0x250
[ 2404.385885][ T8431]  __should_failslab+0x81/0x90
[ 2404.385907][ T8431]  ? io_uring_create+0x13f7/0x18d0
[ 2404.385926][ T8431]  should_failslab+0x5/0x20
[ 2404.385940][ T8431]  kmem_cache_alloc_trace+0x49/0x310
[ 2404.386009][ T8431]  ? alloc_pages+0x21d/0x310
[ 2404.386026][ T8431]  io_uring_create+0x13f7/0x18d0
[ 2404.386042][ T8431]  ? should_fail+0xd6/0x250
[ 2404.386055][ T8431]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2404.386075][ T8431]  do_syscall_64+0x4a/0x90
[ 2404.386092][ T8431]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2404.386159][ T8431] RIP: 0033:0x4665d9
[ 2404.386171][ T8431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2404.386185][ T8431] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2404.386200][ T8431] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2404.386212][ T8431] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2404.386223][ T8431] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2404.386234][ T8431] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2404.386244][ T8431] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2404.417578][ T8433] FAULT_INJECTION: forcing a failure.
[ 2404.417578][ T8433] name failslab, interval 1, probability 0, space 0, times 0
[ 2404.417598][ T8433] CPU: 0 PID: 8433 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2404.417617][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.417625][ T8433] Call Trace:
[ 2404.417631][ T8433]  dump_stack+0x137/0x19d
[ 2404.417654][ T8433]  should_fail+0x23c/0x250
[ 2404.417670][ T8433]  ? xas_create+0x96b/0xb30
[ 2404.417689][ T8433]  __should_failslab+0x81/0x90
[ 2404.417740][ T8433]  should_failslab+0x5/0x20
[ 2404.417756][ T8433]  kmem_cache_alloc+0x46/0x2f0
[ 2404.417818][ T8433]  xas_create+0x96b/0xb30
[ 2404.417863][ T8433]  xas_store+0x70/0xca0
[ 2404.417881][ T8433]  ? selinux_file_alloc_security+0x9c/0xb0
[ 2404.417899][ T8433]  ? security_file_alloc+0x12e/0x190
[ 2404.417914][ T8433]  ? percpu_counter_add_batch+0x69/0xd0
[ 2404.417929][ T8433]  __xa_store+0xcb/0x320
[ 2404.417956][ T8433]  xa_store+0x30/0x70
[ 2404.417973][ T8433]  io_uring_add_task_file+0x111/0x200
[ 2404.418011][ T8433]  io_uring_create+0x1734/0x18d0
[ 2404.418078][ T8433]  ? should_fail+0xd6/0x250
[ 2404.418091][ T8433]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2404.418114][ T8433]  do_syscall_64+0x4a/0x90
[ 2404.418132][ T8433]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2404.418173][ T8433] RIP: 0033:0x4665d9
[ 2404.418185][ T8433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2404.418199][ T8433] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2404.418216][ T8433] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2404.418226][ T8433] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2404.418238][ T8433] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2404.418250][ T8433] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2404.418343][ T8433] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2404.475277][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2404.475295][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2404.510196][ T8456] FAULT_INJECTION: forcing a failure.
[ 2404.510196][ T8456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2404.510220][ T8456] CPU: 0 PID: 8456 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2404.510239][ T8456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.510248][ T8456] Call Trace:
[ 2404.510261][ T8456]  dump_stack+0x137/0x19d
[ 2404.510293][ T8456]  should_fail+0x23c/0x250
[ 2404.510307][ T8456]  should_fail_usercopy+0x16/0x20
[ 2404.510324][ T8456]  _copy_to_user+0x1c/0x90
[ 2404.510344][ T8456]  io_uring_create+0x159f/0x18d0
[ 2404.510424][ T8456]  ? should_fail+0xd6/0x250
[ 2404.510444][ T8456]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2404.510464][ T8456]  do_syscall_64+0x4a/0x90
[ 2404.510523][ T8456]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2404.510544][ T8456] RIP: 0033:0x4665d9
[ 2404.510553][ T8456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2404.510569][ T8456] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2404.510587][ T8456] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2404.510599][ T8456] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2404.510607][ T8456] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2404.510691][ T8456] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2404.510702][ T8456] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2404.597562][ T8465] FAULT_INJECTION: forcing a failure.
[ 2404.597562][ T8465] name failslab, interval 1, probability 0, space 0, times 0
[ 2404.597583][ T8465] CPU: 0 PID: 8465 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2404.597607][ T8465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.597616][ T8465] Call Trace:
[ 2404.597622][ T8465]  dump_stack+0x137/0x19d
[ 2404.597640][ T8465]  should_fail+0x23c/0x250
[ 2404.597707][ T8465]  ? xas_create+0x96b/0xb30
[ 2404.597724][ T8465]  __should_failslab+0x81/0x90
[ 2404.597741][ T8465]  should_failslab+0x5/0x20
[ 2404.597760][ T8465]  kmem_cache_alloc+0x46/0x2f0
[ 2404.597782][ T8465]  ? xas_create+0x96b/0xb30
[ 2404.597872][ T8465]  xas_create+0x96b/0xb30
[ 2404.597941][ T8465]  xas_store+0x70/0xca0
[ 2404.597957][ T8465]  ? selinux_file_alloc_security+0x9c/0xb0
[ 2404.597977][ T8465]  ? security_file_alloc+0x12e/0x190
[ 2404.597994][ T8465]  ? percpu_counter_add_batch+0x69/0xd0
[ 2404.598013][ T8465]  ? __list_del_entry_valid+0x54/0xc0
[ 2404.598032][ T8465]  ? __list_add_valid+0x28/0x90
[ 2404.598088][ T8465]  __xa_store+0xcb/0x320
[ 2404.598103][ T8465]  xa_store+0x30/0x70
[ 2404.598119][ T8465]  io_uring_add_task_file+0x111/0x200
[ 2404.598184][ T8465]  io_uring_create+0x1734/0x18d0
[ 2404.598201][ T8465]  ? should_fail+0xd6/0x250
[ 2404.598263][ T8465]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2404.598286][ T8465]  do_syscall_64+0x4a/0x90
[ 2404.598309][ T8465]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2404.598333][ T8465] RIP: 0033:0x4665d9
[ 2404.598346][ T8465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2404.598359][ T8465] RSP: 002b:00007f067829c108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2404.598372][ T8465] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2404.598446][ T8465] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2404.598454][ T8465] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
09:01:40 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0x0, 0x6, 0x0, @buffer={0x2, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0xfffffffd, 0x0})
r1 = fsmount(0xffffffffffffffff, 0x0, 0x73)
ioctl$SG_GET_LOW_DMA(r1, 0x227a, &(0x7f0000000140))
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x400800, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000080)=0x1)

09:01:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

09:01:40 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:40 executing program 3 (fault-call:5 fault-nth:22):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:40 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000000000))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = fsmount(r1, 0x1, 0x70)
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x8, 0x70bd27, 0x25dfdbff, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x39}}, @FOU_ATTR_PEER_V4={0x8, 0x8, @loopback}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x400c004)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r0)

[ 2404.598463][ T8465] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2404.598471][ T8465] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2404.668189][ T8474] FAULT_INJECTION: forcing a failure.
[ 2404.668189][ T8474] name failslab, interval 1, probability 0, space 0, times 0
[ 2405.326849][ T8474] CPU: 1 PID: 8474 Comm: syz-executor.4 Not tainted 5.13.0-rc7-syzkaller #0
[ 2405.335519][ T8474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2405.345741][ T8474] Call Trace:
[ 2405.349012][ T8474]  dump_stack+0x137/0x19d
09:01:40 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4000000, 0x31, 0xffffffffffffffff, 0x0)

[ 2405.353346][ T8474]  should_fail+0x23c/0x250
[ 2405.357761][ T8474]  ? security_inode_alloc+0x30/0x180
[ 2405.363039][ T8474]  __should_failslab+0x81/0x90
[ 2405.367862][ T8474]  should_failslab+0x5/0x20
[ 2405.372537][ T8474]  kmem_cache_alloc+0x46/0x2f0
[ 2405.377370][ T8474]  security_inode_alloc+0x30/0x180
[ 2405.382487][ T8474]  inode_init_always+0x20b/0x420
[ 2405.387676][ T8474]  ? sockfs_init_fs_context+0x70/0x70
[ 2405.393064][ T8474]  new_inode_pseudo+0x73/0x1c0
[ 2405.397821][ T8474]  __sock_create+0x122/0x4f0
09:01:40 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1eb26000, 0x31, 0xffffffffffffffff, 0x0)

[ 2405.402438][ T8474]  ? should_fail+0xd6/0x250
[ 2405.406998][ T8474]  sock_create_kern+0x34/0x40
[ 2405.412113][ T8474]  io_uring_create+0x15e5/0x18d0
[ 2405.417183][ T8474]  ? should_fail+0xd6/0x250
[ 2405.421693][ T8474]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2405.427269][ T8474]  do_syscall_64+0x4a/0x90
[ 2405.431784][ T8474]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2405.438115][ T8474] RIP: 0033:0x4665d9
09:01:40 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x20c00000, 0x31, 0xffffffffffffffff, 0x0)

09:01:40 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xfeffffff, 0x31, 0xffffffffffffffff, 0x0)

[ 2405.442084][ T8474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2405.462167][ T8474] RSP: 002b:00007fa6822bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2405.470584][ T8474] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2405.478725][ T8474] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2405.486734][ T8474] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2405.494783][ T8474] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
09:01:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

09:01:40 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:40 executing program 5:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x511380)

[ 2405.502751][ T8474] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2405.510778][ T8474] socket: no more sockets
09:01:40 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xfffffffe, 0x31, 0xffffffffffffffff, 0x0)

09:01:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

[ 2405.565642][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2405.573739][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:40 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000100), 0xffffffffffffffff, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0x0, 0x6, 0x0, @scatter={0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000140)=""/44, 0x2c}, {&(0x7f0000000200)=""/61, 0x3d}, {&(0x7f0000000980)=""/184, 0xb8}, {&(0x7f0000000300)=""/228, 0xe4}, {&(0x7f0000000400)=""/158, 0x9e}, {&(0x7f00000004c0)=""/39, 0x27}, {&(0x7f0000000500)=""/116, 0x74}, {&(0x7f0000000640)=""/179, 0xb3}, {&(0x7f0000000700)=""/151, 0x97}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x20000000, 0x0, 0x0, 0x0})
fsmount(0xffffffffffffffff, 0x1, 0x84)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x401)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x20004, 0x0)
ioctl$SG_GET_ACCESS_COUNT(r2, 0x2289, &(0x7f00000001c0))
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0xb4cc0, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5387, &(0x7f0000000080))

[ 2405.659067][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2405.667179][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2405.690448][ T8525] FAULT_INJECTION: forcing a failure.
[ 2405.690448][ T8525] name failslab, interval 1, probability 0, space 0, times 0
[ 2405.703152][ T8525] CPU: 1 PID: 8525 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2405.703170][ T8525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2405.703179][ T8525] Call Trace:
[ 2405.703185][ T8525]  dump_stack+0x137/0x19d
[ 2405.703205][ T8525]  should_fail+0x23c/0x250
[ 2405.703219][ T8525]  ? vm_area_dup+0x44/0x120
[ 2405.703248][ T8525]  __should_failslab+0x81/0x90
[ 2405.703265][ T8525]  should_failslab+0x5/0x20
[ 2405.703400][ T8525]  kmem_cache_alloc+0x46/0x2f0
[ 2405.703421][ T8525]  ? _find_next_bit+0x188/0x190
[ 2405.703437][ T8525]  vm_area_dup+0x44/0x120
[ 2405.703481][ T8525]  ? kmem_cache_alloc+0x201/0x2f0
[ 2405.703496][ T8525]  ? xas_create+0x96b/0xb30
[ 2405.703533][ T8525]  ? xas_create+0xae3/0xb30
[ 2405.703551][ T8525]  __split_vma+0x82/0x320
[ 2405.703563][ T8525]  ? vmacache_find+0x2d2/0x320
[ 2405.703576][ T8525]  __do_munmap+0x27c/0x1330
[ 2405.703629][ T8525]  ? __xas_nomem+0xfc/0x270
[ 2405.703649][ T8525]  mmap_region+0x58a/0x13e0
[ 2405.703665][ T8525]  ? security_mmap_addr+0x78/0x90
[ 2405.703757][ T8525]  do_mmap+0x77d/0xc90
[ 2405.703769][ T8525]  vm_mmap_pgoff+0xf9/0x1d0
[ 2405.812398][ T8525]  ksys_mmap_pgoff+0x2a8/0x380
[ 2405.817330][ T8525]  do_syscall_64+0x4a/0x90
[ 2405.821869][ T8525]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2405.827753][ T8525] RIP: 0033:0x466622
[ 2405.831635][ T8525] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[ 2405.851238][ T8525] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 2405.859656][ T8525] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2405.867627][ T8525] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020d1f000
[ 2405.875638][ T8525] RBP: 0000000020d1f000 R08: 0000000000000006 R09: 0000000000000000
[ 2405.883589][ T8525] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2405.891598][ T8525] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:40 executing program 3 (fault-call:5 fault-nth:23):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:40 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x400000)

09:01:40 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xc02000000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:40 executing program 5 (fault-call:1 fault-nth:0):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:40 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2406.021023][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2406.029148][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2406.045538][ T8565] FAULT_INJECTION: forcing a failure.
[ 2406.045538][ T8565] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2406.058606][ T8565] CPU: 1 PID: 8565 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
09:01:41 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
clock_getres(0x7, &(0x7f0000000140))
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000000)=').)&\x00', &(0x7f00000000c0)='./file0\x00', r1)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2406.067273][ T8565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2406.077587][ T8565] Call Trace:
[ 2406.081381][ T8565]  dump_stack+0x137/0x19d
[ 2406.085769][ T8565]  should_fail+0x23c/0x250
[ 2406.090186][ T8565]  should_fail_usercopy+0x16/0x20
[ 2406.095203][ T8565]  _copy_from_user+0x1c/0xd0
[ 2406.099791][ T8565]  __x64_sys_io_uring_setup+0x4b/0x120
[ 2406.105293][ T8565]  ? fput+0x2d/0x130
[ 2406.109449][ T8565]  ? ksys_write+0x157/0x180
[ 2406.114052][ T8565]  ? fpregs_assert_state_consistent+0x7d/0x90
09:01:41 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[ 2406.120647][ T8565]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2406.126359][ T8565]  do_syscall_64+0x4a/0x90
[ 2406.130782][ T8565]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2406.136697][ T8565] RIP: 0033:0x4665d9
[ 2406.140617][ T8565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2406.160313][ T8565] RSP: 002b:00007efc1d996108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
09:01:41 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x60b21e00000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:41 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:41 executing program 3 (fault-call:5 fault-nth:24):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2406.160333][ T8565] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2406.160342][ T8565] RDX: 0000000020ffc000 RSI: 00000000200000c0 RDI: 0000000000004165
[ 2406.160422][ T8565] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2406.160434][ T8565] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2406.160446][ T8565] R13: 0000000020ffc000 R14: 0000000020000000 R15: 0000000020001000
[ 2406.180793][ T8579] FAULT_INJECTION: forcing a failure.
[ 2406.180793][ T8579] name failslab, interval 1, probability 0, space 0, times 0
[ 2406.180817][ T8579] CPU: 0 PID: 8579 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2406.180836][ T8579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2406.180847][ T8579] Call Trace:
[ 2406.180853][ T8579]  dump_stack+0x137/0x19d
[ 2406.180880][ T8579]  should_fail+0x23c/0x250
[ 2406.180897][ T8579]  ? xas_create+0x96b/0xb30
[ 2406.180994][ T8579]  __should_failslab+0x81/0x90
[ 2406.181017][ T8579]  should_failslab+0x5/0x20
[ 2406.181033][ T8579]  kmem_cache_alloc+0x46/0x2f0
[ 2406.181049][ T8579]  xas_create+0x96b/0xb30
[ 2406.181103][ T8579]  xas_store+0x70/0xca0
[ 2406.181122][ T8579]  ? kmem_cache_alloc_node_trace+0x1f6/0x2e0
[ 2406.181161][ T8579]  __xa_store+0xcb/0x320
[ 2406.181199][ T8579]  xa_store+0x30/0x70
[ 2406.181215][ T8579]  io_uring_add_task_file+0x111/0x200
[ 2406.181231][ T8579]  io_uring_create+0x1734/0x18d0
[ 2406.181317][ T8579]  ? should_fail+0xd6/0x250
[ 2406.181343][ T8579]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2406.181362][ T8579]  do_syscall_64+0x4a/0x90
[ 2406.181383][ T8579]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2406.181404][ T8579] RIP: 0033:0x4665d9
[ 2406.181413][ T8579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2406.181461][ T8579] RSP: 002b:00007f067827b108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2406.181477][ T8579] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9
09:01:41 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

09:01:41 executing program 5 (fault-call:1 fault-nth:1):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:41 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x80000000000000, 0x31, 0xffffffffffffffff, 0x0)

[ 2406.181489][ T8579] RDX: 0000000020c41000 RSI: 00000000200000c0 RDI: 0000000000002fdf
[ 2406.181498][ T8579] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2406.181506][ T8579] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2406.181515][ T8579] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2406.240402][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2406.311968][ T8593] FAULT_INJECTION: forcing a failure.
[ 2406.311968][ T8593] name failslab, interval 1, probability 0, space 0, times 0
[ 2406.312985][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2406.490529][ T8593] CPU: 0 PID: 8593 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
09:01:41 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x100000000000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:41 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900})

09:01:41 executing program 5 (fault-call:1 fault-nth:2):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:41 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2406.490549][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2406.490558][ T8593] Call Trace:
[ 2406.490565][ T8593]  dump_stack+0x137/0x19d
[ 2406.490590][ T8593]  should_fail+0x23c/0x250
[ 2406.490640][ T8593]  ? anon_vma_clone+0x8d/0x380
[ 2406.490661][ T8593]  __should_failslab+0x81/0x90
[ 2406.490683][ T8593]  should_failslab+0x5/0x20
[ 2406.490698][ T8593]  kmem_cache_alloc+0x46/0x2f0
[ 2406.490714][ T8593]  anon_vma_clone+0x8d/0x380
[ 2406.490731][ T8593]  __split_vma+0x134/0x320
[ 2406.490747][ T8593]  ? vmacache_find+0x2d2/0x320
[ 2406.490771][ T8593]  __do_munmap+0x27c/0x1330
[ 2406.490789][ T8593]  ? __xas_nomem+0xfc/0x270
[ 2406.490808][ T8593]  mmap_region+0x58a/0x13e0
[ 2406.490821][ T8593]  ? security_mmap_addr+0x78/0x90
[ 2406.490850][ T8593]  do_mmap+0x77d/0xc90
[ 2406.490866][ T8593]  vm_mmap_pgoff+0xf9/0x1d0
[ 2406.490884][ T8593]  ksys_mmap_pgoff+0x2a8/0x380
[ 2406.490916][ T8593]  do_syscall_64+0x4a/0x90
[ 2406.490958][ T8593]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2406.491039][ T8593] RIP: 0033:0x466622
[ 2406.491052][ T8593] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[ 2406.491069][ T8593] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 2406.491085][ T8593] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2406.491094][ T8593] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020d1f000
[ 2406.491109][ T8593] RBP: 0000000020d1f000 R08: 0000000000000006 R09: 0000000000000000
[ 2406.491118][ T8593] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2406.491127][ T8593] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2406.505539][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2406.505568][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2406.522042][ T8613] FAULT_INJECTION: forcing a failure.
[ 2406.522042][ T8613] name failslab, interval 1, probability 0, space 0, times 0
[ 2406.522062][ T8613] CPU: 0 PID: 8613 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
[ 2406.522076][ T8613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2406.522084][ T8613] Call Trace:
[ 2406.522090][ T8613]  dump_stack+0x137/0x19d
[ 2406.522135][ T8613]  should_fail+0x23c/0x250
[ 2406.522191][ T8613]  __should_failslab+0x81/0x90
[ 2406.522207][ T8613]  ? io_uring_create+0x120/0x18d0
[ 2406.522221][ T8613]  should_failslab+0x5/0x20
[ 2406.522264][ T8613]  kmem_cache_alloc_trace+0x49/0x310
[ 2406.522335][ T8613]  io_uring_create+0x120/0x18d0
[ 2406.522348][ T8613]  ? vfs_write+0x50c/0x770
[ 2406.522359][ T8613]  ? should_fail+0xd6/0x250
[ 2406.522450][ T8613]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2406.522469][ T8613]  do_syscall_64+0x4a/0x90
[ 2406.522489][ T8613]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2406.522513][ T8613] RIP: 0033:0x4665d9
[ 2406.522525][ T8613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2406.522542][ T8613] RSP: 002b:00007efc1d996108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2406.522567][ T8613] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2406.522579][ T8613] RDX: 0000000020ffc000 RSI: 00000000200000c0 RDI: 0000000000004165
[ 2406.522588][ T8613] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2406.522644][ T8613] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2406.522659][ T8613] R13: 0000000020ffc000 R14: 0000000020000000 R15: 0000000020001000
[ 2406.626774][ T8628] FAULT_INJECTION: forcing a failure.
[ 2406.626774][ T8628] name failslab, interval 1, probability 0, space 0, times 0
[ 2406.626796][ T8628] CPU: 0 PID: 8628 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
[ 2406.626810][ T8628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2406.626818][ T8628] Call Trace:
[ 2406.626823][ T8628]  dump_stack+0x137/0x19d
[ 2406.626870][ T8628]  should_fail+0x23c/0x250
[ 2406.626888][ T8628]  ? io_uring_create+0x190/0x18d0
[ 2406.626907][ T8628]  __should_failslab+0x81/0x90
[ 2406.626973][ T8628]  should_failslab+0x5/0x20
[ 2406.626985][ T8628]  __kmalloc+0x66/0x340
[ 2406.626999][ T8628]  ? kmem_cache_alloc_trace+0x215/0x310
[ 2406.627091][ T8628]  ? io_uring_create+0x120/0x18d0
[ 2406.627105][ T8628]  io_uring_create+0x190/0x18d0
[ 2406.627121][ T8628]  ? vfs_write+0x50c/0x770
[ 2406.627137][ T8628]  ? should_fail+0xd6/0x250
[ 2406.627155][ T8628]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2406.627255][ T8628]  do_syscall_64+0x4a/0x90
[ 2406.627276][ T8628]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2406.627298][ T8628] RIP: 0033:0x4665d9
[ 2406.627307][ T8628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2406.627319][ T8628] RSP: 002b:00007efc1d996108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2406.627350][ T8628] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2406.627366][ T8628] RDX: 0000000020ffc000 RSI: 00000000200000c0 RDI: 0000000000004165
[ 2406.627378][ T8628] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2406.627389][ T8628] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2406.627401][ T8628] R13: 0000000020ffc000 R14: 0000000020000000 R15: 0000000020001000
09:01:42 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x6115, &(0x7f00000000c0)={0x0, 0x6bb0, 0x8, 0x0, 0x196, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:42 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x400000000000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:42 executing program 5 (fault-call:1 fault-nth:3):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00})

09:01:42 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x7}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:42 executing program 3 (fault-call:5 fault-nth:25):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2406.634020][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2406.634041][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2407.285419][ T8656] FAULT_INJECTION: forcing a failure.
[ 2407.285419][ T8656] name failslab, interval 1, probability 0, space 0, times 0
[ 2407.298208][ T8656] CPU: 1 PID: 8656 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
[ 2407.306881][ T8656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2407.317043][ T8656] Call Trace:
[ 2407.320475][ T8656]  dump_stack+0x137/0x19d
[ 2407.324886][ T8656]  should_fail+0x23c/0x250
[ 2407.329299][ T8656]  __should_failslab+0x81/0x90
[ 2407.334140][ T8656]  ? io_uring_create+0x1e1/0x18d0
[ 2407.339162][ T8656]  should_failslab+0x5/0x20
[ 2407.343679][ T8656]  kmem_cache_alloc_trace+0x49/0x310
[ 2407.348972][ T8656]  ? io_uring_create+0x190/0x18d0
[ 2407.354152][ T8656]  io_uring_create+0x1e1/0x18d0
[ 2407.358995][ T8656]  ? vfs_write+0x50c/0x770
[ 2407.363401][ T8656]  ? should_fail+0xd6/0x250
[ 2407.367899][ T8656]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2407.373412][ T8656]  do_syscall_64+0x4a/0x90
[ 2407.377916][ T8656]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2407.383859][ T8656] RIP: 0033:0x4665d9
[ 2407.387756][ T8656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2407.408495][ T8656] RSP: 002b:00007efc1d996108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2407.416961][ T8656] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2407.424929][ T8656] RDX: 0000000020ffc000 RSI: 00000000200000c0 RDI: 0000000000004165
09:01:42 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xfeffffff00000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:42 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x101600)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000010)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2407.432980][ T8656] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2407.441208][ T8656] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2407.449276][ T8656] R13: 0000000020ffc000 R14: 0000000020000000 R15: 0000000020001000
[ 2407.483050][ T8659] FAULT_INJECTION: forcing a failure.
[ 2407.483050][ T8659] name failslab, interval 1, probability 0, space 0, times 0
[ 2407.495758][ T8659] CPU: 1 PID: 8659 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2407.504696][ T8659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2407.514825][ T8659] Call Trace:
[ 2407.518093][ T8659]  dump_stack+0x137/0x19d
[ 2407.522423][ T8659]  should_fail+0x23c/0x250
[ 2407.526888][ T8659]  ? anon_vma_clone+0x8d/0x380
[ 2407.531718][ T8659]  __should_failslab+0x81/0x90
[ 2407.536500][ T8659]  should_failslab+0x5/0x20
[ 2407.540999][ T8659]  kmem_cache_alloc+0x46/0x2f0
[ 2407.545848][ T8659]  anon_vma_clone+0x8d/0x380
[ 2407.550450][ T8659]  __split_vma+0x134/0x320
[ 2407.554861][ T8659]  ? vmacache_find+0x2d2/0x320
[ 2407.559707][ T8659]  __do_munmap+0x27c/0x1330
[ 2407.564361][ T8659]  ? __xas_nomem+0xfc/0x270
[ 2407.568897][ T8659]  mmap_region+0x58a/0x13e0
[ 2407.573396][ T8659]  ? security_mmap_addr+0x78/0x90
[ 2407.578421][ T8659]  do_mmap+0x77d/0xc90
[ 2407.582590][ T8659]  vm_mmap_pgoff+0xf9/0x1d0
[ 2407.587088][ T8659]  ksys_mmap_pgoff+0x2a8/0x380
[ 2407.591852][ T8659]  do_syscall_64+0x4a/0x90
[ 2407.596276][ T8659]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2407.602165][ T8659] RIP: 0033:0x466622
[ 2407.606069][ T8659] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
09:01:42 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x4)

09:01:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00})

09:01:42 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xc020)

09:01:42 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x60b21e)

[ 2407.625664][ T8659] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 2407.634093][ T8659] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2407.642532][ T8659] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020d1f000
[ 2407.650763][ T8659] RBP: 0000000020d1f000 R08: 0000000000000006 R09: 0000000000000000
[ 2407.658734][ T8659] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2407.666749][ T8659] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2407.674951][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
09:01:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000})

09:01:42 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5327, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2407.682943][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:42 executing program 5 (fault-call:1 fault-nth:4):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

[ 2407.730617][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2407.738653][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:42 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:42 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x800000)

09:01:42 executing program 3 (fault-call:5 fault-nth:26):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:42 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x1}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000000000))

[ 2407.825980][ T8706] FAULT_INJECTION: forcing a failure.
[ 2407.825980][ T8706] name failslab, interval 1, probability 0, space 0, times 0
[ 2407.838640][ T8706] CPU: 0 PID: 8706 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
[ 2407.847307][ T8706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2407.857362][ T8706] Call Trace:
[ 2407.860635][ T8706]  dump_stack+0x137/0x19d
[ 2407.865006][ T8706]  should_fail+0x23c/0x250
[ 2407.869636][ T8706]  __should_failslab+0x81/0x90
09:01:42 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x1000000)

[ 2407.874472][ T8706]  ? percpu_ref_init+0x9e/0x210
[ 2407.879316][ T8706]  should_failslab+0x5/0x20
[ 2407.883807][ T8706]  kmem_cache_alloc_trace+0x49/0x310
[ 2407.889090][ T8706]  percpu_ref_init+0x9e/0x210
[ 2407.893763][ T8706]  ? io_uring_create+0x18d0/0x18d0
[ 2407.899055][ T8706]  io_uring_create+0x228/0x18d0
[ 2407.903908][ T8706]  ? vfs_write+0x50c/0x770
[ 2407.908319][ T8706]  ? should_fail+0xd6/0x250
[ 2407.912905][ T8706]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2407.918431][ T8706]  do_syscall_64+0x4a/0x90
09:01:42 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07)

[ 2407.922867][ T8706]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2407.928757][ T8706] RIP: 0033:0x4665d9
[ 2407.932642][ T8706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2407.952356][ T8706] RSP: 002b:00007efc1d996108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2407.961296][ T8706] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
09:01:43 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x4000000)

09:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4200})

[ 2407.969316][ T8706] RDX: 0000000020ffc000 RSI: 00000000200000c0 RDI: 0000000000004165
[ 2407.977283][ T8706] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2407.985247][ T8706] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2407.993251][ T8706] R13: 0000000020ffc000 R14: 0000000020000000 R15: 0000000020001000
[ 2408.005469][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2408.013515][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2408.052516][ T8727] FAULT_INJECTION: forcing a failure.
[ 2408.052516][ T8727] name failslab, interval 1, probability 0, space 0, times 0
[ 2408.065305][ T8727] CPU: 0 PID: 8727 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2408.073979][ T8727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2408.084095][ T8727] Call Trace:
[ 2408.087721][ T8727]  dump_stack+0x137/0x19d
[ 2408.092105][ T8727]  should_fail+0x23c/0x250
[ 2408.096516][ T8727]  ? anon_vma_clone+0x8d/0x380
[ 2408.101373][ T8727]  __should_failslab+0x81/0x90
[ 2408.106195][ T8727]  should_failslab+0x5/0x20
[ 2408.110699][ T8727]  kmem_cache_alloc+0x46/0x2f0
[ 2408.110850][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2408.115461][ T8727]  anon_vma_clone+0x8d/0x380
[ 2408.115483][ T8727]  __split_vma+0x134/0x320
[ 2408.123473][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2408.128021][ T8727]  ? vmacache_find+0x2d2/0x320
[ 2408.128040][ T8727]  __do_munmap+0x2e9/0x1330
09:01:43 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x344e, &(0x7f00000000c0)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2408.128055][ T8727]  ? __xas_nomem+0xfc/0x270
[ 2408.153677][ T8727]  mmap_region+0x58a/0x13e0
[ 2408.158175][ T8727]  ? security_mmap_addr+0x78/0x90
[ 2408.163283][ T8727]  do_mmap+0x77d/0xc90
[ 2408.167337][ T8727]  vm_mmap_pgoff+0xf9/0x1d0
[ 2408.171830][ T8727]  ksys_mmap_pgoff+0x2a8/0x380
[ 2408.176767][ T8727]  do_syscall_64+0x4a/0x90
[ 2408.181175][ T8727]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2408.187057][ T8727] RIP: 0033:0x466622
09:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2408.190968][ T8727] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[ 2408.210566][ T8727] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 2408.218984][ T8727] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2408.227180][ T8727] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020d1f000
[ 2408.235225][ T8727] RBP: 0000000020d1f000 R08: 0000000000000006 R09: 0000000000000000
[ 2408.242383][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2408.243187][ T8727] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2408.243202][ T8727] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2408.267165][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:43 executing program 5 (fault-call:1 fault-nth:5):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:43 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x1eb26000)

09:01:43 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:43 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0xffffffff}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x10000000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r4}}, 0x7)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r4)

09:01:43 executing program 3 (fault-call:5 fault-nth:27):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2408.406069][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2408.414099][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2408.446118][ T8781] FAULT_INJECTION: forcing a failure.
[ 2408.446118][ T8781] name failslab, interval 1, probability 0, space 0, times 0
[ 2408.458959][ T8781] CPU: 1 PID: 8781 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
[ 2408.467629][ T8781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2408.478021][ T8781] Call Trace:
[ 2408.481291][ T8781]  dump_stack+0x137/0x19d
[ 2408.482485][ T8773] FAULT_INJECTION: forcing a failure.
[ 2408.482485][ T8773] name failslab, interval 1, probability 0, space 0, times 0
[ 2408.485713][ T8781]  should_fail+0x23c/0x250
[ 2408.502688][ T8781]  __should_failslab+0x81/0x90
[ 2408.507445][ T8781]  ? percpu_ref_init+0x9e/0x210
[ 2408.512281][ T8781]  should_failslab+0x5/0x20
[ 2408.516774][ T8781]  kmem_cache_alloc_trace+0x49/0x310
[ 2408.522047][ T8781]  percpu_ref_init+0x9e/0x210
[ 2408.526773][ T8781]  ? io_uring_create+0x18d0/0x18d0
[ 2408.531864][ T8781]  io_uring_create+0x228/0x18d0
[ 2408.536738][ T8781]  ? vfs_write+0x50c/0x770
[ 2408.541131][ T8781]  ? should_fail+0xd6/0x250
[ 2408.545693][ T8781]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2408.551131][ T8781]  do_syscall_64+0x4a/0x90
[ 2408.555525][ T8781]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2408.561441][ T8781] RIP: 0033:0x4665d9
[ 2408.565312][ T8781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2408.585400][ T8781] RSP: 002b:00007efc1d996108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2408.593811][ T8781] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2408.601760][ T8781] RDX: 0000000020ffc000 RSI: 00000000200000c0 RDI: 0000000000004165
[ 2408.609735][ T8781] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2408.618053][ T8781] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2408.626086][ T8781] R13: 0000000020ffc000 R14: 0000000020000000 R15: 0000000020001000
[ 2408.634418][ T8773] CPU: 0 PID: 8773 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2408.643161][ T8773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2408.653358][ T8773] Call Trace:
09:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:43 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x20c00000)

[ 2408.653371][ T8773]  dump_stack+0x137/0x19d
[ 2408.653421][ T8773]  should_fail+0x23c/0x250
[ 2408.653434][ T8773]  ? anon_vma_clone+0x8d/0x380
[ 2408.653450][ T8773]  __should_failslab+0x81/0x90
[ 2408.653471][ T8773]  should_failslab+0x5/0x20
[ 2408.679378][ T8773]  kmem_cache_alloc+0x46/0x2f0
[ 2408.684197][ T8773]  anon_vma_clone+0x8d/0x380
[ 2408.688779][ T8773]  __split_vma+0x134/0x320
[ 2408.693280][ T8773]  ? vmacache_find+0x2d2/0x320
[ 2408.698037][ T8773]  __do_munmap+0x2e9/0x1330
[ 2408.702526][ T8773]  ? __xas_nomem+0xfc/0x270
[ 2408.707073][ T8773]  mmap_region+0x58a/0x13e0
[ 2408.711596][ T8773]  ? security_mmap_addr+0x78/0x90
[ 2408.716607][ T8773]  do_mmap+0x77d/0xc90
[ 2408.719732][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2408.720666][ T8773]  vm_mmap_pgoff+0xf9/0x1d0
[ 2408.720686][ T8773]  ksys_mmap_pgoff+0x2a8/0x380
[ 2408.720702][ T8773]  do_syscall_64+0x4a/0x90
[ 2408.728686][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2408.733136][ T8773]  entry_SYSCALL_64_after_hwframe+0x44/0xae
09:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

[ 2408.755770][ T8773] RIP: 0033:0x466622
[ 2408.759655][ T8773] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[ 2408.779594][ T8773] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 2408.788006][ T8773] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2408.796074][ T8773] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020d1f000
09:01:43 executing program 5 (fault-call:1 fault-nth:6):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:43 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x22}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2408.804246][ T8773] RBP: 0000000020d1f000 R08: 0000000000000006 R09: 0000000000000000
[ 2408.812218][ T8773] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2408.820403][ T8773] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:43 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xfeffffff)

09:01:43 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2408.869632][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2408.878349][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:43 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xfffffffe)

[ 2408.919921][ T8810] FAULT_INJECTION: forcing a failure.
[ 2408.919921][ T8810] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2408.934233][ T8810] CPU: 0 PID: 8810 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
[ 2408.943062][ T8810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2408.953113][ T8810] Call Trace:
[ 2408.956429][ T8810]  dump_stack+0x137/0x19d
[ 2408.960877][ T8810]  should_fail+0x23c/0x250
[ 2408.965380][ T8810]  __alloc_pages+0x102/0x320
09:01:43 executing program 3 (fault-call:5 fault-nth:28):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2408.969968][ T8810]  alloc_pages+0x21d/0x310
[ 2408.974394][ T8810]  __get_free_pages+0x8/0x30
[ 2408.979173][ T8810]  io_uring_create+0x9b9/0x18d0
[ 2408.984035][ T8810]  ? should_fail+0xd6/0x250
[ 2408.988557][ T8810]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2408.994192][ T8810]  do_syscall_64+0x4a/0x90
[ 2408.998609][ T8810]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2409.004625][ T8810] RIP: 0033:0x4665d9
[ 2409.008670][ T8810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2409.028354][ T8810] RSP: 002b:00007efc1d996108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 2409.036780][ T8810] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2409.042857][ T8823] FAULT_INJECTION: forcing a failure.
[ 2409.042857][ T8823] name failslab, interval 1, probability 0, space 0, times 0
[ 2409.044748][ T8810] RDX: 0000000020ffc000 RSI: 00000000200000c0 RDI: 0000000000004165
[ 2409.044762][ T8810] RBP: 00000000200000c0 R08: 0000000020000140 R09: 0000000020000140
[ 2409.044773][ T8810] R10: 0000000020000000 R11: 0000000000000202 R12: 0000000020000140
[ 2409.081304][ T8810] R13: 0000000020ffc000 R14: 0000000020000000 R15: 0000000020001000
[ 2409.089377][ T8823] CPU: 1 PID: 8823 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2409.098076][ T8823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2409.108219][ T8823] Call Trace:
[ 2409.111502][ T8823]  dump_stack+0x137/0x19d
[ 2409.115886][ T8823]  should_fail+0x23c/0x250
[ 2409.120391][ T8823]  ? vm_area_dup+0x44/0x120
[ 2409.125000][ T8823]  __should_failslab+0x81/0x90
[ 2409.129763][ T8823]  should_failslab+0x5/0x20
[ 2409.134335][ T8823]  kmem_cache_alloc+0x46/0x2f0
[ 2409.139219][ T8823]  ? pagerange_is_ram_callback+0xb6/0xd0
[ 2409.144968][ T8823]  vm_area_dup+0x44/0x120
[ 2409.149303][ T8823]  ? kcsan_setup_watchpoint+0x231/0x3e0
[ 2409.154847][ T8823]  ? perf_event_mmap+0x14c/0xd00
[ 2409.159791][ T8823]  ? pfn_modify_allowed+0x87/0x190
[ 2409.164904][ T8823]  ? remap_pfn_range_notrack+0x71c/0x770
[ 2409.170539][ T8823]  ? vma_interval_tree_augment_rotate+0xe9/0x100
[ 2409.176872][ T8823]  ? anon_vma_interval_tree_iter_next+0x2a0/0x2a0
[ 2409.183332][ T8823]  __split_vma+0x82/0x320
[ 2409.187659][ T8823]  ? vmacache_find+0x2df/0x320
[ 2409.192415][ T8823]  __do_munmap+0x27c/0x1330
[ 2409.196968][ T8823]  ? up_write+0x25/0xc0
[ 2409.201120][ T8823]  ? vma_link+0x188/0x1a0
[ 2409.205443][ T8823]  mmap_region+0x58a/0x13e0
[ 2409.209944][ T8823]  ? security_mmap_addr+0x78/0x90
[ 2409.214962][ T8823]  do_mmap+0x77d/0xc90
[ 2409.219021][ T8823]  vm_mmap_pgoff+0xf9/0x1d0
[ 2409.223517][ T8823]  ksys_mmap_pgoff+0x2a8/0x380
[ 2409.228272][ T8823]  do_syscall_64+0x4a/0x90
[ 2409.232681][ T8823]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2409.238571][ T8823] RIP: 0033:0x466622
[ 2409.242453][ T8823] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[ 2409.262063][ T8823] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
09:01:44 executing program 5 (fault-call:1 fault-nth:7):
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

09:01:44 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000000c0), 0x40000000, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:44 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x42}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:44 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xc02000000000)

09:01:44 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x60b21e00000000)

[ 2409.270559][ T8823] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2409.278542][ T8823] RDX: 0000000000000003 RSI: 0000000000100000 RDI: 0000000020c41000
[ 2409.286595][ T8823] RBP: 0000000020c41000 R08: 0000000000000006 R09: 0000000010000000
[ 2409.294554][ T8823] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2409.302511][ T8823] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
[ 2409.359508][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2409.367622][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2409.381029][ T8848] FAULT_INJECTION: forcing a failure.
[ 2409.381029][ T8848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2409.394115][ T8848] CPU: 0 PID: 8848 Comm: syz-executor.5 Not tainted 5.13.0-rc7-syzkaller #0
[ 2409.402806][ T8848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2409.412866][ T8848] Call Trace:
[ 2409.416136][ T8848]  dump_stack+0x137/0x19d
[ 2409.420464][ T8848]  should_fail+0x23c/0x250
[ 2409.424950][ T8848]  should_fail_usercopy+0x16/0x20
[ 2409.429995][ T8848]  _copy_to_user+0x1c/0x90
[ 2409.434405][ T8848]  simple_read_from_buffer+0xab/0x120
[ 2409.439787][ T8848]  proc_fail_nth_read+0xf6/0x140
[ 2409.444724][ T8848]  ? rw_verify_area+0x136/0x250
[ 2409.449596][ T8848]  ? proc_fault_inject_write+0x200/0x200
[ 2409.455299][ T8848]  vfs_read+0x154/0x5d0
[ 2409.459440][ T8848]  ? copy_fpregs_to_fpstate+0xd8/0x110
[ 2409.464941][ T8848]  ? __switch_to+0x14e/0x4b0
[ 2409.469511][ T8848]  ? __fget_light+0x21b/0x260
[ 2409.474170][ T8848]  ? __cond_resched+0x11/0x40
[ 2409.478825][ T8848]  ksys_read+0xce/0x180
[ 2409.482957][ T8848]  __x64_sys_read+0x3e/0x50
[ 2409.487445][ T8848]  do_syscall_64+0x4a/0x90
[ 2409.491864][ T8848]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2409.497743][ T8848] RIP: 0033:0x41935c
[ 2409.501613][ T8848] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2409.521242][ T8848] RSP: 002b:00007efc1d996170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2409.529632][ T8848] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 000000000041935c
[ 2409.537649][ T8848] RDX: 000000000000000f RSI: 00007efc1d9961e0 RDI: 0000000000000004
[ 2409.545597][ T8848] RBP: 00007efc1d9961d0 R08: 0000000000000000 R09: 0000000010000000
09:01:44 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x60}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:44 executing program 2:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_MADVISE={0x19, 0x2, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1d, 0x1}, 0x6)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x29c6, &(0x7f0000000140)={0x0, 0xd71f, 0x10, 0x3, 0x2e1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc)

09:01:44 executing program 3 (fault-call:5 fault-nth:29):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:44 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x80000000000000)

09:01:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

[ 2409.553551][ T8848] R10: 0000000000008011 R11: 0000000000000246 R12: 0000000000000001
[ 2409.561513][ T8848] R13: 00007ffe88c0786f R14: 00007efc1d996300 R15: 0000000000022000
09:01:44 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x100000000000000)

[ 2409.654854][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2409.661364][ T8874] FAULT_INJECTION: forcing a failure.
[ 2409.661364][ T8874] name failslab, interval 1, probability 0, space 0, times 0
[ 2409.662890][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2409.682968][ T8874] CPU: 0 PID: 8874 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2409.691817][ T8874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2409.701898][ T8874] Call Trace:
[ 2409.705165][ T8874]  dump_stack+0x137/0x19d
[ 2409.709490][ T8874]  should_fail+0x23c/0x250
[ 2409.713960][ T8874]  ? vm_area_dup+0x44/0x120
[ 2409.718464][ T8874]  __should_failslab+0x81/0x90
[ 2409.723316][ T8874]  should_failslab+0x5/0x20
[ 2409.728166][ T8874]  kmem_cache_alloc+0x46/0x2f0
[ 2409.732927][ T8874]  vm_area_dup+0x44/0x120
[ 2409.737345][ T8874]  __split_vma+0x82/0x320
[ 2409.741854][ T8874]  ? vmacache_find+0x2df/0x320
[ 2409.746614][ T8874]  __do_munmap+0x2e9/0x1330
[ 2409.751116][ T8874]  ? up_write+0x25/0xc0
[ 2409.755348][ T8874]  ? vma_link+0x188/0x1a0
[ 2409.760544][ T8874]  mmap_region+0x58a/0x13e0
[ 2409.765051][ T8874]  ? security_mmap_addr+0x78/0x90
[ 2409.770331][ T8874]  do_mmap+0x77d/0xc90
[ 2409.774394][ T8874]  vm_mmap_pgoff+0xf9/0x1d0
[ 2409.778888][ T8874]  ksys_mmap_pgoff+0x2a8/0x380
[ 2409.783715][ T8874]  do_syscall_64+0x4a/0x90
[ 2409.788153][ T8874]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2409.794045][ T8874] RIP: 0033:0x466622
[ 2409.797974][ T8874] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[ 2409.817843][ T8874] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 2409.826258][ T8874] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2409.834472][ T8874] RDX: 0000000000000003 RSI: 0000000000100000 RDI: 0000000020c41000
[ 2409.842655][ T8874] RBP: 0000000020c41000 R08: 0000000000000006 R09: 0000000010000000
09:01:44 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:44 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

09:01:44 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x400000000000000)

09:01:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

[ 2409.850629][ T8874] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2409.858639][ T8874] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:44 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1fa}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:44 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:44 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xfeffffff00000000)

09:01:44 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
shmget(0x2, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil)
r0 = shmget(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_STAT(r0, 0x2, &(0x7f00000000c0)=""/247)
shmget$private(0x0, 0x1000, 0x200, &(0x7f0000ffd000/0x1000)=nil)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = shmget(0x2, 0x2000, 0x400, &(0x7f0000ffc000/0x2000)=nil)
shmctl$IPC_RMID(r1, 0x0)

[ 2409.974113][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2409.982312][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:45 executing program 3 (fault-call:5 fault-nth:30):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:45 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x2, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
epoll_create(0x5)

09:01:45 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x503e, 0x4}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2410.114473][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2410.122612][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:01:45 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x7, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x30, 0xffffffffffffffff, 0x0)

[ 2410.216092][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2410.224118][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2410.225725][ T8957] FAULT_INJECTION: forcing a failure.
[ 2410.225725][ T8957] name failslab, interval 1, probability 0, space 0, times 0
[ 2410.244915][ T8957] CPU: 0 PID: 8957 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2410.253767][ T8957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2410.263935][ T8957] Call Trace:
[ 2410.267323][ T8957]  dump_stack+0x137/0x19d
[ 2410.271662][ T8957]  should_fail+0x23c/0x250
[ 2410.276168][ T8957]  ? vm_area_dup+0x44/0x120
[ 2410.280936][ T8957]  __should_failslab+0x81/0x90
[ 2410.285831][ T8957]  should_failslab+0x5/0x20
[ 2410.290452][ T8957]  kmem_cache_alloc+0x46/0x2f0
[ 2410.295651][ T8957]  vm_area_dup+0x44/0x120
[ 2410.300053][ T8957]  __split_vma+0x82/0x320
[ 2410.304383][ T8957]  ? vmacache_find+0x2df/0x320
[ 2410.309147][ T8957]  __do_munmap+0x2e9/0x1330
[ 2410.313651][ T8957]  ? up_write+0x25/0xc0
[ 2410.317889][ T8957]  ? vma_link+0x188/0x1a0
[ 2410.322266][ T8957]  mmap_region+0x58a/0x13e0
[ 2410.326774][ T8957]  ? security_mmap_addr+0x78/0x90
[ 2410.331802][ T8957]  do_mmap+0x77d/0xc90
[ 2410.335871][ T8957]  vm_mmap_pgoff+0xf9/0x1d0
[ 2410.340385][ T8957]  ksys_mmap_pgoff+0x2a8/0x380
[ 2410.345191][ T8957]  do_syscall_64+0x4a/0x90
[ 2410.349612][ T8957]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2410.355687][ T8957] RIP: 0033:0x466622
[ 2410.359644][ T8957] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[ 2410.379999][ T8957] RSP: 002b:00007f067829c0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 2410.388676][ T8957] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 0000000000466622
[ 2410.397010][ T8957] RDX: 0000000000000003 RSI: 0000000000100000 RDI: 0000000020c41000
[ 2410.404979][ T8957] RBP: 0000000020c41000 R08: 0000000000000006 R09: 0000000010000000
09:01:45 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1fc}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

09:01:45 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x8, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000000040))
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000080)=0x5, 0x4)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f00000000c0)=0xb9)

09:01:45 executing program 3 (fault-call:5 fault-nth:31):
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x0, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20004004)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_KEY_FLUSH(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff0001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6c}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffff321}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x57fb930a}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4004}, 0x4000)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, 0x0, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$SG_SCSI_RESET(r1, 0x2270, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_SET_FD(r3, 0x4c00, r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2410.413144][ T8957] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140
[ 2410.421137][ T8957] R13: 0000000020c41000 R14: 0000000020000000 R15: 0000000020d1f000
09:01:45 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x204, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2410.493020][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2410.501066][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900})

09:01:45 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x503c, 0x0, 0x0, 0xfffffffe}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x3, 0x121001)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000000c0), 0x1000, 0x410000)
ioctl$SG_GET_LOW_DMA(r1, 0x227a, &(0x7f0000000100))

[ 2410.624229][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2410.632262][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2410.660974][ T9004] FAULT_INJECTION: forcing a failure.
[ 2410.660974][ T9004] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2410.674048][ T9004] CPU: 1 PID: 9004 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2410.682729][ T9004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2410.692777][ T9004] Call Trace:
[ 2410.696055][ T9004]  dump_stack+0x137/0x19d
[ 2410.700461][ T9004]  should_fail+0x23c/0x250
[ 2410.704882][ T9004]  should_fail_usercopy+0x16/0x20
[ 2410.709985][ T9004]  _copy_to_user+0x1c/0x90
[ 2410.714404][ T9004]  simple_read_from_buffer+0xab/0x120
[ 2410.719833][ T9004]  proc_fail_nth_read+0xf6/0x140
09:01:45 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c7c000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000000)={0x0, "b26af8e34ccb95a019e2fb312c73080f2adff1913dafc40a4e20d531d4aee63f11412f6a0147de2bf2c6f6fdcf65822f91ff37c5cfa9322e5943f645d1a08c6f2657f4cfef68ffc6"}, 0x50, 0x0)

09:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00})

[ 2410.724864][ T9004]  ? rw_verify_area+0x136/0x250
[ 2410.729715][ T9004]  ? proc_fault_inject_write+0x200/0x200
[ 2410.735354][ T9004]  vfs_read+0x154/0x5d0
[ 2410.739615][ T9004]  ? __fget_light+0x21b/0x260
[ 2410.744371][ T9004]  ? __cond_resched+0x11/0x40
[ 2410.749047][ T9004]  ksys_read+0xce/0x180
[ 2410.753196][ T9004]  __x64_sys_read+0x3e/0x50
[ 2410.757757][ T9004]  do_syscall_64+0x4a/0x90
[ 2410.762241][ T9004]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2410.768209][ T9004] RIP: 0033:0x41935c
09:01:45 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x202}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x10}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:45 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x2bc, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 0:
syz_open_dev$vcsa(&(0x7f0000000000), 0x33d1, 0x620000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x9, 0x40010, 0xffffffffffffffff, 0x0)

[ 2410.772229][ T9004] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2410.792141][ T9004] RSP: 002b:00007f067829c170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2410.800633][ T9004] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000041935c
[ 2410.808604][ T9004] RDX: 000000000000000f RSI: 00007f067829c1e0 RDI: 0000000000000005
[ 2410.816578][ T9004] RBP: 00007f067829c1d0 R08: 0000000000000000 R09: 0000000010000000
09:01:45 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x402, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2410.824543][ T9004] R10: 0000000000008011 R11: 0000000000000246 R12: 0000000000000002
[ 2410.832524][ T9004] R13: 00007ffc573524ff R14: 00007f067829c300 R15: 0000000000022000
[ 2410.853066][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2410.861095][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:45 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:45 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x200000c, 0x31, r0, 0x0)

09:01:45 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000000))
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00})

09:01:46 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3061, &(0x7f0000000000)={0x0, 0xc9ff, 0x8, 0x3, 0x25e}, &(0x7f0000fba000/0x2000)=nil, &(0x7f0000fb7000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r3, 0x0, 0x0)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x10000000)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r5}}, 0x7)
r6 = syz_io_uring_setup(0x3d2c, &(0x7f0000000100)={0x0, 0x9c21, 0x2, 0x0, 0x3e, 0x0, r0}, &(0x7f0000f82000/0xe000)=nil, &(0x7f0000c01000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000008, 0x4010010, 0xffffffffffffffff, 0x0)
r8 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r8, 0x0, 0x0)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r8, 0x10000000)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r9, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r10}}, 0x7)
syz_io_uring_submit(r7, r2, &(0x7f0000000280)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r10}}, 0x8)
syz_io_uring_submit(r1, r4, &(0x7f0000000240)=@IORING_OP_FILES_UPDATE={0x14, 0x4, 0x0, 0x0, 0xd5e0, &(0x7f0000000200)=[r6, r0], 0x2, 0x0, 0xf1979d75aaae7527}, 0x9fd8)

[ 2411.015595][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.023743][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000})

09:01:46 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x406, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2411.141175][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.149280][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x204}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x38200, 0x0)
syz_io_uring_setup(0x28c, &(0x7f00000001c0)={0x0, 0x6f, 0x2, 0x0, 0x95, 0x0, r1}, &(0x7f0000800000/0x800000)=nil, &(0x7f0000fef000/0x10000)=nil, &(0x7f0000000240), &(0x7f0000000280))
mmap$IORING_OFF_SQES(&(0x7f0000fcb000/0x4000)=nil, 0x4000, 0x5, 0x53, r1, 0x10000000)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2, 0x400, 0x0, 0x9, 0xe, 0x0, "3a83aab2c3ee26cf3783f85b0d56d8ca882771a94a4d0931259c035aa6c3892aaa3ce513a24e7fdb2c6a807e088b73c14335ce0ccacc22bcab4c36ee7837ad2b", "ca49da8e059723e4ff5552f380abe09422b7797f9c6c5570c9e75042961fc9d073ebb64fab9c82db5c1bfe57c97dea9f0c323570d13c98f2041d193135d83aa0", "25d5b569de14a9a74e59b3266ef935406b5944c61ab3e04ba50ac353195345df", [0xffffffff]})
mmap$usbmon(&(0x7f0000fb8000/0x3000)=nil, 0x3000, 0x2000000, 0x10010, r1, 0x800)
mmap$IORING_OFF_SQ_RING(&(0x7f00008c1000/0x2000)=nil, 0x2000, 0x1000004, 0x51, r0, 0x0)

09:01:46 executing program 0:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x110, &(0x7f0000000000)=0xfffffffc, 0x0, 0x4)

09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

09:01:46 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x604, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x700, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2411.268926][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.277057][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4200})

09:01:46 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000000))

09:01:46 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x0, 0x0, 0x285}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x10, r0, 0x10000000)

09:01:46 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x402}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2411.399048][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.407176][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000})

09:01:46 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x8)
syz_io_uring_setup(0x1d41, &(0x7f0000000000)={0x0, 0x9041, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:46 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0xbc02, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000ec0)=[{{&(0x7f0000000000)=@x25, 0x80, &(0x7f0000000700)=[{&(0x7f0000000080)=""/102, 0x66}, {&(0x7f0000000100)=""/31, 0x82}, {&(0x7f0000000140)=""/253, 0xfd}, {&(0x7f0000000240)=""/201, 0xc9}, {&(0x7f0000000340)=""/14, 0xe}, {&(0x7f0000000380)=""/230, 0xe6}, {&(0x7f0000000480)=""/35, 0x23}, {&(0x7f00000004c0)=""/235, 0xeb}, {&(0x7f00000005c0)=""/75, 0x4b}, {&(0x7f0000000640)=""/191, 0xbf}], 0xa, &(0x7f00000007c0)=""/208, 0xd0}, 0xedc}, {{&(0x7f00000008c0)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000940)=""/200, 0xc8}, {&(0x7f0000000a40)=""/91, 0x5b}, {&(0x7f0000000fc0)=""/218, 0xda}, {&(0x7f0000000bc0)=""/138, 0x8a}, {&(0x7f0000000c80)=""/123, 0x7b}, {&(0x7f0000000d00)=""/84, 0x54}], 0x6, &(0x7f0000000e00)=""/170, 0xaa}, 0x20}], 0x2, 0x100, &(0x7f0000000f80))
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r0, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, 0x0, 0x0)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x10000000)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r3}}, 0x7)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r5, 0x0, 0x0)
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x10000000)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r7}}, 0x7)
syz_io_uring_submit(r0, r2, &(0x7f00000018c0)=@IORING_OP_SENDMSG={0x9, 0x5, 0x0, r4, 0x0, &(0x7f0000001880)={&(0x7f0000000ac0)=@in6={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x1f}, 0x80, &(0x7f0000001400)=[{&(0x7f0000000b40)="770cbad8717f3127d6fc545f57ad54da10514101f501462023d830942ff5a4610834237ab0bca4330e24238024e89cdb9fb9a9dcbfebc91a6c4a35c8eaad4ba7", 0x40}, {&(0x7f0000000b80)}, {&(0x7f0000000f40)="bed2831825deeefc7cee6652c05a9319d812217d89b5e8a3cda899c1b578053082c0467bd04509fb3128c0964b", 0x2d}, {&(0x7f00000010c0)="aa7beb7b8df5c7da42e055bd6d48f862324f6b582398eb84759ff58fd61fbc0cf9751ab756fe5df623ca784ebc512d590cba64bdf79a7c955e66e76451ceb49c50f13647122a41bb2fdc7c48caa9cf66826220d6a40c18952c97b4d5", 0x5c}, {&(0x7f0000001140)="7681732191b1a3c6a18b219b611738535c0cb834343aea7d81e34a08bd28f93a95d342264fb10be485c10cf31c36a71bd73d89a4a1c0fe57b80a094173f0c06da66e526ea3e0b578e1a31de0d8d8ec0f95d13712c2cb85e7d62aaa9a27933a8387155765827642788e477b18aba15b473923404372fe2b957f022b5d0263410d1b3f96de3a5f5b74bd1233b1a87d20e43ea4217fbf0f89", 0x97}, {&(0x7f0000001200)="bffdacdd10f89832fda6137db16699deb286d497cfd8f44eff223d51400887ff2b4c37f491a7662f560e909103ce31c2ec19fdfd83606a1560789be1", 0x3c}, {&(0x7f0000001240)="6a901ede71f6df268ec3e4be34ebb02567199114f264d3d39523eb9f23f582f482b8360a7924af88e87c49cfb69dbf9a12534cdd1265efa7c571e03dd61a35959b8c94a4ddd5243939b6dea62247a0da790654bdd96d598d04670f18eab37877e3d1a42e3b52d0aedd0a7e2143a36520d53efcbed8fb23fc24aa1682ae9bb8", 0x7f}, {&(0x7f00000012c0)="e6e8f192ffa6779955299cc28632b39014e3a499b2b3b7715191901067fe15c00bf7e10b1d7019dcd3993df8b949c07a3818dad4c13e431593339ab608c9972285f2aa73222a5ec7f9af533f7f15a444f321278ecc9ccb4021ca94a29902747e6c30b157bba20eba4958053bee542f8f3e4c78edbf6638b36e346e80004b20293eda58909c387d36de0250c97766280452d357762762e6d43eb4033ee6e24d28afdcc6abc17e4f819f7995ead0c4d4d776a4537287e2d754d46c67a221343908e222fdcf71e81ce029373c3411596014da50f60a2f30f39e73d5409fddff41606ba68b8e09aa7e3baf", 0xe9}, {&(0x7f00000013c0)="6ea754601a6fd80ab95310fde0232d5c3891b78914534b7071a56f453cc826743c443b354bfd2145ef0c5fac", 0x2c}], 0x9, &(0x7f00000014c0)=[{0x18, 0x114, 0x100, "9d75"}, {0x70, 0x104, 0x7, "fabe7d949895b1c35301ed28d8487a3090b2b974e81297abe678fa5ddfb909f362718ac5353b15aabf3e6c875bab15e1f430c3980c0c30e07d8d2a0e8bf891dee2522c47849bbbf17f8d91a18e8509fefc16eece8fe33d127fd2d1"}, {0xa0, 0x115, 0x7, "c10bb32625b130e34f0f5a608de8bc6569d8c595d4fc47ac9f9f0f7d72bef0ba9d72cff0200f6a36fad9b738e6e4666f36d4e3215306e0a55d398649957b0a0bd5b47ce97ef24b47d631bdf4d85ca7c1f1c44419d3745d0a5e629ecd6adbd217c520f1608a6b94948792a1cf5acd97c0edf64be4046727b83a1737174f8312e25c0ad8d0cfd928d3457e29"}, {0x38, 0x84, 0x1f, "a9366c33ed06f6abb615ec7afbaf3618946fabc16579dfc037fdb586024fc0c623fc449fdaa7"}, {0xf0, 0x118, 0xfff, "5f808cb79a2688bb6ec83ad42110210e5fcd5345c254a8730b45a188840c1aa969abbbb5eb6a403de47b6bb7a56b7650c44d139049888498acd53404c47b2f1d672e0854ac492d0bd7aff81a47d9beb0ecdb9b81577c5eff6b4c440104ad9f6841adcac6cbc32ca8f2a15e2f6d8758f561116aa71a52e66f82f50d602d5f714296b7bc2798ccd3823cdc813c514ac26f381791338c60e6a8d4126dc9b03b08ccdcb21f6ce470bce88af5c8d72fbe061b696af6a3c6353ae1213054c72664f6292234174187bf47f3b56aecab20d033027672c835139390b5b4351edc7703"}, {0x38, 0x1, 0x3, "bd40da151e0f224dc2bcbf469c0d1d708f6d1016a20b3695a2b3e5166f5bdc4ce66866e0ca"}, {0x100, 0x115, 0xc97, "838710ffef509455ab14475fc93e9d154e7fca2309fd046469384a84fff100377c59e07eb3f18055ffcd04329b1c43924d2e61a4343810c99f9219e28443b596ed64a2a284d392e00c5e1a63898ee0e9da6e1090a630472400f70e4f5fe899712ef0d0fc0d62f45e285875aa35238201c7de1c289c4083f0b4b215238edf366302326c359ad1c998a579eff2c9be6d69e669115cdba8db5a24de5d9e0e2eb77a16d84165b9dfd2a251da09366c0fc542835aa7ccc22fb06bca934b9295fb6f9fe8dff667a664bf6a4a25ddd58554face09923a82621751ae564a6f3ffef8161dcb46a9b296b5ef91168cde"}], 0x388}, 0x0, 0x10, 0x0, {0x0, r7}}, 0x1)

[ 2411.519597][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.527739][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

09:01:46 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
clock_settime(0x4, &(0x7f00000001c0)={0x77359400})
syz_io_uring_setup(0x103, &(0x7f0000000200)={0x0, 0xbd5a, 0x20, 0x1, 0x48}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000280), &(0x7f00000002c0))
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x10000000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r4}}, 0x7)
syz_io_uring_submit(r1, r3, &(0x7f0000000080)=@IORING_OP_WRITE={0x17, 0x0, 0x2004, @fd_index=0xa, 0x18b5, &(0x7f0000000000)="17ab052f1df7ada133c3f08dee36499a65997e33642181f23eccdce529704b94b5a69e6c0edc9f4aebc586874386a0c4240af45471d7a60a5ee8bc3cd5bd7e079a7a757a54ebf0c3658057d311d284493c91ebe43b0360b5831b626f0db20c22b60e7a590e7a483c2221520f422e2a628f5a09937f7cbab71e", 0x79, 0x11, 0x1}, 0x2)
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x31, r0, 0x0)
syz_io_uring_setup(0x5325, &(0x7f00000000c0)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:46 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000c27000/0xd000)=nil, 0xd000, 0x0, 0x110, 0xffffffffffffffff, 0x10000000)

09:01:46 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x20000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2411.638220][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.646512][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})

09:01:46 executing program 0:
r0 = fsmount(0xffffffffffffffff, 0x0, 0x70)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, r0, 0x0)

09:01:46 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x406}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f00000000c0)={0x0, 0x5054, 0x0, 0x1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
select(0x40, &(0x7f0000000000)={0x54, 0x1, 0xfffffffffffffff9, 0x6, 0x0, 0x5, 0x7, 0x3}, &(0x7f0000000040)={0x5, 0xeb, 0x8, 0x200, 0x80, 0x7ff80, 0x8, 0x94f0c1e}, &(0x7f0000000080)={0x8, 0x589, 0x7f, 0x80000000, 0x3, 0x10000, 0x1ff, 0x200}, &(0x7f0000000140))

09:01:46 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x1000000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ef4000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)

[ 2411.750173][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.758220][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2411.796034][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.804434][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000})

09:01:46 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000eff000/0x2000)=nil, 0x2000, 0xe, 0x1010, r0, 0x0)

09:01:46 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x2000000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2411.931101][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2411.939227][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:46 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x5}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000})

09:01:46 executing program 2:
r0 = getpid()
ioprio_get$pid(0x1, r0)
sched_rr_get_interval(r0, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:47 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x604}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000e30000/0x1000)=nil, 0x1000, 0x0, 0x80010, 0xffffffffffffffff, 0x0)

09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x2040000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000})

[ 2412.066805][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.074870][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x6040000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), 0xffffffffffffffff)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

[ 2412.154382][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.162494][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000})

09:01:47 executing program 0:
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:47 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x7}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x7000000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x700}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x5c200, 0x0)

09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000})

[ 2412.283832][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.291868][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0xffffffffffffff7f)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x5040, 0x2, 0x3, 0xfffffffd, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000000000), &(0x7f0000002300))

09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x8000000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2412.388232][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.396268][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000})

09:01:47 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$usbmon(&(0x7f0000f02000/0x3000)=nil, 0x3000, 0x9, 0x100010, 0xffffffffffffffff, 0x1)

[ 2412.466677][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.474744][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000})

09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0xbc020000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x402}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2412.577002][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.585053][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42000000})

09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0xffffffff, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x1)

[ 2412.697741][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.705987][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff})

09:01:47 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x22db, &(0x7f0000000000)={0x0, 0x1790, 0x0, 0x3, 0x175}, &(0x7f0000da5000/0x4000)=nil, &(0x7f0000f3f000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ea0000/0x1000)=nil, 0x1000, 0x200000c, 0x10010, r0, 0x0)

09:01:47 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2200}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:47 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2412.852722][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.860778][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfbffffff})

09:01:47 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000440), 0x200, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000ffdbdf255cab8bb34900030044c5fc99471e24ac5fe2167844ad1899a613387fce89f712348472f7e3a1a3a3ad21165208ee0ba9a6252d7a1f40a719329c9795b35e6ad8b059f6fe2b0bbc19f7beda6093c41816a76cb4ceff716e41861d15aad9eeaa1d1c5ee2da84e143e5de9da24e17796a396162a2ad3ccd30dfe2e21cdf", @ANYRES32=0x0, @ANYBLOB="0c009900f9ffffff6600000008006b000a00000008006b005a00000008006b0078000000"], 0x40}}, 0x844)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="526f0a02", @ANYRES16=0x0, @ANYBLOB="020026bd7000fedbdf251200000034000380080001000300000008000300ffffff7f08000200ff030000080002000100000008000300030000000800030009000000500002801400038008000200ff7f0000080002000400000008000200200000001c0003800800020080000000080002000100000008000100040000000800020000000000080001000300000004000400cc0001802c0004001400010002004e22e000000200000000000000001400020002004e23e000000200000000000000003400028008000300000000000800040003000000080002000700000008000300001000000800030007000000080003000900000024000280080003000100000008000300ff0000000800010007000000080004000500000044000400200001000a004e2400000003fe88000000000000000000000000000101000000200002000a004e2000000020ff020000000000000000000000000001ff7fffff1c0007800c00030009000000000000000c000300070000000000000028000780080002000800000008000200ffff000008000200000006000c00030074000000000000008000028014000380080001000800000008000200000100000400040008000100040000002c000380080001000600000008000200ffffffff08000200030000000800010001000080080001000200000008000200070000000400040008000200080000000c0003800800020001040000080002000080000008000200ac08000004000980240003800800010001000000080001000800000008000300070000000800010009000000"], 0x250}, 0x1, 0x0, 0x0, 0x4c040}, 0xc001)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000cd6000/0x1000)=nil, 0x1000, 0x4, 0x13, r0, 0x0)

09:01:47 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x2, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2412.962110][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2412.970129][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff})

09:01:48 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2413.097577][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2413.105723][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x22}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c9f000/0x2000)=nil, 0x2000, 0x4, 0x8010, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x9, 0x400)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
restart_syscall()
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
fstat(r2, &(0x7f0000000100))
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f00000000c0)={0x0, 0x0, 0x4})
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0xa, 0x0, r4)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x10000000, 0x450c00)
ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x2)

09:01:48 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x7, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff})

09:01:48 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000440), 0x200, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000ffdbdf255cab8bb34900030044c5fc99471e24ac5fe2167844ad1899a613387fce89f712348472f7e3a1a3a3ad21165208ee0ba9a6252d7a1f40a719329c9795b35e6ad8b059f6fe2b0bbc19f7beda6093c41816a76cb4ceff716e41861d15aad9eeaa1d1c5ee2da84e143e5de9da24e17796a396162a2ad3ccd30dfe2e21cdf", @ANYRES32=0x0, @ANYBLOB="0c009900f9ffffff6600000008006b000a00000008006b005a00000008006b0078000000"], 0x40}}, 0x844)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="526f0a02", @ANYRES16=0x0, @ANYBLOB="020026bd7000fedbdf251200000034000380080001000300000008000300ffffff7f08000200ff030000080002000100000008000300030000000800030009000000500002801400038008000200ff7f0000080002000400000008000200200000001c0003800800020080000000080002000100000008000100040000000800020000000000080001000300000004000400cc0001802c0004001400010002004e22e000000200000000000000001400020002004e23e000000200000000000000003400028008000300000000000800040003000000080002000700000008000300001000000800030007000000080003000900000024000280080003000100000008000300ff0000000800010007000000080004000500000044000400200001000a004e2400000003fe88000000000000000000000000000101000000200002000a004e2000000020ff020000000000000000000000000001ff7fffff1c0007800c00030009000000000000000c000300070000000000000028000780080002000800000008000200ffff000008000200000006000c00030074000000000000008000028014000380080001000800000008000200000100000400040008000100040000002c000380080001000600000008000200ffffffff08000200030000000800010001000080080001000200000008000200070000000400040008000200080000000c0003800800020001040000080002000080000008000200ac08000004000980240003800800010001000000080001000800000008000300070000000800010009000000"], 0x250}, 0x1, 0x0, 0x0, 0x4c040}, 0xc001)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000cd6000/0x1000)=nil, 0x1000, 0x4, 0x13, r0, 0x0)

09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffefff})

[ 2413.243287][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2413.251312][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x8, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4200}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2413.333641][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2413.341776][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd})

09:01:48 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000080), 0x101, 0x2)
ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5)
fsmount(0xffffffffffffffff, 0x0, 0x0)
setrlimit(0xa, &(0x7f0000000000)={0xb8, 0x7})
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x2, 0x38001)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1000008, 0x810, r1, 0x0)

09:01:48 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x204, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2413.477213][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2413.485255][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x3cc1, &(0x7f0000000000)={0x0, 0xbfbb, 0x8, 0x3, 0x2de}, &(0x7f0000c31000/0x2000)=nil, &(0x7f0000cd7000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:01:48 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x42}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})

09:01:48 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$usbmon(&(0x7f0000f02000/0x3000)=nil, 0x3000, 0x9, 0x100010, 0xffffffffffffffff, 0x1)

09:01:48 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x2bc, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x6000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2413.652382][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2413.660429][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5})

09:01:48 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x402, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$usbmon(&(0x7f0000f02000/0x3000)=nil, 0x3000, 0x9, 0x100010, 0xffffffffffffffff, 0x1)

09:01:48 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x220400, 0x0)
r1 = syz_io_uring_setup(0x79ca, &(0x7f0000000040)={0x0, 0x7f82, 0x27, 0x3, 0x13a, 0x0, r0}, &(0x7f0000f94000/0x4000)=nil, &(0x7f0000eaa000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x200000e, 0x10, r1, 0x0)

[ 2413.771926][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2413.779948][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x406, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb})

09:01:48 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x8010, 0xffffffffffffffff, 0x0)

[ 2413.885183][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2413.893218][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:48 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x60}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$usbmon(&(0x7f0000f02000/0x3000)=nil, 0x3000, 0x9, 0x100010, 0xffffffffffffffff, 0x1)

09:01:48 executing program 0:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd=r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r2}}, 0x1f)

09:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:48 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x604, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:48 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xd220}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2414.056931][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.064967][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:49 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x700, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:49 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 0:
r0 = syz_io_uring_setup(0x7fd2, &(0x7f0000000000)={0x0, 0x256, 0x2, 0x1, 0x15c}, &(0x7f0000efa000/0x4000)=nil, &(0x7f0000d91000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x100010, r0, 0x0)

09:01:49 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2414.205380][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.213404][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:49 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0xbc02, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x204}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:49 executing program 0:
ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x20000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2414.340952][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.348997][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:49 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfa01}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

09:01:49 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x402}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

[ 2414.476489][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.484519][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:49 executing program 0:
r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14)
r1 = syz_open_dev$sg(&(0x7f00000000c0), 0x100000000, 0x4200)
ioctl$SG_GET_RESERVED_SIZE(r1, 0x2272, &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000003240)={'batadv_slave_1\x00'})
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000003340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000003300)={&(0x7f0000000180)={0x24, 0x0, 0x200, 0x70bd2c, 0x25dfdbf9, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008085}, 0x0)

09:01:49 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x1000000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

09:01:49 executing program 2:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2414.558830][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.566939][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:49 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000), 0x4, 0x101080)
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000080)=""/88, 0x58})

09:01:49 executing program 2:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x406}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2414.680589][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.688610][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:49 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfc01}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 0:
shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffd000/0x3000)=nil)
shmget(0x1, 0x1000, 0x10, &(0x7f0000fff000/0x1000)=nil)
shmget$private(0x0, 0x3000, 0x40, &(0x7f0000ffd000/0x3000)=nil)

09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

09:01:49 executing program 2:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x2000000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2414.859338][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.867550][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:49 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000d77000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x500}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 2:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:49 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x2040000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[ 2414.964881][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2414.973005][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 2:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2415.067710][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.076067][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x40000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x6040000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

09:01:50 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:50 executing program 2:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:50 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x604}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x7000000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$usbmon(&(0x7f0000dfb000/0x1000)=nil, 0x1000, 0x1000004, 0x4000010, 0xffffffffffffffff, 0x1)
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x4, 0x202000)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
mmap$usbmon(&(0x7f0000fed000/0xc000)=nil, 0xc000, 0x1, 0x80010, r0, 0x80000000)
recvmsg(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1, &(0x7f00000000c0)=""/4096, 0x1000}, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000001240), 0x28c, 0x300)
ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f0000001200)={&(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000001280)=""/147, 0x93})

[ 2415.194979][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.203146][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900})

09:01:50 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:50 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205)
write$tcp_congestion(0xffffffffffffffff, &(0x7f0000000000)='htcp\x00', 0x5)

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x8000000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x80000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00})

[ 2415.354883][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.362910][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2415.372981][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.381103][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 0:
r0 = syz_io_uring_setup(0x65c9, &(0x7f0000000000)={0x0, 0x68f3, 0x0, 0x0, 0x3b9}, &(0x7f0000e0b000/0x1000)=nil, &(0x7f0000f37000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
getitimer(0x1, &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x3000000, 0x11, r0, 0x0)

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0xbc020000, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:50 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x700}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2415.474789][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.482811][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00})

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0xffffffff, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x8, 0x31, 0xffffffffffffffff, 0x0)

09:01:50 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000})

[ 2415.594714][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.602769][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 0:
ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000000)={0x1000, ""/4096})

09:01:50 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x91000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7, 0x0, 0x0, 0x16b}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:50 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

[ 2415.707715][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.715842][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_RESP(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0x7c}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0x8}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0xbf}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x8001)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = io_uring_setup(0x47dd, &(0x7f0000000100)={0x0, 0x6419, 0x4, 0x3, 0x1ae})
io_uring_setup(0x71d0, &(0x7f0000000200)={0x0, 0x74fa, 0x16, 0x3, 0x149, 0x0, r1})

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x2, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2415.795409][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.803552][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4200})

09:01:50 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c6f000/0x1000)=nil, 0x1000, 0x5, 0x2010, 0xffffffffffffffff, 0x0)

09:01:50 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x7, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2415.905778][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2415.913802][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:50 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x100900}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000})

09:01:50 executing program 0:
r0 = io_uring_setup(0x4cd4, &(0x7f0000000000)={0x0, 0xdcc4, 0x0, 0x2, 0x166})
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ecd000/0x4000)=nil, 0x4000, 0x0, 0x100010, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x104, &(0x7f0000000080)=0xa37f, 0x0, 0x4)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ecd000/0x3000)=nil, 0x3000, 0x1000004, 0x10, r2, 0x0)

09:01:50 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2200}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x8, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:51 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x10001, 0x2000)
syz_io_uring_setup(0x2be8, &(0x7f0000000040)={0x0, 0x9c05, 0x1, 0x3, 0x41, 0x0, r0}, &(0x7f0000f89000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000100))

[ 2416.052071][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.060097][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

09:01:51 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x204, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2416.158209][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.166235][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 0:
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x2, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1, {0x1, r0}}, 0x7f)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fac000/0x1000)=nil, 0x1000, 0x300000f, 0x20010, r2, 0x0)

09:01:51 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x400000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})

09:01:51 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

09:01:51 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x2bc, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 0:
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r0=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'tunl0\x00', r0, 0x80, 0x700, 0x1f, 0x7fff, {{0xc, 0x4, 0x0, 0x1, 0x30, 0x66, 0x0, 0x4, 0x29, 0x0, @empty, @loopback, {[@noop, @timestamp={0x44, 0x18, 0x19, 0x0, 0x7, [0x5, 0x4, 0x400, 0x4, 0x1]}, @end, @end]}}}}})
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000})

[ 2416.295598][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.303640][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x402, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2416.374101][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.382125][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000})

09:01:51 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x203, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205)
getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14)
syz_genetlink_get_family_id$fou(&(0x7f0000000000), r0)

[ 2416.499670][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.507776][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 2:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0xffffffff, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x40991d}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x406, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000})

09:01:51 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4200}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x400)
r1 = accept$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000001c0)=0x14)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
r3 = fsmount(0xffffffffffffffff, 0x0, 0x4)
ioctl$SG_SET_KEEP_ORPHAN(r3, 0x2287, &(0x7f0000000200)=0x8)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0xff}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x1)

09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x604, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2416.634610][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.642661][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000})

09:01:51 executing program 2:
r0 = syz_io_uring_setup(0x65c9, &(0x7f0000000000)={0x0, 0x68f3, 0x0, 0x0, 0x3b9}, &(0x7f0000e0b000/0x1000)=nil, &(0x7f0000f37000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
getitimer(0x1, &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x3000000, 0x11, r0, 0x0)

09:01:51 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x600000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, 0x0, 0x0)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x10000000)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r3}}, 0x7)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r3)
r4 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000e8c000/0x2000)=nil)
shmctl$IPC_RMID(r4, 0x0)
pselect6(0x40, &(0x7f0000000040)={0x7, 0x6, 0x1674, 0x4, 0x1, 0x6, 0xfffffffffffffffd, 0xffffffff}, &(0x7f0000000100)={0x0, 0x91, 0x7, 0x8, 0x1f, 0x9, 0x4, 0x2}, &(0x7f0000000140)={0x3, 0x6, 0x0, 0xfffffffffffff216, 0x0, 0x3, 0x1, 0xc0000000}, &(0x7f0000000180)={0x77359400}, &(0x7f0000000200)={&(0x7f00000001c0)={[0x5]}, 0x8})

09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x700, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 2:
r0 = syz_io_uring_setup(0x65c9, &(0x7f0000000000)={0x0, 0x68f3, 0x0, 0x0, 0x3b9}, &(0x7f0000e0b000/0x1000)=nil, &(0x7f0000f37000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
getitimer(0x1, &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x3000000, 0x11, r0, 0x0)

[ 2416.772181][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.780209][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000})

09:01:51 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0xbc02, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:51 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, r0, 0x0)

09:01:51 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x6000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2416.889996][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2416.898201][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000})

09:01:51 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xd220}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x20000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000})

09:01:52 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x80ffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 0:
sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2417.007788][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.015832][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x1000000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2417.083047][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.091082][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42000000})

09:01:52 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x4, 0x298080)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000300)={0x0, 0xfffffffffffffffc, 0xb7, 0xb8, @scatter={0x1, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/159, 0x9f}]}, &(0x7f0000000140)="187be820182e614f4b7d0d368eefdb91f519ecbf91ed058409360000f6fec98344acede1a0b0bcc9752ac700ac82d0767a4f02308114f48697638f7248435388340222b4b42e01121f733fefe6d59f946314802de360a1d034a90facd38d42a8f227fd1fc90addda487f40490ee0ab470de06aef8f9a285e97fe17e97ed797d955cf3c938988e90c5e5001e14b20312db4105691b2c2928dfd6adf38495c9c949ccd799bbe19c7999f4e489eeb4e5cfdc869a1e6d8ecc2", &(0x7f0000000200)=""/146, 0x9, 0x1, 0x1, &(0x7f00000002c0)})
r2 = syz_open_dev$sg(&(0x7f0000000380), 0x3f, 0x81)
ioctl$SG_SET_TIMEOUT(r2, 0x2201, &(0x7f00000003c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, r0, 0x0)

09:01:52 executing program 2:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0xbc020000, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff})

[ 2417.181844][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.189937][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x40000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x2000000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2417.260769][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.268853][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfbffffff})

09:01:52 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x8010, 0xffffffffffffffff, 0x0)
shmget$private(0x0, 0x4000, 0x10, &(0x7f0000c57000/0x4000)=nil)

09:01:52 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xc0ffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff})

09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x2040000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2417.372476][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.380935][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000cd9000/0x4000)=nil, 0x4000, 0x0, 0x31, r0, 0x0)

[ 2417.459474][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.467529][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff})

09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x6040000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x80ffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2417.560034][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.568074][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x80000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffefff})

09:01:52 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 0:
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYRESHEX, @ANYRES16=r0, @ANYBLOB="000425bd7000fbdbdf250a00a6c8080039000000008005002e000000000005002d0001000000050033000200000005003300000000000500330000000000050030000000000005002d0001f80000", @ANYRESOCT=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRES64=r0], 0x54}, 0x1, 0x0, 0x0, 0x24000080}, 0x50811)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x7000000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x80ffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2417.718206][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.726255][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd})

09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x8000000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})

[ 2417.822000][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.830029][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x91000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5})

09:01:52 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x3c0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r0, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140), 0x4a2a41, 0x0)
ioctl$SG_GET_ACCESS_COUNT(r3, 0x2289, &(0x7f00000001c0))
syz_io_uring_submit(r0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r1, 0x101, 0x0, 0x1, 0x5, 0x0, {0x0, r2}}, 0x6)

[ 2417.921456][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2417.929585][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:52 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0xbc020000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:52 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb})

09:01:53 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
getsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000000), &(0x7f0000000040)=0x10)

[ 2418.003630][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.011690][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0xffffffff, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10001e}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

[ 2418.102995][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.111565][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000), 0x468, 0x131400)

[ 2418.204159][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.212191][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

09:01:53 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2020000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x50, 0xffffffffffffffff, 0x0)

[ 2418.305367][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.313374][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})

09:01:53 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x100900}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0x80089203, &(0x7f0000000180))
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2418.429963][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.438003][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

09:01:53 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x400000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 0:
ioctl$SG_SET_KEEP_ORPHAN(0xffffffffffffffff, 0x2287, &(0x7f0000000000)=0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:53 executing program 2:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2040000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2418.579175][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.587224][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})

09:01:53 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x21, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8844}, 0x880)
ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000000))
r2 = socket$inet(0x2, 0x3, 0x5)
setsockopt$inet_pktinfo(r2, 0x0, 0x8, 0x0, 0x29)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:53 executing program 5:
r0 = syz_io_uring_setup(0x4b74, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x40}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000002300))
syz_io_uring_setup(0x286c, &(0x7f0000000240)={0x0, 0x5389, 0x2, 0x0, 0x2f0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x3704, &(0x7f0000000180)={0x0, 0xf1e5, 0x2, 0x3, 0x23, 0x0, r0})
shmget$private(0x0, 0x7000, 0x8, &(0x7f0000001000/0x7000)=nil)

[ 2418.692434][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.700469][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})

09:01:53 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x50c720}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe})

[ 2418.794938][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.802963][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 0:
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='syztnl0\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="780000100000000800000005420300c80066000000299078ac1e0001ac1414bb820972aab42d23e6d10083132500000000e00000020a01010100000000940400004424a9610a01010200000001e00000015d12ab7d0000000000000004e00000020000000489233d7f000001e0000002ac1e0101e000000264010101ac1414aa7f0000017f000001442c9701000000010000027c80000001fffffffb0000010000000009cf00000500000007000053ed0000000000861c000000010107ae5f857200060fac7803901f885e19da95c45b9b000000"]})
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000e93000/0x2000)=nil, 0x2000, 0x1000002, 0x110, r1, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381)
mmap$IORING_OFF_SQ_RING(&(0x7f0000e94000/0x4000)=nil, 0x4000, 0xc, 0x810, 0xffffffffffffffff, 0x0)

09:01:53 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:53 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
accept$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), r2)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2418.890407][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2418.898473][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})

09:01:53 executing program 2 (fault-call:1 fault-nth:0):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:53 executing program 0:
r0 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000f13000/0x3000)=nil)
shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/10)
gettid()
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2419.027832][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2419.035953][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2419.066637][T10549] FAULT_INJECTION: forcing a failure.
[ 2419.066637][T10549] name failslab, interval 1, probability 0, space 0, times 0
[ 2419.079366][T10549] CPU: 1 PID: 10549 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2419.088223][T10549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2419.098277][T10549] Call Trace:
[ 2419.101601][T10549]  dump_stack+0x137/0x19d
[ 2419.106121][T10549]  should_fail+0x23c/0x250
[ 2419.110528][T10549]  ? vm_area_dup+0x44/0x120
[ 2419.115031][T10549]  __should_failslab+0x81/0x90
[ 2419.119799][T10549]  should_failslab+0x5/0x20
[ 2419.124301][T10549]  kmem_cache_alloc+0x46/0x2f0
[ 2419.129060][T10549]  vm_area_dup+0x44/0x120
[ 2419.133395][T10549]  ? mntput_no_expire+0x64/0x730
[ 2419.138335][T10549]  ? mntput+0x45/0x70
[ 2419.142329][T10549]  ? terminate_walk+0x261/0x270
[ 2419.147169][T10549]  __split_vma+0x82/0x320
[ 2419.151575][T10549]  ? vmacache_find+0x2df/0x320
[ 2419.156365][T10549]  __do_munmap+0x27c/0x1330
[ 2419.160935][T10549]  mmap_region+0x58a/0x13e0
[ 2419.165460][T10549]  ? security_mmap_addr+0x78/0x90
[ 2419.170599][T10549]  do_mmap+0x77d/0xc90
[ 2419.174721][T10549]  vm_mmap_pgoff+0xf9/0x1d0
[ 2419.179213][T10549]  ksys_mmap_pgoff+0xe1/0x380
[ 2419.183967][T10549]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2419.189752][T10549]  do_syscall_64+0x4a/0x90
[ 2419.194264][T10549]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2419.200155][T10549] RIP: 0033:0x4665d9
[ 2419.204109][T10549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:01:54 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:01:54 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x600000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:54 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000002000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x4, 0x60, 0x3, 0x80000000, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7, 0x40, 0xffffd99e, 0xfff}})

09:01:54 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4020000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2419.223884][T10549] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2419.232294][T10549] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2419.240328][T10549] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2419.248286][T10549] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2419.256244][T10549] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2419.264211][T10549] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
09:01:54 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x80ffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:54 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r1=>0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000004, 0x152811, r0, 0x0)
syz_io_uring_submit(r2, r1, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)={0x80000, 0x38, 0x6}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x23456}, 0x1)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140)=<r3=>0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x0, &(0x7f0000000a00)={<r5=>0x0, <r6=>0x0})
recvmmsg(r4, &(0x7f0000000980)=[{{&(0x7f0000000280)=@hci, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)=""/55, 0x37}, {&(0x7f0000000340)=""/222, 0xde}, {&(0x7f0000000440)=""/75, 0x4b}], 0x3, &(0x7f0000000500)=""/115, 0x73}, 0xfffffff8}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000580)=""/44, 0x2c}, {&(0x7f00000005c0)=""/130, 0x82}, {&(0x7f0000000680)=""/153, 0x99}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000000740)=""/132, 0x84}], 0x5, &(0x7f0000000880)=""/243, 0xf3}, 0xd7}], 0x2, 0x40010100, &(0x7f0000000a40)={r5, r6+60000000})
syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x6)

09:01:54 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)

09:01:54 executing program 2 (fault-call:1 fault-nth:1):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:54 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600})

[ 2419.371353][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2419.379386][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:54 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c9a000/0x4000)=nil, 0x4000, 0x1, 0x110, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_buf(r0, 0x107, 0x8, &(0x7f0000000000)=""/226, &(0x7f0000000100)=0xe2)

[ 2419.438684][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2419.446789][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2419.457720][T10604] FAULT_INJECTION: forcing a failure.
[ 2419.457720][T10604] name failslab, interval 1, probability 0, space 0, times 0
[ 2419.470428][T10604] CPU: 0 PID: 10604 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2419.479181][T10604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2419.489281][T10604] Call Trace:
[ 2419.492548][T10604]  dump_stack+0x137/0x19d
[ 2419.496873][T10604]  should_fail+0x23c/0x250
[ 2419.501344][T10604]  ? anon_vma_clone+0x8d/0x380
[ 2419.506146][T10604]  __should_failslab+0x81/0x90
[ 2419.510906][T10604]  should_failslab+0x5/0x20
[ 2419.515432][T10604]  kmem_cache_alloc+0x46/0x2f0
[ 2419.520197][T10604]  anon_vma_clone+0x8d/0x380
[ 2419.524845][T10604]  __split_vma+0x134/0x320
[ 2419.529260][T10604]  ? vmacache_find+0x2df/0x320
[ 2419.534015][T10604]  __do_munmap+0x27c/0x1330
09:01:54 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900})

[ 2419.538512][T10604]  mmap_region+0x58a/0x13e0
[ 2419.543052][T10604]  ? security_mmap_addr+0x78/0x90
[ 2419.548073][T10604]  do_mmap+0x77d/0xc90
[ 2419.552134][T10604]  vm_mmap_pgoff+0xf9/0x1d0
[ 2419.556622][T10604]  ksys_mmap_pgoff+0xe1/0x380
[ 2419.561285][T10604]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2419.567068][T10604]  do_syscall_64+0x4a/0x90
[ 2419.571476][T10604]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2419.577412][T10604] RIP: 0033:0x4665d9
[ 2419.581296][T10604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2419.600895][T10604] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2419.609335][T10604] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2419.617293][T10604] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2419.625257][T10604] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
09:01:54 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xc0ffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:54 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x6040000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:54 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00})

09:01:54 executing program 0:
sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x174, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x40, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9de}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffffffd}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4b}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_SOCK={0x94, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x200}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xd5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x66}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x367}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x81}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x800}, 0x2000c890)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2419.633214][T10604] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2419.641170][T10604] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
[ 2419.657384][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2419.665408][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:54 executing program 2 (fault-call:1 fault-nth:2):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2419.743390][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2419.746505][T10641] FAULT_INJECTION: forcing a failure.
[ 2419.746505][T10641] name failslab, interval 1, probability 0, space 0, times 0
[ 2419.751393][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2419.764004][T10641] CPU: 0 PID: 10641 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2419.780193][T10641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2419.790269][T10641] Call Trace:
09:01:54 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x493b, &(0x7f0000000000)={0x0, 0x9f63, 0x8, 0x3, 0x33f}, &(0x7f0000e44000/0x3000)=nil, &(0x7f0000d52000/0x4000)=nil, &(0x7f0000000080)=<r0=>0x0, &(0x7f00000000c0))
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, 0x0, 0x0)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x10000000)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r3}}, 0x7)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x20000)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r0, r2, &(0x7f0000000140)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r4, &(0x7f0000000100)={0x70002016}, 0xffffffffffffffff, 0x1, 0x0, 0x1, {0x0, r5}}, 0x9)
r6 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r6, 0x9205)
ioctl$LOOP_CLR_FD(r6, 0x4c01)

[ 2419.793543][T10641]  dump_stack+0x137/0x19d
[ 2419.797869][T10641]  should_fail+0x23c/0x250
[ 2419.802284][T10641]  ? vm_area_alloc+0x28/0xa0
[ 2419.806918][T10641]  __should_failslab+0x81/0x90
[ 2419.811682][T10641]  should_failslab+0x5/0x20
[ 2419.816171][T10641]  kmem_cache_alloc+0x46/0x2f0
[ 2419.820945][T10641]  vm_area_alloc+0x28/0xa0
[ 2419.825366][T10641]  mmap_region+0x721/0x13e0
[ 2419.829867][T10641]  ? security_mmap_addr+0x78/0x90
[ 2419.834903][T10641]  do_mmap+0x77d/0xc90
[ 2419.839010][T10641]  vm_mmap_pgoff+0xf9/0x1d0
[ 2419.843506][T10641]  ksys_mmap_pgoff+0xe1/0x380
[ 2419.848173][T10641]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2419.854076][T10641]  do_syscall_64+0x4a/0x90
[ 2419.858566][T10641]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2419.864591][T10641] RIP: 0033:0x4665d9
[ 2419.868478][T10641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2419.888078][T10641] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2419.896556][T10641] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2419.904544][T10641] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2419.912812][T10641] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2419.920778][T10641] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2419.928745][T10641] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
09:01:55 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40412000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, r1, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0x100}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x20000080)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
pselect6(0x40, &(0x7f0000000180)={0xbe8, 0x0, 0x100000000, 0x558, 0x7fffffff, 0x726e1504, 0x5}, &(0x7f00000001c0)={0xfff, 0x1f, 0x1, 0x1, 0xffff, 0x1000, 0x7f, 0x1}, &(0x7f0000000200)={0x401, 0x8, 0x2, 0x1, 0x8, 0x4d, 0x7, 0x474}, &(0x7f0000000240), &(0x7f00000002c0)={&(0x7f0000000280)={[0x957]}, 0x8})

09:01:55 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x7000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00})

09:01:55 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:55 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x5, 0x50, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='*\x00', &(0x7f0000000040)='!}*5^\x00', 0x0)

09:01:55 executing program 2 (fault-call:1 fault-nth:3):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2420.336738][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2420.344779][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2420.367098][T10690] FAULT_INJECTION: forcing a failure.
[ 2420.367098][T10690] name failslab, interval 1, probability 0, space 0, times 0
[ 2420.379793][T10690] CPU: 1 PID: 10690 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2420.388564][T10690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2420.398624][T10690] Call Trace:
[ 2420.401925][T10690]  dump_stack+0x137/0x19d
[ 2420.406255][T10690]  should_fail+0x23c/0x250
[ 2420.410659][T10690]  ? shmem_alloc_inode+0x22/0x30
[ 2420.415595][T10690]  __should_failslab+0x81/0x90
[ 2420.420353][T10690]  ? shmem_match+0xa0/0xa0
[ 2420.424854][T10690]  should_failslab+0x5/0x20
[ 2420.429348][T10690]  kmem_cache_alloc+0x46/0x2f0
[ 2420.434117][T10690]  ? unmap_region+0x199/0x1d0
[ 2420.438798][T10690]  ? shmem_match+0xa0/0xa0
[ 2420.443308][T10690]  shmem_alloc_inode+0x22/0x30
[ 2420.448157][T10690]  new_inode_pseudo+0x38/0x1c0
[ 2420.452950][T10690]  new_inode+0x21/0x120
[ 2420.457165][T10690]  shmem_get_inode+0xa1/0x480
[ 2420.462014][T10690]  __shmem_file_setup+0xf1/0x1d0
[ 2420.467066][T10690]  shmem_zero_setup+0x5f/0xe0
[ 2420.471790][T10690]  mmap_region+0xd65/0x13e0
[ 2420.476292][T10690]  do_mmap+0x77d/0xc90
[ 2420.480383][T10690]  vm_mmap_pgoff+0xf9/0x1d0
[ 2420.484917][T10690]  ksys_mmap_pgoff+0xe1/0x380
[ 2420.489634][T10690]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2420.497195][T10690]  do_syscall_64+0x4a/0x90
[ 2420.501617][T10690]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2420.507510][T10690] RIP: 0033:0x4665d9
[ 2420.511405][T10690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:01:55 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x8000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:55 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2420.531052][T10690] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2420.539550][T10690] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2420.547519][T10690] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2420.555559][T10690] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2420.563520][T10690] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2420.571579][T10690] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
09:01:55 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000006, 0x8011, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
syz_io_uring_setup(0x8c5, &(0x7f0000000000)={0x0, 0xc24b, 0x1, 0x23, 0x2df, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000fed000/0x13000)=nil, &(0x7f0000000140), &(0x7f00000000c0))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
syz_open_dev$usbmon(&(0x7f0000000100), 0x81, 0x34000)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x30, r1, 0x10000000)

09:01:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000})

09:01:55 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:55 executing program 5:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))

09:01:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

[ 2420.668723][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2420.676785][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:55 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1d994000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:55 executing program 0:
setrlimit(0x6, &(0x7f0000000000)={0x8001, 0x2})
ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000040)={0x39, ""/57})

09:01:55 executing program 2 (fault-call:1 fault-nth:4):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4200})

[ 2420.755292][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2420.763761][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:55 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x0, 0x10}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = fsmount(0xffffffffffffffff, 0x1, 0x1)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x4000)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2420.846501][T10784] FAULT_INJECTION: forcing a failure.
[ 2420.846501][T10784] name failslab, interval 1, probability 0, space 0, times 0
[ 2420.859415][T10784] CPU: 0 PID: 10784 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2420.868469][T10784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2420.879200][T10784] Call Trace:
[ 2420.882476][T10784]  dump_stack+0x137/0x19d
[ 2420.886810][T10784]  should_fail+0x23c/0x250
[ 2420.891223][T10784]  ? security_inode_alloc+0x30/0x180
09:01:55 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x2040000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:55 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x34, 0x40501)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0xfffffffffffff001, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$SG_GET_ACCESS_COUNT(r3, 0x2289, &(0x7f0000000180))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0xa, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x50, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
io_uring_setup(0x4916, &(0x7f0000000340)={0x0, 0xf5ec, 0x8, 0x0, 0xaf})
ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x400, 0x9, 0x0, 0x3, 0xb, 0x0, "af676275c9ea867fce91630e003805c77da70e88a1c2fbb7463db8bbe6298f59d80f18551e4c420da434e9b5b183765c9c5a433599aa55924072e55216897d23", "ac901e536902f9fad2dd8d4909f6df2b5b9371731ef6d9b1a70d83058cd2bb3ad309b42c7cb721188feddffe927d50ed90bcf8665c4bec47e137b207b5561064", "b19b2976b79f7eba8f541b4566706bb7396ca097b39aa7ac9e354bf1469e702c", [0x7, 0x7f]})
r5 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205)
ioctl$MON_IOCX_MFETCH(r5, 0xc0109207, &(0x7f0000000200)={&(0x7f00000001c0)=[0x0], 0x1, 0x800})

[ 2420.896581][T10784]  __should_failslab+0x81/0x90
[ 2420.901464][T10784]  should_failslab+0x5/0x20
[ 2420.905961][T10784]  kmem_cache_alloc+0x46/0x2f0
[ 2420.910808][T10784]  security_inode_alloc+0x30/0x180
[ 2420.916129][T10784]  inode_init_always+0x20b/0x420
[ 2420.921062][T10784]  ? shmem_match+0xa0/0xa0
[ 2420.925747][T10784]  new_inode_pseudo+0x73/0x1c0
[ 2420.930671][T10784]  new_inode+0x21/0x120
[ 2420.934824][T10784]  shmem_get_inode+0xa1/0x480
[ 2420.939532][T10784]  __shmem_file_setup+0xf1/0x1d0
[ 2420.944498][T10784]  shmem_zero_setup+0x5f/0xe0
[ 2420.949547][T10784]  mmap_region+0xd65/0x13e0
[ 2420.954139][T10784]  do_mmap+0x77d/0xc90
[ 2420.958230][T10784]  vm_mmap_pgoff+0xf9/0x1d0
[ 2420.962786][T10784]  ksys_mmap_pgoff+0xe1/0x380
[ 2420.967583][T10784]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2420.973741][T10784]  do_syscall_64+0x4a/0x90
[ 2420.978177][T10784]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2420.984078][T10784] RIP: 0033:0x4665d9
[ 2420.984097][T10784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2420.984115][T10784] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2420.984134][T10784] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
09:01:56 executing program 2 (fault-call:1 fault-nth:5):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:56 executing program 5:
r0 = io_uring_setup(0x7099, &(0x7f0000000180)={0x0, 0x432c, 0x1, 0x2, 0x40})
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xc0, 0x0, r0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x6c, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
socketpair(0x5, 0x2, 0x8, &(0x7f0000000200))

09:01:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000})

[ 2420.984145][T10784] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2420.984155][T10784] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2420.984164][T10784] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2420.984173][T10784] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
[ 2421.111973][T10847] FAULT_INJECTION: forcing a failure.
[ 2421.111973][T10847] name failslab, interval 1, probability 0, space 0, times 0
[ 2421.111993][T10847] CPU: 1 PID: 10847 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2421.112008][T10847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2421.112016][T10847] Call Trace:
[ 2421.112025][T10847]  dump_stack+0x137/0x19d
[ 2421.112073][T10847]  should_fail+0x23c/0x250
[ 2421.112088][T10847]  ? __d_alloc+0x36/0x370
[ 2421.112100][T10847]  __should_failslab+0x81/0x90
[ 2421.112119][T10847]  should_failslab+0x5/0x20
[ 2421.112132][T10847]  kmem_cache_alloc+0x46/0x2f0
[ 2421.112148][T10847]  ? __init_rwsem+0x59/0x70
[ 2421.112168][T10847]  __d_alloc+0x36/0x370
[ 2421.112180][T10847]  ? current_time+0xdb/0x190
09:01:56 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x4000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:56 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x20000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2421.112194][T10847]  d_alloc_pseudo+0x1a/0x50
[ 2421.112207][T10847]  alloc_file_pseudo+0x63/0x130
[ 2421.112263][T10847]  __shmem_file_setup+0x14c/0x1d0
[ 2421.112282][T10847]  shmem_zero_setup+0x5f/0xe0
[ 2421.112321][T10847]  mmap_region+0xd65/0x13e0
[ 2421.112338][T10847]  do_mmap+0x77d/0xc90
[ 2421.112353][T10847]  vm_mmap_pgoff+0xf9/0x1d0
[ 2421.112419][T10847]  ksys_mmap_pgoff+0xe1/0x380
[ 2421.112433][T10847]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2421.112455][T10847]  do_syscall_64+0x4a/0x90
09:01:56 executing program 2 (fault-call:1 fault-nth:6):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2421.112475][T10847]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2421.112499][T10847] RIP: 0033:0x4665d9
[ 2421.112509][T10847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2421.112522][T10847] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2421.112617][T10847] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2421.112629][T10847] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2421.112640][T10847] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2421.112652][T10847] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2421.112663][T10847] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
[ 2421.126702][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2421.356898][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2421.416105][T10885] FAULT_INJECTION: forcing a failure.
[ 2421.416105][T10885] name failslab, interval 1, probability 0, space 0, times 0
[ 2421.429113][T10885] CPU: 0 PID: 10885 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2421.437918][T10885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2421.448161][T10885] Call Trace:
[ 2421.451697][T10885]  dump_stack+0x137/0x19d
[ 2421.456047][T10885]  should_fail+0x23c/0x250
[ 2421.460480][T10885]  ? __alloc_file+0x2e/0x1a0
[ 2421.465064][T10885]  __should_failslab+0x81/0x90
[ 2421.469921][T10885]  should_failslab+0x5/0x20
[ 2421.474432][T10885]  kmem_cache_alloc+0x46/0x2f0
[ 2421.479193][T10885]  __alloc_file+0x2e/0x1a0
[ 2421.483753][T10885]  alloc_empty_file+0xcd/0x1c0
[ 2421.488505][T10885]  alloc_file+0x3a/0x280
[ 2421.492755][T10885]  alloc_file_pseudo+0xe2/0x130
[ 2421.497608][T10885]  __shmem_file_setup+0x14c/0x1d0
[ 2421.502631][T10885]  shmem_zero_setup+0x5f/0xe0
[ 2421.507383][T10885]  mmap_region+0xd65/0x13e0
[ 2421.511883][T10885]  do_mmap+0x77d/0xc90
[ 2421.515945][T10885]  vm_mmap_pgoff+0xf9/0x1d0
[ 2421.520538][T10885]  ksys_mmap_pgoff+0xe1/0x380
[ 2421.525206][T10885]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2421.531096][T10885]  do_syscall_64+0x4a/0x90
[ 2421.535508][T10885]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2421.541400][T10885] RIP: 0033:0x4665d9
[ 2421.545284][T10885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:01:56 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2800000049035bd0ce1d7bdddcd95e341742c52831940f5b166e4785f4b30b092b9fe6de9c1ccbebb29a7db3d714339ffe1390a16cfddcb110ff30461377b33c9f7890c8d606f209f4c3620148e4659d8a22c488e30c678ed3", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000044d5116edef66180b208000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000"], 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
r3 = syz_open_dev$vcsa(&(0x7f0000000140), 0x9, 0xafc1f96e9ac2ff45)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="28000000d1d8f29d63c06aa0ec8bc0e5027b7f4a5042a517b263bbb46bb779585b1ff12ad7c036d1e63c6d600384", @ANYRESOCT, @ANYBLOB="10002bbd7000fedbdf250600000008000300", @ANYRES32=r2, @ANYBLOB="0c0099000600000068000000e085b483acf2f5425445197b04ae462ebb2f50f50859a750fba3f47a2a529c5433c67f133ad80ae6e4fa4a71db8be3ebe4f087f48f1b377323abb6639e013e0661ddc795de4a71c59797e1fbabd8db3bedbe0a8f2ddf792a22fd144890701220ba8d74f46339494fe031059361dcf3b764ab3199214c129c2ba257f050aeab4bf1fba47e99e38e8a072db5f8b4d0b96674d9fb8d6e699dd7e75d36372fe349a8b2e957d594989658402d6529f6d5557f007b"], 0x28}, 0x1, 0x0, 0x0, 0x40009}, 0xc880)
r4 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r4}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000380))

09:01:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

09:01:56 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000000000))

[ 2421.564893][T10885] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2421.573302][T10885] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2421.581265][T10885] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2421.589238][T10885] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2421.597295][T10885] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2421.605260][T10885] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
09:01:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})

[ 2421.639564][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2421.647610][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:56 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r1, @ANYBLOB="02002dbd700035ecc2f6cc1efedbdf25180000001c0001800d0001007566703a73797a310000000008000300000000007000058008000100657468002c000280cef2010020000000080002000300000008000300fcffffff08000200050000000800030000020000340002800800010005000000080004000000000008000200faffffff08000200960f00000800040001000000080003000200000004000280"], 0xa0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000})

09:01:56 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x20d20000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:56 executing program 2 (fault-call:1 fault-nth:7):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:56 executing program 0:
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x100, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0xffff0000, 0x10}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "21b82707690f9d3f958feb09713b7114550a9d24cbc1c3f5"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "83c77eb3052370a19e0b5cb50fbc399019af474fa2a444d7"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "434932670c0da80e6d626f7eff3623335abce628b91f5f06"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}]}, 0x100}, 0x1, 0x0, 0x0, 0x20004011}, 0x40)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x8)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x50, r1, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x100, 0x10}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x50}, 0x1, 0x0, 0x0, 0x4801}, 0x80)

[ 2421.699447][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2421.707464][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2421.780418][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2421.788436][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2421.803059][T10951] FAULT_INJECTION: forcing a failure.
[ 2421.803059][T10951] name failslab, interval 1, probability 0, space 0, times 0
[ 2421.815986][T10951] CPU: 1 PID: 10951 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2421.824924][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2421.834966][T10951] Call Trace:
[ 2421.838233][T10951]  dump_stack+0x137/0x19d
[ 2421.842558][T10951]  should_fail+0x23c/0x250
[ 2421.846970][T10951]  ? security_file_alloc+0x30/0x190
[ 2421.852157][T10951]  __should_failslab+0x81/0x90
[ 2421.856937][T10951]  should_failslab+0x5/0x20
[ 2421.861433][T10951]  kmem_cache_alloc+0x46/0x2f0
[ 2421.866378][T10951]  security_file_alloc+0x30/0x190
[ 2421.871390][T10951]  __alloc_file+0x83/0x1a0
[ 2421.875792][T10951]  alloc_empty_file+0xcd/0x1c0
[ 2421.880653][T10951]  alloc_file+0x3a/0x280
[ 2421.884933][T10951]  alloc_file_pseudo+0xe2/0x130
[ 2421.889845][T10951]  __shmem_file_setup+0x14c/0x1d0
[ 2421.895086][T10951]  shmem_zero_setup+0x5f/0xe0
[ 2421.899813][T10951]  mmap_region+0xd65/0x13e0
[ 2421.904430][T10951]  do_mmap+0x77d/0xc90
[ 2421.908496][T10951]  vm_mmap_pgoff+0xf9/0x1d0
[ 2421.913093][T10951]  ksys_mmap_pgoff+0xe1/0x380
[ 2421.917764][T10951]  ? exit_to_user_mode_prepare+0x65/0x190
[ 2421.923548][T10951]  do_syscall_64+0x4a/0x90
[ 2421.928015][T10951]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2421.933909][T10951] RIP: 0033:0x4665d9
[ 2421.937800][T10951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2421.957581][T10951] RSP: 002b:00007fa1d886c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2421.966073][T10951] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
09:01:56 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x5000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000})

09:01:56 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r1=>0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000140))
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
socket$packet(0x11, 0x3, 0x300)
socket$inet_udplite(0x2, 0x2, 0x88)
accept$packet(0xffffffffffffffff, &(0x7f0000006640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000006680)=0x14)
clock_gettime(0x0, &(0x7f0000000300)={<r4=>0x0, <r5=>0x0})
syz_io_uring_submit(r2, r1, &(0x7f0000000380)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000340)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x3)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_timeval(r6, 0x1, 0x14, &(0x7f0000000180), &(0x7f00000001c0)=0x74)
select(0x40, &(0x7f0000000200)={0x6, 0x1, 0x0, 0x1f, 0x7fffffff, 0x6, 0xfff, 0x6}, &(0x7f0000000240)={0x9, 0x200, 0x6, 0x65410500, 0x6, 0x40, 0x1, 0x3}, &(0x7f0000000280)={0x9, 0x9, 0x9, 0x3ff, 0x1, 0x0, 0xfffffffffffffffa, 0x4d71}, &(0x7f00000002c0)={0x0, 0xea60})

09:01:56 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x22000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:56 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x2000008, 0x11, r1, 0x0)

09:01:57 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x6040000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2421.974081][T10951] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020c00000
[ 2421.982048][T10951] RBP: 00007fa1d886c1d0 R08: ffffffffffffffff R09: 0000000000000000
[ 2421.990021][T10951] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2421.997992][T10951] R13: 00007ffc589b2dff R14: 00007fa1d886c300 R15: 0000000000022000
[ 2422.009416][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.017429][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000})

09:01:57 executing program 2 (fault-call:1 fault-nth:8):
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000})

09:01:57 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x3c, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0x1}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1f}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa0}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0xd}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000090}, 0x40000)
r1 = syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
syz_io_uring_setup(0x18cf, &(0x7f0000000180)={0x0, 0x80ca, 0x8, 0x2, 0xd5}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000003000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000240))
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x1010, r0, 0x10000000)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
fsmount(r4, 0x0, 0x82)
r5 = syz_open_dev$usbmon(&(0x7f00000002c0), 0x5, 0x54002)
ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000280)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1, {0x0, r6}}, 0x400)

[ 2422.107107][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.115206][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:57 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x8132, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, 0x0, 0x0)
r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x10000000)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r2}}, 0x7)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, r2)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x40a300, 0x0)
syz_io_uring_setup(0x71ac, &(0x7f0000000200)={0x0, 0x80e0, 0x4, 0x200, 0xcc, 0x0, r3}, &(0x7f0000dbb000/0x4000)=nil, &(0x7f0000d98000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000001c0))

[ 2422.196207][T11020] FAULT_INJECTION: forcing a failure.
[ 2422.196207][T11020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2422.209315][T11020] CPU: 1 PID: 11020 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2422.218079][T11020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2422.228161][T11020] Call Trace:
[ 2422.231436][T11020]  dump_stack+0x137/0x19d
[ 2422.235789][T11020]  should_fail+0x23c/0x250
[ 2422.240223][T11020]  should_fail_usercopy+0x16/0x20
[ 2422.245242][T11020]  _copy_to_user+0x1c/0x90
[ 2422.249720][T11020]  simple_read_from_buffer+0xab/0x120
[ 2422.255091][T11020]  proc_fail_nth_read+0xf6/0x140
[ 2422.260022][T11020]  ? rw_verify_area+0x136/0x250
[ 2422.264956][T11020]  ? proc_fault_inject_write+0x200/0x200
[ 2422.270642][T11020]  vfs_read+0x154/0x5d0
[ 2422.274921][T11020]  ? up_write+0x25/0xc0
[ 2422.279073][T11020]  ? __fget_light+0x21b/0x260
[ 2422.283749][T11020]  ? __cond_resched+0x11/0x40
[ 2422.288421][T11020]  ksys_read+0xce/0x180
[ 2422.292574][T11020]  __x64_sys_read+0x3e/0x50
[ 2422.297062][T11020]  do_syscall_64+0x4a/0x90
[ 2422.301563][T11020]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2422.307462][T11020] RIP: 0033:0x41935c
[ 2422.311359][T11020] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2422.330966][T11020] RSP: 002b:00007fa1d884b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
09:01:57 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)

09:01:57 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x7000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000})

[ 2422.339499][T11020] RAX: ffffffffffffffda RBX: 0000000020c00000 RCX: 000000000041935c
[ 2422.347499][T11020] RDX: 000000000000000f RSI: 00007fa1d884b1e0 RDI: 0000000000000003
[ 2422.355557][T11020] RBP: 00007fa1d884b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2422.363521][T11020] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[ 2422.371492][T11020] R13: 00007ffc589b2dff R14: 00007fa1d884b300 R15: 0000000000022000
09:01:57 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x37c00fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000})

[ 2422.433109][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.441127][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:57 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:57 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, r0, 0x732, 0x70bd27, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x6, 0x5]}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x3, 0xfff, 0x7]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x953c}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x48}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x80)
mmap$IORING_OFF_SQES(&(0x7f0000e2d000/0x1000)=nil, 0x1000, 0x100000f, 0x8010, 0xffffffffffffffff, 0x10000000)

09:01:57 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x80000000001ff, 0x282000)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
accept$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14)

09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000})

[ 2422.520136][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.528145][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:57 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400004, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:57 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, r0, 0x0)

[ 2422.625239][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.633287][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42000000})

09:01:57 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
io_uring_setup(0x2d49, &(0x7f00000007c0)={0x0, 0xe385, 0x0, 0x3, 0x292, 0x0, r1})
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000d, 0x13, r2, 0x10000000)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'})
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000100))
r4 = syz_io_uring_setup(0x4f02, &(0x7f0000000940)={0x0, 0xb1ca, 0x2, 0x3, 0x3cb}, &(0x7f0000002000/0x400000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000009c0), &(0x7f0000000a00))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r6, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x5e8b43df713e5f61}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, r6, 0x300, 0x70bd2a, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x48001}, 0x30000000)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
syz_read_part_table(0x1, 0x8, &(0x7f0000000700)=[{&(0x7f0000000200)="46fc92e0f0ae1c2b19f33e73d69df2099776ba8395328180aed93fdb4f01d3a7899aa8d7ba39f6ca44c91fe281845953208bec06a44aa8be867e09a3710306b20b6798b671086649c429aff7127a8c95889e96418110aff89ae17475d5cdd6750102e17f3be7eddc8214a4dd258ed00b2fd1094c666880b41f58fa28ee117c1596", 0x81, 0x6}, {&(0x7f00000002c0)="155498ffb1e37772f67aba75a3303937b322e129a1181d5939b6273f1214c43a1733d0cd75f419103c46e7b24777df85e5152c9511a5e7dfa3e8631d875a8a512a90e3b23b7bf4147d2ce7c278ad56c3b07cc08371b34fec0c9916ed780551e484e36a3a863e402a1eb81300aa05", 0x6e, 0x800}, {&(0x7f0000000340)="b061288a3daca9ed879e6f761916d78ab67b7cb291207c8e8d913fbcb0221a139e13107055fd22d03fb0e6455e883710e4c559ab767978ec3a6ff4e5974c5c74264a7d9e68fdb31aff94b1459fa39f57b71a16d82a34c7c4490f08ebf9ba634653ebe743157a38d94b2f0637454e501cf4fe281448333e197f2a66ca25f813129a079a4432a6ce80b7b57b866ba1868232b7dc9c00c3e8b29e4e", 0x9a, 0x3}, {&(0x7f0000000400)="61aafcd23e26b0e16f2b58b2dc0741da77c2ff7eb36115147360649324b2e93ca31009830f9e2bed8c6ad2042777c75f", 0x30, 0x7f}, {&(0x7f0000000dc0)="59730986b51916a52c2c65e1820cc5628abf2e3d21d7b89429105488f0e69ed508cc00af90abd6755a37beef67616552dc8e6aeb1317e58625de634dce4a79ac47e5a547b140ee0e571d62bfb5eea67840bb0d76a31f453738f3685c6fd1e6ec2072c0f91f6c7e1861bb1e43c1d191c03f3d2f0530e928c5a4808f4c1fd761a6acd79ce1fa219eb4adf7c8d950f2de3d4e7cc296ad6cdecaa66ad848fcb888256fe1874621f7a68fa7ffce822a095e4849494baa51673326f3a0e97c4f8d0636bf1ef76ea8388e9a4f920e08293176c8fe2fdf593a7d3fcef8ec7ee2ee1e4ac2e3a02e80b27c43dc59413a65a13e9828173e8a22f5bd190dac5d70ec8f524a468692c015a48c5de178e2afe38173bc9a135825ecfe270f915fa1d0961ababfe744b461475a7b116ebc6923694c2bfed1a5d541f5c9a1e71c5c0c7f36cfed467a7f71a00fd3f3baceea4266bdd81f74098ffa21213bc6bd1af61a951015789e2239c42cc1c6902cde4d256b6ead5455ca575bf9fe39498a372b626524b70c196712f47858a0e14a504fe12d393aa676d11cc5ee746cb19d1a673e184467dd841dfafe9eddaa4c80ef3bfb68fb193b686e6acd69bf5605bcff3b1d79476e6478532ee195a71f77b1b1c45c9e9d974e22b77b5ec297c66053a5727ac6d5cd73417eb4f7ea42a08e6826110e67b6bc394d50fa29ee7e9ca67b6bf1a275787f2068fff23d369e3490c4b352de033e6c4608c5ccf1344698d643397d78a5979520c2f466f3060ca32e89ba8d32e0f646fb29ea3ff690688834f2d46d3a1d857f609e5f3639faf3df0644f826e01c1d61bc79b14d839917d632b7c6c95c696b641e9ace7d9880d63a526cea475cfb181cdbdb29e268014e997e2555eea2ad5c554c295e96580a8aa910bfe56fea51cd851c5ff5f67cdf8c6f86676f2fb32efb83b453bdb6c20da0b45bbff437c9fece320d56c5d8077542fcef83b8e2a358d7cc002789e12bc6892bd51e1ebb59613a180025b7905de6c691473d553154a9bd75f9f5ce8f1840bcb86414009d3a5417c8acb08ffb778e97af7f580f91ea56636f445fbc32816f10764236236bc0249f81de69b2483ee8880567b6b8533c5b53cc737cc7e4c460dd7f267093cc8b81cfc90be9c023454d4189e2fd81a70c15ce1591be0d8b6e7643e5cc114b16a7a0bec31789b69dc15bf0b1f813f15596ccab70ac03ff440d993da4341430a8783feadf20b8ae26a2857efe4ae3cc8b17f216d3dbc21fdd43af5cc9aaece1be120bfa87531ecf34d84dd32c912c1cf2ee2021bacc97df67968cb3802a5451b19571061bf8bde3b7d7e348667276b60ecdd91347d1308f8905c93bd228cdd1de4e12062c22ca7fe4da2900d3b60d4980217e1947316738ab09b687a7db988d375e8de464ebca11947d8cac6d557e7b3fb57fbbf44cc9aa8e995438e32f6e940bf9e66f9ed8b3ca8a9c41c61632427140e4079204f9329793dee60700b7187a15f2daf3a2ee2bf725a65c273dd3cce30d92614f430a8a9db70d88edd0f2080f900ec3d10863e2b8367aed13ea603703ed8c2020df2b167bf4d45f908076ab66d059d539f27872cff178543213e86e92a84e10d40ba1141ea12daf28ad870571fe6c0e3912fcc602156eac3891bc7f5a1cdb988a5b26b255082fcc2cd9708952fc0e0c82de337de46200ae63e538f01dae1b00d524b6c63a7b38ae1d9ad25cbd1209e6f6ef22fa12f78b5362baf77ebc738baa6752558161d7ee65d311929c7c34d2ee0435a7275eb58b96260d0f4bc740665a1198b7a980d4a11d40072d49b6443d83b2c94b11a2b203db512867e8513763d1b36fc66194f551256d9c3451fecaa21f1f922ab1c3f57aa4774f3e0d4acebeaf4fec97bdbb0f6662148b52d4691e61a929fbf39a851446a5376d29029afae672321667201439a68a63562083a2c3122ca2ff48de5ebadc5c65f7362effa32cada1ad6e3f56945256d459847b3a1d2a1dd9dff4613864ef6e390baa09ac7d133a23cbd00952708cb29204a2089502bc9a5ba2e4dc5016641f7d24ed62dfe8c9b97c2fe133c1f2fc3d5297f9689896ed05e0f6dd64eddd01b7ac677d9ee8d4051fb9d2b141d755a7e71d0da6d93dcf7f8632bb7024b53a24c291653dae8e6b54f4a9d0cd868ef5413e17506261fc5db16d750a569a6058b7e984b37de358841e51ca83fadb9ba77b3fae7af638c69f4a69fdd63a46456f1f51f823a97ed21f49bc6651fa635dccab014b53e8cb45a95ca2143bb6a951389c12d06a0acd131e9d1d9e76c49e291e697f8967dbbd0d94e056110bca31aab17b6ca0969991c487cba5309b31e0713ca0e45d1d10b044f17e204f90d96665fdf17993a7256889cd7f7960e46a921946ecdd3f2c13b999bb41e54386ae8840cc5da09cf23ca6f62122dd7987b960d02476f49ff3cf543239bd03abf4a1b1253a462e513a058b11e6a6c211810bfb061a8c2a64336cee9d54e23e32b598b3564602e078d98c01f518670ae1586dc62de406519c02ef90ab9c77d7d2dd4eb1e98fa3a5244f40800f175d87912cd091169906d584570f3bf5616a1540ec7d0cd326fbdef9a5f9b3ac524ab1bb52579c1d34d5f2638bbf25b2a50e4df20e785918e963d10f5b9eb00bab036d3acbe4377df356dc1afdb4c01250a250e7ea8767512cfabba7f0502df5706593c6d86c5f27fbd6e808d5e7975c67a6ea385b4df4d5ebe118349b2b5a7f02a0ce0ce74d9476cb600505e67b8e86eb77a974547fefa65fec244a682eaeb4802e74fcaba7c3c2e656c1f6bc76de69084dc4dcc265181aad81dbecd522cff85fe65fb11a33f84578911a87d5b640a93b047fa205e34360f589c5350f3d196cb18f060a02bfea24e3f894e41be12103b2b3c2adc635bedc910383768a65ce797556f306b31010a3e5ccf63c1eb7d816fd1d3e7d6e90be6e1850b33d02f6f70ffb8123e7f12e55627b0e18eba07e36822cd87c6c2c770cd642f66657a0394e900799b71dbf94074e5a287a2272bc9b0dbd1879779166458f34dcdb8f98e10c4431a26dd3e1c6230ecd6ca8369d2817cd3fd9636a001eb2ce464dcf0cb253b9b6a5230d3c32beaac180ed2c6b1c677004dba5b509c3909fcd12dd30700fb38ead2309151f39f3a80e10de758c26253b4294d63f7fc7dd51743d52f7578f4e3b6634ad7e600da2d754bb92def8fc8666c0767f35ef8a8198f536f125c1ad3d400d29b465630c97fc8a4dd2c8f149c9d6d5ad96d28db88bffb78283948721c1d743258f2d4a662606e25286a37746de9707367902e7a764364bea141d3142aac9bfbcbf2fbf896a97d8fa42b5e6aaf1934cf239b3d980a5859b645b87f277a1744ee936bad5daf2a4f1dc9493694631e5ea08de6b946c717d96f2ff4cca62f2ccb36b44aaa548227ddf960a61329fd3d76eaf46e25a50ed994a09ab654e2f50d56917f095b6c19c3ce6a338b05acbd8055ec5f2151bb48cd7942452fd880acc721b0748e080eefb0d9224eff82e25d0c6df5073f000a7a045d509cc8665dd531aaca8289c18ec26044c4a265bcc3f27aaa30d1fe5daad0177c336d3c67a2357056961448c1c3d1ff764563cf60b3d3cc42b84d229bae3fb3e5c76711d3020f77d560322937e347b4de60d437a51fe002be090e96befb07e41b4632e72799a15d7f7ee962a1c1ba0aaaedc059cf3e7825404c43b6134a3cdca8d61c078c524c35d44dbf844b6986bc96893f940a3d499a42602ace3800a98cf36f5600a1dce15aa5a41fbe51ea57d156363e83b6b823b08c9d1a9c219360690952f4947632897e3d2f0d22dd488a6501458229605cd65d30142945dc22dce737edd0a90519419690df77d10d5b0bcda31bc9f756f44a6d9303481c071e7348a426fff7f910f3215f781bd47d2c6caaf1241b203248ef42059850b929d369ff44a991a320e1ff8de50c61a5b189858c2f8b0633fe2e1945be10f164e4fadddec0a4287ad06becbe9e7349af163ad8b0a4f3bebfe43555b39122d42a15a5b85ef8b39059a099f3966608d0f4a789187d3fd4642276e0001d54d762385b59eb496e1a001c74931288f7eb92a9f6dcc9f57176029b2c18ffa980bdbae85fc4198224bec28806165acdccab52ff74aa7117b21bc98d850fc661ce1d343e28d82dcc8ff7881197e164bfbc48900684c84cddf8bd8e530f154bbe3d60ca4abad790d41b46fe0140ea641b4bd38fd6a38b5d2bf50137173d682790471ec63117d462d53cc300869d76110594475de2608936413214dd0311f64e6a0c43d641798c06014b9bea6003275635d374a1bc2543a728698824a75fee62557a343dc3610a46fede74badeb4aaf54b06329ef973d4bbb6f11fa3ab5d2d685ab395b259a9804f260131cc151db967007e23ac95a8e805fd23ab195d2da304adc737f73e9f77a094a09d10cbd4ac6066a37920240c3d49618ec1d970d0486f5531450e3e482690bfcce897d5ad2b80c519b2d6f2cba778f7f308f667a7e61908c6db3211ea7c8e9c5de4f2e117366d35d0a77fe60fe2d2d8ba505147501006a4fbf00ea350c194e5a404b50ab54b5b200bfce505a44184376d5aeb083e8a84b67b66a1c7e75d18408b4b11d8e42eb2cd4456cd181b7fa5b91b7b46c74ec1369da2aee38f85c0f24fa436a94335ab648b891966b38a03e10746ddb55accd984865a0cca8def022adf163a3139b09174f324f2054b2e6cd7fa1a986c01d30f08985e4e5ea617e71d6fedf107acbc504eb7c2df7a3f86163b305a1c61fe5dfcfb6ca8dedcd66912d75aa6c54e3a3f2d30e9ba38edb8c82503c02fa6c10ef9fdf22e7794de052eea0c1a05a74cb9dccd06fdd88ae4246920e745a37ba88c0af2df21f7edecfc9883f661ab8352a701ab8c8f11a7cfd99b02e9be60b21769d12743b20d42efdb3feb2c30e2ba7cc5ea62990e909e99f5801ab7166ba6afd113a4f4dbddc6d544c9cdd3b8f62fe2f11e89484151de5616626864ca6c44d896e8ba8080ea7894f5e0493c35b0938ceea8a370e2e632b57847c2aeeafd3299b8588169a1ec4364219b2ae7fc5e44ef063530f4c059d9d36e193c2e2fd05d516e91d831cc11fb332d1f813204cd1b2f0987e404acefac30bf2f5e384f74baf429930aca5afba910f3bb8c1786dc348c6525a432dee15a9b021a004b30d2db6c9e189172bb2de80c4eb30f13d234da8575b9ff38f851169e51d9da910d29a952a9d73517ba939ae49db4a856e8877f90b63562035d45a48395d4ae711a0cc4d0704a164953c718d66f514b978a5b718dec16318df73b3d66fc08894cbb02cc2b4d0e49b7da439ecce22c20ca840f037c4cfca47a0e9eb4b9a0ec32b5c6b1ec878ad737921f2c93e04082e0f4b2bf6f25ffcd45e061385a5ea4e8c311e69601eaecfebf587ce2e4d60639eca852ffb23d4ef3b3a1659ed15908732f624557394d1d90b9e77036fb91cabb218cb96ae226459d54a57622df034e9cc54a5d8013e26ddabe81b75bc32bb680219dec862dfe39c4f7864374625caaf79c836e54918f494eaa3a8cebbbe87a0444ef617b04051d3f9d94a7ad23232aab8b093e7aa0ec6874c2879736bfbca638e73a7efe31461efa25fcda8a1dca6aa3efe8b104e96dfeb330debc2c227afca8ac0917df5b0f0f9d7b0ff38ca4c19e84650bc7311c8087da185ff58c093295e6149352524f76080a1547906527c3261303767e0fa78f874fdbd661fc8bb15224e2a4514a0493992663c6b3b6fc7d8b537caf6564c", 0x1000, 0x7}, {&(0x7f0000000440)="428259e800503f4a102c7c54f97bde90b8cea6620f0f31409af9350f3e88f8f2c642612d646d858653a2a6ba6e90b494e9d1204232ffbe8fe43890ef02de58ffeb7d4f387d8fafae11cf28b114b9167ea013b73792f1c9b1f1fd656bb2ea96296d893f7c5ef98e1a333a7c47a337a9456cf29f1b62264cfbecc72a6f56169a692d04042bbed9fc64999ba644c896f6733676eebf47136bf39f25ae919b480f883ab0185f6cb66b4e5814e83a2e61fc006c724950ce3ecdbf33bf9279110262deb98f374ada84740a1c6923a771300b10c2a5b1c607721cd0bb4f", 0xda}, {&(0x7f0000000540)="9c577de69fbfdfd906dc4f953292c16801185f0a60cb1261a84ddaf7fb78dcc8d5bded6fb06fae6f2b2ef389508332b1b243e17dcb016b0cc5fd61f0761f187d86f0696fb74f21785ec90056df72e33d60502558c0d8a44fcc501a348f827dd3eed94f517d2bb4824335654d08f2dda5d5cbdb6a9cf910cdbf9f13a69c8845cc017655021820c5d5c5eca0a5c943843ffe107173824e02af051387e51a3b19ff889e52332dbdfb1d5021ffb9ae78c85a62eed07f", 0xb4, 0x106b618f}, {&(0x7f0000000640)="a6f1dff0d925dbcdd282c2fe0a007f56ae04609128a29cb5674ca9d3ddd630b8bff3138e9ec5557eff85928b535c7d3511eb39f0fb6d6b1f18e2f170d0eaa4760b8d09403aaf62ffe51c3e37339fc5a08f5b46967b72af0e75b9f1105c80f555e817cba31f9cddc1c252a2258bf7344328e2bd033d2b23817677a9cf7889a944c6da10a42bb3f126636d469fb6697d7294b0e721a0d6984a9a70d3c7bdbdff3a9e53839f509ed579ed895eb7569fcaf244ac", 0xb2, 0xff}])
syz_io_uring_submit(r3, 0x0, &(0x7f00000001c0)=@IORING_OP_WRITE_FIXED={0x5, 0x1, 0x0, @fd_index, 0x2, 0x2, 0x4, 0x10, 0x0, {0x1}}, 0x6)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f0000000a40)='\x00', &(0x7f0000000a80)='./file0\x00', 0xffffffffffffffff)

09:01:57 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x8000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:57 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x1d965000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2422.756346][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.764403][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:57 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x37cfffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff})

09:01:57 executing program 0:
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x804}, 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfbffffff})

[ 2422.849529][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.857550][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:57 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x7fffdf3ff000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:57 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x104, &(0x7f0000000180)=0x645598eb, 0x0, 0x4)
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f00000003c0))
shmget$private(0x0, 0x4000, 0x8, &(0x7f0000ffc000/0x4000)=nil)
getpeername(0xffffffffffffffff, &(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f0000000240)=0x80)
shmget(0x2, 0x2000, 0xa0ed42c70176269b, &(0x7f0000ffc000/0x2000)=nil)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, 0x0, 0x800, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x2}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x24}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x24}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x440a6)

09:01:57 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000000, 0x31, 0xffffffffffffffff, 0x0)

[ 2422.964269][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.972400][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2422.983223][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2422.991256][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x7ffffffff000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff})

09:01:58 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x10000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x40000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 0:
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xfc, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xb4, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x800}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xee}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0xfc}}, 0x80800)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x2010, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000e8a000/0x1000)=nil, 0x1000, 0x300000a, 0x30, 0xffffffffffffffff, 0x10000000)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000cac000/0x3000)=nil, 0x3000, 0x1000002, 0x2000112, r1, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000ca0000/0x3000)=nil, 0x3000, 0x0, 0x110, r0, 0x10000000)

09:01:58 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
syz_io_uring_setup(0x479b, &(0x7f0000000180)={0x0, 0xe0f4, 0x2, 0x2, 0x257}, &(0x7f0000003000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000240))
r2 = syz_open_dev$vcsa(&(0x7f00000002c0), 0xfffffffffffffff9, 0x100280)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000300))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_NOP={0x0, 0x3}, 0x4)

09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4, 0x31, 0xffffffffffffffff, 0x0)

[ 2423.098133][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2423.106363][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff})

09:01:58 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000040)=0x14)

[ 2423.214600][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2423.222652][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xc020, 0x31, 0xffffffffffffffff, 0x0)

09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffefff})

09:01:58 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x4200, 0x0)
ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f00000001c0))

09:01:58 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x41900fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1e001000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2423.335600][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2423.343642][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd})

09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x50961d, 0x31, 0xffffffffffffffff, 0x0)

09:01:58 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}]}, 0x28}}, 0x840)
syz_open_dev$sg(&(0x7f0000000100), 0x2, 0x404c0)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)

09:01:58 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000240)={'gre0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x8, 0x80, 0x2, 0xff, {{0x8, 0x4, 0x1, 0x34, 0x20, 0x68, 0x0, 0x5, 0x4, 0x0, @rand_addr=0x64010101, @local, {[@timestamp={0x44, 0x4, 0xa3, 0x0, 0x1}, @lsrr={0x83, 0x7, 0x10, [@private=0xa010100]}]}}}}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x118, &(0x7f0000000180)=0x1000, 0x0, 0x4)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x800000, 0x31, 0xffffffffffffffff, 0x0)

[ 2423.457895][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2423.465931][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})

09:01:58 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x2010, 0xffffffffffffffff, 0x0)

09:01:58 executing program 5:
r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, r0, 0x300, 0x70bd25, 0x25dfdbff, {}, [@GTPA_TID={0xc, 0x3, 0x1}, @GTPA_TID={0xc, 0x3, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @private=0xa010100}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1000}, 0x881)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x0, 0x2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x41921fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5})

[ 2423.571096][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2423.579125][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xf0e420, 0x31, 0xffffffffffffffff, 0x0)

09:01:58 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x20000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000d15000/0x1000)=nil, 0x1000, 0x0, 0x4010, 0xffffffffffffffff, 0x0)

09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb})

[ 2423.665850][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2423.673964][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1000000, 0x31, 0xffffffffffffffff, 0x0)

[ 2423.752158][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2423.760181][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))

09:01:58 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x41990fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 0:
msgget(0x3, 0x20)
prlimit64(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x7, 0x3f}, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x6, 0x8010, 0xffffffffffffffff, 0x0)

09:01:58 executing program 5:
ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, &(0x7f00000001c0)=0x61)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:58 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:58 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000000, 0x100010, r0, 0x10000000)
ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000000))

09:01:58 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r2, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
sendmsg$IEEE802154_ASSOCIATE_REQ(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, 0x0, 0x10, 0x70bd28, 0x25dfdbfe, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1e}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x1}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x6}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:58 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
setrlimit(0xd, &(0x7f0000000180)={0x80000001, 0x1})

09:01:59 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x20c75000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1d965000, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x42000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 0:
wait4(0xffffffffffffffff, &(0x7f0000000000), 0x4, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000100))

[ 2424.005219][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2424.013267][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffd, 0x38, 0xff, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000140)="000000030000c1a1b0831c5658598ed598118fe46250552ddd540001d6a4f2ce5bbb17c9554691db28351acc81f780b66363edd89859011d", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000040))

09:01:59 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r1=>0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000140))
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
syz_io_uring_submit(r2, r1, &(0x7f0000000180)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0x140}, 0x1}, 0xcb5)

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x20c00000, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xe97, 0x10800)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x5, 0x400000)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0xe941, 0x40)
ioctl$SG_GET_ACCESS_COUNT(r3, 0x2289, &(0x7f0000000040))
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000daa000/0x1000)=nil, 0x1000, 0x0, 0x50, r2, 0x0)

09:01:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0xbf56, 0x82002)
ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000080)=0x1)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:59 executing program 0:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x7)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x200580)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x2, 0x0, r1, 0x0, r2}, 0x8)

09:01:59 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x22000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfa010000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x20e4f000, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000280)={0x0, 0x7088}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r1 = syz_io_uring_setup(0x3651, &(0x7f0000000180)={0x0, 0xbbf3, 0x10, 0x2, 0x188}, &(0x7f0000004000/0x3000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000240))
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x2010, r1, 0x10000000)

[ 2424.276921][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2424.284940][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x4000000000, 0x1d9700)
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x3, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000100000000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:01:59 executing program 0:
r0 = io_uring_setup(0x3, &(0x7f0000000000)={0x0, 0x44f4, 0x8, 0x2, 0x3ac})
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x50, r0, 0x0)

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xae790fff, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={0x0, @l2={0x1f, 0xffff, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7, 0x2}, @vsock={0x28, 0x0, 0x3487e10244a85f25, @my=0x0}, @generic={0x4, "87d1085f2ae56d6f2bb067613faf"}, 0x2, 0x0, 0x0, 0x0, 0xe7a, &(0x7f0000000000)='veth0_virt_wifi\x00', 0x212b, 0x6, 0x14de})
mmap$IORING_OFF_SQ_RING(&(0x7f0000d7b000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 5:
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_SET_DEBUG(0xffffffffffffffff, 0x227e, &(0x7f0000000040)=0x1)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0xa55d948028638152, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200008c1}, 0x20044804)

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xfeffffff, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfc010000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x41c93fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4044c0ce}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r1, 0x100, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x7f}, @val={0x8, 0x3, r2}, @void}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000200))
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x1, 0x0})

09:01:59 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
getpeername(0xffffffffffffffff, &(0x7f0000000000)=@ipx, &(0x7f0000000080)=0x80)

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xff0f79ae, 0x31, 0xffffffffffffffff, 0x0)

[ 2424.616254][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2424.624363][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:59 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r0, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x4b}}}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x77}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8}]]}, 0x40}, 0x1, 0x0, 0x0, 0x40094}, 0x4815)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x3f}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x9}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x3f}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0xff}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x5}]}, 0x4c}}, 0x4004800)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$IEEE802154_DISASSOCIATE_REQ(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x10004000)

09:01:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000000040))

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xfffffffe, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x672, &(0x7f0000000200)={0x0, 0x8692, 0x2, 0x1, 0xee, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000280), &(0x7f00000002c0))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x6f51, &(0x7f0000000180)={0x0, 0x2b24, 0x10, 0x1, 0x70, 0x0, r0})

[ 2424.738587][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2424.746587][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2424.761644][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2424.769661][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:01:59 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x1915, &(0x7f0000000000)={0x0, 0xaf76, 0x20, 0x1, 0x2a7}, &(0x7f0000e28000/0x4000)=nil, &(0x7f0000c41000/0x1000)=nil, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x11c, &(0x7f0000000100)=0x1ff, 0x0, 0x4)
r2 = io_uring_setup(0x4c5e, &(0x7f0000000140)={0x0, 0xac0, 0x10, 0x0, 0xb0, 0x0, r0})
syz_io_uring_setup(0x762d, &(0x7f00000001c0)={0x0, 0x33a3, 0x10, 0x0, 0x28c, 0x0, r2}, &(0x7f0000cef000/0x2000)=nil, &(0x7f0000f7c000/0x2000)=nil, &(0x7f0000000240), &(0x7f0000000280))

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xc02000000000, 0x31, 0xffffffffffffffff, 0x0)

09:01:59 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x42000000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfeffffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:01:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x4, 0x0)
ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000000040))

09:01:59 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x200000)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x1e5, 0x4, @scatter={0x1, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)=""/238, 0xee}]}, &(0x7f0000000200)="000000030000c184b4512c9468ceb5ad61ab4e23e097de6d4318497a56e350ddf5f456856c11a148d229b4c4c9e5f41fb9abbc349c5c8d4d8020b81025c5dc0500c4f4ad6aa3e0a31913ca485141608a31bc0c785759d71d064a9e04164bf648ef6bdde55b7653e907fc9ef44e336f18011296807b61f95a3c11c0fbabdc1e49105765a8e050e2b0622fc2939af57735fb8e96fe8f0700e6726d013fc68bd3c03be6ca747d3afc414e61ac212e1ba208d2f18fa37f0bf64bc4f84f068294dd4a22f025f7070e98848c1a484b1369efa20c87c7df262ad74acf2ab9e100ecdc08aa0b0962ba03ff025705d288d6104171f1ef37172f9f31c0916eb431ece0a54bf4cdeace330ba5e9a4d8cf3025163a9426e3dd7cef72d43fdf5f0835a75fe908561f000000000000004f2c595cea5ae129db402f88918866b47cafb9788162eb5e8cc0a04ba816332aad45e2e773f2e15a74ec24428f80549d494af62e2118882c708da3df304056e1404b173183639ca976c68b950487fa0da57be61099609682a159ad4381d67dab39193225df47e582e41505e47e86dc092e1f4af9f261de19c16c7bba94a84efff7da14ab56341566908189f946a2b09509c265e60e24d37991cff624034607813e81e8677000c5a345ec0c3c95ebeb860327b72f478b1ddc5dc05da3", 0x0, 0x6, 0x0, 0x0, 0x0})

09:01:59 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x36f7, &(0x7f0000000000)={0x0, 0xd8d6, 0x4, 0x0, 0x2f4}, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000d86000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:01:59 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x50961d00000000, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 5:
r0 = syz_io_uring_setup(0xf40, &(0x7f0000000040)={0x0, 0x7926, 0x0, 0x80000002, 0x3}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x2fc0, &(0x7f0000000280)={0x0, 0xb264, 0x0, 0x2, 0x8c, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000001000/0x4000)=nil, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x108, &(0x7f0000000380)=0x3, 0x0, 0x4)
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x400c081)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000002c0)={0x53, 0xffffffffffffffff, 0xf3, 0x81, @buffer={0x0, 0x7b, &(0x7f0000000040)=""/123}, &(0x7f0000000100)="7f46ca6b5fca55161059fbeae2a6b0cbbfe1b0fd446f686637ba865031ec363bbf15395ee7d6c2c5749b7415b0f9180118e3596c1dc417d9d19401ffcb64c9fd3f5bdaa116eadf1b3e14818db387580f2cef03e4bfd5402a8b3c8fe1f95413d0e3c422a5bff73576c20b333678db24c7ba5d591c103af40806a57e7aa627af40209589d560476f4e2a0431616f81b8a700e5649d28dec9354c7cb85ed584f0cebc8a906ee62fab6d71e4634a9868b74bcf3ba73e27c2c5795b26b95f0103edd413b278d633588687c48656b2e7a8ae88c14106a0d972333ecfa251bbf99afd09784354812b6151c27fe73f49abab3b1665c6ac", &(0x7f0000000200)=""/94, 0x6, 0x0, 0x2, &(0x7f0000000280)})
ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000340))
r2 = syz_open_dev$sg(&(0x7f0000000380), 0x800, 0x216c01)
ioctl$SCSI_IOCTL_SYNC(r2, 0x4)

09:02:00 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x80000000000000, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x95e00fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x35da, &(0x7f00000000c0)={0x0, 0x854b, 0x1, 0x2, 0x8f, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f0000000000))

09:02:00 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff0f9041}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)

09:02:00 executing program 0:
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)={0xd4, 0x0, 0x8, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x58}}}}, [@NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x1}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x64}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}], @mon_options, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d67ff7006e9f767866ec3ebb6deb9383f1a79d9db395b6fc"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "52e4580bb6e2c5e44b3156731b84b0f603f77eeb37f6695f"}, @NL80211_ATTR_MNTR_FLAGS={0x0, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS, @NL80211_MNTR_FLAG_FCSFAIL, @NL80211_MNTR_FLAG_OTHER_BSS, @NL80211_MNTR_FLAG_CONTROL, @NL80211_MNTR_FLAG_OTHER_BSS]}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}]}, 0xd4}}, 0x40c0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x5c, r0, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1, 0x79}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x7b}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x23}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40880}, 0x8001)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2425.170387][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.178683][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2425.187441][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.195484][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:00 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xf0e42000000000, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)

09:02:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:00 executing program 0:
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1000003, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff0f9941}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2425.363870][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.371884][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2425.397981][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.405990][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:00 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x100000000000000, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 1:
ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000100)={0x0, @generic={0x28, "1ecf2dceb3638740b8be80cb02c7"}, @rc={0x1f, @none, 0x7f}, @isdn={0x22, 0x9, 0x2, 0x0, 0xf7}, 0x1, 0x0, 0x0, 0x0, 0x7fff, &(0x7f0000000040)='veth0_to_bond\x00', 0x2, 0xffff, 0x20})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'batadv_slave_1\x00', <r0=>0x0})
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000004300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000042c0)={&(0x7f0000004240)={0x44, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@GTPA_LINK={0x8, 0x1, r0}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}]}, 0x44}, 0x1, 0x0, 0x0, 0x20014}, 0x20000046)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000ddfa00", 0x0, 0x0, 0x0, 0x0, 0x0})
recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{&(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000200)=""/67, 0x43}, {&(0x7f0000000280)=""/180, 0xb4}, {&(0x7f0000000080)}, {&(0x7f0000000340)=""/5, 0x5}], 0x4}, 0x1}, {{&(0x7f00000003c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000440)}, {&(0x7f0000000480)=""/21, 0x15}], 0x2, &(0x7f0000000500)=""/192, 0xc0}, 0x2}, {{&(0x7f00000005c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000003bc0)=[{&(0x7f0000000640)=""/166, 0xa6}, {&(0x7f0000000700)=""/201, 0xc9}, {&(0x7f00000018c0)=""/69, 0x45}, {&(0x7f0000001940)=""/88, 0x58}, {&(0x7f0000000800)=""/28, 0x1c}, {&(0x7f00000019c0)=""/4096, 0x1000}, {&(0x7f00000029c0)=""/73, 0x49}, {&(0x7f0000002a40)=""/239, 0xef}, {&(0x7f0000002b40)=""/71, 0x47}, {&(0x7f0000002bc0)=""/4096, 0x1000}], 0xa, &(0x7f0000003c80)=""/210, 0xd2}}, {{&(0x7f0000003d80)=@tipc=@id, 0x80, &(0x7f0000003e80)=[{&(0x7f0000003e00)=""/114, 0x72}], 0x1}, 0x35239863}, {{0x0, 0x0, &(0x7f0000003fc0)=[{&(0x7f0000003ec0)=""/3, 0x3}, {&(0x7f0000003f00)=""/77, 0x4d}, {&(0x7f0000003f80)=""/10, 0xa}], 0x3, &(0x7f0000004000)=""/219, 0xdb}, 0x7}], 0x5, 0x12101, 0x0)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)

09:02:00 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x95e21fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 5:
r0 = syz_io_uring_setup(0x6333, &(0x7f00000001c0)={0x0, 0x0, 0x10, 0x0, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000000d80), &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, r1, 0x0)

[ 2425.538458][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.546488][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:00 executing program 5:
r0 = fsmount(0xffffffffffffffff, 0x1, 0x1)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
r1 = syz_io_uring_setup(0x5321, &(0x7f0000000040)={0x0, 0xca03, 0x0, 0x4}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r2 = fsopen(&(0x7f0000000180)='nfsd\x00', 0x1)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240), 0x249000, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000004, 0x810, r3, 0x10000000)
r4 = io_uring_setup(0x14a1, &(0x7f0000000280)={0x0, 0xfc91, 0x10, 0x0, 0x91, 0x0, r1})
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r5, 0x0, 0x0)
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x10000000)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
r8 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r8, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, r8, 0x10000000)
syz_io_uring_submit(0x0, r6, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r7}}, 0x7)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, r7)
fsmount(r2, 0x1, 0xf4)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000001c0)=',,\x00', &(0x7f0000000200)='\x00', 0x0)
syz_io_uring_setup(0x2dbe, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000300), &(0x7f0000000140))

09:02:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x5, 0x20700)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000080))

09:02:00 executing program 0:
r0 = socket(0x5, 0x4, 0x3)
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000), &(0x7f0000000040)=0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)

09:02:00 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x400000000000000, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff0fc037}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 0:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x1e001000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2425.663658][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.671683][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2425.681339][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.689384][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:00 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xfeffffff00000000, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000040))

09:02:00 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x95e90fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 5:
io_uring_setup(0x18, &(0x7f00000000c0)={0x0, 0xa89, 0x20, 0x0, 0x1f1})
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x59e9, &(0x7f0000000180)={0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000001000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400004, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2425.856737][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.864750][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2425.876841][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2425.884938][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:00 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff1f9241}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:00 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xff0f79ae00000000, 0x31, 0xffffffffffffffff, 0x0)

09:02:00 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000040))

09:02:01 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x95f00fff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400004, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2426.031070][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.039100][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2426.048871][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.056890][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:01 executing program 1:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, 0x0, 0x0)
r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x10000000)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r2}}, 0x7)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
syz_io_uring_submit(0x0, r1, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x3, 0x0, @fd_index=0x2, 0x2b, {0x0, r3}, 0xffffffff, 0x8, 0x1}, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x4)

09:02:01 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400004, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:01 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xffff8000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xfff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x20008041}, 0x800)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r3 = syz_open_dev$usbmon(&(0x7f0000000180), 0x8, 0x101000)
ioctl$MON_IOCG_STATS(r3, 0x80089203, &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_setup(0x4163, &(0x7f0000000200)={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xc020)

[ 2426.192593][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.200624][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:01 executing program 1:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x181800)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xec3456568a8c188b, 0x6, 0x0, @scatter={0x0, 0x0, &(0x7f00000004c0)}, &(0x7f00000000c0)="000000030000", 0x0, 0xfffffffe, 0x20, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0xfffffffeffffffff, 0x1)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)

09:02:01 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
connect$packet(r1, &(0x7f0000000180)={0x11, 0x1, 0x0, 0x1, 0x3, 0x6, @broadcast}, 0x14)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x50961d)

09:02:01 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xc020)

09:02:01 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x95ffffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x800000)

09:02:01 executing program 5:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x894c, 0x0)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @scatter={0x8, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/119, 0x77}, {&(0x7f0000000100)=""/18, 0x12}, {&(0x7f0000000140)=""/117, 0x75}, {&(0x7f00000018c0)=""/4090, 0xffa}, {&(0x7f00000001c0)=""/91, 0x5b}, {&(0x7f0000000240)=""/43, 0x2b}, {&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f0000000280)=""/120, 0x78}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x4, 0x0, 0x1, 0x0})

09:02:01 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xffffc000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xc020)

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xf0e420)

09:02:01 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000040), 0xff, 0x201)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @scatter={0x6, 0x0, &(0x7f0000000440)=[{&(0x7f0000000100)=""/217, 0xd9}, {&(0x7f0000000200)=""/153, 0x99}, {&(0x7f00000002c0)=""/212, 0xd4}, {&(0x7f00000003c0)=""/127, 0x7f}, {&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000080)=""/27, 0x1b}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x4, 0x0})
r1 = syz_open_dev$usbmon(&(0x7f00000004c0), 0x44, 0x101480)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f0000000600)={&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000540)=""/174, 0xae})

[ 2426.462024][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.470136][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:01 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x4}, &(0x7f0000ff5000/0xb000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000000180))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xc020)

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x1000000)

[ 2426.562888][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.570917][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2426.587043][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.595104][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:01 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, 0x0, 0x220, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_TID={0xc, 0x3, 0x3}, @GTPA_TID={0xc, 0x3, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010102}, @GTPA_FLOW={0x6, 0x6, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc040}, 0x20000000)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f0000000040))
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_GET_VERSION_NUM(r2, 0x2282, &(0x7f0000000100))
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x4b0100, 0x0)

[ 2426.697649][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.705675][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2426.728668][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.736778][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:01 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfeffffff}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x4000000)

09:02:01 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:01 executing program 1:
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:01 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xffffcf37}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:01 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, <r2=>0x0}, &(0x7f0000000100)=0xc)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, <r3=>0x0}, &(0x7f0000000180)=0xc)
setresgid(0x0, r2, r3)
r4 = getuid()
setresuid(r4, 0x0, 0x0)
r5 = getpid()
shmctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000180)={{0x2, 0xee00, r2, r4, 0xee01, 0x91, 0x4}, 0x98, 0x7f, 0x7fff, 0x58, r5, 0xffffffffffffffff, 0x6})

09:02:01 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x1d965000)

09:02:01 executing program 1:
restart_syscall()
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:01 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:01 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0xfe43, 0x2, 0x0, 0x236}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000001c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x68, r2, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x8001, 0x3d}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)

[ 2426.979596][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2426.987626][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2427.018305][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
09:02:02 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff0fe095}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000100))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:02 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

[ 2427.026395][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x20c00000)

09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x20e4f000)

[ 2427.100822][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.108869][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2427.130322][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.138645][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000040)=0x10000)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x86000, 0x0)
ioctl$SG_GET_PACK_ID(r1, 0x227c, &(0x7f0000000100))

09:02:02 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfffffffe}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:02 executing program 5:
r0 = syz_io_uring_setup(0x4ebd, &(0x7f0000000040)={0x0, 0xff6e}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x8e00, 0x24, 0x0, 0x4000000, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x440b, 0x0, 0x4)

09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xae790fff)

09:02:02 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff0fe995}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 1:
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r1, &(0x7f0000005100)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x20004040)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='d\x00k\x00', @ANYRES16=r0, @ANYBLOB="080029bd7000fcdbdf250700000008002c000200000008003200970000000500370000000000080034000000000008003b000700000008003200ffffffff08003b00ff7fffff05002f000000000005002e00000000000500300003000000"], 0x64}}, 0x10)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x1a3040)
r2 = syz_open_dev$sg(&(0x7f0000000340), 0x1, 0x121040)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffd, 0x6, 0xf7, @scatter={0x9, 0x0, &(0x7f0000000700)=[{&(0x7f0000000240)=""/253, 0xfd}, {&(0x7f00000007c0)=""/74, 0x34}, {&(0x7f0000000380)=""/238, 0xee}, {&(0x7f0000000480)=""/22, 0x1f}, {&(0x7f00000005c0)=""/8}, {&(0x7f0000000580)=""/56, 0x38}, {&(0x7f0000000540)=""/1, 0x1}, {&(0x7f0000000600)=""/71, 0x47}, {&(0x7f0000000680)=""/98, 0x62}]}, &(0x7f00000000c0)="02000002b20c", 0x0, 0x0, 0x10010, 0x3, 0x0})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)

09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xfeffffff)

[ 2427.279659][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.287688][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2427.307465][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.315582][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:02 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x1ce7, &(0x7f0000000180)={0x0, 0x8149, 0x4, 0x0, 0x396})

09:02:02 executing program 0:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:02 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000180), 0x0, 0x400080)
r1 = syz_io_uring_setup(0x3d64, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x1000000, 0x23d, 0x0, r0}, &(0x7f0000003000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f00000001c0))

09:02:02 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xff0f79ae)

09:02:02 executing program 0:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xfffffffe)

09:02:02 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff0ff095}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x0, 0x2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 0:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000100)=0x1)
r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1f, 0x40000)
ioctl$SG_GET_VERSION_NUM(r2, 0x2282, &(0x7f0000000080))
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000280)={0x53, 0xfffffffffffffffe, 0x39, 0x9, @buffer={0x0, 0x91, &(0x7f0000000140)=""/145}, &(0x7f0000000200)="ab603a1bacf85a9d47a80f85076959f67f3161706e877c4625172b0725fc91833ca2c775aa12c98587f52aae01448ec7f3fedb3ab7be18d387", &(0x7f00000018c0)=""/4096, 0x2, 0x7, 0x3, &(0x7f0000000240)})

09:02:02 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x2}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff)

09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xc02000000000)

[ 2427.724677][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.733059][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:02 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000), &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:02 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff1fe295}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000080)={&(0x7f0000000040), &(0x7f0000000100)=""/245, 0xf5})

[ 2427.806483][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.814638][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x50961d00000000)

09:02:02 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x9ab9, 0x0, 0x2}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000002300))
r1 = syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x1e8, &(0x7f0000000300)={0x0, 0x4621, 0x20, 0x3, 0x372, 0x0, r0})
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
syz_io_uring_setup(0x101, &(0x7f0000000180)={0x0, 0xf70, 0x20, 0x1, 0x14b, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000240))

09:02:02 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x4}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2427.904647][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.912661][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2427.933828][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2427.941965][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:02 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x80, 0x115881)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
io_uring_setup(0x6d06, &(0x7f0000000100)={0x0, 0x9d, 0x0, 0x3, 0x3bf, 0x0, r1})
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:02 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x80000000000000)

09:02:03 executing program 0:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfffffffe}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2428.074287][T12064] ==================================================================
[ 2428.082415][T12064] BUG: KCSAN: data-race in compact_zone / compact_zone
[ 2428.089265][T12064] 
[ 2428.091594][T12064] write to 0xffff88823fffad90 of 8 bytes by task 12076 on cpu 0:
[ 2428.099302][T12064]  compact_zone+0x1496/0x1d30
[ 2428.104410][T12064]  try_to_compact_pages+0x317/0x850
[ 2428.109601][T12064]  __alloc_pages_direct_compact+0x61/0x330
[ 2428.115405][T12064]  __alloc_pages_slowpath+0x5d4/0xb70
[ 2428.120771][T12064]  __alloc_pages+0x25e/0x320
[ 2428.125353][T12064]  alloc_pages+0x21d/0x310
[ 2428.129767][T12064]  __get_free_pages+0x8/0x30
[ 2428.134351][T12064]  io_uring_create+0x887/0x18d0
[ 2428.139196][T12064]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2428.144657][T12064]  do_syscall_64+0x4a/0x90
[ 2428.149104][T12064]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2428.155000][T12064] 
[ 2428.157314][T12064] read to 0xffff88823fffad90 of 8 bytes by task 12064 on cpu 1:
[ 2428.165024][T12064]  compact_zone+0x1472/0x1d30
[ 2428.169711][T12064]  try_to_compact_pages+0x317/0x850
[ 2428.174902][T12064]  __alloc_pages_direct_compact+0x61/0x330
[ 2428.180705][T12064]  __alloc_pages_slowpath+0x5d4/0xb70
[ 2428.186076][T12064]  __alloc_pages+0x25e/0x320
[ 2428.190672][T12064]  alloc_pages+0x21d/0x310
[ 2428.195135][T12064]  __get_free_pages+0x8/0x30
[ 2428.199718][T12064]  io_uring_create+0x887/0x18d0
[ 2428.204570][T12064]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2428.210220][T12064]  do_syscall_64+0x4a/0x90
[ 2428.214641][T12064]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2428.220531][T12064] 
09:02:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
process_vm_readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000100)=""/241, 0xf1}], 0x2, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/33, 0x21}, {&(0x7f0000000200)=""/127, 0x7f}, {&(0x7f0000000280)=""/125, 0x7d}, {&(0x7f0000000300)=""/123, 0x7b}, {&(0x7f0000000380)=""/45, 0x2d}, {&(0x7f00000003c0)=""/213, 0xd5}, {&(0x7f00000028c0)=""/4096, 0x1000}], 0x7, 0x0)
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r3, 0x0, 0x0)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x10000000)
shmget(0x0, 0x4000, 0x2, &(0x7f0000ffa000/0x4000)=nil)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r5}}, 0x7)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000580), 0x280400, 0x0)
r6 = fsmount(r3, 0x0, 0xfd)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000540)=@IORING_OP_OPENAT={0x12, 0x1, 0x0, r6, 0x0, &(0x7f0000000740)='./file0\x00', 0x8d, 0x61002, 0x0, {0x0, r5}}, 0x101)

09:02:03 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
shmget(0x1, 0x2000, 0x400, &(0x7f0000ffe000/0x2000)=nil)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2428.222841][T12064] value changed: 0x00000000001e5200 -> 0x00000000001ed600
[ 2428.229934][T12064] 
[ 2428.232712][T12064] Reported by Kernel Concurrency Sanitizer on:
[ 2428.239626][T12064] CPU: 1 PID: 12064 Comm: syz-executor.3 Not tainted 5.13.0-rc7-syzkaller #0
[ 2428.248383][T12064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2428.258614][T12064] ==================================================================
09:02:03 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xf0e42000000000)

09:02:03 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x80000000000000)

[ 2428.355140][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2428.363338][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2428.377835][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2428.385853][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:03 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xff3fc941}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:03 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x80000000000000)

09:02:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000040))
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)

09:02:03 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x7}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:03 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x100000000000000)

09:02:03 executing program 5:
syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x2, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
sendto$packet(r0, &(0x7f0000000280)="fc3c0b3a6adc7f3fcd1b188088e44c5a1bcaa8b0585a77844e8d5b3f416f9e180a6bdaba3ad7f5687b3186385617a82f9c938f74867b70139559480f02c8530046a766201720", 0x46, 0x10, &(0x7f0000000300)={0x11, 0xf5, 0x0, 0x1, 0x4, 0x6, @local}, 0x14)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008081}, 0x44810)

[ 2428.607344][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2428.615371][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:03 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x80000000000000)

[ 2428.662271][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2428.670814][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040)=0x1)

09:02:03 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r4=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x4}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x40001)
ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000180))
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r1, 0x10000000)

09:02:03 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:03 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x400000000000000)

09:02:03 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xffff8000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2428.835577][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2428.843942][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2428.855668][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2428.863775][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:03 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket(0xf, 0x80000, 0x10000)
recvmsg(r1, &(0x7f0000000280)={&(0x7f0000000040)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000100)=""/64, 0x40}, {&(0x7f0000000140)=""/240, 0xf0}], 0x2, &(0x7f00000018c0)=""/4096, 0x1000}, 0x22)

[ 2428.977313][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2428.985444][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:04 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xfeffffff00000000)

[ 2429.019030][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
09:02:04 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000040)=0x1)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffb, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x4, 0x0, 0x0})
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3)

09:02:04 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x8}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2429.019051][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:04 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

[ 2429.149753][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2429.157782][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2429.175996][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2429.184103][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:04 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r2 = mmap$IORING_OFF_SQES(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1, 0x8010, r0, 0x10000000)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
io_uring_setup(0x9, &(0x7f00000002c0)={0x0, 0xcdcb, 0x4, 0x1, 0x302})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r3, 0x0, 0x0)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x10000000)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r6, 0x9205)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r6, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10004}, 0x8000000)
syz_io_uring_submit(0x0, r4, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r5}}, 0x7)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x5)
r7 = syz_io_uring_setup(0x23ea, &(0x7f0000000180)={0x0, 0xca9, 0x4, 0x1, 0x28e, 0x0, r1}, &(0x7f0000002000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)

09:02:04 executing program 1:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000080), 0xff, 0x88903)
ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000000c0)={0x0, @nl=@kern={0x10, 0x0, 0x0, 0x2000}, @ax25={0x3, @bcast, 0x4}, @nfc={0x27, 0x0, 0x2, 0x4}, 0x7fff, 0x0, 0x0, 0x0, 0x101, &(0x7f0000000040)='team_slave_0\x00', 0xbf6, 0x4, 0x4})
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000240))
syz_io_uring_setup(0x492c, &(0x7f0000000140)={0x0, 0x621, 0x20, 0x1, 0x265, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)

09:02:04 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:04 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0xff0f79ae00000000)

09:02:04 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xffffc000}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:04 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:04 executing program 1:
socket(0x0, 0xc, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000780)=0x1)
clock_gettime(0x0, &(0x7f00000007c0)={<r1=>0x0, <r2=>0x0})
recvmmsg(r0, &(0x7f00000029c0)=[{{&(0x7f0000000100)=@tipc, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/27, 0x1b}, {&(0x7f00000001c0)=""/203, 0xcb}, {&(0x7f00000018c0)=""/4096, 0x1000}], 0x3}, 0x9}, {{&(0x7f0000000300)=@l2, 0x80, &(0x7f0000000540)=[{&(0x7f0000000380)=""/200, 0xc8}, {&(0x7f0000000480)=""/29, 0x1d}, {&(0x7f00000004c0)=""/95, 0x5f}], 0x3}, 0x7}, {{&(0x7f0000000580)=@vsock, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/169, 0xa9}], 0x1}}, {{&(0x7f0000000700)=@phonet, 0x80, &(0x7f0000000780), 0x0, &(0x7f00000028c0)=""/214, 0xd6}}], 0x4, 0x1, &(0x7f0000000800)={r1, r2+10000000})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @empty, @rand_addr=0x64010102}, 0xc)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x24200, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r4, 0x5381)

09:02:04 executing program 2:
clock_gettime(0x0, &(0x7f0000002dc0)={<r0=>0x0, <r1=>0x0})
recvmmsg(0xffffffffffffffff, &(0x7f0000002cc0)=[{{&(0x7f0000000100)=@nfc, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)=""/248, 0xf8}], 0x1, &(0x7f00000002c0)=""/4, 0x4}, 0xe0}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/44, 0x2c}, {&(0x7f0000001340)=""/108, 0x6c}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f00000023c0)=""/5, 0x5}, {&(0x7f0000002400)=""/4, 0x4}, {&(0x7f0000002440)=""/56, 0x38}, {&(0x7f0000002480)=""/55, 0x37}, {&(0x7f00000024c0)=""/7, 0x7}], 0x9, &(0x7f00000025c0)=""/8, 0x8}, 0x7}, {{&(0x7f0000002600)=@ax25={{0x3, @netrom}, [@netrom, @rose, @null, @netrom, @bcast, @default, @rose, @bcast]}, 0x80, &(0x7f00000027c0)=[{&(0x7f0000002680)=""/89, 0x59}, {&(0x7f0000002700)=""/159, 0x9f}], 0x2, &(0x7f0000002800)=""/70, 0x46}, 0x5}, {{&(0x7f0000002880)=@l2tp={0x2, 0x0, @dev}, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002900)=""/209, 0xd1}, {&(0x7f0000002a00)=""/154, 0x9a}, {&(0x7f0000002ac0)=""/192, 0xc0}, {&(0x7f0000002b80)=""/230, 0xe6}], 0x4}, 0x401}], 0x4, 0x40000000, &(0x7f0000002e00)={r0, r1+60000000})
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @void, @val={0xc, 0x99, {0x7fff, 0x9}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x15f676daf13255a2)
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000002e40)=0x2, 0x4)

09:02:04 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80)=<r1=>0x0, &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x10000000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
r5 = fsmount(r2, 0x1, 0x8b)
ioctl$SG_EMULATED_HOST(r5, 0x2203, &(0x7f00000002c0))
syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r4}}, 0x7)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r6, 0x0, 0x0)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x10000000)
syz_io_uring_submit(0x0, r7, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x3, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x77359400}}, 0x81)
ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f0000000240)={0x0, @nfc={0x27, 0x1, 0x0, 0x1}, @phonet={0x23, 0xf6, 0x7, 0x1}, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x200}, 0x2, 0x0, 0x0, 0x0, 0x1ff, &(0x7f0000000200)='veth0_to_batadv\x00', 0x6, 0x9, 0x80})

09:02:04 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xffffff95}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2429.513105][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2429.521120][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2429.545792][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2429.554311][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:04 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:04 executing program 1:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
shmget(0x0, 0x3000, 0x2, &(0x7f0000ffa000/0x3000)=nil)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)

09:02:04 executing program 2:
ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={0x0, @phonet={0x23, 0x1, 0xce}, @tipc=@nameseq={0x1e, 0x1, 0x2, {0x41}}, @ipx={0x4, 0xffff, 0x800, "718d406b5681"}, 0x1000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5, 0x1, 0xfc43})
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000d92000/0x2000)=nil, 0x2000, 0x100000f, 0x31, 0xffffffffffffffff, 0x0)

09:02:04 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:04 executing program 5:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r0=>0x0})
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000ffdbdf253800000008000300", @ANYRES32=r0, @ANYBLOB="0cd6f3cb306e37009900020000000e0000000c0058006f000000000000000c0081ffffffffffffff000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x4040014}, 0x4c)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x2, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:04 executing program 0:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:04 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0xfffffffe}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:04 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x26, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:04 executing program 0:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:04 executing program 2:
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x30, r0, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x44004)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0x30, r1, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0x1}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0x4}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8040}, 0x4)
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x3c, r3, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_SECLEVEL={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x80}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x67}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa0}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040000}, 0x20004840)
fstat(r2, &(0x7f0000000080))
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2)
r5 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYRESOCT=r2, @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf253800000008000300", @ANYBLOB="492c200b99c64369d226c7b4a359213836b84168679df538562abbbea97d40ef73144a3157c4e8181498d34a9d89243b", @ANYBLOB="0300000c005800117788a8430000d00b0000e0000000000000000000c0208eba979150c54aa7b680c2486458122f86ec995d6a00"/61], 0x34}, 0x1, 0x0, 0x0, 0x20000005}, 0xb5b61b1b7cefafb4)

09:02:04 executing program 1:
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000080)='\x00', &(0x7f0000000100), 0x0)
r0 = fsopen(&(0x7f0000000100)='ext2\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)=':\\-{\x00', &(0x7f0000000180)='/dev/sg#\x00', 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={0x28, r2, 0xfffffffffffffffd, 0x0, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x4}}}}}, 0x28}}, 0x8040)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x50}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00ea00", @ANYRES16=r2, @ANYBLOB="000300000000ffdbdf25380000000800030071ee057d2a3c995471bf83a9d12d0a9472f5f6325cafa79d3f3267b46c170f21f3b87350f3a9ca189049becbab000e3c2360e01d9ac5f951e85e63a80797074e96ebbc6eafcbb4182f68c1329d3c9e871404c35c95bad5d11aff213ee4b51e01fd51ad7a594d40b977c300335a071c0131465a2bb08f88f42725f8f10a4091aff00f5db66fb917efacd93f9f1243c430e1c433f7412fb3eddd5052ad6a6beabc8d907fc7cd1f77551fe3ece54e77f5", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x20000040)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x200480)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000840)={0x53, 0xffffffffffffffff, 0x6, 0x0, @scatter={0x0, 0x0, &(0x7f0000000100)}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x6, 0x2800)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
ioctl$SG_GET_SG_TABLESIZE(r4, 0x227f, &(0x7f0000000040))

09:02:04 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x22}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:05 executing program 0:
syz_io_uring_setup(0x353a, 0x0, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:05 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x40010, r1, 0x10000000)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r2 = syz_open_dev$usbmon(&(0x7f0000000180), 0x100, 0x210201)
ioctl$MON_IOCT_RING_SIZE(r2, 0x9204, 0x985ea)

09:02:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x80003)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:05 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000), &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:05 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0), &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2430.194080][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2430.202542][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xffffffffffffffff, 0xc6, 0x0, @scatter={0x5, 0x0, &(0x7f00000003c0)=[{&(0x7f00000008c0)=""/4096, 0x1000}, {&(0x7f0000000040)=""/10, 0xa}, {&(0x7f0000000080)=""/16, 0x10}, {&(0x7f0000000200)=""/129, 0x81}, {&(0x7f00000002c0)=""/247, 0xf7}]}, &(0x7f0000000100)="0000008c3367eaa60949f4e0718d6da8486f3a668e170f3ecf46dd06a896cc7835c38f8533475710b5fbd8a1174cae02a462f5b5179e879cf59f64bf1953a9bbfc312e1631216e18de53c0a5073d93ac43d080a939d25ce450ec31863dd5ec66eed5b9fb96ec39bf9761963f263322342a01ab942a3dc19245748e6dcbe6bdaa77ab3837cfdb11030c52afde0e6e7352ef8aff0a7e6cbd618a4a6f8e6ae45be708307e9acc0d8fdc60dc053f93166727df4e1cb6c790ea625782c4e8bd78ef147d1e35780247", 0x0, 0x4007, 0x0, 0x4, 0x0})

09:02:05 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0xffffffffffffffff, 0x10, &(0x7f0000000080)={0x3})

09:02:05 executing program 5:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x200000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000180)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index=0x1, 0x9, 0x0, 0x0, 0x1}, 0xf6)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:05 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x42}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2430.312494][    C0] sd 0:0:1:0: [sg0] tag#7071 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 2430.322864][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB: Test Unit Ready
[ 2430.329470][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[00]: 00 00 00 8c 33 67 ea a6 09 49 f4 e0 71 8d 6d a8
[ 2430.339206][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[10]: 48 6f 3a 66 8e 17 0f 3e cf 46 dd 06 a8 96 cc 78
[ 2430.348860][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[20]: 35 c3 8f 85 33 47 57 10 b5 fb d8 a1 17 4c ae 02
[ 2430.358593][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[30]: a4 62 f5 b5 17 9e 87 9c f5 9f 64 bf 19 53 a9 bb
[ 2430.368292][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[40]: fc 31 2e 16 31 21 6e 18 de 53 c0 a5 07 3d 93 ac
[ 2430.378034][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[50]: 43 d0 80 a9 39 d2 5c e4 50 ec 31 86 3d d5 ec 66
[ 2430.387683][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[60]: ee d5 b9 fb 96 ec 39 bf 97 61 96 3f 26 33 22 34
[ 2430.397325][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[70]: 2a 01 ab 94 2a 3d c1 92 45 74 8e 6d cb e6 bd aa
09:02:05 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000), &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

[ 2430.406886][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[80]: 77 ab 38 37 cf db 11 03 0c 52 af de 0e 6e 73 52
[ 2430.416866][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[90]: ef 8a ff 0a 7e 6c bd 61 8a 4a 6f 8e 6a e4 5b e7
[ 2430.426443][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[a0]: 08 30 7e 9a cc 0d 8f dc 60 dc 05 3f 93 16 67 27
[ 2430.436011][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[b0]: df 4e 1c b6 c7 90 ea 62 57 82 c4 e8 bd 78 ef 14
[ 2430.445564][    C0] sd 0:0:1:0: [sg0] tag#7071 CDB[c0]: 7d 1e 35 78 02 47
09:02:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x4, 0x0, 0x0, 0x0})

09:02:05 executing program 0:
syz_io_uring_setup(0x353a, &(0x7f0000000000), &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)

09:02:05 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
syz_open_dev$vcsa(&(0x7f0000000600), 0x0, 0x4581)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:05 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
write$vga_arbiter(0xffffffffffffffff, &(0x7f00000001c0)=@other={'trylock', ' ', 'io'}, 0xb)
syz_open_dev$vcsa(&(0x7f0000000180), 0x7fffffff, 0x802)

09:02:05 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381)

[ 2430.818172][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2430.826304][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2430.838517][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2430.846727][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:05 executing program 1:
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'syztnl2\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x10, 0x7891, 0x1f, 0x7, {{0x9, 0x4, 0x0, 0x4, 0x24, 0x67, 0x0, 0x4c, 0x2f, 0x0, @multicast1, @remote, {[@rr={0x7, 0xf, 0xfc, [@rand_addr=0x64010100, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}})
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x9, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0xb5, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000100)="000000030000e2c1287d01f43f4385fb4f7edd14e8d7bfe3dfd55fa10d85af296e9590d3401e0b7bbe6adce397b047e1a85b1b63389b9cfd53ea08116b8d34ba3c5f19e98eae66b79f4818c73cdbd869512eb48f61faa8e30cd704969a46992121d3874578081335264b4002e207da532a44f50373ceb6c07e536e92aa86e30836e6ec3afe6110a5d8d5b4e8ea3b0ebcbba43387b09e7a0bb367458f57a4d3e4968b7fa9e699e6f82aded7d5e86e2b997af1831496", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:06 executing program 2:
r0 = syz_io_uring_setup(0x200353c, &(0x7f0000000000)={0x0, 0xd2bd, 0x20, 0x2, 0x40000000}, &(0x7f0000f0d000/0x4000)=nil, &(0x7f0000f81000/0x2000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1)
socket$inet_udplite(0x2, 0x2, 0x88)
io_uring_setup(0x4e4e, &(0x7f0000000240)={0x0, 0x5c21, 0x20, 0x1, 0x1b6})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000080)={0x0, 0x95d, 0x54, 0x27f85448000, 0xfff, 0x4, 0x8, 0x1}, &(0x7f00000000c0)={0xff, 0x2, 0x40000000000001f, 0x2, 0x1ff, 0x4, 0x6, 0x927}, &(0x7f0000000100)={0x8, 0xfffffffffffffffc, 0x20080000000, 0x5, 0x0, 0x5, 0x84, 0xcb7c}, &(0x7f0000000140), &(0x7f00000001c0)={&(0x7f0000000180)={[0xffff]}, 0x8})

09:02:06 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x2}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x101002)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000100))
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0)

09:02:06 executing program 5:
getpeername$packet(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2431.413507][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2431.421643][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2431.430101][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2431.438113][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:06 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x60}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:06 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
write$vga_arbiter(0xffffffffffffffff, &(0x7f00000001c0)=@other={'trylock', ' ', 'io'}, 0xb)
syz_open_dev$vcsa(&(0x7f0000000180), 0x7fffffff, 0x802)

09:02:06 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa23, 0x101000)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffb, 0x6, 0xfd, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)

09:02:06 executing program 2:
r0 = syz_io_uring_setup(0x4881, &(0x7f0000000680)={0x0, 0x47c4, 0x4, 0x0, 0x1e}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
getsockname(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f00000005c0)=0x80)
r2 = syz_io_uring_setup(0x702a, &(0x7f0000000400)={0x0, 0xc42d, 0x1, 0x2, 0x27, 0x0, r0}, &(0x7f0000de2000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000480), &(0x7f00000004c0))
mmap$IORING_OFF_SQES(&(0x7f0000d37000/0x1000)=nil, 0x1000, 0x9, 0x20010, r2, 0x10000000)
r3 = syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x1b3}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000100))
syz_io_uring_setup(0x13a8, &(0x7f0000000280)={0x0, 0xbcc8, 0x20, 0x2, 0x38f, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000c95000/0x1000)=nil, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000340))
syz_io_uring_submit(r5, 0x0, &(0x7f00000003c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x3f, 0x3, &(0x7f0000000380)="e33efb649a0cc03f79eaf410a46bccec28e72521595f", 0xd4a}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'batadv_slave_0\x00', <r6=>0x0})
syz_io_uring_submit(r4, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000080)=0x1, 0x0, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x3caa, &(0x7f00000001c0)={0x0, 0xa0bf, 0x2, 0x0, 0x2d2, 0x0, r3}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000240))
getpid()
r7 = socket$inet(0x2, 0xa, 0x2)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000001bc0)={'syztnl0\x00', &(0x7f0000001b00)=ANY=[@ANYBLOB="e6ae7a746e6c30000000000000000000", @ANYRES32=<r8=>r6, @ANYBLOB="070000010000000600000006420800880066000004299078ac141444ac1414aa0001862c000000030407a002810ff1070ae6e07a2f11877a2f010d83197470d7926cbf61035606032c070590f6b2444497830a010102000000047f0000010000007fac1414aa00000003ffffffff00000002ac1414bb00000002ffffffff000007f30a010102fffffffe0a01010100005fb00101"]})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000640)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r2}, 0x9)
setsockopt$inet_pktinfo(r7, 0x0, 0x8, &(0x7f0000001c00)={r8, @private=0xa010102, @rand_addr=0x64010102}, 0xc)

09:02:06 executing program 5:
r0 = syz_io_uring_setup(0x5328, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x4000000}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2431.762898][T12510] ==================================================================
[ 2431.770992][T12510] BUG: KCSAN: data-race in compact_zone / compact_zone
[ 2431.777839][T12510] 
[ 2431.780223][T12510] write to 0xffff88823fffad90 of 8 bytes by task 12503 on cpu 1:
[ 2431.787929][T12510]  compact_zone+0x1496/0x1d30
[ 2431.792598][T12510]  try_to_compact_pages+0x317/0x850
[ 2431.797780][T12510]  __alloc_pages_direct_compact+0x61/0x330
[ 2431.803663][T12510]  __alloc_pages_slowpath+0x5d4/0xb70
[ 2431.809023][T12510]  __alloc_pages+0x25e/0x320
[ 2431.813642][T12510]  alloc_pages+0x21d/0x310
[ 2431.818052][T12510]  __get_free_pages+0x8/0x30
[ 2431.822633][T12510]  io_uring_create+0x887/0x18d0
[ 2431.827475][T12510]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2431.832925][T12510]  do_syscall_64+0x4a/0x90
[ 2431.837335][T12510]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2431.843232][T12510] 
[ 2431.845541][T12510] read to 0xffff88823fffad90 of 8 bytes by task 12510 on cpu 0:
[ 2431.853161][T12510]  compact_zone+0x1472/0x1d30
[ 2431.857988][T12510]  try_to_compact_pages+0x317/0x850
[ 2431.863195][T12510]  __alloc_pages_direct_compact+0x61/0x330
[ 2431.868996][T12510]  __alloc_pages_slowpath+0x29a/0xb70
[ 2431.874381][T12510]  __alloc_pages+0x25e/0x320
[ 2431.878954][T12510]  alloc_pages+0x21d/0x310
[ 2431.883358][T12510]  __get_free_pages+0x8/0x30
[ 2431.887932][T12510]  io_uring_create+0x887/0x18d0
[ 2431.892772][T12510]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2431.898218][T12510]  do_syscall_64+0x4a/0x90
[ 2431.902812][T12510]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2431.908905][T12510] 
09:02:06 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000000080), 0x9, 0x10000)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x7fffffff)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x40000)
ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f0000000140))
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f0000000040)=0x33)

[ 2431.911228][T12510] value changed: 0x000000000021ac00 -> 0x0000000000228400
[ 2431.918409][T12510] 
[ 2431.920808][T12510] Reported by Kernel Concurrency Sanitizer on:
[ 2431.926946][T12510] CPU: 0 PID: 12510 Comm: syz-executor.2 Not tainted 5.13.0-rc7-syzkaller #0
[ 2431.935690][T12510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2431.945818][T12510] ==================================================================
09:02:07 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_setup(0x145b, &(0x7f00000001c0)={0x0, 0x310f, 0x0, 0x2, 0x1bf}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0x180, r4, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_RULES={0x48, 0x22, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x5}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x6}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x3ff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x80000000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x8c}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x1}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x401}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xffffff24}]}]}, @NL80211_ATTR_REG_RULES={0xb8, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xf0}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x5}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x60}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7f}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x42}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7ff}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x6086}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xdf}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x2}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x4}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xe2}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x57}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xfffff001}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_RULES={0x44, 0x22, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x9}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xb976}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x3}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x401}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7}]}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2f}]}, 0x180}, 0x1, 0x0, 0x0, 0x8840}, 0x4040810)
syz_io_uring_submit(r2, r1, &(0x7f0000000300)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x3938700}, 0x1, 0x1}, 0xffffffff)

09:02:07 executing program 0:
getpeername$packet(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:07 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x4}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2432.076602][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2432.084649][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2432.109922][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2432.117937][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @scatter={0x9, 0x0, &(0x7f0000000540)=[{&(0x7f0000000040)=""/94, 0x5e}, {&(0x7f0000000100)=""/32, 0x20}, {&(0x7f0000000140)=""/234, 0xea}, {&(0x7f0000000240)=""/93, 0x5d}, {&(0x7f00000002c0)=""/47, 0x2f}, {&(0x7f0000000300)=""/242, 0xf2}, {&(0x7f0000000400)=""/187, 0xbb}, {&(0x7f00000004c0)=""/38, 0x26}, {&(0x7f0000000500)=""/45, 0x2d}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x30, 0x0, 0x0})

[ 2432.266001][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2432.274026][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x408800)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x4, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000080)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f00000018c0)=ANY=[@ANYBLOB="0010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000099f6a9ade1866b900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000521f4c2392512f3d00"/4092])
syz_open_dev$sg(&(0x7f0000000040), 0x8, 0x48040)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fstat(r1, &(0x7f0000000100))

09:02:07 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
syz_io_uring_setup(0x5c6b, &(0x7f0000000280)={0x0, 0x58a4, 0x10, 0x0, 0x1e4, 0x0, r1}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000340))
r4 = mmap$IORING_OFF_SQES(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x1, 0x40010, r0, 0x10000000)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x10003, 0x0)
waitid$P_PIDFD(0x3, r5, 0x0, 0x80000000, 0x0)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r6, 0x0, 0x0)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x10000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r8}}, 0x7)
syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000003000/0x1000)=nil, 0x1000, 0x2, 0x0, {0x0, r8}}, 0x7)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
syz_io_uring_setup(0x5f48, &(0x7f0000000180)={0x0, 0xea60, 0x0, 0x3, 0x2ab, 0x0, r2}, &(0x7f0000002000/0x3000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000240))

09:02:07 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x1fa}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:07 executing program 2:
syz_io_uring_setup(0x3913, &(0x7f0000000000)={0x0, 0x47c7, 0x0, 0x0, 0x1ab}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x10000000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205)
sendmsg$TIPC_NL_MON_GET(r5, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)={0x27c, 0x0, 0x2, 0x70bd2d, 0x2, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x100}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}, @TIPC_NLA_LINK={0x8c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9756}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ee}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_MEDIA={0x60, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffd}]}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffc1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xde86}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x14340}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "e47ebe850a769c6e3cb6f1238505a213f215a76be6f5a322ceb281a7"}}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "ecf3803d307d88d34b776cbd1294236924effa256f0ea9d6c5149685821c22"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xff}]}, @TIPC_NLA_NET={0x58, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x240}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x101}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1000}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x8800}, 0x40)
syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r4}}, 0x7)
r6 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fce000/0x1000)=nil, 0x1000, 0x2000004, 0x20010, r0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000100)=@IORING_OP_SEND={0x1a, 0x2, 0x0, r6, 0x0, &(0x7f0000000080)="73d2a0b0de779e3fcffcfabdeca4e0dfd6167eccdf2d64ded56c12ca4c7b2d84681e75c8636a10d4d9da074f58255e7ed9f9d8cdaf38b6ba9bd1f3a738de7627a827bf95c5d7654fed1e989acf9035", 0x4f, 0x40800, 0x1}, 0x7)
r7 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r7, 0x9205)
getsockname(r7, &(0x7f0000000500)=@rc, &(0x7f0000000580)=0x80)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:07 executing program 0:
getpeername$packet(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:07 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan4\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000040}, 0x40091)

[ 2432.717079][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2432.725100][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2432.743217][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2432.751233][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:07 executing program 0:
getpeername$packet(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:07 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

09:02:07 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x5}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:07 executing program 1:
shmat(0xffffffffffffffff, &(0x7f0000ffd000/0x2000)=nil, 0x4000)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x80800)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x6, 0x800)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000440))
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$SG_GET_VERSION_NUM(r2, 0x2282, &(0x7f0000000340))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @scatter={0x4, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)=""/52, 0x34}, {&(0x7f0000000100)=""/179, 0xb3}, {&(0x7f00000001c0)=""/37, 0x25}, {&(0x7f0000000200)=""/233, 0xe9}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f0000000480)=0x9)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
sendto$packet(r3, &(0x7f0000000380)="d4e0d0030d7c2df336f1e5ff3f3ffc14b46756bce03867370314684f485409f5762e184ee639294cded955423f478553d8469d794f0ea3511c1b6584734e38330dd4622d7cd7b80c3cad5babca94deab717eaae9cb5e4e3e92549c88ea27430e505adec076aedaca55a48cd38ca5e564ca42dcbc4662", 0x76, 0x4000000, &(0x7f0000000400)={0x11, 0xf5, 0x0, 0x1, 0xf8, 0x6, @remote}, 0x14)

09:02:08 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xa8, 0x0, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

[ 2433.143421][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2433.151456][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2433.176852][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2433.184899][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x72142)
fsopen(&(0x7f0000000080)='squashfs\x00', 0x1)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000000))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:08 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000280))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000300))
r1 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000180)=""/228)
r2 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$IPC_RMID(r2, 0x0)

09:02:08 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

09:02:08 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x1fc}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x100, 0x210001)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SG_SCSI_RESET(0xffffffffffffffff, 0x2284, 0x0)

09:02:08 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7, 0x1}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:08 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x7}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:08 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

09:02:08 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}, 0x3f)

[ 2433.662421][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2433.670533][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2433.681365][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2433.690066][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:08 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0xfffffffffffffffc, 0x6, 0x0, @scatter={0x7, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/233, 0xe9}, {&(0x7f0000000200)=""/175, 0xaf}, {&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f00000002c0)=""/70, 0x46}, {&(0x7f0000000340)=""/205, 0xcd}, {&(0x7f0000000440)=""/154, 0x9a}, {&(0x7f0000000500)=""/116, 0x74}]}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:08 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000d8c000/0x1000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:09 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

09:02:09 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000000180))
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
r3 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
waitid$P_PIDFD(0x3, r3, &(0x7f00000001c0), 0x1, &(0x7f0000000240))

09:02:09 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x202}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:09 executing program 1:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
getsockname(r0, &(0x7f0000000240)=@can={0x1d, <r1=>0x0}, &(0x7f00000002c0)=0x80)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r0, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x68, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}]}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x68}, 0x1, 0x0, 0x0, 0x8001}, 0x4810)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f0000000040)="000000030000", 0x0, 0x0, 0x10004, 0x1, 0x0})

09:02:09 executing program 2:
syz_io_uring_setup(0x8000353a, &(0x7f0000000000)={0x0, 0x147ca, 0x0, 0x0, 0x266}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000080)=0x40, 0x0, 0x4)

09:02:09 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2, 0x20}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300)=<r1=>0x0)
r2 = syz_io_uring_setup(0x758e, &(0x7f00000000c0)={0x0, 0xa2f2, 0x24, 0xfffffffc, 0x23e, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000003000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x2, 0x4007, @fd=r0, 0x800, 0x6, 0x4, 0x4, 0x1}, 0x7)

09:02:09 executing program 1:
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000000040), &(0x7f0000000080)=0x10)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0xa00, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x404c010)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381)

09:02:09 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x8}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:09 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2434.481860][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2434.489900][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2434.502514][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2434.510551][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:09 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x78, 0x0, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x1}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x3f}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xa1c878d1afe82f07}]}, 0x78}, 0x1, 0x0, 0x0, 0x4851}, 0xc044)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)

09:02:09 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000080)={0x0, 0x47c7, 0x0, 0x1}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000ca0000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r1, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_SHORT_ADDR={0x6}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x20008045}, 0x8000)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x4)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0xa, 0x0, 0x0)

09:02:09 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
r1 = syz_io_uring_setup(0x3988, &(0x7f0000000180)={0x0, 0x33a8, 0x20, 0x2, 0x20f, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10010, r1, 0x0)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:09 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000040))

09:02:09 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x204}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2434.800561][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2434.808605][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2434.817700][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2434.825708][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:09 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:09 executing program 1:
clock_gettime(0x7, &(0x7f00000008c0))
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x490200)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffd, 0x6, 0x0, @scatter={0xa, 0x0, &(0x7f0000000780)=[{&(0x7f0000000040)=""/110, 0x6e}, {&(0x7f0000000100)=""/210, 0xd2}, {&(0x7f0000000200)=""/175, 0xaf}, {&(0x7f00000002c0)=""/224, 0xe0}, {&(0x7f00000003c0)=""/192, 0xc0}, {&(0x7f0000000480)=""/149, 0x95}, {&(0x7f0000000540)=""/103, 0x67}, {&(0x7f00000005c0)=""/160, 0xa0}, {&(0x7f0000000680)=""/90, 0x5a}, {&(0x7f0000000700)=""/111, 0x6f}]}, &(0x7f00000000c0)="000000030000", 0x0, 0xffffffff, 0x0, 0x0, 0x0})

09:02:09 executing program 2:
r0 = syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000c5e000/0x2000)=nil, 0x2000, 0xf, 0x11, r1, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000e8f000/0x1000)=nil, 0x1000, 0x8, 0x80010, r0, 0x10000000)

09:02:09 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x10}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x0, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:10 executing program 5:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, 0x0, 0x0)
r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x10000000)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r2)
syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r2}}, 0x7)
recvmsg(r0, &(0x7f0000000a40)={&(0x7f0000000680)=@pppol2tpin6={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000700)=""/203, 0xcb}, {&(0x7f0000000800)=""/16, 0x10}, {&(0x7f0000000840)=""/153, 0x99}], 0x3, &(0x7f0000000940)=""/239, 0xef}, 0x40012000)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), r3)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
syz_io_uring_submit(0x0, r1, &(0x7f0000000280)=@IORING_OP_WRITE={0x17, 0x3, 0x4007, @fd=r4, 0x2, &(0x7f0000000180)="0cabef272edb5274d9fa663324191c805335d249b1cef87b9cb758c9bbfe7a123a7bb07c3cb6fd9b3dd38d68fe673516aac0297fd4a2a399e746d1d7207576fb7e4115e59e13ebe7737445d8de7a7d3e12245aed6457b59fe5ff331d4e53d92b00cf5765c040ecef1db6f82db0e69750ba6215a0a772526beee4015529e97d8eabbbb7d986d3e97728732c6e3b844067ed24adb1c75eb312cc781e49d209276bfc8ace321bec2b4e94b593998fb986db62205e46ae4163f4b53e10a8c1f9c0624daad29d60b35374977c706bb677", 0xce, 0x12}, 0x5a4)
syz_io_uring_setup(0x5321, &(0x7f00000002c0)={0x0, 0x0, 0x8}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f0000000400)={0x0, 0x0, 0x8, 0x4}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000140), &(0x7f0000000340))

09:02:10 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:10 executing program 2:
r0 = syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = io_uring_setup(0x67, &(0x7f0000000080)={0x0, 0x1125, 0x4, 0x0, 0x37c, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000d3b000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x10000000)

09:02:10 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000080))
ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000040)=0x8001)
ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000100))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:10 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x402}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2435.294874][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2435.303179][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2435.320112][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2435.328590][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:10 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000180), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:10 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
syz_io_uring_setup(0x3721, &(0x7f0000000040)={0x0, 0x96aa, 0x4, 0x2, 0x31b, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
syz_io_uring_setup(0x6488, &(0x7f0000000040)={0x0, 0xe7da, 0x8, 0x2, 0x223}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r3, 0x0, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9, 0x2, 0x1}, 0xfffffffc)
r4 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
syz_io_uring_submit(r3, r1, &(0x7f00000038c0)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r4, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000240)=""/82, 0x52}, {&(0x7f00000002c0)=""/66, 0x42}, {&(0x7f0000000340)=""/64, 0x40}, {&(0x7f0000000380)=""/88, 0x58}, {&(0x7f0000000400)=""/129, 0x81}, {&(0x7f00000004c0)}, {&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000500)=""/234, 0xea}, {&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/185, 0xb9}], 0xa, &(0x7f00000007c0)=""/62, 0x3e}, 0x0, 0x1}, 0x0)
syz_open_dev$usbmon(&(0x7f0000000180), 0x0, 0x40000)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000003900)={&(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x4})

09:02:10 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

09:02:10 executing program 2:
syz_io_uring_setup(0x1184, &(0x7f0000000100)={0x0, 0x47cf, 0x20, 0x3, 0x295}, &(0x7f0000cf5000/0x4000)=nil, &(0x7f0000f3e000/0x3000)=nil, 0x0, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x200000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x2, 0x10001)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x4, 0xcecbb54ccda6a503)
ioctl$SG_SET_KEEP_ORPHAN(r2, 0x2287, &(0x7f0000000040)=0x7fffffff)
ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f00000000c0))
ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x3cf4)

09:02:10 executing program 5:
r0 = syz_io_uring_setup(0x2e0a, &(0x7f0000000040), &(0x7f0000004000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000000180))
r1 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x9, 0x40000)
mmap$IORING_OFF_SQES(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x810, r1, 0x10000000)
r2 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0xa, 0x0, r3)
r4 = syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
r5 = syz_open_dev$vcsa(&(0x7f0000000600), 0x1ff, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000a, 0x40010, r4, 0x10000000)

[ 2435.575093][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2435.583157][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2435.637069][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2435.645448][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2435.657555][T12882] ==================================================================
[ 2435.665733][T12882] BUG: KCSAN: data-race in compact_zone / compact_zone
[ 2435.672575][T12882] 
[ 2435.674888][T12882] write to 0xffff88823fffad90 of 8 bytes by task 12872 on cpu 1:
[ 2435.682600][T12882]  compact_zone+0x1496/0x1d30
[ 2435.687537][T12882]  try_to_compact_pages+0x317/0x850
[ 2435.692745][T12882]  __alloc_pages_direct_compact+0x61/0x330
[ 2435.698551][T12882]  __alloc_pages_slowpath+0x29a/0xb70
[ 2435.703993][T12882]  __alloc_pages+0x25e/0x320
[ 2435.708577][T12882]  alloc_pages+0x21d/0x310
[ 2435.713027][T12882]  __get_free_pages+0x8/0x30
[ 2435.717615][T12882]  io_uring_create+0x887/0x18d0
[ 2435.722469][T12882]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2435.728019][T12882]  do_syscall_64+0x4a/0x90
[ 2435.732518][T12882]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2435.738677][T12882] 
[ 2435.740995][T12882] read to 0xffff88823fffad90 of 8 bytes by task 12882 on cpu 0:
[ 2435.748796][T12882]  compact_zone+0x1472/0x1d30
[ 2435.753471][T12882]  try_to_compact_pages+0x317/0x850
[ 2435.758817][T12882]  __alloc_pages_direct_compact+0x61/0x330
[ 2435.765307][T12882]  __alloc_pages_slowpath+0x29a/0xb70
[ 2435.770679][T12882]  __alloc_pages+0x25e/0x320
[ 2435.775256][T12882]  alloc_pages+0x21d/0x310
[ 2435.779840][T12882]  __get_free_pages+0x8/0x30
[ 2435.785384][T12882]  io_uring_create+0x887/0x18d0
[ 2435.790261][T12882]  __x64_sys_io_uring_setup+0xe1/0x120
[ 2435.795718][T12882]  do_syscall_64+0x4a/0x90
[ 2435.800124][T12882]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2435.806114][T12882] 
[ 2435.808433][T12882] value changed: 0x0000000000187c00 -> 0x000000000018aa00
[ 2435.815526][T12882] 
[ 2435.817836][T12882] Reported by Kernel Concurrency Sanitizer on:
[ 2435.824493][T12882] CPU: 0 PID: 12882 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0
[ 2435.833426][T12882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2435.843651][T12882] ==================================================================
09:02:10 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x22}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:10 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x406}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:10 executing program 1:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000040))

09:02:10 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

09:02:10 executing program 5:
r0 = fsmount(0xffffffffffffffff, 0x0, 0x8)
ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000180)={0xad, ""/173})
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x4, 0x24, 0x2, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:10 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0xf5cfa)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:11 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80)
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

09:02:11 executing program 1:
ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000000100)=0xf90)
syz_read_part_table(0xb, 0x2, &(0x7f0000000080)=[{&(0x7f00000018c0)="60897286cd2ad2b3c75b22cdb70b51e8a32486167a62744aca297537a21e95ab73784fb30f2e1a08ac66f7237e3c3bb380ecb2f0734a19d08e012b8e89f940444803bf2715ad4874d69b717d1f3fb17c8f4390f14febc2c2efabe95bcae182b716e10170749dfdfc9b7f623063897d917c1da841c897d3cb0b44b6376e613e1d3d1e53b4eb111a74d1d10a793f19291f7e8869b94c5f052f4285b483489efaea299c5a51536d2d2ce8a9f3c9d7dbe135ae129fd1425243e38071e723954b0338f53b347722aa75bf7162ead33c414f652e10c92ed8b95515081b9391f9fe9b2255b6e5b26b87824ae347b916859b3c3b05f760d517d066db7a68135c7a7ced99cb77725fae952f0a86861c018dc13e04c39eed67fa3076427c3b9d279cf69e5b96a84f295caf473cdd5a3771ee15f7dbbe45e119e7d600070fafcbaf8bd8d2f78a7b8c9ea35436a1d70a349cf84834369761da3f8ce7e5f4308c2a33a13dadd6889052bf66a818c3c6934be62893e684e88fa1371d77a1ec3baeafdd68d92fedacb42339f8e6cbc0a9e99578f2051717d3095e76a7f2f4e97a5905a815d8b2452094b5b56dd8b2dd05aa5708a0cd7926ec26b4bc703c2085fe85e8fa31a63b592c1804400982fd118179a80d38f5065499540a609a428dcb43fa98fd34200c884bfcfd6294188ae6055c6dc68d3bc48862a6de3dc4de0993472e26ece45a2527a84055e7b9d05033dab956401a9a6ead7fc7272a0848536bba03d01c7fd0f0fd0af45e186187e0b2fdcde8d806e881106ef9fd1bb3d4af940d412ae57091061a4e34170ec9c723a5827cb3bca5e97bf64c979423b7ddd25a41e1de2e617bc594bf0ae8a76a5f9aac505359e13ff32550fa0fa6cc22dbf3e2ec3ccbed04be3e5afd3742b066377f4d5332d12e19a48cafd95ea4968311b659c2d4781f7133495f1b93317324ef66ca85ecd724e8c7554189b18604a12f9aa188ef0521ea23849008ee9628596d39bb0460b64b83af37b876d559ccd8dc4e095538b1176e77124473ec09f671b4b65f9d4e73d7165e408b10b4b649c29a48cc6cb9dfb5658725ee24bdf831aaf20bf23c3af8fec8c690d33a48129839fdb4d1a5c2dcec8c1ed364e9b33f4ad57e07c4cea5d70c5ece351f0dd32236d1b69de8cd915fe1d6a10ad6c654ac69a2351f93dcc757af81adcc0b11ae0a2ede2fa29d0d95d92e399382476dbff742b9e6e859e15de26cef9f7f8933ad72e3d8e0a217e7ee7af6d8dd4fbbf84a39037c6918d13d24adba03fb9afd9fdf512987663f8ffc1ee25c06ec9b162b66fd48ebbab38d63f6717068a569e1c1f5d2be5a09e49756af1f7961959dded2db71ecadb9f26135d4d52eb4d1a76c1fa925b39ffa5a7469b43e1f24b39ce46d990e52b2a39df8f2ebb0a41c858fe64ed163b0e8669e31b8a2f689b0c8a4611fc66a232274774d76c3c28082deae1214d979686eca770a7825342aa4041fbceb3e881b1a370e354b4ecf15e293726cb9f414d98c634a4abf67a20b2d6b56801b0a35b64f5b9da3453b58ec1d9b2a6d7da5917047abc966c202b43c0aa6d4744c6795c4fe2f637d5664d5f3c9a840020e95e9008b0d52a25db17a623ce09d897d91c5d36bb893a0e5d0c681de59edbeb5f665ecd82bfe251267091d4b0916e832b6ed1af0ab0bc10bb0db874582e2e8aebf89b526be14f46e4225d2eb2d3a29eca99d3d1df5b634eab0915f6c87e698ed79a893c7a09cdf9d00c2daecf32ba5a3615a8beb1f48ada73be257c3b16376431230926468fc5fcc6a0a22d766e5aa797f4587a04e31231d8fc7de50050a2d13a5cb0b52bd16003c7ce4ada3076eb601aa02d2d6a7867c6a2e70b8d9dcbc9692450a61f86840646efd653e8cf5d7e659c2ea858e43c2e798333fb96a6ef66735d154f7519828095d25f1bd7443894e2a75d73c62529e06a0ba017c039a7a0ebd5effcfc1b301083f335161119c0d29b64de0bf7f92d2214834bdd93072ffaa5d9fc8978a08a1613145b29d22e930b412615f0722f7bfdaed69178aca171527973ce4cc4a93481956e4de141ac8c950a7a602439c0f17f65251ae14726bb76ed65e8d751ec00d9e2365a66a3cbc42dfe2277c24fddf72d9034bbac5d687f0cb84f58be2f22aaf45cc8997e8435ec78fdc415a1b4c17f660563edb72c84148a7a04c3d9f9185e587d33d082874eee3dd09849279c4451f4bd412ab997f4b738e60265ea1cd301cf030a84d956c76c1292fa097bd049660334f1fa282c41bdb25b8bc72d2ec2c757b898fbdef820ecf162e9ff5776cc8e69fcc1fa6749b22569e28a4de4507da5c162bd4e5a6802257664c46791a06d0e94d560f4833f48408c61dca276d22c9dd9289eb40eb4487f31bb5935617f327ace69c8931d0384c57ae59a4d2a6b3eb5d81dda1a622319f8c618f2c00e3fcad109f7d2bd8a7bd5bcad8e691a78e50efb175a7ccb3ebf40ff534ff9b31f82eb160f26ee9e685c32a7bf8d547135450fb0584410d6805cfec6f2381720f7b8dfeebbaf5a711dd6b2646764e66f781d9610b65a27b11c7a0026a34513d895b9548bad038659c75b05a86d156b1175a1a6124bc4c97ec978dabf116efbbb249c115dec42b13001146cfed043b6033fb2601f62d9e594179e9a9c654a4fd4413211d50930a516e0ef48d3ce2bcfaaa473482c8221bb1cd4a7b0ad957492a76b4ed8d56c7449b8dbe833db8e9ab57a772834734574abc4dd428cc6b62880850b5b0e4b176c5c8a4ab593aef28ed0a8ba7af1b31090c8e46a613c29b822430e034f951f2fe3cde1da9bcabae4abf8efcc296feb650d2cf8dea43ca848026c65026202311faaa65a6e45df3ba52d4c833bc01cf1291372186096ef4de8e5a344f364c0fd6f2ee5997331de414065f663f590fd617419fd4bc2ba63477ed1c51aa9390f1575db65190843257704093deb3a71ba2e6dd36dfcfd932f33969f8d3d6143a8c3a2708065cc21e7e76760c7b9da473715baa4dc3fc436f0d5ec945967b7f121c614c6c79cc09ba315066a0e29dd69807a523d11379e3fcd86a45674e736f8d53cd9d35c64b4d95ee98397ea7cc44e4097e87709231f9354466e88a4314ac08e37a8376ec3e11f003f1231efbda3ce2265f3b0683b727b929501dc7e281f76f95bafe29b203e2c96a61c3260276e80f56671dd221859ecc1411fb9038a80292804b0c5f1b02826f4c90a24b4d3472f0fdb59ae5ea51ea6c500f70e52adf26e3adb6af1b69f1bf56c6a238322cda0322aa90b394947bc9d3a945a3335f4a3c072075956d787b7986710d5e7fc4dffb834266ff2a6a3d8493278c70dcc4d6e2587c9555c71d649303adeb0fb10c2826103f107c34710c2cae8ea1f8e91bf72ba35f2c51525ea0676ab684ad303d1855e01e8104c87d406c0c2566a1a4293d331e53d7dd886e892a3e83a9c1f77ea88dd0b2101934215ed8f8870588f430f18d59c3cda99a70a377c82248a248bd3f3aadff1118ddb76627bbb6589620630efc5932b96a8c7491abb5f50c0c17712ab57938b8d6aff6fc7feca2c1aaed9db66376651eacb960e008db84fdbd5238ab2b4ac7d796c8adf02b4fdaaf18aa9b03e557a1747b628a95aa245b79fc7a70d28f4215b6c23e61100482f148c6691361d45414a8cc92b23e387481f304312f21e13abd714864fb63bf430bf23325cfea001e953c1065d04f9b784d7a60390f81d8b26b0dcd764d26d387e23b454301427436e632ffd5cca42910c395005e28750602baa1cb250e8a469ce1a4a1ffdad1a846387c3855580173c47d65f98058d158d504300ebc5847bc1d78eda294cd92e21a0bd9182091e47d566ffd110392d564feb56d1b6c96b4138527ec8e39c43c52570e4c7e91a9c121590c1cf878be39a703ff568a7e06588e831f3b735b8be1b70947d6ee9dfa44926d85dc3f52b9e19b6df4ed8e3fea59154c426d880067e4b40fc44a4e8307bee02e41fdcd1385d7e50bb7dc7afe19b14fd3757940defc674125fd13e0754144d96ee3b56ec8dffb702bbc317bee18500a4c857c843dda32b46186cad163677ed20cd4ad3d805942dbfed42f21fbb6bbbbec87bd5f8b18366585681b2937670d7c992a1b6e711e04651ec69ac693519577d35666c860a9657c2777500e44a18810b7a93f2365dfd554ebac37a7a392dd959b51ed42be573a29d46b5af72b21eb4b6909879eaebcf4a3222a880e892cbe920cf767e72dfabd78c42a06bf7a0dfe1fc909d51ccb51191d70d81215fbd216cd46bfadc122b5f157fadbdcdef8083096112de033f10419b26919610b0ffbd33c19730ed07043473a5e3a9e87ffe361213895e5b6453fa291b321dc2806ea2e7a9687d71e3122813117c52168ef90c56645df8291b208b2e17aded3c2d671c0307c308ea20b7f4371d64969eadbce202c8f4a42cfbce9067c7b391c937e5392cdacbbec58d8843e997c724f92ab9060df17658438d05da8787a3c2b598a476c906ee2f08481d3f25979c6932d78d2890af9c75a97f8818a9f3a98c0b50aa760cc1ba9dc65f250dff3e927bd9c78f22d56e315b226523f2fec95e238d14551f5732da54eca9ff1312a8954295edb2e56ce55a1f8c60fa301bf3365f62bce04549a006eaad4f69cf95f56ed10686dfd45db4aacb92e19f30ec75c2be9993740c44e0efecf750084e633bd4331829df37929ac1785126245a846f0cb560b1eb4f7e64924241e7a8292f9a0009f6ed2c70c8786b38050dd6ac984306d4fa06f471e49868153de1c93c0bb2951cc71bd1b032eb6586fe15cec1ab066c3d8a8d534e46d6ffdd24336a19d1540c687a09a3d33c10eaa8900ddaf69495059ed4eab5de0345590a56234389fce768d1ca09ace21db732350b9647d431e15aa428145c9ddd68f754b98722a36ec250569241c88796da0c9e75dbe352bdec71949b85233ae1adda1753d3f88a4b555b00b6f3953ce8e9d4914c0e8a4564ff1241bbdaf71a62925bc6a58707520293783743bcc57140c44409110b3ccf1e40c8d94b3fb4b93e12d38ef7785541de232b72214ba228b2e57959d7e31f527095d4552bbae5b86852113feb30d20be6c71f68bd0181dd3c1f01e41f06f939f03d2b3159b41e99452473474a206cec1c4600d4c48a89fde2f7767b444e235452ad48b5ddc6d90581da2c529df24a32778eb044bd88c36561c0254b31783d93351361dee8d8ac9b7ca48e5c9ba225fe1810e72c2dcde71c42514d822576be7191aad4a50f3125bff9d0c02c65c38a8ef1a677e951d5066f66c20d244088178a7b1254298e877ae5526288c21bfe1fccfa85017abf449b313c57f61da459be8011ff1810996b6a6e33d708dcd9694dbfdd01684519390397b9ff07f5462dafa145ac1f8397ee32d2330b620a5846093c0db0cc92a0ca629a176f6df5f41b7b441b2c56b886866af95b9d3a6603d706220b15e87a32ee9052adc2719da0e560fe0f1d268225ad46cb8d42f9af3378c69f3f6f0e21b839987c4deff00628e9614961eef49a683896ceded2e46ddb5c9c968036e060dfad0e6ba043427d78b25cdea174441106a8c831d9f4126722d9a15d2d351d68cc15496503d7dc836a624ece412ef5e123124fdbb4ba667b63eeb2ba2436b7abb0d0e1589b6f57ce32349525856de40276a5134d36569f3157aa91f8ee778ace23325ab7063d0b18dff6f4b451f023e66575229e7685624c40e7d3ab778ac0e22a465d7815760c1473213d7f9127a5806965d6d0f0b143c18c6", 0x1000, 0x3f}, {&(0x7f0000000040)="5c9ac3fa9d7e", 0x6, 0x1}])
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:11 executing program 5:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180), &(0x7f0000002300))
r1 = syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f00000001c0)='\x00', &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff)

09:02:11 executing program 2:
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x80, &(0x7f0000000080)=0x8, 0x0, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:11 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x881, 0x4081)
r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x400400, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:11 executing program 0:
r0 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
io_uring_setup(0x62a4, &(0x7f0000000180)={0x0, 0xc2aa, 0x0, 0x0, 0x217, 0x0, r0})

[ 2436.395177][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2436.403684][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:11 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x42}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:11 executing program 5:
r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000240)=0xc)
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:11 executing program 2:
gettid()
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

09:02:11 executing program 4:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x604}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x180)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000080)=0x1)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:12 executing program 5:
r0 = syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))
prctl$PR_GET_FPEMU(0x9, &(0x7f0000000040))
r1 = syz_io_uring_setup(0x2945, &(0x7f0000000180)={0x0, 0xccaa, 0x1, 0x0, 0x242, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x20010, r1, 0x0)

[ 2437.121394][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2437.129698][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:12 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x2000}, 0x20004800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xcb57a49aff8456aa}, 0x800)
syz_io_uring_setup(0x353a, &(0x7f0000000000)={0x0, 0x47c7}, &(0x7f0000e4e000/0x3000)=nil, &(0x7f0000f2d000/0x3000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x180)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r2, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={0x0}}, 0x0)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000280), r2)

09:02:12 executing program 3:
syz_io_uring_setup(0x3a02, &(0x7f0000000040), &(0x7f0000e43000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0)
fork()
fork()
syz_io_uring_setup(0x6e, &(0x7f00000001c0), &(0x7f0000c74000/0x2000)=nil, &(0x7f0000ec1000/0x1000)=nil, 0x0, 0x0)
fork()
syz_io_uring_setup(0x2fdf, &(0x7f00000000c0)={0x0, 0x0, 0x60}, &(0x7f0000d1f000/0x2000)=nil, &(0x7f0000c41000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

09:02:12 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r1, 0x300, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40804}, 0x4000000)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000180), 0x6, 0x640940)
ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f00000001c0)=0xec)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})

09:02:12 executing program 5:
r0 = getpid()
ioprio_get$pid(0x1, r0)
wait4(r0, &(0x7f0000000180), 0x20000000, &(0x7f00000001c0))
r1 = syz_io_uring_setup(0x5325, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000d80), &(0x7f0000002300))
syz_io_uring_setup(0x4165, &(0x7f00000000c0)={0x0, 0x0, 0x24, 0x0, 0x0, 0x0, r1}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 2437.368478][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2437.376527][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
09:02:12 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000840)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1001, &(0x7f00000008c0)=""/4096}, &(0x7f00000000c0)="000000030000", 0x0, 0x0, 0x0, 0x0, 0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000040)="1fe2de208cb9b56cba0c08c06ffaddbf9ad094a7ebb1e4", 0x17, 0x40800, &(0x7f0000000080)={0x11, 0x11, 0x0, 0x1, 0x81, 0x6, @broadcast}, 0x14)

[ 2437.478832][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2437.486971][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb
[ 2437.495223][    C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 
[ 2437.503242][    C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb