, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) [ 1929.107328] input: syz0 as /devices/virtual/input/input418 [ 1929.151677] input: syz0 as /devices/virtual/input/input419 02:48:23 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(0xffffffffffffffff, r0) 02:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x50]}, 0x48) 02:48:23 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:23 executing program 5: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:23 executing program 3: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:23 executing program 2: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffffd0]}, 0x48) [ 1929.585529] sg_write: 13 callbacks suppressed [ 1929.585541] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1929.585541] program syz-executor1 not setting count and/or reply_len properly 02:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) [ 1929.688279] input: syz0 as /devices/virtual/input/input420 [ 1929.721548] input: syz0 as /devices/virtual/input/input421 [ 1929.728865] input: syz0 as /devices/virtual/input/input422 02:48:23 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa0ffffff]}, 0x48) 02:48:23 executing program 5: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x300]}, 0x48) [ 1929.839227] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1929.839227] program syz-executor1 not setting count and/or reply_len properly [ 1929.988020] input: syz0 as /devices/virtual/input/input423 02:48:24 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:24 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000004"], 0x2e) 02:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe00]}, 0x48) 02:48:24 executing program 2: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:24 executing program 5: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000007400"], 0x2e) 02:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xd]}, 0x48) [ 1930.410784] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.410784] program syz-executor3 not setting count and/or reply_len properly [ 1930.424312] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.424312] program syz-executor1 not setting count and/or reply_len properly 02:48:24 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1930.520844] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.520844] program syz-executor1 not setting count and/or reply_len properly [ 1930.546732] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.546732] program syz-executor1 not setting count and/or reply_len properly 02:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6000000000000000]}, 0x48) 02:48:24 executing program 3: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_DEV_CREATE(r4, 0x5501) [ 1930.577460] input: syz0 as /devices/virtual/input/input425 [ 1930.601398] input: syz0 as /devices/virtual/input/input424 02:48:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:24 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 02:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe00000000000000]}, 0x48) [ 1930.723076] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.723076] program syz-executor1 not setting count and/or reply_len properly [ 1930.745470] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.745470] program syz-executor1 not setting count and/or reply_len properly 02:48:24 executing program 5: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:24 executing program 2: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000]}, 0x48) 02:48:24 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, r0) [ 1930.784054] input: syz0 as /devices/virtual/input/input426 02:48:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000002000"], 0x2e) 02:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xd0ffffff]}, 0x48) 02:48:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000000000000000000000000003800004c0000"], 0x2e) [ 1930.888248] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.888248] program syz-executor1 not setting count and/or reply_len properly 02:48:25 executing program 3: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x60]}, 0x48) [ 1930.973770] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1930.973770] program syz-executor1 not setting count and/or reply_len properly 02:48:25 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1931.034184] input: syz0 as /devices/virtual/input/input428 [ 1931.046092] input: syz0 as /devices/virtual/input/input427 02:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x8000000000000000]}, 0x48) 02:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xc00000000000000]}, 0x48) [ 1931.175120] input: syz0 as /devices/virtual/input/input429 02:48:25 executing program 5: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:25 executing program 2: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:25 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1931.361237] input: syz0 as /devices/virtual/input/input430 [ 1931.387298] input: syz0 as /devices/virtual/input/input431 02:48:25 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, r0) 02:48:25 executing program 3: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1000000000000000]}, 0x48) 02:48:25 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:25 executing program 2: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:25 executing program 5: fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "b40441bf1e"}, 0x6, 0x0) r0 = memfd_create(&(0x7f0000000040)='ramfs\x00', 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)) getgroups(0x8, &(0x7f00000005c0)=[0x0, 0xee00, r2, 0xee01, 0x0, 0xee01, 0xee01, 0xee00]) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='fuse\x00', 0x40400, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}]}}) chdir(&(0x7f0000000340)='./file0\x00') userfaultfd(0x80000) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000a40)={0x3, &(0x7f00000004c0)=""/153, &(0x7f0000000940)=[{0x0, 0x33, 0x7, &(0x7f0000000240)=""/51}, {0x100, 0x1000, 0x70, &(0x7f0000001040)=""/4096}, {0x0, 0x39, 0x3, &(0x7f00000003c0)=""/57}]}) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000000)={0x67, @remote, 0x4e24, 0x4, 'ovf\x00', 0x28, 0x0, 0x6d}, 0x2c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)=[&(0x7f0000000b40)='ramfs\x00']) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f0000000540)={0xfe, 0xfffffffffffffffc, 0x1, 0x10000, 0x8, 0x3}) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) 02:48:25 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xff000000]}, 0x48) 02:48:25 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1931.875590] input: syz0 as /devices/virtual/input/input432 [ 1931.909166] input: syz0 as /devices/virtual/input/input434 [ 1931.917023] input: syz0 as /devices/virtual/input/input433 02:48:26 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000003f00"], 0x2e) 02:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xc0ffffff]}, 0x48) 02:48:26 executing program 2 (fault-call:1 fault-nth:0): r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1932.090030] FAULT_INJECTION: forcing a failure. [ 1932.090030] name failslab, interval 1, probability 0, space 0, times 0 [ 1932.101625] CPU: 1 PID: 31296 Comm: syz-executor2 Not tainted 4.19.0-rc7+ #176 [ 1932.108989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1932.118330] Call Trace: [ 1932.118353] dump_stack+0x1c4/0x2b4 [ 1932.118372] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1932.129732] should_fail.cold.4+0xa/0x17 [ 1932.129748] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1932.138872] ? zap_class+0x640/0x640 [ 1932.142580] ? __local_bh_enable_ip+0x160/0x260 [ 1932.142597] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1932.142611] ? __netlink_insert+0xddc/0x13b0 [ 1932.142642] ? zap_class+0x640/0x640 [ 1932.157680] ? fs_reclaim_acquire+0x20/0x20 [ 1932.157696] ? lock_downgrade+0x900/0x900 [ 1932.169813] ? ___might_sleep+0x1ed/0x300 [ 1932.169828] ? arch_local_save_flags+0x40/0x40 [ 1932.178519] ? trace_hardirqs_on+0xbd/0x310 [ 1932.182836] ? _raw_spin_unlock_bh+0x30/0x40 [ 1932.182856] __should_failslab+0x124/0x180 [ 1932.182871] should_failslab+0x9/0x14 [ 1932.195261] kmem_cache_alloc_node+0x26e/0x730 [ 1932.195277] ? __local_bh_enable_ip+0x160/0x260 [ 1932.204480] ? _raw_spin_unlock_bh+0x30/0x40 [ 1932.208887] __alloc_skb+0x119/0x770 [ 1932.212597] ? skb_scrub_packet+0x490/0x490 [ 1932.216917] ? netlink_insert+0x15a/0x3f0 [ 1932.221067] ? __netlink_insert+0x13b0/0x13b0 [ 1932.225564] ? compat_rw_copy_check_uvector+0x349/0x440 [ 1932.230929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1932.236465] ? netlink_autobind.isra.34+0x232/0x310 [ 1932.241493] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1932.247048] netlink_sendmsg+0xb29/0xfc0 [ 1932.251109] ? move_addr_to_kernel.part.18+0xc6/0x100 [ 1932.256299] ? netlink_unicast+0x760/0x760 [ 1932.260536] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 1932.265478] ? apparmor_socket_sendmsg+0x29/0x30 [ 1932.270236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1932.275780] ? security_socket_sendmsg+0x94/0xc0 [ 1932.280541] ? netlink_unicast+0x760/0x760 [ 1932.284780] sock_sendmsg+0xd5/0x120 [ 1932.288495] ___sys_sendmsg+0x7fd/0x930 [ 1932.292466] ? zap_class+0x640/0x640 [ 1932.296180] ? copy_msghdr_from_user+0x580/0x580 [ 1932.300932] ? lock_downgrade+0x900/0x900 [ 1932.305081] ? proc_fail_nth_write+0x9e/0x210 [ 1932.309579] ? __fget_light+0x2e9/0x430 [ 1932.313551] ? fget_raw+0x20/0x20 [ 1932.317004] ? kasan_check_write+0x14/0x20 [ 1932.321241] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1932.326168] ? fsnotify+0xaae/0x12f0 [ 1932.329886] ? wait_for_completion+0x8a0/0x8a0 [ 1932.334466] ? lock_release+0x970/0x970 [ 1932.338447] ? zap_class+0x640/0x640 [ 1932.342166] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1932.347695] ? sockfd_lookup_light+0xc5/0x160 [ 1932.352172] __sys_sendmsg+0x11d/0x280 [ 1932.356152] ? __ia32_sys_shutdown+0x80/0x80 [ 1932.360541] ? __sb_end_write+0xd9/0x110 [ 1932.364579] ? fput+0x130/0x1a0 [ 1932.367835] ? ksys_write+0x1ae/0x260 [ 1932.371614] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1932.377046] ? mm_fault_error+0x380/0x380 [ 1932.381176] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 1932.385911] do_fast_syscall_32+0x34d/0xfb2 [ 1932.390226] ? do_int80_syscall_32+0x890/0x890 [ 1932.394790] ? entry_SYSENTER_compat+0x68/0x7f [ 1932.399352] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1932.404357] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1932.409183] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1932.414008] ? trace_hardirqs_on_caller+0x310/0x310 [ 1932.419031] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1932.424039] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1932.429040] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1932.433863] entry_SYSENTER_compat+0x70/0x7f [ 1932.438246] RIP: 0023:0xf7fb2ca9 [ 1932.441589] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1932.460465] RSP: 002b:00000000f5fae0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1932.468169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020023000 [ 1932.475423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1932.482704] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1932.489953] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1932.497201] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:26 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, 0xffffffffffffffff) 02:48:26 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000040000"], 0x2e) 02:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x8000000]}, 0x48) 02:48:26 executing program 3 (fault-call:5 fault-nth:0): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:26 executing program 5 (fault-call:4 fault-nth:0): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:26 executing program 2 (fault-call:1 fault-nth:1): r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1932.799308] FAULT_INJECTION: forcing a failure. [ 1932.799308] name failslab, interval 1, probability 0, space 0, times 0 [ 1932.812368] FAULT_INJECTION: forcing a failure. [ 1932.812368] name failslab, interval 1, probability 0, space 0, times 0 [ 1932.828876] FAULT_INJECTION: forcing a failure. [ 1932.828876] name failslab, interval 1, probability 0, space 0, times 0 [ 1932.836755] CPU: 0 PID: 31304 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #176 [ 1932.847411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1932.856751] Call Trace: [ 1932.859331] dump_stack+0x1c4/0x2b4 [ 1932.859347] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1932.868130] should_fail.cold.4+0xa/0x17 [ 1932.872191] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1932.877287] ? debug_smp_processor_id+0x1c/0x20 [ 1932.881949] ? perf_trace_lock+0x14d/0x7a0 [ 1932.886183] ? mutex_trylock+0x2b0/0x2b0 [ 1932.890232] ? zap_class+0x640/0x640 [ 1932.893938] ? usercopy_warn+0x110/0x110 [ 1932.898003] ? zap_class+0x640/0x640 [ 1932.901709] ? fs_reclaim_acquire+0x20/0x20 [ 1932.906021] ? lock_downgrade+0x900/0x900 [ 1932.910161] ? ___might_sleep+0x1ed/0x300 [ 1932.914296] ? zap_class+0x640/0x640 [ 1932.918005] ? arch_local_save_flags+0x40/0x40 [ 1932.922579] ? __f_unlock_pos+0x19/0x20 [ 1932.926549] __should_failslab+0x124/0x180 [ 1932.930775] should_failslab+0x9/0x14 [ 1932.934569] __kmalloc+0x2d4/0x760 [ 1932.938200] ? ksys_dup3+0x680/0x680 [ 1932.941909] ? input_mt_init_slots+0xe5/0x4a0 [ 1932.946413] input_mt_init_slots+0xe5/0x4a0 [ 1932.950735] uinput_ioctl_handler.isra.10+0x2049/0x2540 [ 1932.956096] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1932.961452] ? __fget_light+0x2e9/0x430 [ 1932.965414] ? fget_raw+0x20/0x20 [ 1932.968863] ? __sb_end_write+0xd9/0x110 [ 1932.972924] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1932.978456] ? fput+0x130/0x1a0 [ 1932.982241] ? ksys_write+0x1ae/0x260 [ 1932.986040] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1932.991576] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 02:48:26 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:26 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1932.997106] uinput_compat_ioctl+0x6b/0x90 [ 1933.001340] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1933.006100] do_fast_syscall_32+0x34d/0xfb2 [ 1933.010512] ? do_int80_syscall_32+0x890/0x890 [ 1933.015089] ? entry_SYSENTER_compat+0x68/0x7f [ 1933.019783] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1933.024795] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.029630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.034466] ? trace_hardirqs_on_caller+0x310/0x310 [ 1933.039476] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1933.044479] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1933.044496] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.044514] entry_SYSENTER_compat+0x70/0x7f [ 1933.058717] RIP: 0023:0xf7ff9ca9 [ 1933.062073] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1933.080967] RSP: 002b:00000000f5ff50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1933.088670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:48:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000070000"], 0x2e) [ 1933.095932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1933.103285] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1933.110548] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1933.117810] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1933.125086] CPU: 1 PID: 31307 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1933.132447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1933.141786] Call Trace: [ 1933.141807] dump_stack+0x1c4/0x2b4 [ 1933.141823] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1933.141844] should_fail.cold.4+0xa/0x17 [ 1933.148009] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1933.148021] ? debug_smp_processor_id+0x1c/0x20 [ 1933.148036] ? perf_trace_lock+0x14d/0x7a0 [ 1933.157228] ? mutex_trylock+0x2b0/0x2b0 [ 1933.157240] ? zap_class+0x640/0x640 [ 1933.157255] ? usercopy_warn+0x110/0x110 [ 1933.183077] ? zap_class+0x640/0x640 [ 1933.186787] ? fs_reclaim_acquire+0x20/0x20 [ 1933.191110] ? lock_downgrade+0x900/0x900 [ 1933.195275] ? ___might_sleep+0x1ed/0x300 [ 1933.199409] ? zap_class+0x640/0x640 [ 1933.203118] ? arch_local_save_flags+0x40/0x40 [ 1933.207698] ? __f_unlock_pos+0x19/0x20 [ 1933.211665] __should_failslab+0x124/0x180 [ 1933.215897] should_failslab+0x9/0x14 [ 1933.219700] __kmalloc+0x2d4/0x760 [ 1933.223230] ? ksys_dup3+0x680/0x680 [ 1933.226937] ? input_mt_init_slots+0xe5/0x4a0 [ 1933.231431] input_mt_init_slots+0xe5/0x4a0 [ 1933.235747] uinput_ioctl_handler.isra.10+0x2049/0x2540 [ 1933.241099] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1933.246457] ? __fget_light+0x2e9/0x430 [ 1933.250429] ? fget_raw+0x20/0x20 [ 1933.253874] ? __sb_end_write+0xd9/0x110 [ 1933.257931] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1933.263460] ? fput+0x130/0x1a0 [ 1933.266732] ? ksys_write+0x1ae/0x260 [ 1933.270524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1933.276052] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1933.281579] uinput_compat_ioctl+0x6b/0x90 [ 1933.285809] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1933.290563] do_fast_syscall_32+0x34d/0xfb2 [ 1933.294878] ? do_int80_syscall_32+0x890/0x890 [ 1933.299455] ? entry_SYSENTER_compat+0x68/0x7f [ 1933.304040] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1933.309052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.313888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.318767] ? trace_hardirqs_on_caller+0x310/0x310 [ 1933.323792] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1933.328812] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1933.333820] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.338655] entry_SYSENTER_compat+0x70/0x7f [ 1933.343058] RIP: 0023:0xf7f58ca9 [ 1933.346414] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1933.365307] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1933.373004] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1933.380257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1933.387510] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1933.394761] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:48:27 executing program 3 (fault-call:5 fault-nth:1): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:27 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, 0xffffffffffffffff) 02:48:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000740000"], 0x2e) 02:48:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) [ 1933.402019] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1933.409291] CPU: 0 PID: 31309 Comm: syz-executor2 Not tainted 4.19.0-rc7+ #176 [ 1933.416642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1933.425982] Call Trace: [ 1933.426000] dump_stack+0x1c4/0x2b4 [ 1933.426016] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1933.426035] should_fail.cold.4+0xa/0x17 [ 1933.437369] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1933.437386] ? __save_stack_trace+0x8d/0xf0 [ 1933.446502] ? save_stack+0x43/0xd0 [ 1933.446514] ? kasan_kmalloc+0xc7/0xe0 [ 1933.454409] ? kasan_slab_alloc+0x12/0x20 [ 1933.454421] ? kmem_cache_alloc_node+0x144/0x730 [ 1933.454437] ? netlink_sendmsg+0xb29/0xfc0 [ 1933.462430] ? sock_sendmsg+0xd5/0x120 [ 1933.462442] ? ___sys_sendmsg+0x7fd/0x930 [ 1933.462454] ? __sys_sendmsg+0x11d/0x280 [ 1933.462472] ? __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 1933.488364] ? do_fast_syscall_32+0x34d/0xfb2 [ 1933.492878] ? zap_class+0x640/0x640 [ 1933.496595] ? fs_reclaim_acquire+0x20/0x20 02:48:27 executing program 5 (fault-call:4 fault-nth:1): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1933.496611] ? lock_downgrade+0x900/0x900 [ 1933.505055] ? ___might_sleep+0x1ed/0x300 [ 1933.505068] ? arch_local_save_flags+0x40/0x40 [ 1933.505083] ? lock_downgrade+0x900/0x900 [ 1933.513770] __should_failslab+0x124/0x180 [ 1933.513785] should_failslab+0x9/0x14 [ 1933.513801] kmem_cache_alloc_node_trace+0x270/0x740 [ 1933.513816] ? kasan_unpoison_shadow+0x35/0x50 [ 1933.535570] ? kasan_kmalloc+0xc7/0xe0 [ 1933.539460] __kmalloc_node_track_caller+0x33/0x70 [ 1933.544389] __kmalloc_reserve.isra.39+0x41/0xe0 [ 1933.549142] __alloc_skb+0x155/0x770 [ 1933.552854] ? skb_scrub_packet+0x490/0x490 [ 1933.557184] ? netlink_insert+0x15a/0x3f0 [ 1933.561328] ? __netlink_insert+0x13b0/0x13b0 [ 1933.565820] ? compat_rw_copy_check_uvector+0x349/0x440 [ 1933.571195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1933.576731] ? netlink_autobind.isra.34+0x232/0x310 [ 1933.581221] FAULT_INJECTION: forcing a failure. [ 1933.581221] name failslab, interval 1, probability 0, space 0, times 0 [ 1933.581742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1933.581760] netlink_sendmsg+0xb29/0xfc0 [ 1933.581770] ? move_addr_to_kernel.part.18+0xc6/0x100 [ 1933.581791] ? netlink_unicast+0x760/0x760 [ 1933.611882] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 1933.616814] ? apparmor_socket_sendmsg+0x29/0x30 [ 1933.621571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1933.627095] ? security_socket_sendmsg+0x94/0xc0 [ 1933.631846] ? netlink_unicast+0x760/0x760 [ 1933.636090] sock_sendmsg+0xd5/0x120 [ 1933.639796] ___sys_sendmsg+0x7fd/0x930 [ 1933.643761] ? zap_class+0x640/0x640 [ 1933.647472] ? copy_msghdr_from_user+0x580/0x580 [ 1933.652219] ? lock_downgrade+0x900/0x900 [ 1933.656361] ? proc_fail_nth_write+0x9e/0x210 [ 1933.660853] ? __fget_light+0x2e9/0x430 [ 1933.664925] ? fget_raw+0x20/0x20 [ 1933.668371] ? kasan_check_write+0x14/0x20 [ 1933.672599] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1933.677536] ? fsnotify+0xaae/0x12f0 [ 1933.681242] ? wait_for_completion+0x8a0/0x8a0 [ 1933.685819] ? lock_release+0x970/0x970 [ 1933.689788] ? zap_class+0x640/0x640 [ 1933.693505] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1933.699037] ? sockfd_lookup_light+0xc5/0x160 [ 1933.703527] __sys_sendmsg+0x11d/0x280 [ 1933.707418] ? __ia32_sys_shutdown+0x80/0x80 [ 1933.711825] ? __sb_end_write+0xd9/0x110 [ 1933.715889] ? fput+0x130/0x1a0 [ 1933.719163] ? ksys_write+0x1ae/0x260 [ 1933.722966] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1933.728409] ? mm_fault_error+0x380/0x380 [ 1933.732557] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 1933.737311] do_fast_syscall_32+0x34d/0xfb2 [ 1933.741637] ? do_int80_syscall_32+0x890/0x890 [ 1933.746217] ? entry_SYSENTER_compat+0x68/0x7f [ 1933.750805] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1933.755825] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.760670] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.765514] ? trace_hardirqs_on_caller+0x310/0x310 [ 1933.770528] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1933.775539] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1933.780555] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1933.785394] entry_SYSENTER_compat+0x70/0x7f [ 1933.789788] RIP: 0023:0xf7fb2ca9 02:48:27 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1933.793145] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1933.812037] RSP: 002b:00000000f5fae0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1933.819754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020023000 [ 1933.827013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1933.834268] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1933.834275] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:48:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1933.834282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1933.868800] CPU: 1 PID: 31334 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1933.876166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1933.876171] Call Trace: [ 1933.876190] dump_stack+0x1c4/0x2b4 [ 1933.876221] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1933.896899] should_fail.cold.4+0xa/0x17 [ 1933.899996] input: syz0 as /devices/virtual/input/input438 [ 1933.900960] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1933.900976] ? __save_stack_trace+0x8d/0xf0 [ 1933.900996] ? save_stack+0xa9/0xd0 [ 1933.911680] ? save_stack+0x43/0xd0 [ 1933.911692] ? kasan_kmalloc+0xc7/0xe0 [ 1933.911705] ? __kmalloc+0x14e/0x760 [ 1933.911719] ? uinput_ioctl_handler.isra.10+0x2049/0x2540 [ 1933.911734] ? uinput_compat_ioctl+0x6b/0x90 [ 1933.919657] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1933.919673] ? do_fast_syscall_32+0x34d/0xfb2 [ 1933.919690] ? entry_SYSENTER_compat+0x70/0x7f [ 1933.927159] ? zap_class+0x640/0x640 [ 1933.927174] ? fs_reclaim_acquire+0x20/0x20 [ 1933.927190] ? lock_downgrade+0x900/0x900 [ 1933.966865] ? ___might_sleep+0x1ed/0x300 [ 1933.971010] ? arch_local_save_flags+0x40/0x40 [ 1933.971022] ? lock_downgrade+0x900/0x900 [ 1933.971041] __should_failslab+0x124/0x180 [ 1933.979729] should_failslab+0x9/0x14 [ 1933.987717] __kmalloc+0x2d4/0x760 [ 1933.987730] ? kasan_unpoison_shadow+0x35/0x50 [ 1933.987757] ? kasan_kmalloc+0xc7/0xe0 [ 1933.995834] ? input_register_device+0x59f/0xce0 [ 1933.995852] input_register_device+0x59f/0xce0 [ 1933.995882] ? devm_input_allocate_device+0x120/0x120 [ 1934.014213] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1934.019230] ? input_mt_init_slots+0xba/0x4a0 [ 1934.023735] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1934.029014] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1934.034393] ? __fget_light+0x2e9/0x430 [ 1934.034405] ? fget_raw+0x20/0x20 [ 1934.034420] ? __sb_end_write+0xd9/0x110 [ 1934.041804] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1934.041813] ? fput+0x130/0x1a0 [ 1934.041828] ? ksys_write+0x1ae/0x260 [ 1934.041842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.051394] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1934.051405] uinput_compat_ioctl+0x6b/0x90 [ 1934.051421] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1934.051438] do_fast_syscall_32+0x34d/0xfb2 [ 1934.058473] ? do_int80_syscall_32+0x890/0x890 [ 1934.058487] ? entry_SYSENTER_compat+0x68/0x7f [ 1934.058503] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1934.097020] ? trace_hardirqs_off_thunk+0x1a/0x1c 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x7}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x5b42}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1934.101864] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1934.106710] ? trace_hardirqs_on_caller+0x310/0x310 [ 1934.111736] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1934.116754] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1934.121781] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1934.126636] entry_SYSENTER_compat+0x70/0x7f [ 1934.131046] RIP: 0023:0xf7f58ca9 [ 1934.134416] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x60}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:28 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, 0xffffffffffffffff) 02:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 02:48:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000500"], 0x2e) [ 1934.153801] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1934.161512] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1934.161522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1934.161530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1934.161538] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1934.161545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f000000]}, 0x48) 02:48:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:28 executing program 5 (fault-call:4 fault-nth:2): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xff02) 02:48:28 executing program 4: r0 = socket$packet(0x11, 0x0, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xffffff7f00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1934.283632] FAULT_INJECTION: forcing a failure. [ 1934.283632] name failslab, interval 1, probability 0, space 0, times 0 [ 1934.304273] CPU: 1 PID: 31368 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1934.311643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1934.311649] Call Trace: [ 1934.311678] dump_stack+0x1c4/0x2b4 [ 1934.327217] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1934.332420] should_fail.cold.4+0xa/0x17 [ 1934.336612] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1934.336630] ? is_bpf_text_address+0xd3/0x170 [ 1934.346187] ? kernel_text_address+0x79/0xf0 [ 1934.350597] ? __kernel_text_address+0xd/0x40 [ 1934.355101] ? zap_class+0x640/0x640 [ 1934.358818] ? fs_reclaim_acquire+0x20/0x20 [ 1934.358834] ? lock_downgrade+0x900/0x900 [ 1934.358852] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1934.372204] ? ___might_sleep+0x1ed/0x300 [ 1934.372220] ? arch_local_save_flags+0x40/0x40 [ 1934.372232] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.372249] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 1934.391899] __should_failslab+0x124/0x180 [ 1934.396148] should_failslab+0x9/0x14 [ 1934.399947] kmem_cache_alloc_trace+0x2d7/0x750 [ 1934.404616] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1934.410228] device_add+0xecb/0x17b0 [ 1934.413942] ? kasan_unpoison_shadow+0x35/0x50 [ 1934.418527] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1934.423631] ? __kmalloc+0x31c/0x760 [ 1934.427356] ? kasan_unpoison_shadow+0x35/0x50 [ 1934.431933] ? kasan_kmalloc+0xc7/0xe0 [ 1934.435819] ? input_register_device+0x59f/0xce0 [ 1934.440580] input_register_device+0x728/0xce0 [ 1934.445163] ? devm_input_allocate_device+0x120/0x120 [ 1934.450353] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1934.455362] ? input_mt_init_slots+0xba/0x4a0 [ 1934.459859] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1934.465133] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1934.470515] ? __fget_light+0x2e9/0x430 [ 1934.470529] ? fget_raw+0x20/0x20 [ 1934.470542] ? __sb_end_write+0xd9/0x110 [ 1934.470565] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1934.477945] ? fput+0x130/0x1a0 [ 1934.477960] ? ksys_write+0x1ae/0x260 [ 1934.477975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.500116] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1934.505648] uinput_compat_ioctl+0x6b/0x90 [ 1934.509877] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1934.509894] do_fast_syscall_32+0x34d/0xfb2 [ 1934.509909] ? do_int80_syscall_32+0x890/0x890 [ 1934.518945] ? entry_SYSENTER_compat+0x68/0x7f [ 1934.518960] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1934.518977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1934.537932] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1934.542776] ? trace_hardirqs_on_caller+0x310/0x310 [ 1934.547792] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1934.552823] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1934.557847] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1934.562696] entry_SYSENTER_compat+0x70/0x7f [ 1934.567098] RIP: 0023:0xf7f58ca9 02:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x60000000]}, 0x48) 02:48:28 executing program 4: r0 = socket$packet(0x11, 0x0, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x9effffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000004c00"], 0x2e) 02:48:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000480000"], 0x2e) 02:48:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x400c55cb) [ 1934.570465] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1934.589361] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1934.589377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1934.589386] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1934.589394] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1934.589401] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1934.589413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:28 executing program 4: r0 = socket$packet(0x11, 0x0, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x2000000]}, 0x48) 02:48:28 executing program 5 (fault-call:4 fault-nth:3): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x541b) 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x200000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1934.661488] sg_write: 15 callbacks suppressed [ 1934.661499] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1934.661499] program syz-executor1 not setting count and/or reply_len properly [ 1934.683564] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1934.683564] program syz-executor1 not setting count and/or reply_len properly 02:48:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf0ffffffffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000]}, 0x48) 02:48:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc06855c8) 02:48:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1934.799157] FAULT_INJECTION: forcing a failure. [ 1934.799157] name failslab, interval 1, probability 0, space 0, times 0 [ 1934.830781] CPU: 1 PID: 31422 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1934.838155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1934.847502] Call Trace: [ 1934.850105] dump_stack+0x1c4/0x2b4 [ 1934.853736] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1934.858931] should_fail.cold.4+0xa/0x17 [ 1934.858948] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1934.868074] ? debug_smp_processor_id+0x1c/0x20 [ 1934.868086] ? perf_trace_lock+0x14d/0x7a0 [ 1934.868102] ? zap_class+0x640/0x640 [ 1934.880669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.886230] ? check_preemption_disabled+0x48/0x200 [ 1934.891246] ? zap_class+0x640/0x640 [ 1934.894980] ? zap_class+0x640/0x640 [ 1934.898691] ? fs_reclaim_acquire+0x20/0x20 [ 1934.903011] ? lock_downgrade+0x900/0x900 [ 1934.907166] ? ___might_sleep+0x1ed/0x300 [ 1934.911320] ? arch_local_save_flags+0x40/0x40 [ 1934.915899] ? console_unlock+0x83a/0x1160 [ 1934.920133] ? lock_downgrade+0x900/0x900 [ 1934.924306] __should_failslab+0x124/0x180 [ 1934.928545] should_failslab+0x9/0x14 [ 1934.932430] __kmalloc_track_caller+0x2d0/0x750 [ 1934.937093] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1934.942567] ? kasan_check_write+0x14/0x20 [ 1934.946815] ? do_raw_spin_lock+0xc1/0x200 [ 1934.951048] ? kstrdup_const+0x66/0x80 [ 1934.954933] kstrdup+0x39/0x70 [ 1934.958124] kstrdup_const+0x66/0x80 [ 1934.961837] __kernfs_new_node+0xe8/0x8d0 [ 1934.965987] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1934.970741] ? tick_nohz_tick_stopped+0x1a/0x90 [ 1934.975406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.981179] ? irq_work_queue+0x36/0x1d0 [ 1934.985233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.990768] ? wake_up_klogd+0x11a/0x180 [ 1934.994826] ? console_device+0xc0/0xc0 [ 1934.998796] ? vprintk_emit+0x322/0x930 [ 1935.002771] ? __down_trylock_console_sem+0x155/0x200 [ 1935.007965] ? vprintk_emit+0x268/0x930 [ 1935.011940] ? wake_up_klogd+0x180/0x180 [ 1935.015995] ? __mutex_lock+0x85e/0x1700 [ 1935.020057] ? kernel_text_address+0x79/0xf0 [ 1935.024465] ? get_device_parent.isra.27+0xcd/0x5a0 [ 1935.029478] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1935.035019] ? unwind_get_return_address+0x61/0xa0 [ 1935.039951] kernfs_new_node+0x95/0x120 [ 1935.043924] kernfs_create_dir_ns+0x4d/0x160 [ 1935.048334] sysfs_create_dir_ns+0x19b/0x340 [ 1935.052751] ? sysfs_create_mount_point+0xa0/0xa0 [ 1935.057590] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1935.062342] ? kasan_check_write+0x14/0x20 [ 1935.066574] ? do_raw_spin_lock+0xc1/0x200 [ 1935.070808] ? class_dir_child_ns_type+0xd/0x60 [ 1935.075478] kobject_add_internal.cold.11+0x116/0x6af [ 1935.080669] ? kobj_ns_type_registered+0x60/0x60 [ 1935.085422] ? lock_downgrade+0x900/0x900 [ 1935.089581] ? refcount_add_not_zero_checked+0x330/0x330 [ 1935.095048] ? kasan_check_read+0x11/0x20 [ 1935.099197] kobject_add+0x13f/0x1b0 [ 1935.102913] ? kset_create_and_add+0x190/0x190 [ 1935.107507] ? mutex_unlock+0xd/0x10 [ 1935.111227] device_add+0x3cf/0x17b0 [ 1935.114952] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1935.120056] ? __kmalloc+0x31c/0x760 [ 1935.123770] ? kasan_unpoison_shadow+0x35/0x50 [ 1935.128350] ? kasan_kmalloc+0xc7/0xe0 [ 1935.132231] ? input_register_device+0x59f/0xce0 [ 1935.136993] input_register_device+0x728/0xce0 [ 1935.141575] ? devm_input_allocate_device+0x120/0x120 [ 1935.146767] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1935.151779] ? input_mt_init_slots+0xba/0x4a0 [ 1935.156288] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1935.161557] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1935.166925] ? __fget_light+0x2e9/0x430 [ 1935.170894] ? fget_raw+0x20/0x20 [ 1935.174344] ? __sb_end_write+0xd9/0x110 [ 1935.178405] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1935.183932] ? fput+0x130/0x1a0 [ 1935.187216] ? ksys_write+0x1ae/0x260 [ 1935.191011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1935.196546] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1935.202098] uinput_compat_ioctl+0x6b/0x90 [ 1935.206345] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1935.211109] do_fast_syscall_32+0x34d/0xfb2 [ 1935.215434] ? do_int80_syscall_32+0x890/0x890 [ 1935.220120] ? entry_SYSENTER_compat+0x68/0x7f [ 1935.224702] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1935.229713] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1935.234547] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1935.239380] ? trace_hardirqs_on_caller+0x310/0x310 [ 1935.244392] ? prepare_exit_to_usermode+0x3b0/0x3b0 02:48:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa00]}, 0x48) 02:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x500]}, 0x48) 02:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa]}, 0x48) 02:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x9]}, 0x48) [ 1935.249404] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1935.254419] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1935.259271] entry_SYSENTER_compat+0x70/0x7f [ 1935.263672] RIP: 0023:0xf7f58ca9 [ 1935.267033] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1935.285922] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1935.293629] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:48:29 executing program 5 (fault-call:4 fault-nth:4): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xb0ffffff00000000]}, 0x48) 02:48:29 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x3000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:29 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc00c55ca) [ 1935.300898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1935.308159] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1935.315423] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1935.322682] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1935.329576] kobject_add_internal failed for input446 (error: -12 parent: input) 02:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7000000]}, 0x48) [ 1935.388881] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1935.388881] program syz-executor1 not setting count and/or reply_len properly [ 1935.417328] FAULT_INJECTION: forcing a failure. [ 1935.417328] name failslab, interval 1, probability 0, space 0, times 0 [ 1935.467565] CPU: 1 PID: 31462 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1935.474934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1935.484277] Call Trace: [ 1935.486875] dump_stack+0x1c4/0x2b4 [ 1935.490503] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1935.495704] should_fail.cold.4+0xa/0x17 [ 1935.499767] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1935.504868] ? kasan_kmalloc+0xc7/0xe0 [ 1935.508774] ? __kmalloc_track_caller+0x14a/0x750 [ 1935.513631] ? kstrdup+0x39/0x70 [ 1935.516993] ? kstrdup_const+0x66/0x80 [ 1935.520870] ? __kernfs_new_node+0xe8/0x8d0 [ 1935.525178] ? kernfs_new_node+0x95/0x120 [ 1935.529313] ? kernfs_create_dir_ns+0x4d/0x160 [ 1935.533889] ? sysfs_create_dir_ns+0x19b/0x340 [ 1935.538469] ? kobject_add_internal.cold.11+0x116/0x6af [ 1935.543823] ? device_add+0x3cf/0x17b0 [ 1935.547705] ? input_register_device+0x728/0xce0 [ 1935.552485] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1935.557949] ? uinput_compat_ioctl+0x6b/0x90 [ 1935.562353] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1935.567275] ? do_fast_syscall_32+0x34d/0xfb2 [ 1935.571753] ? entry_SYSENTER_compat+0x70/0x7f [ 1935.576321] ? zap_class+0x640/0x640 [ 1935.580020] ? fs_reclaim_acquire+0x20/0x20 [ 1935.584338] ? zap_class+0x640/0x640 [ 1935.588031] ? fs_reclaim_acquire+0x20/0x20 [ 1935.592337] ? lock_downgrade+0x900/0x900 [ 1935.596478] ? ___might_sleep+0x1ed/0x300 [ 1935.600607] ? arch_local_save_flags+0x40/0x40 [ 1935.605166] ? kasan_kmalloc+0xc7/0xe0 [ 1935.609038] __should_failslab+0x124/0x180 [ 1935.613254] should_failslab+0x9/0x14 [ 1935.617036] kmem_cache_alloc+0x2be/0x730 [ 1935.621168] ? kstrdup+0x59/0x70 [ 1935.624520] __kernfs_new_node+0x127/0x8d0 [ 1935.628734] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1935.633472] ? tick_nohz_tick_stopped+0x1a/0x90 [ 1935.638121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1935.643641] ? irq_work_queue+0x36/0x1d0 [ 1935.647684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1935.653203] ? wake_up_klogd+0x11a/0x180 [ 1935.657249] ? console_device+0xc0/0xc0 [ 1935.661208] ? vprintk_emit+0x322/0x930 [ 1935.665181] ? __down_trylock_console_sem+0x155/0x200 [ 1935.670360] ? vprintk_emit+0x268/0x930 [ 1935.674313] ? wake_up_klogd+0x180/0x180 [ 1935.678355] ? __mutex_lock+0x85e/0x1700 [ 1935.682394] ? kernel_text_address+0x79/0xf0 [ 1935.686782] ? get_device_parent.isra.27+0xcd/0x5a0 [ 1935.691779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1935.697380] ? unwind_get_return_address+0x61/0xa0 [ 1935.702293] kernfs_new_node+0x95/0x120 [ 1935.706246] kernfs_create_dir_ns+0x4d/0x160 [ 1935.710636] sysfs_create_dir_ns+0x19b/0x340 [ 1935.715027] ? sysfs_create_mount_point+0xa0/0xa0 [ 1935.719851] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1935.724589] ? kasan_check_write+0x14/0x20 [ 1935.728814] ? do_raw_spin_lock+0xc1/0x200 [ 1935.733042] ? class_dir_child_ns_type+0xd/0x60 [ 1935.737705] kobject_add_internal.cold.11+0x116/0x6af [ 1935.742873] ? kobj_ns_type_registered+0x60/0x60 [ 1935.747606] ? lock_downgrade+0x900/0x900 [ 1935.751742] ? refcount_add_not_zero_checked+0x330/0x330 [ 1935.757175] ? kasan_check_read+0x11/0x20 [ 1935.761318] kobject_add+0x13f/0x1b0 [ 1935.765016] ? kset_create_and_add+0x190/0x190 [ 1935.769598] ? mutex_unlock+0xd/0x10 [ 1935.773293] device_add+0x3cf/0x17b0 [ 1935.776993] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1935.782080] ? __kmalloc+0x31c/0x760 [ 1935.785776] ? kasan_unpoison_shadow+0x35/0x50 [ 1935.790344] ? kasan_kmalloc+0xc7/0xe0 [ 1935.794223] ? input_register_device+0x59f/0xce0 [ 1935.798965] input_register_device+0x728/0xce0 [ 1935.803536] ? devm_input_allocate_device+0x120/0x120 [ 1935.808714] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1935.813718] ? input_mt_init_slots+0xba/0x4a0 [ 1935.818206] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1935.823467] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1935.828818] ? __fget_light+0x2e9/0x430 [ 1935.832779] ? fget_raw+0x20/0x20 [ 1935.836220] ? __sb_end_write+0xd9/0x110 [ 1935.840270] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1935.845790] ? fput+0x130/0x1a0 [ 1935.849055] ? ksys_write+0x1ae/0x260 [ 1935.852840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1935.858366] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1935.863887] uinput_compat_ioctl+0x6b/0x90 [ 1935.868109] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1935.872852] do_fast_syscall_32+0x34d/0xfb2 [ 1935.877160] ? do_int80_syscall_32+0x890/0x890 [ 1935.881730] ? entry_SYSENTER_compat+0x68/0x7f [ 1935.886297] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1935.891294] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1935.896121] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1935.900945] ? trace_hardirqs_on_caller+0x310/0x310 [ 1935.905947] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1935.910961] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1935.915964] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1935.920798] entry_SYSENTER_compat+0x70/0x7f [ 1935.925207] RIP: 0023:0xf7f58ca9 [ 1935.928653] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1935.947537] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1935.955228] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1935.962480] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1935.969731] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1935.976983] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1935.984233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1936.011631] kobject_add_internal failed for input449 (error: -12 parent: input) 02:48:30 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x300}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:30 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000600000"], 0x2e) 02:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x9000000]}, 0x48) 02:48:30 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556e) 02:48:30 executing program 5 (fault-call:4 fault-nth:5): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1936.201222] FAULT_INJECTION: forcing a failure. [ 1936.201222] name failslab, interval 1, probability 0, space 0, times 0 [ 1936.208073] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1936.208073] program syz-executor1 not setting count and/or reply_len properly [ 1936.212489] CPU: 1 PID: 31477 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1936.235512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1936.244854] Call Trace: [ 1936.244873] dump_stack+0x1c4/0x2b4 02:48:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x2}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:30 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1936.244889] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1936.251058] ? mark_held_locks+0x130/0x130 [ 1936.251077] should_fail.cold.4+0xa/0x17 [ 1936.251094] ? check_preemption_disabled+0x48/0x200 [ 1936.269523] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1936.274628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1936.280174] ? check_preemption_disabled+0x48/0x200 [ 1936.285195] ? debug_smp_processor_id+0x1c/0x20 [ 1936.289858] ? perf_trace_lock+0x14d/0x7a0 [ 1936.289867] ? zap_class+0x640/0x640 [ 1936.289882] ? zap_class+0x640/0x640 [ 1936.297784] ? zap_class+0x640/0x640 [ 1936.297803] ? mark_held_locks+0x130/0x130 [ 1936.309414] ? debug_smp_processor_id+0x1c/0x20 [ 1936.314112] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1936.319124] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 1936.323885] ? zap_class+0x640/0x640 [ 1936.327605] __should_failslab+0x124/0x180 [ 1936.331844] should_failslab+0x9/0x14 [ 1936.335657] kmem_cache_alloc+0x47/0x730 [ 1936.339730] ? plist_requeue+0x620/0x620 [ 1936.343795] ? kasan_check_read+0x11/0x20 02:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3000000000000000]}, 0x48) [ 1936.347945] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 1936.353221] radix_tree_node_alloc.constprop.18+0x1f7/0x370 [ 1936.358932] idr_get_free+0x725/0xec0 [ 1936.362733] ? ida_pre_get+0x130/0x130 [ 1936.362751] ? save_stack+0xa9/0xd0 [ 1936.362764] ? save_stack+0x43/0xd0 [ 1936.373842] ? kasan_kmalloc+0xc7/0xe0 [ 1936.373854] ? kasan_slab_alloc+0x12/0x20 [ 1936.373870] ? kmem_cache_alloc+0x12e/0x730 [ 1936.381860] ? __kernfs_new_node+0x127/0x8d0 [ 1936.381873] ? kernfs_new_node+0x95/0x120 [ 1936.381886] ? kernfs_create_dir_ns+0x4d/0x160 02:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 1936.381898] ? sysfs_create_dir_ns+0x19b/0x340 [ 1936.381909] ? kobject_add_internal.cold.11+0x116/0x6af [ 1936.381920] ? kobject_add+0x13f/0x1b0 [ 1936.381933] ? device_add+0x3cf/0x17b0 [ 1936.381950] ? input_register_device+0x728/0xce0 [ 1936.413111] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1936.427157] ? uinput_compat_ioctl+0x6b/0x90 [ 1936.431563] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1936.436488] ? do_fast_syscall_32+0x34d/0xfb2 [ 1936.436503] ? entry_SYSENTER_compat+0x70/0x7f [ 1936.436524] idr_alloc_u32+0x201/0x3f0 02:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xd000000]}, 0x48) [ 1936.449429] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 1936.454285] ? lock_acquire+0x1ed/0x520 [ 1936.458256] ? __kernfs_new_node+0x14e/0x8d0 [ 1936.462662] ? __kernfs_new_node+0x127/0x8d0 [ 1936.467071] idr_alloc_cyclic+0x166/0x350 [ 1936.471216] ? idr_alloc+0x1b0/0x1b0 [ 1936.474925] ? kasan_check_write+0x14/0x20 [ 1936.479162] ? do_raw_spin_lock+0xc1/0x200 [ 1936.483414] __kernfs_new_node+0x1ee/0x8d0 [ 1936.487644] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1936.492396] ? console_trylock+0x15/0xa0 [ 1936.492413] ? __bpf_trace_preemptirq_template+0x30/0x30 02:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) [ 1936.492429] ? preempt_count_add+0x7d/0x160 [ 1936.492442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1936.492457] ? wake_up_klogd+0x11a/0x180 [ 1936.511746] ? console_device+0xc0/0xc0 [ 1936.511759] ? vprintk_emit+0x322/0x930 [ 1936.511775] ? __down_trylock_console_sem+0x155/0x200 [ 1936.511791] ? vprintk_emit+0x268/0x930 [ 1936.511807] ? wake_up_klogd+0x180/0x180 [ 1936.529060] ? __mutex_lock+0x85e/0x1700 [ 1936.529073] ? kernel_text_address+0x79/0xf0 [ 1936.529090] ? get_device_parent.isra.27+0xcd/0x5a0 [ 1936.550511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1936.556051] ? unwind_get_return_address+0x61/0xa0 [ 1936.560982] kernfs_new_node+0x95/0x120 [ 1936.564962] kernfs_create_dir_ns+0x4d/0x160 [ 1936.569385] sysfs_create_dir_ns+0x19b/0x340 [ 1936.573796] ? sysfs_create_mount_point+0xa0/0xa0 [ 1936.578639] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1936.583396] ? kasan_check_write+0x14/0x20 [ 1936.587628] ? do_raw_spin_lock+0xc1/0x200 [ 1936.591866] ? class_dir_child_ns_type+0xd/0x60 [ 1936.596531] kobject_add_internal.cold.11+0x116/0x6af [ 1936.601719] ? kobj_ns_type_registered+0x60/0x60 [ 1936.606473] ? lock_downgrade+0x900/0x900 [ 1936.610616] ? refcount_add_not_zero_checked+0x330/0x330 [ 1936.616058] ? kasan_check_read+0x11/0x20 [ 1936.620190] kobject_add+0x13f/0x1b0 [ 1936.623916] ? kset_create_and_add+0x190/0x190 [ 1936.628501] ? mutex_unlock+0xd/0x10 [ 1936.632221] device_add+0x3cf/0x17b0 [ 1936.635943] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1936.641047] ? __kmalloc+0x31c/0x760 [ 1936.644759] ? kasan_unpoison_shadow+0x35/0x50 [ 1936.649338] ? kasan_kmalloc+0xc7/0xe0 [ 1936.653248] ? input_register_device+0x59f/0xce0 [ 1936.657998] input_register_device+0x728/0xce0 [ 1936.662578] ? devm_input_allocate_device+0x120/0x120 [ 1936.667766] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1936.672774] ? input_mt_init_slots+0xba/0x4a0 [ 1936.677282] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1936.682565] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1936.687958] ? __fget_light+0x2e9/0x430 [ 1936.691930] ? fget_raw+0x20/0x20 [ 1936.695384] ? __sb_end_write+0xd9/0x110 [ 1936.699449] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1936.704978] ? fput+0x130/0x1a0 [ 1936.708256] ? ksys_write+0x1ae/0x260 [ 1936.712057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1936.717596] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1936.723137] uinput_compat_ioctl+0x6b/0x90 [ 1936.727378] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1936.732147] do_fast_syscall_32+0x34d/0xfb2 [ 1936.736468] ? do_int80_syscall_32+0x890/0x890 [ 1936.741049] ? entry_SYSENTER_compat+0x68/0x7f [ 1936.745632] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1936.750667] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1936.755500] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1936.760343] ? trace_hardirqs_on_caller+0x310/0x310 [ 1936.765370] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1936.770383] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1936.775418] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1936.780358] entry_SYSENTER_compat+0x70/0x7f [ 1936.784765] RIP: 0023:0xf7f58ca9 [ 1936.788132] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1936.807131] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1936.814837] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1936.822097] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1936.829370] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1936.836635] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1936.843901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1936.869147] input: syz0 as /devices/virtual/input/input452 02:48:31 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5000]}, 0x48) 02:48:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x34000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:31 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556b) 02:48:31 executing program 5 (fault-call:4 fault-nth:6): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5507) 02:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x700]}, 0x48) [ 1937.171275] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1937.171275] program syz-executor1 not setting count and/or reply_len properly [ 1937.190716] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1937.190716] program syz-executor1 not setting count and/or reply_len properly [ 1937.206825] FAULT_INJECTION: forcing a failure. [ 1937.206825] name failslab, interval 1, probability 0, space 0, times 0 02:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xc00]}, 0x48) [ 1937.247212] CPU: 1 PID: 31519 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1937.254606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1937.263964] Call Trace: [ 1937.266546] dump_stack+0x1c4/0x2b4 [ 1937.270183] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1937.275377] should_fail.cold.4+0xa/0x17 [ 1937.275410] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1937.284531] ? kernfs_activate+0x8e/0x2c0 [ 1937.288679] ? mutex_trylock+0x2b0/0x2b0 [ 1937.292754] ? __mutex_lock+0x85e/0x1700 [ 1937.292769] ? zap_class+0x640/0x640 [ 1937.292794] ? kernfs_activate+0x21a/0x2c0 [ 1937.300528] ? lock_downgrade+0x900/0x900 [ 1937.300542] ? zap_class+0x640/0x640 [ 1937.300558] ? fs_reclaim_acquire+0x20/0x20 [ 1937.308898] ? lock_downgrade+0x900/0x900 [ 1937.308916] ? ___might_sleep+0x1ed/0x300 [ 1937.316898] ? arch_local_save_flags+0x40/0x40 [ 1937.316909] ? kasan_check_write+0x14/0x20 [ 1937.316927] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1937.325176] __should_failslab+0x124/0x180 [ 1937.325190] should_failslab+0x9/0x14 [ 1937.346868] kmem_cache_alloc+0x2be/0x730 [ 1937.351013] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1937.355941] ? vprintk_emit+0x322/0x930 [ 1937.359928] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1937.364942] __kernfs_new_node+0x127/0x8d0 [ 1937.369172] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1937.373924] ? mutex_unlock+0xd/0x10 [ 1937.377636] ? kernfs_activate+0x21a/0x2c0 [ 1937.381871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1937.387409] ? check_preemption_disabled+0x48/0x200 [ 1937.392424] ? debug_smp_processor_id+0x1c/0x20 [ 1937.397092] ? perf_trace_lock+0x14d/0x7a0 [ 1937.401326] ? zap_class+0x640/0x640 [ 1937.405068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1937.410608] ? kernfs_create_dir_ns+0x10c/0x160 [ 1937.415275] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1937.420819] kernfs_new_node+0x95/0x120 [ 1937.424798] __kernfs_create_file+0x5a/0x340 [ 1937.429220] sysfs_add_file_mode_ns+0x222/0x530 [ 1937.433897] sysfs_create_file_ns+0x1a3/0x270 [ 1937.438395] ? __down_interruptible+0x700/0x700 [ 1937.443065] ? sysfs_add_file_mode_ns+0x530/0x530 [ 1937.447903] ? kobject_add+0x14c/0x1b0 [ 1937.451787] ? up_read+0x1a/0x110 [ 1937.455245] device_create_file+0xf4/0x1e0 [ 1937.459547] ? acpi_bind_one+0x8e0/0x8e0 [ 1937.463611] device_add+0x416/0x17b0 [ 1937.467334] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1937.472445] ? __kmalloc+0x31c/0x760 [ 1937.476291] ? kasan_unpoison_shadow+0x35/0x50 [ 1937.480878] ? kasan_kmalloc+0xc7/0xe0 [ 1937.484765] ? input_register_device+0x59f/0xce0 [ 1937.489524] input_register_device+0x728/0xce0 [ 1937.494106] ? devm_input_allocate_device+0x120/0x120 [ 1937.499303] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1937.504321] ? input_mt_init_slots+0xba/0x4a0 [ 1937.508835] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1937.514116] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1937.519481] ? __fget_light+0x2e9/0x430 [ 1937.523454] ? fget_raw+0x20/0x20 [ 1937.526904] ? __sb_end_write+0xd9/0x110 [ 1937.530970] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1937.536500] ? fput+0x130/0x1a0 [ 1937.539775] ? ksys_write+0x1ae/0x260 02:48:31 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000030000"], 0x2e) [ 1937.543581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1937.549126] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1937.554659] uinput_compat_ioctl+0x6b/0x90 [ 1937.558894] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1937.563655] do_fast_syscall_32+0x34d/0xfb2 [ 1937.568071] ? do_int80_syscall_32+0x890/0x890 [ 1937.572661] ? entry_SYSENTER_compat+0x68/0x7f [ 1937.577248] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1937.582282] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1937.587123] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1937.591957] ? trace_hardirqs_on_caller+0x310/0x310 [ 1937.596962] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1937.601967] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1937.601981] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1937.601997] entry_SYSENTER_compat+0x70/0x7f [ 1937.616212] RIP: 0023:0xf7f58ca9 [ 1937.619578] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1937.620121] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:48:31 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc0189436) [ 1937.620121] program syz-executor1 not setting count and/or reply_len properly [ 1937.638469] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1937.638483] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1937.638490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1937.638497] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1937.638504] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1937.638516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1937.710485] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1937.710485] program syz-executor1 not setting count and/or reply_len properly 02:48:32 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, r0) 02:48:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf00000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x2]}, 0x48) 02:48:32 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40049409) 02:48:32 executing program 5 (fault-call:4 fault-nth:7): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1938.001042] FAULT_INJECTION: forcing a failure. [ 1938.001042] name failslab, interval 1, probability 0, space 0, times 0 [ 1938.020821] CPU: 0 PID: 31557 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1938.028202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1938.037550] Call Trace: [ 1938.040146] dump_stack+0x1c4/0x2b4 [ 1938.043780] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1938.048979] should_fail.cold.4+0xa/0x17 [ 1938.053046] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1938.058147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1938.063704] ? check_preemption_disabled+0x48/0x200 [ 1938.068718] ? debug_smp_processor_id+0x1c/0x20 [ 1938.073389] ? perf_trace_lock+0x14d/0x7a0 [ 1938.077637] ? arch_local_save_flags+0x40/0x40 [ 1938.082223] ? zap_class+0x640/0x640 [ 1938.085949] ? check_preemption_disabled+0x48/0x200 [ 1938.090967] ? zap_class+0x640/0x640 [ 1938.094682] ? fs_reclaim_acquire+0x20/0x20 [ 1938.099002] ? lock_downgrade+0x900/0x900 [ 1938.103167] ? ___might_sleep+0x1ed/0x300 [ 1938.107318] ? arch_local_save_flags+0x40/0x40 [ 1938.111899] ? __mutex_lock+0x85e/0x1700 [ 1938.115960] ? mark_held_locks+0x130/0x130 [ 1938.120186] ? zap_class+0x640/0x640 [ 1938.123901] __should_failslab+0x124/0x180 [ 1938.128133] should_failslab+0x9/0x14 [ 1938.131932] __kmalloc_track_caller+0x2d0/0x750 [ 1938.136595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1938.142128] ? check_preemption_disabled+0x48/0x200 [ 1938.147144] ? zap_class+0x640/0x640 02:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe]}, 0x48) [ 1938.151068] ? kstrdup_const+0x66/0x80 [ 1938.154973] kstrdup+0x39/0x70 [ 1938.158162] kstrdup_const+0x66/0x80 [ 1938.161873] __kernfs_new_node+0xe8/0x8d0 [ 1938.166022] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1938.170778] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1938.175613] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1938.175628] ? wait_for_completion+0x8a0/0x8a0 [ 1938.175646] ? zap_class+0x640/0x640 [ 1938.188812] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1938.194701] ? lock_downgrade+0x900/0x900 02:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xd0ffffff00000000]}, 0x48) 02:48:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xffffff7f}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1938.198842] kernfs_new_node+0x95/0x120 [ 1938.202816] kernfs_create_link+0xdb/0x250 [ 1938.207054] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1938.211463] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1938.211463] program syz-executor1 not setting count and/or reply_len properly [ 1938.212326] sysfs_create_link+0x65/0xc0 [ 1938.232048] device_add+0x5d0/0x17b0 [ 1938.235769] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1938.240869] ? __kmalloc+0x31c/0x760 [ 1938.244577] ? kasan_unpoison_shadow+0x35/0x50 02:48:32 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4008556c) [ 1938.249176] ? kasan_kmalloc+0xc7/0xe0 [ 1938.253058] ? input_register_device+0x59f/0xce0 [ 1938.257820] input_register_device+0x728/0xce0 [ 1938.262398] ? devm_input_allocate_device+0x120/0x120 [ 1938.267577] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1938.272589] ? input_mt_init_slots+0xba/0x4a0 [ 1938.277087] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1938.282363] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1938.287735] ? __fget_light+0x2e9/0x430 [ 1938.291725] ? fget_raw+0x20/0x20 [ 1938.295181] ? __sb_end_write+0xd9/0x110 [ 1938.299251] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1938.304781] ? fput+0x130/0x1a0 [ 1938.304800] ? ksys_write+0x1ae/0x260 [ 1938.311838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1938.311855] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1938.311871] uinput_compat_ioctl+0x6b/0x90 [ 1938.327145] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1938.331913] do_fast_syscall_32+0x34d/0xfb2 [ 1938.336256] ? do_int80_syscall_32+0x890/0x890 [ 1938.340837] ? entry_SYSENTER_compat+0x68/0x7f [ 1938.345421] ? trace_hardirqs_off_caller+0xbb/0x310 02:48:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x4000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1938.350453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1938.355292] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1938.360136] ? trace_hardirqs_on_caller+0x310/0x310 [ 1938.360149] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1938.360165] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1938.370173] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1938.379988] entry_SYSENTER_compat+0x70/0x7f [ 1938.384392] RIP: 0023:0xf7f58ca9 [ 1938.387752] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1938.406648] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1938.413234] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1938.413234] program syz-executor1 not setting count and/or reply_len properly [ 1938.414354] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1938.414363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1938.414369] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1938.414384] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1938.437322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:32 executing program 5 (fault-call:4 fault-nth:8): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:32 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xfffffffffffff000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x10000000]}, 0x48) 02:48:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:32 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5421) [ 1938.926993] FAULT_INJECTION: forcing a failure. [ 1938.926993] name failslab, interval 1, probability 0, space 0, times 0 [ 1938.962939] CPU: 1 PID: 31596 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1938.970333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1938.979680] Call Trace: [ 1938.982529] dump_stack+0x1c4/0x2b4 [ 1938.986176] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1938.991378] should_fail.cold.4+0xa/0x17 [ 1938.995444] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1939.000542] ? kasan_kmalloc+0xc7/0xe0 [ 1939.004429] ? __kmalloc_track_caller+0x14a/0x750 [ 1939.009269] ? kstrdup+0x39/0x70 [ 1939.012636] ? kstrdup_const+0x66/0x80 [ 1939.016523] ? __kernfs_new_node+0xe8/0x8d0 [ 1939.020839] ? kernfs_new_node+0x95/0x120 [ 1939.024981] ? kernfs_create_link+0xdb/0x250 [ 1939.029388] ? sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1939.034834] ? sysfs_create_link+0x65/0xc0 [ 1939.039070] ? input_register_device+0x728/0xce0 [ 1939.043824] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1939.049271] ? uinput_compat_ioctl+0x6b/0x90 [ 1939.053709] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1939.058643] ? do_fast_syscall_32+0x34d/0xfb2 [ 1939.063145] ? entry_SYSENTER_compat+0x70/0x7f [ 1939.067734] ? fs_reclaim_acquire+0x20/0x20 [ 1939.072063] ? zap_class+0x640/0x640 [ 1939.075783] ? fs_reclaim_acquire+0x20/0x20 [ 1939.080118] ? lock_downgrade+0x900/0x900 [ 1939.084279] ? ___might_sleep+0x1ed/0x300 [ 1939.088432] ? arch_local_save_flags+0x40/0x40 [ 1939.093030] ? kasan_kmalloc+0xc7/0xe0 [ 1939.096932] __should_failslab+0x124/0x180 [ 1939.101169] should_failslab+0x9/0x14 [ 1939.104966] kmem_cache_alloc+0x2be/0x730 [ 1939.109120] ? kstrdup+0x59/0x70 [ 1939.112503] __kernfs_new_node+0x127/0x8d0 [ 1939.116738] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1939.121494] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1939.126342] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1939.131277] ? wait_for_completion+0x8a0/0x8a0 [ 1939.135865] ? zap_class+0x640/0x640 [ 1939.139607] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1939.145061] ? lock_downgrade+0x900/0x900 [ 1939.149215] kernfs_new_node+0x95/0x120 [ 1939.153450] kernfs_create_link+0xdb/0x250 [ 1939.157787] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1939.163071] sysfs_create_link+0x65/0xc0 [ 1939.167153] device_add+0x5d0/0x17b0 [ 1939.170895] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1939.176000] ? __kmalloc+0x31c/0x760 [ 1939.179726] ? kasan_unpoison_shadow+0x35/0x50 [ 1939.184326] ? kasan_kmalloc+0xc7/0xe0 [ 1939.188209] ? input_register_device+0x59f/0xce0 [ 1939.192981] input_register_device+0x728/0xce0 [ 1939.197580] ? devm_input_allocate_device+0x120/0x120 [ 1939.202768] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1939.207785] ? input_mt_init_slots+0xba/0x4a0 [ 1939.212290] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1939.217565] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1939.222934] ? __fget_light+0x2e9/0x430 [ 1939.226909] ? fget_raw+0x20/0x20 [ 1939.230362] ? __sb_end_write+0xd9/0x110 [ 1939.234431] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1939.239968] ? fput+0x130/0x1a0 [ 1939.243257] ? ksys_write+0x1ae/0x260 [ 1939.247058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1939.252602] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1939.258142] uinput_compat_ioctl+0x6b/0x90 [ 1939.262382] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1939.267156] do_fast_syscall_32+0x34d/0xfb2 [ 1939.271485] ? do_int80_syscall_32+0x890/0x890 [ 1939.276070] ? entry_SYSENTER_compat+0x68/0x7f [ 1939.280654] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1939.285678] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1939.290516] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1939.295362] ? trace_hardirqs_on_caller+0x310/0x310 [ 1939.300381] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1939.305400] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1939.310420] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1939.315265] entry_SYSENTER_compat+0x70/0x7f [ 1939.319674] RIP: 0023:0xf7f58ca9 02:48:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000068"], 0x2e) 02:48:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000400"], 0x2e) 02:48:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000006c00"], 0x2e) [ 1939.323045] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1939.342165] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1939.349879] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1939.357141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1939.364403] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1939.371662] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:48:33 executing program 5 (fault-call:4 fault-nth:9): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1939.371670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1939.434859] FAULT_INJECTION: forcing a failure. [ 1939.434859] name failslab, interval 1, probability 0, space 0, times 0 [ 1939.446293] CPU: 0 PID: 31625 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1939.453648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1939.462978] Call Trace: [ 1939.465555] dump_stack+0x1c4/0x2b4 [ 1939.469169] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1939.474350] should_fail.cold.4+0xa/0x17 [ 1939.478407] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1939.483490] ? kasan_check_read+0x11/0x20 [ 1939.487621] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 1939.492881] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1939.498401] ? delete_node+0x30e/0xd20 [ 1939.502268] ? unwind_dump+0x190/0x190 [ 1939.506148] ? idr_destroy+0x1c0/0x1c0 [ 1939.510035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1939.515578] ? zap_class+0x640/0x640 [ 1939.519280] ? fs_reclaim_acquire+0x20/0x20 [ 1939.523584] ? lock_downgrade+0x900/0x900 [ 1939.527725] ? ___might_sleep+0x1ed/0x300 [ 1939.531854] ? arch_local_save_flags+0x40/0x40 [ 1939.536428] __should_failslab+0x124/0x180 [ 1939.540648] should_failslab+0x9/0x14 [ 1939.544426] kmem_cache_alloc+0x2be/0x730 [ 1939.548578] ? ___ratelimit.cold.2+0x6b/0x6b [ 1939.552973] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1939.557981] __kernfs_new_node+0x127/0x8d0 [ 1939.562214] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1939.566950] ? kernfs_activate+0x21a/0x2c0 [ 1939.571174] ? lock_downgrade+0x900/0x900 [ 1939.575306] ? zap_class+0x640/0x640 [ 1939.579009] ? lock_downgrade+0x900/0x900 [ 1939.583136] ? do_raw_spin_lock+0xc1/0x200 [ 1939.587354] ? kasan_check_write+0x14/0x20 [ 1939.591591] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1939.596501] ? __kernfs_new_node+0x697/0x8d0 [ 1939.600902] ? wait_for_completion+0x8a0/0x8a0 [ 1939.605463] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1939.610282] kernfs_new_node+0x95/0x120 [ 1939.614236] __kernfs_create_file+0x5a/0x340 [ 1939.618625] sysfs_add_file_mode_ns+0x222/0x530 [ 1939.623293] internal_create_group+0x3df/0xd80 [ 1939.627865] ? remove_files.isra.1+0x190/0x190 [ 1939.632428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1939.637943] ? kernfs_create_link+0x1d4/0x250 [ 1939.642422] sysfs_create_groups+0x9b/0x141 [ 1939.646729] device_add+0x6d8/0x17b0 [ 1939.650427] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1939.655508] ? __kmalloc+0x31c/0x760 [ 1939.659196] ? kasan_unpoison_shadow+0x35/0x50 [ 1939.663758] ? kasan_kmalloc+0xc7/0xe0 [ 1939.667629] ? input_register_device+0x59f/0xce0 [ 1939.672365] input_register_device+0x728/0xce0 [ 1939.676929] ? devm_input_allocate_device+0x120/0x120 [ 1939.682102] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1939.687100] ? input_mt_init_slots+0xba/0x4a0 [ 1939.691577] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1939.696842] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1939.702194] ? __fget_light+0x2e9/0x430 [ 1939.706144] ? fget_raw+0x20/0x20 [ 1939.709574] ? __sb_end_write+0xd9/0x110 [ 1939.713616] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1939.719140] ? fput+0x130/0x1a0 [ 1939.722405] ? ksys_write+0x1ae/0x260 [ 1939.726185] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1939.731703] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1939.737217] uinput_compat_ioctl+0x6b/0x90 [ 1939.741431] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1939.746181] do_fast_syscall_32+0x34d/0xfb2 [ 1939.750495] ? do_int80_syscall_32+0x890/0x890 [ 1939.755079] ? entry_SYSENTER_compat+0x68/0x7f [ 1939.759643] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1939.764636] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1939.769452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1939.774271] ? trace_hardirqs_on_caller+0x310/0x310 [ 1939.779267] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1939.784291] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1939.789315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1939.794157] entry_SYSENTER_compat+0x70/0x7f [ 1939.798558] RIP: 0023:0xf7f58ca9 [ 1939.801910] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1939.820791] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1939.828481] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1939.835727] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1939.843100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1939.850351] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1939.857604] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xff00]}, 0x48) 02:48:34 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045569) 02:48:34 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xfffff000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:34 executing program 5 (fault-call:4 fault-nth:10): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4020940d) [ 1940.085710] sg_write: 7 callbacks suppressed [ 1940.085720] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1940.085720] program syz-executor1 not setting count and/or reply_len properly 02:48:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x40000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x10]}, 0x48) [ 1940.129980] FAULT_INJECTION: forcing a failure. [ 1940.129980] name failslab, interval 1, probability 0, space 0, times 0 [ 1940.181123] CPU: 1 PID: 31636 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1940.188506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1940.197852] Call Trace: [ 1940.200442] dump_stack+0x1c4/0x2b4 [ 1940.204080] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1940.209281] should_fail.cold.4+0xa/0x17 [ 1940.209299] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1940.218421] ? perf_trace_lock+0x14d/0x7a0 [ 1940.218436] ? lock_release+0x970/0x970 [ 1940.226612] ? arch_local_save_flags+0x40/0x40 [ 1940.231199] ? zap_class+0x640/0x640 [ 1940.234914] ? check_preemption_disabled+0x48/0x200 [ 1940.239941] ? kernfs_activate+0x8e/0x2c0 [ 1940.244082] ? zap_class+0x640/0x640 [ 1940.244098] ? fs_reclaim_acquire+0x20/0x20 [ 1940.244110] ? lock_downgrade+0x900/0x900 [ 1940.244126] ? __mutex_lock+0x85e/0x1700 [ 1940.260297] ? ___might_sleep+0x1ed/0x300 [ 1940.260313] ? arch_local_save_flags+0x40/0x40 [ 1940.269007] ? kernfs_activate+0x21a/0x2c0 [ 1940.273272] __should_failslab+0x124/0x180 [ 1940.277505] should_failslab+0x9/0x14 [ 1940.281308] kmem_cache_alloc+0x2be/0x730 [ 1940.285467] ? lock_downgrade+0x900/0x900 [ 1940.289610] ? do_raw_spin_lock+0xc1/0x200 [ 1940.293839] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1940.298865] __kernfs_new_node+0x127/0x8d0 [ 1940.303113] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1940.307882] ? kernfs_activate+0x21a/0x2c0 [ 1940.312119] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1940.317063] ? wait_for_completion+0x8a0/0x8a0 [ 1940.321666] ? mutex_unlock+0xd/0x10 [ 1940.325379] ? kernfs_activate+0x21a/0x2c0 [ 1940.329617] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1940.334464] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1940.339995] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1940.344581] kernfs_new_node+0x95/0x120 [ 1940.348558] __kernfs_create_file+0x5a/0x340 [ 1940.352991] sysfs_add_file_mode_ns+0x222/0x530 [ 1940.357680] internal_create_group+0x3df/0xd80 [ 1940.362270] ? remove_files.isra.1+0x190/0x190 [ 1940.366867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1940.372404] ? kernfs_create_link+0x1d4/0x250 [ 1940.376911] sysfs_create_groups+0x9b/0x141 02:48:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x6000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:34 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556d) [ 1940.381240] device_add+0x6d8/0x17b0 [ 1940.384961] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1940.390085] ? __kmalloc+0x31c/0x760 [ 1940.393805] ? kasan_unpoison_shadow+0x35/0x50 [ 1940.398388] ? kasan_kmalloc+0xc7/0xe0 [ 1940.402281] ? input_register_device+0x59f/0xce0 [ 1940.407046] input_register_device+0x728/0xce0 [ 1940.411636] ? devm_input_allocate_device+0x120/0x120 [ 1940.416848] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1940.421875] ? input_mt_init_slots+0xba/0x4a0 [ 1940.426367] uinput_ioctl_handler.isra.10+0xb88/0x2540 02:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe000000]}, 0x48) [ 1940.426381] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1940.426399] ? __fget_light+0x2e9/0x430 [ 1940.440990] ? fget_raw+0x20/0x20 [ 1940.444449] ? __sb_end_write+0xd9/0x110 [ 1940.448513] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1940.454050] ? fput+0x130/0x1a0 [ 1940.454066] ? ksys_write+0x1ae/0x260 [ 1940.454081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1940.454098] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1940.454111] uinput_compat_ioctl+0x6b/0x90 [ 1940.454128] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1940.454146] do_fast_syscall_32+0x34d/0xfb2 [ 1940.454167] ? do_int80_syscall_32+0x890/0x890 [ 1940.461230] ? entry_SYSENTER_compat+0x68/0x7f [ 1940.485534] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1940.485549] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1940.485565] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1940.504525] ? trace_hardirqs_on_caller+0x310/0x310 [ 1940.504541] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1940.504558] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1940.519380] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1940.529233] entry_SYSENTER_compat+0x70/0x7f [ 1940.533634] RIP: 0023:0xf7f58ca9 [ 1940.536999] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1940.537016] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1940.537031] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1940.537038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 02:48:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556c) 02:48:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x425b}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1940.537050] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1940.585397] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1940.592666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1940.602104] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1940.602104] program syz-executor1 not setting count and/or reply_len properly 02:48:35 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:35 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000074"], 0x2e) 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5000000]}, 0x48) 02:48:35 executing program 5 (fault-call:4 fault-nth:11): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x400300}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x8004552d) 02:48:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045564) 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1000000]}, 0x48) [ 1941.054758] FAULT_INJECTION: forcing a failure. [ 1941.054758] name failslab, interval 1, probability 0, space 0, times 0 [ 1941.080445] CPU: 1 PID: 31690 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1941.085876] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1941.085876] program syz-executor1 not setting count and/or reply_len properly [ 1941.087828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1941.087834] Call Trace: [ 1941.087868] dump_stack+0x1c4/0x2b4 [ 1941.119086] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1941.124280] should_fail.cold.4+0xa/0x17 [ 1941.124297] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1941.133427] ? perf_trace_lock+0x14d/0x7a0 [ 1941.137660] ? lock_release+0x970/0x970 [ 1941.141630] ? arch_local_save_flags+0x40/0x40 [ 1941.141645] ? zap_class+0x640/0x640 [ 1941.141662] ? check_preemption_disabled+0x48/0x200 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5]}, 0x48) 02:48:35 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000006"], 0x2e) [ 1941.141686] ? kernfs_activate+0x8e/0x2c0 [ 1941.159100] ? zap_class+0x640/0x640 [ 1941.162823] ? fs_reclaim_acquire+0x20/0x20 [ 1941.167152] ? lock_downgrade+0x900/0x900 [ 1941.171293] ? __mutex_lock+0x85e/0x1700 [ 1941.171311] ? ___might_sleep+0x1ed/0x300 [ 1941.171328] ? arch_local_save_flags+0x40/0x40 [ 1941.184061] ? kernfs_activate+0x21a/0x2c0 [ 1941.188299] __should_failslab+0x124/0x180 [ 1941.192538] should_failslab+0x9/0x14 [ 1941.196346] kmem_cache_alloc+0x2be/0x730 [ 1941.200499] ? lock_downgrade+0x900/0x900 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x30]}, 0x48) 02:48:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5525) [ 1941.204655] ? do_raw_spin_lock+0xc1/0x200 [ 1941.208890] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1941.213910] __kernfs_new_node+0x127/0x8d0 [ 1941.214785] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1941.214785] program syz-executor1 not setting count and/or reply_len properly [ 1941.218155] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1941.218169] ? kernfs_activate+0x21a/0x2c0 [ 1941.218193] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1941.247742] ? wait_for_completion+0x8a0/0x8a0 [ 1941.252336] ? mutex_unlock+0xd/0x10 [ 1941.256050] ? kernfs_activate+0x21a/0x2c0 [ 1941.260290] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1941.265136] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1941.270669] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1941.270687] kernfs_new_node+0x95/0x120 [ 1941.270708] __kernfs_create_file+0x5a/0x340 [ 1941.270724] sysfs_add_file_mode_ns+0x222/0x530 [ 1941.283629] internal_create_group+0x3df/0xd80 [ 1941.283662] ? remove_files.isra.1+0x190/0x190 [ 1941.283680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1941.292877] ? kernfs_create_link+0x1d4/0x250 [ 1941.292893] sysfs_create_groups+0x9b/0x141 [ 1941.292910] device_add+0x6d8/0x17b0 [ 1941.302981] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1941.311764] ? __kmalloc+0x31c/0x760 [ 1941.311776] ? kasan_unpoison_shadow+0x35/0x50 [ 1941.311787] ? kasan_kmalloc+0xc7/0xe0 [ 1941.311804] ? input_register_device+0x59f/0xce0 [ 1941.324265] input_register_device+0x728/0xce0 [ 1941.324281] ? devm_input_allocate_device+0x120/0x120 [ 1941.324295] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1941.332718] ? input_mt_init_slots+0xba/0x4a0 [ 1941.332736] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1941.332751] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1941.332773] ? __fget_light+0x2e9/0x430 [ 1941.342061] ? fget_raw+0x20/0x20 [ 1941.342075] ? __sb_end_write+0xd9/0x110 [ 1941.342089] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1941.342100] ? fput+0x130/0x1a0 [ 1941.352270] ? ksys_write+0x1ae/0x260 [ 1941.352282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1941.352298] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1941.362037] uinput_compat_ioctl+0x6b/0x90 [ 1941.362053] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1941.362071] do_fast_syscall_32+0x34d/0xfb2 [ 1941.362086] ? do_int80_syscall_32+0x890/0x890 [ 1941.371387] ? entry_SYSENTER_compat+0x68/0x7f [ 1941.371401] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1941.371416] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1941.371427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1941.371441] ? trace_hardirqs_on_caller+0x310/0x310 [ 1941.384418] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1941.384435] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1941.397088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1941.397110] entry_SYSENTER_compat+0x70/0x7f [ 1941.415874] RIP: 0023:0xf7f58ca9 [ 1941.415889] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1941.415907] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1941.467399] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:48:35 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x900000000000000]}, 0x48) 02:48:35 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000300"], 0x2e) 02:48:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556a) 02:48:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x2000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:35 executing program 5 (fault-call:4 fault-nth:12): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1941.467408] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1941.467415] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1941.467421] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1941.467432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1941.571387] FAULT_INJECTION: forcing a failure. [ 1941.571387] name failslab, interval 1, probability 0, space 0, times 0 [ 1941.586977] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1941.586977] program syz-executor1 not setting count and/or reply_len properly [ 1941.595257] CPU: 1 PID: 31721 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1941.610037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x600]}, 0x48) [ 1941.619376] Call Trace: [ 1941.619396] dump_stack+0x1c4/0x2b4 [ 1941.619413] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1941.630767] should_fail.cold.4+0xa/0x17 [ 1941.630783] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1941.630800] ? perf_trace_lock+0x14d/0x7a0 [ 1941.639926] ? lock_release+0x970/0x970 [ 1941.639960] ? arch_local_save_flags+0x40/0x40 [ 1941.652778] ? zap_class+0x640/0x640 [ 1941.652795] ? check_preemption_disabled+0x48/0x200 [ 1941.652817] ? kernfs_activate+0x8e/0x2c0 [ 1941.661502] ? zap_class+0x640/0x640 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x900]}, 0x48) 02:48:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc020660b) [ 1941.661519] ? fs_reclaim_acquire+0x20/0x20 [ 1941.661532] ? lock_downgrade+0x900/0x900 [ 1941.661545] ? __mutex_lock+0x85e/0x1700 [ 1941.661562] ? ___might_sleep+0x1ed/0x300 [ 1941.686020] ? arch_local_save_flags+0x40/0x40 [ 1941.690603] ? kernfs_activate+0x21a/0x2c0 [ 1941.694849] __should_failslab+0x124/0x180 [ 1941.699087] should_failslab+0x9/0x14 [ 1941.702887] kmem_cache_alloc+0x2be/0x730 [ 1941.707048] ? lock_downgrade+0x900/0x900 [ 1941.711202] ? do_raw_spin_lock+0xc1/0x200 [ 1941.715442] ? __sanitizer_cov_trace_cmp8+0x18/0x20 02:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa0ffffff00000000]}, 0x48) 02:48:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x100000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1941.720456] __kernfs_new_node+0x127/0x8d0 [ 1941.720471] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1941.720483] ? kernfs_activate+0x21a/0x2c0 [ 1941.720501] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1941.729447] ? wait_for_completion+0x8a0/0x8a0 [ 1941.729471] ? mutex_unlock+0xd/0x10 [ 1941.743155] ? kernfs_activate+0x21a/0x2c0 [ 1941.751058] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1941.751073] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1941.751083] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1941.751100] kernfs_new_node+0x95/0x120 [ 1941.765993] __kernfs_create_file+0x5a/0x340 [ 1941.766013] sysfs_add_file_mode_ns+0x222/0x530 [ 1941.779012] internal_create_group+0x3df/0xd80 [ 1941.779032] ? remove_files.isra.1+0x190/0x190 [ 1941.788154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1941.788166] ? kernfs_create_link+0x1d4/0x250 [ 1941.788184] sysfs_create_groups+0x9b/0x141 [ 1941.802490] device_add+0x6d8/0x17b0 [ 1941.806211] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1941.806230] ? __kmalloc+0x31c/0x760 [ 1941.815036] ? kasan_unpoison_shadow+0x35/0x50 02:48:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x6000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1941.819619] ? kasan_kmalloc+0xc7/0xe0 [ 1941.823514] ? input_register_device+0x59f/0xce0 [ 1941.823533] input_register_device+0x728/0xce0 [ 1941.832859] ? devm_input_allocate_device+0x120/0x120 [ 1941.832892] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1941.843047] ? input_mt_init_slots+0xba/0x4a0 [ 1941.847537] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1941.847553] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1941.858152] ? __fget_light+0x2e9/0x430 [ 1941.862134] ? fget_raw+0x20/0x20 [ 1941.865583] ? __sb_end_write+0xd9/0x110 [ 1941.869652] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1941.875182] ? fput+0x130/0x1a0 [ 1941.878462] ? ksys_write+0x1ae/0x260 [ 1941.882259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1941.887792] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1941.893317] uinput_compat_ioctl+0x6b/0x90 [ 1941.893334] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1941.893351] do_fast_syscall_32+0x34d/0xfb2 [ 1941.893367] ? do_int80_syscall_32+0x890/0x890 [ 1941.911296] ? entry_SYSENTER_compat+0x68/0x7f [ 1941.915889] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1941.915906] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1941.925718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1941.925735] ? trace_hardirqs_on_caller+0x310/0x310 [ 1941.931549] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1941.931549] program syz-executor1 not setting count and/or reply_len properly [ 1941.935555] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1941.935575] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1941.961247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1941.966091] entry_SYSENTER_compat+0x70/0x7f [ 1941.970493] RIP: 0023:0xf7f58ca9 [ 1941.973851] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1941.992742] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1941.992755] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1941.992762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1941.992769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 02:48:36 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5000000000000000]}, 0x48) 02:48:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x300000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5450) 02:48:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:36 executing program 5 (fault-call:4 fault-nth:13): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1941.992775] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1941.992785] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa000000]}, 0x48) 02:48:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x4000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045565) 02:48:36 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x0, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1942.089709] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1942.089709] program syz-executor1 not setting count and/or reply_len properly [ 1942.117037] FAULT_INJECTION: forcing a failure. [ 1942.117037] name failslab, interval 1, probability 0, space 0, times 0 [ 1942.179271] CPU: 0 PID: 31761 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1942.186638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1942.195983] Call Trace: [ 1942.198573] dump_stack+0x1c4/0x2b4 [ 1942.202206] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1942.207417] should_fail.cold.4+0xa/0x17 [ 1942.211496] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1942.216593] ? perf_trace_lock+0x14d/0x7a0 [ 1942.220825] ? lock_release+0x970/0x970 [ 1942.224809] ? arch_local_save_flags+0x40/0x40 [ 1942.229384] ? zap_class+0x640/0x640 [ 1942.233097] ? check_preemption_disabled+0x48/0x200 [ 1942.238133] ? kernfs_activate+0x8e/0x2c0 [ 1942.242279] ? zap_class+0x640/0x640 [ 1942.245990] ? fs_reclaim_acquire+0x20/0x20 [ 1942.250319] ? lock_downgrade+0x900/0x900 [ 1942.254468] ? __mutex_lock+0x85e/0x1700 [ 1942.258529] ? ___might_sleep+0x1ed/0x300 [ 1942.262678] ? arch_local_save_flags+0x40/0x40 [ 1942.267273] ? kernfs_activate+0x21a/0x2c0 [ 1942.271529] __should_failslab+0x124/0x180 [ 1942.275765] should_failslab+0x9/0x14 [ 1942.279567] kmem_cache_alloc+0x2be/0x730 [ 1942.283716] ? lock_downgrade+0x900/0x900 [ 1942.287867] ? do_raw_spin_lock+0xc1/0x200 [ 1942.292109] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1942.297126] __kernfs_new_node+0x127/0x8d0 [ 1942.301374] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1942.306135] ? kernfs_activate+0x21a/0x2c0 [ 1942.310372] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1942.315306] ? wait_for_completion+0x8a0/0x8a0 [ 1942.319904] ? mutex_unlock+0xd/0x10 [ 1942.323619] ? kernfs_activate+0x21a/0x2c0 [ 1942.327866] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1942.332711] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1942.338337] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1942.342926] kernfs_new_node+0x95/0x120 [ 1942.346905] __kernfs_create_file+0x5a/0x340 [ 1942.346927] sysfs_add_file_mode_ns+0x222/0x530 [ 1942.355978] internal_create_group+0x3df/0xd80 [ 1942.356000] ? remove_files.isra.1+0x190/0x190 [ 1942.365141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1942.365153] ? kernfs_create_link+0x1d4/0x250 [ 1942.365173] sysfs_create_groups+0x9b/0x141 02:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 02:48:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xdd01000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xb0ffffff]}, 0x48) 02:48:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xfffffffc}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3000000]}, 0x48) 02:48:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xfffffff0}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1942.375172] device_add+0x6d8/0x17b0 [ 1942.375196] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1942.383190] ? __kmalloc+0x31c/0x760 [ 1942.383204] ? kasan_unpoison_shadow+0x35/0x50 [ 1942.383217] ? kasan_kmalloc+0xc7/0xe0 [ 1942.383236] ? input_register_device+0x59f/0xce0 [ 1942.392015] input_register_device+0x728/0xce0 [ 1942.392034] ? devm_input_allocate_device+0x120/0x120 [ 1942.392047] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1942.392064] ? input_mt_init_slots+0xba/0x4a0 [ 1942.419987] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1942.420002] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1942.420021] ? __fget_light+0x2e9/0x430 [ 1942.429753] ? fget_raw+0x20/0x20 [ 1942.429768] ? __sb_end_write+0xd9/0x110 [ 1942.429785] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1942.452051] ? fput+0x130/0x1a0 [ 1942.455309] ? ksys_write+0x1ae/0x260 [ 1942.459091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1942.464609] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1942.470126] uinput_compat_ioctl+0x6b/0x90 [ 1942.474357] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1942.479107] do_fast_syscall_32+0x34d/0xfb2 [ 1942.483408] ? do_int80_syscall_32+0x890/0x890 [ 1942.487970] ? entry_SYSENTER_compat+0x68/0x7f [ 1942.492555] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1942.497558] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1942.502380] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1942.507211] ? trace_hardirqs_on_caller+0x310/0x310 [ 1942.512216] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1942.517210] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1942.522208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1942.527033] entry_SYSENTER_compat+0x70/0x7f [ 1942.531423] RIP: 0023:0xf7f58ca9 [ 1942.534773] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1942.553652] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1942.561339] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1942.568593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 02:48:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:36 executing program 5 (fault-call:4 fault-nth:14): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xc0ffffff00000000]}, 0x48) 02:48:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x3}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x402c5828) 02:48:36 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x0, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1942.575851] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1942.583104] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1942.590354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1942.609732] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1942.609732] program syz-executor1 not setting count and/or reply_len properly 02:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3]}, 0x48) 02:48:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf0ffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1942.703339] FAULT_INJECTION: forcing a failure. [ 1942.703339] name failslab, interval 1, probability 0, space 0, times 0 [ 1942.739894] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:48:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x2) 02:48:36 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x0, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1942.739894] program syz-executor1 not setting count and/or reply_len properly [ 1942.777675] CPU: 1 PID: 31800 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1942.785053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1942.794406] Call Trace: [ 1942.796998] dump_stack+0x1c4/0x2b4 [ 1942.800637] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1942.805848] should_fail.cold.4+0xa/0x17 [ 1942.809915] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1942.815021] ? __mutex_lock+0x85e/0x1700 [ 1942.815038] ? kernfs_activate+0x8e/0x2c0 [ 1942.823229] ? zap_class+0x640/0x640 [ 1942.823243] ? fs_reclaim_acquire+0x20/0x20 [ 1942.823260] ? lock_downgrade+0x900/0x900 [ 1942.835408] ? ___might_sleep+0x1ed/0x300 [ 1942.835425] ? arch_local_save_flags+0x40/0x40 [ 1942.844117] ? zap_class+0x640/0x640 [ 1942.844157] __should_failslab+0x124/0x180 [ 1942.844170] should_failslab+0x9/0x14 [ 1942.844188] kmem_cache_alloc+0x2be/0x730 [ 1942.855880] ? wait_for_completion+0x8a0/0x8a0 [ 1942.855892] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1942.855909] __kernfs_new_node+0x127/0x8d0 [ 1942.864592] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1942.864605] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1942.864621] ? wait_for_completion+0x8a0/0x8a0 [ 1942.864642] ? mutex_unlock+0xd/0x10 [ 1942.873849] ? kernfs_activate+0x21a/0x2c0 [ 1942.873863] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1942.873878] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1942.883524] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1942.883542] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1942.883564] ? kernfs_put+0x49b/0x760 [ 1942.883583] kernfs_new_node+0x95/0x120 [ 1942.891869] kernfs_create_dir_ns+0x4d/0x160 [ 1942.891889] internal_create_group+0x5fc/0xd80 [ 1942.891913] ? remove_files.isra.1+0x190/0x190 [ 1942.900947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1942.900961] ? kernfs_create_link+0x1d4/0x250 [ 1942.900978] sysfs_create_groups+0x9b/0x141 [ 1942.900996] device_add+0x6d8/0x17b0 [ 1942.955875] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1942.960978] ? __kmalloc+0x31c/0x760 [ 1942.964332] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:48:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5502) 02:48:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000ffff"], 0x2e) [ 1942.964332] program syz-executor1 not setting count and/or reply_len properly [ 1942.964685] ? kasan_unpoison_shadow+0x35/0x50 [ 1942.964697] ? kasan_kmalloc+0xc7/0xe0 [ 1942.964708] ? input_register_device+0x59f/0xce0 [ 1942.964728] input_register_device+0x728/0xce0 [ 1942.998621] ? devm_input_allocate_device+0x120/0x120 [ 1943.003821] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1943.008830] ? input_mt_init_slots+0xba/0x4a0 [ 1943.013319] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1943.013333] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1943.013350] ? __fget_light+0x2e9/0x430 [ 1943.023946] ? fget_raw+0x20/0x20 [ 1943.023960] ? __sb_end_write+0xd9/0x110 [ 1943.023976] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1943.023989] ? fput+0x130/0x1a0 [ 1943.031374] ? ksys_write+0x1ae/0x260 [ 1943.031388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1943.031404] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1943.031419] uinput_compat_ioctl+0x6b/0x90 [ 1943.040976] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1943.040997] do_fast_syscall_32+0x34d/0xfb2 [ 1943.041012] ? do_int80_syscall_32+0x890/0x890 [ 1943.041025] ? entry_SYSENTER_compat+0x68/0x7f [ 1943.041047] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1943.048078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1943.048090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1943.048105] ? trace_hardirqs_on_caller+0x310/0x310 [ 1943.059125] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1943.059139] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1943.059154] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1943.076971] entry_SYSENTER_compat+0x70/0x7f [ 1943.086535] RIP: 0023:0xf7f58ca9 [ 1943.086552] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1943.142635] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1943.150322] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1943.157573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1943.164825] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1943.172070] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:48:37 executing program 5 (fault-call:4 fault-nth:15): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 02:48:37 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:37 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045566) 02:48:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xfcffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:37 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1943.179315] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffffb0]}, 0x48) 02:48:37 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x0, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf00}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:37 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045568) [ 1943.281503] FAULT_INJECTION: forcing a failure. [ 1943.281503] name failslab, interval 1, probability 0, space 0, times 0 [ 1943.336152] CPU: 0 PID: 31846 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1943.343538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1943.352884] Call Trace: [ 1943.355488] dump_stack+0x1c4/0x2b4 [ 1943.359115] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1943.364308] should_fail.cold.4+0xa/0x17 [ 1943.364326] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1943.373464] ? __mutex_lock+0x85e/0x1700 [ 1943.373497] ? kernfs_activate+0x8e/0x2c0 [ 1943.381671] ? zap_class+0x640/0x640 02:48:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xdd01}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:37 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x0, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1943.385390] ? fs_reclaim_acquire+0x20/0x20 [ 1943.389713] ? lock_downgrade+0x900/0x900 [ 1943.393894] ? ___might_sleep+0x1ed/0x300 [ 1943.393910] ? arch_local_save_flags+0x40/0x40 [ 1943.402596] ? zap_class+0x640/0x640 [ 1943.402616] __should_failslab+0x124/0x180 [ 1943.402632] should_failslab+0x9/0x14 [ 1943.414321] kmem_cache_alloc+0x2be/0x730 [ 1943.418488] ? wait_for_completion+0x8a0/0x8a0 [ 1943.423070] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1943.428084] __kernfs_new_node+0x127/0x8d0 [ 1943.432324] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1943.437246] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1943.442003] ? wait_for_completion+0x8a0/0x8a0 [ 1943.446586] ? mutex_unlock+0xd/0x10 [ 1943.450293] ? kernfs_activate+0x21a/0x2c0 [ 1943.454522] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1943.459359] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1943.464884] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1943.469475] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1943.475015] ? kernfs_put+0x49b/0x760 [ 1943.478823] kernfs_new_node+0x95/0x120 [ 1943.482791] kernfs_create_dir_ns+0x4d/0x160 [ 1943.487182] internal_create_group+0x5fc/0xd80 [ 1943.491747] ? remove_files.isra.1+0x190/0x190 [ 1943.496310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1943.501825] ? kernfs_create_link+0x1d4/0x250 [ 1943.506316] sysfs_create_groups+0x9b/0x141 [ 1943.510624] device_add+0x6d8/0x17b0 [ 1943.514325] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1943.519417] ? __kmalloc+0x31c/0x760 [ 1943.523128] ? kasan_unpoison_shadow+0x35/0x50 [ 1943.527687] ? kasan_kmalloc+0xc7/0xe0 [ 1943.531567] ? input_register_device+0x59f/0xce0 [ 1943.536298] input_register_device+0x728/0xce0 [ 1943.540857] ? devm_input_allocate_device+0x120/0x120 [ 1943.546021] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1943.551014] ? input_mt_init_slots+0xba/0x4a0 [ 1943.555518] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1943.560776] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1943.566119] ? __fget_light+0x2e9/0x430 [ 1943.570071] ? fget_raw+0x20/0x20 [ 1943.573501] ? __sb_end_write+0xd9/0x110 [ 1943.577539] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1943.583047] ? fput+0x130/0x1a0 [ 1943.586306] ? ksys_write+0x1ae/0x260 [ 1943.590081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1943.595594] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1943.601104] uinput_compat_ioctl+0x6b/0x90 [ 1943.605318] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1943.610054] do_fast_syscall_32+0x34d/0xfb2 [ 1943.614493] ? do_int80_syscall_32+0x890/0x890 [ 1943.619068] ? entry_SYSENTER_compat+0x68/0x7f [ 1943.623642] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1943.628639] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1943.633462] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1943.638281] ? trace_hardirqs_on_caller+0x310/0x310 [ 1943.643276] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1943.648267] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1943.653261] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1943.658082] entry_SYSENTER_compat+0x70/0x7f [ 1943.662466] RIP: 0023:0xf7f58ca9 [ 1943.665934] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1943.684815] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1943.692516] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1943.699768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1943.707033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1943.714280] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1943.721530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:37 executing program 5 (fault-call:4 fault-nth:16): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x5b42000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:37 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 02:48:37 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5460) 02:48:37 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x0, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf0ffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:37 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5452) 02:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) 02:48:37 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000048"], 0x2e) [ 1943.822240] FAULT_INJECTION: forcing a failure. [ 1943.822240] name failslab, interval 1, probability 0, space 0, times 0 02:48:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x9effffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1943.873204] CPU: 0 PID: 31880 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1943.880579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1943.889924] Call Trace: [ 1943.892524] dump_stack+0x1c4/0x2b4 [ 1943.896158] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1943.901351] should_fail.cold.4+0xa/0x17 [ 1943.905411] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1943.910515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1943.916071] ? check_preemption_disabled+0x48/0x200 [ 1943.921090] ? debug_smp_processor_id+0x1c/0x20 [ 1943.925755] ? perf_trace_lock+0x14d/0x7a0 [ 1943.925766] ? lock_release+0x970/0x970 [ 1943.925779] ? zap_class+0x640/0x640 [ 1943.933944] ? check_preemption_disabled+0x48/0x200 [ 1943.933968] ? zap_class+0x640/0x640 [ 1943.933986] ? fs_reclaim_acquire+0x20/0x20 [ 1943.942671] ? lock_downgrade+0x900/0x900 [ 1943.942697] ? ___might_sleep+0x1ed/0x300 [ 1943.942713] ? arch_local_save_flags+0x40/0x40 [ 1943.950723] __should_failslab+0x124/0x180 [ 1943.950739] should_failslab+0x9/0x14 02:48:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x550f) [ 1943.950756] kmem_cache_alloc+0x2be/0x730 [ 1943.959015] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1943.959032] __kernfs_new_node+0x127/0x8d0 [ 1943.967805] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1943.967821] ? kasan_check_write+0x14/0x20 [ 1943.984933] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1943.984953] ? __kernfs_new_node+0x697/0x8d0 [ 1943.993897] ? wait_for_completion+0x8a0/0x8a0 [ 1943.993911] ? kasan_check_write+0x14/0x20 [ 1943.993927] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1944.012012] ? wait_for_completion+0x8a0/0x8a0 [ 1944.021496] ? kernfs_activate+0x21a/0x2c0 [ 1944.021515] ? mutex_unlock+0xd/0x10 [ 1944.021529] ? kernfs_activate+0x21a/0x2c0 [ 1944.029440] kernfs_new_node+0x95/0x120 [ 1944.029454] __kernfs_create_file+0x5a/0x340 [ 1944.029470] sysfs_add_file_mode_ns+0x222/0x530 [ 1944.037636] internal_create_group+0x3df/0xd80 [ 1944.037654] ? remove_files.isra.1+0x190/0x190 [ 1944.046679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1944.046700] ? kernfs_create_link+0x1d4/0x250 [ 1944.055812] sysfs_create_groups+0x9b/0x141 [ 1944.055830] device_add+0x6d8/0x17b0 [ 1944.073851] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1944.078961] ? __kmalloc+0x31c/0x760 [ 1944.082691] ? kasan_unpoison_shadow+0x35/0x50 [ 1944.087271] ? kasan_kmalloc+0xc7/0xe0 [ 1944.091175] ? input_register_device+0x59f/0xce0 [ 1944.095930] input_register_device+0x728/0xce0 [ 1944.100508] ? devm_input_allocate_device+0x120/0x120 [ 1944.100523] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1944.110690] ? input_mt_init_slots+0xba/0x4a0 [ 1944.110705] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1944.110720] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1944.125796] ? __fget_light+0x2e9/0x430 [ 1944.129777] ? fget_raw+0x20/0x20 [ 1944.133232] ? __sb_end_write+0xd9/0x110 [ 1944.137276] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1944.142785] ? fput+0x130/0x1a0 [ 1944.146040] ? ksys_write+0x1ae/0x260 [ 1944.150032] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1944.155550] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1944.161065] uinput_compat_ioctl+0x6b/0x90 [ 1944.165275] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1944.170009] do_fast_syscall_32+0x34d/0xfb2 [ 1944.174306] ? do_int80_syscall_32+0x890/0x890 [ 1944.178860] ? entry_SYSENTER_compat+0x68/0x7f [ 1944.183416] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1944.188404] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1944.193223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1944.198040] ? trace_hardirqs_on_caller+0x310/0x310 [ 1944.203029] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1944.208023] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1944.213017] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1944.217836] entry_SYSENTER_compat+0x70/0x7f [ 1944.222259] RIP: 0023:0xf7f58ca9 [ 1944.225600] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1944.244472] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1944.252154] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1944.259400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1944.266643] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 02:48:38 executing program 5 (fault-call:4 fault-nth:17): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x402c582a) 02:48:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x1000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f00]}, 0x48) 02:48:38 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000060"], 0x2e) 02:48:38 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x0, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1944.273888] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1944.281133] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x405c5503) 02:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6000]}, 0x48) 02:48:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x3f000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:38 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x0, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1944.384409] FAULT_INJECTION: forcing a failure. [ 1944.384409] name failslab, interval 1, probability 0, space 0, times 0 [ 1944.403979] CPU: 0 PID: 31920 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1944.411351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1944.420700] Call Trace: [ 1944.423292] dump_stack+0x1c4/0x2b4 [ 1944.426935] ? dump_stack_print_info.cold.2+0x52/0x52 02:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7]}, 0x48) 02:48:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x5b420000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1944.432134] should_fail.cold.4+0xa/0x17 [ 1944.436199] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1944.441299] ? perf_trace_lock+0x14d/0x7a0 [ 1944.445528] ? lock_release+0x970/0x970 [ 1944.449500] ? arch_local_save_flags+0x40/0x40 [ 1944.454093] ? zap_class+0x640/0x640 [ 1944.457825] ? check_preemption_disabled+0x48/0x200 [ 1944.462855] ? kernfs_activate+0x8e/0x2c0 [ 1944.467003] ? zap_class+0x640/0x640 [ 1944.470718] ? fs_reclaim_acquire+0x20/0x20 [ 1944.475040] ? lock_downgrade+0x900/0x900 [ 1944.479196] ? __mutex_lock+0x85e/0x1700 [ 1944.483255] ? ___might_sleep+0x1ed/0x300 [ 1944.487403] ? arch_local_save_flags+0x40/0x40 [ 1944.491983] ? kernfs_activate+0x21a/0x2c0 [ 1944.496227] __should_failslab+0x124/0x180 [ 1944.500456] should_failslab+0x9/0x14 [ 1944.500472] kmem_cache_alloc+0x2be/0x730 [ 1944.500486] ? lock_downgrade+0x900/0x900 [ 1944.500503] ? do_raw_spin_lock+0xc1/0x200 [ 1944.512558] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1944.512574] __kernfs_new_node+0x127/0x8d0 [ 1944.512589] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1944.512604] ? kasan_check_write+0x14/0x20 [ 1944.521817] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1944.521831] ? wait_for_completion+0x8a0/0x8a0 [ 1944.521847] ? wait_for_completion+0x8a0/0x8a0 [ 1944.521861] ? kasan_check_write+0x14/0x20 [ 1944.530808] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1944.530828] ? mutex_unlock+0xd/0x10 [ 1944.530853] ? kernfs_activate+0x21a/0x2c0 [ 1944.530865] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1944.530881] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1944.539996] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1944.540014] kernfs_new_node+0x95/0x120 [ 1944.540034] __kernfs_create_file+0x5a/0x340 [ 1944.549152] sysfs_add_file_mode_ns+0x222/0x530 [ 1944.549172] internal_create_group+0x3df/0xd80 [ 1944.549192] ? remove_files.isra.1+0x190/0x190 [ 1944.558309] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1944.558322] ? kernfs_create_link+0x1d4/0x250 [ 1944.558357] sysfs_create_groups+0x9b/0x141 [ 1944.566259] device_add+0x6d8/0x17b0 [ 1944.566278] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1944.566295] ? __kmalloc+0x31c/0x760 [ 1944.589529] ? kasan_unpoison_shadow+0x35/0x50 [ 1944.589542] ? kasan_kmalloc+0xc7/0xe0 [ 1944.589554] ? input_register_device+0x59f/0xce0 [ 1944.589569] input_register_device+0x728/0xce0 [ 1944.598780] ? devm_input_allocate_device+0x120/0x120 [ 1944.598795] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1944.598812] ? input_mt_init_slots+0xba/0x4a0 [ 1944.608884] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1944.608902] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1944.608920] ? __fget_light+0x2e9/0x430 [ 1944.617709] ? fget_raw+0x20/0x20 [ 1944.617723] ? __sb_end_write+0xd9/0x110 [ 1944.617741] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1944.626503] ? fput+0x130/0x1a0 [ 1944.626537] ? ksys_write+0x1ae/0x260 [ 1944.626548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1944.626566] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1944.634812] uinput_compat_ioctl+0x6b/0x90 [ 1944.634828] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1944.634848] do_fast_syscall_32+0x34d/0xfb2 [ 1944.658170] ? do_int80_syscall_32+0x890/0x890 [ 1944.667897] ? entry_SYSENTER_compat+0x68/0x7f [ 1944.667915] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1944.690231] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1944.690241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1944.690257] ? trace_hardirqs_on_caller+0x310/0x310 [ 1944.702815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1944.702830] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1944.702846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1944.765137] entry_SYSENTER_compat+0x70/0x7f [ 1944.769518] RIP: 0023:0xf7f58ca9 02:48:38 executing program 5 (fault-call:4 fault-nth:18): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6]}, 0x48) 02:48:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x406855c9) 02:48:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xffffff9e}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:38 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1944.772860] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1944.791738] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1944.799422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1944.806667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1944.813910] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1944.821155] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1944.828400] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1944.882760] FAULT_INJECTION: forcing a failure. [ 1944.882760] name failslab, interval 1, probability 0, space 0, times 0 [ 1944.910402] CPU: 1 PID: 31946 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1944.917858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1944.927197] Call Trace: 02:48:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf0ffffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x8000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1944.927216] dump_stack+0x1c4/0x2b4 [ 1944.927234] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1944.933411] should_fail.cold.4+0xa/0x17 [ 1944.933427] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1944.933443] ? perf_trace_lock+0x14d/0x7a0 [ 1944.951972] ? lock_release+0x970/0x970 [ 1944.955944] ? arch_local_save_flags+0x40/0x40 [ 1944.960545] ? zap_class+0x640/0x640 [ 1944.964265] ? check_preemption_disabled+0x48/0x200 [ 1944.969287] ? kernfs_activate+0x8e/0x2c0 [ 1944.973437] ? zap_class+0x640/0x640 [ 1944.977144] ? fs_reclaim_acquire+0x20/0x20 02:48:39 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x0, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1944.981602] ? lock_downgrade+0x900/0x900 [ 1944.985743] ? __mutex_lock+0x85e/0x1700 [ 1944.989800] ? ___might_sleep+0x1ed/0x300 [ 1944.993949] ? arch_local_save_flags+0x40/0x40 [ 1944.998526] ? kernfs_activate+0x21a/0x2c0 [ 1945.002761] __should_failslab+0x124/0x180 [ 1945.007010] should_failslab+0x9/0x14 [ 1945.010811] kmem_cache_alloc+0x2be/0x730 [ 1945.014977] ? lock_downgrade+0x900/0x900 [ 1945.019124] ? do_raw_spin_lock+0xc1/0x200 [ 1945.023362] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1945.028389] __kernfs_new_node+0x127/0x8d0 02:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 02:48:39 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045567) 02:48:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000020"], 0x2e) 02:48:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x40030000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1945.032632] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1945.037385] ? kasan_check_write+0x14/0x20 [ 1945.041622] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1945.041635] ? wait_for_completion+0x8a0/0x8a0 [ 1945.041650] ? wait_for_completion+0x8a0/0x8a0 [ 1945.041663] ? kasan_check_write+0x14/0x20 [ 1945.041675] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1945.041690] ? mutex_unlock+0xd/0x10 [ 1945.041704] ? kernfs_activate+0x21a/0x2c0 [ 1945.060038] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1945.060053] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1945.060067] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1945.087780] kernfs_new_node+0x95/0x120 [ 1945.091760] __kernfs_create_file+0x5a/0x340 [ 1945.096167] sysfs_add_file_mode_ns+0x222/0x530 [ 1945.096189] internal_create_group+0x3df/0xd80 [ 1945.096211] ? remove_files.isra.1+0x190/0x190 [ 1945.101723] sg_write: 8 callbacks suppressed [ 1945.101733] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1945.101733] program syz-executor1 not setting count and/or reply_len properly [ 1945.105424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1945.105439] ? kernfs_create_link+0x1d4/0x250 [ 1945.105458] sysfs_create_groups+0x9b/0x141 [ 1945.105476] device_add+0x6d8/0x17b0 [ 1945.140101] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1945.140118] ? __kmalloc+0x31c/0x760 [ 1945.140132] ? kasan_unpoison_shadow+0x35/0x50 [ 1945.161471] ? kasan_kmalloc+0xc7/0xe0 [ 1945.165356] ? input_register_device+0x59f/0xce0 [ 1945.165374] input_register_device+0x728/0xce0 [ 1945.165387] ? devm_input_allocate_device+0x120/0x120 [ 1945.165403] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1945.174697] ? input_mt_init_slots+0xba/0x4a0 [ 1945.174716] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1945.174731] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1945.189382] ? __fget_light+0x2e9/0x430 [ 1945.189395] ? fget_raw+0x20/0x20 [ 1945.189410] ? __sb_end_write+0xd9/0x110 [ 1945.203971] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1945.203984] ? fput+0x130/0x1a0 [ 1945.203997] ? ksys_write+0x1ae/0x260 [ 1945.204013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1945.211489] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1945.211501] uinput_compat_ioctl+0x6b/0x90 [ 1945.211517] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1945.211534] do_fast_syscall_32+0x34d/0xfb2 [ 1945.211550] ? do_int80_syscall_32+0x890/0x890 [ 1945.224123] ? entry_SYSENTER_compat+0x68/0x7f [ 1945.224139] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1945.224156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1945.235177] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1945.235193] ? trace_hardirqs_on_caller+0x310/0x310 [ 1945.235209] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1945.244156] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1945.244174] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1945.244192] entry_SYSENTER_compat+0x70/0x7f [ 1945.253041] RIP: 0023:0xf7f58ca9 [ 1945.253055] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1945.253062] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1945.253077] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:48:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000600"], 0x2e) 02:48:39 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xfcffffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x400000000000000]}, 0x48) 02:48:39 executing program 5 (fault-call:4 fault-nth:19): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:39 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x8800, 0x0) readv(r1, &(0x7f0000001400)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1945.253084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1945.253090] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1945.253096] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1945.253103] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x60000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x800000000000000]}, 0x48) [ 1945.415386] input: syz0 as /devices/virtual/input/input525 [ 1945.425232] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1945.425232] program syz-executor1 not setting count and/or reply_len properly [ 1945.445886] FAULT_INJECTION: forcing a failure. [ 1945.445886] name failslab, interval 1, probability 0, space 0, times 0 [ 1945.477775] input: syz0 as /devices/virtual/input/input527 [ 1945.490895] CPU: 0 PID: 31987 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1945.498270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1945.507617] Call Trace: [ 1945.510223] dump_stack+0x1c4/0x2b4 [ 1945.513846] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1945.513870] should_fail.cold.4+0xa/0x17 [ 1945.523072] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1945.523093] ? __mutex_lock+0x85e/0x1700 [ 1945.523110] ? kernfs_activate+0x8e/0x2c0 [ 1945.532236] ? zap_class+0x640/0x640 [ 1945.540049] ? fs_reclaim_acquire+0x20/0x20 [ 1945.544390] ? lock_downgrade+0x900/0x900 [ 1945.548530] ? ___might_sleep+0x1ed/0x300 [ 1945.552676] ? arch_local_save_flags+0x40/0x40 [ 1945.552692] ? zap_class+0x640/0x640 [ 1945.560957] __should_failslab+0x124/0x180 [ 1945.565207] should_failslab+0x9/0x14 [ 1945.569010] kmem_cache_alloc+0x2be/0x730 [ 1945.573160] ? wait_for_completion+0x8a0/0x8a0 [ 1945.577744] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1945.582754] __kernfs_new_node+0x127/0x8d0 [ 1945.582768] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1945.582782] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1945.596641] ? wait_for_completion+0x8a0/0x8a0 [ 1945.596655] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1945.596671] ? mutex_unlock+0xd/0x10 [ 1945.601825] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1945.601825] program syz-executor1 not setting count and/or reply_len properly [ 1945.606152] ? kernfs_activate+0x21a/0x2c0 [ 1945.606167] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1945.606183] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1945.640116] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1945.642881] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1945.642881] program syz-executor1 not setting count and/or reply_len properly [ 1945.644722] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1945.644734] ? kernfs_put+0x49b/0x760 [ 1945.644753] kernfs_new_node+0x95/0x120 [ 1945.673690] kernfs_create_dir_ns+0x4d/0x160 [ 1945.678092] internal_create_group+0x5fc/0xd80 [ 1945.682677] ? remove_files.isra.1+0x190/0x190 [ 1945.687246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1945.692779] ? kernfs_create_link+0x1d4/0x250 [ 1945.697282] sysfs_create_groups+0x9b/0x141 [ 1945.701604] device_add+0x6d8/0x17b0 [ 1945.704232] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1945.704232] program syz-executor1 not setting count and/or reply_len properly [ 1945.705316] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1945.705332] ? __kmalloc+0x31c/0x760 [ 1945.705349] ? kasan_unpoison_shadow+0x35/0x50 [ 1945.734357] ? kasan_kmalloc+0xc7/0xe0 [ 1945.738241] ? input_register_device+0x59f/0xce0 [ 1945.742988] input_register_device+0x728/0xce0 [ 1945.747571] ? devm_input_allocate_device+0x120/0x120 [ 1945.752753] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1945.757796] ? input_mt_init_slots+0xba/0x4a0 [ 1945.762293] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1945.767565] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1945.772926] ? __fget_light+0x2e9/0x430 [ 1945.776893] ? fget_raw+0x20/0x20 [ 1945.780345] ? __sb_end_write+0xd9/0x110 [ 1945.784418] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1945.789943] ? fput+0x130/0x1a0 [ 1945.793211] ? ksys_write+0x1ae/0x260 [ 1945.793223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1945.793236] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1945.793249] uinput_compat_ioctl+0x6b/0x90 [ 1945.812301] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1945.817070] do_fast_syscall_32+0x34d/0xfb2 [ 1945.821394] ? do_int80_syscall_32+0x890/0x890 02:48:39 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1945.825972] ? entry_SYSENTER_compat+0x68/0x7f [ 1945.830573] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1945.835589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1945.840423] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1945.845260] ? trace_hardirqs_on_caller+0x310/0x310 [ 1945.850264] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1945.855261] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1945.860258] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1945.865102] entry_SYSENTER_compat+0x70/0x7f [ 1945.869488] RIP: 0023:0xf7f58ca9 [ 1945.872832] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1945.891707] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1945.899390] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1945.906639] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1945.913892] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1945.921137] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:48:39 executing program 5 (fault-call:4 fault-nth:20): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000005"], 0x2e) 02:48:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000000]}, 0x48) 02:48:40 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1945.928379] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1945.961459] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1945.961459] program syz-executor1 not setting count and/or reply_len properly 02:48:40 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000600)='/dev/snapshot\x00', 0x204042, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xdd010000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffff80]}, 0x48) [ 1946.007651] FAULT_INJECTION: forcing a failure. [ 1946.007651] name failslab, interval 1, probability 0, space 0, times 0 02:48:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:40 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000003f"], 0x2e) 02:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x500000000000000]}, 0x48) [ 1946.077017] CPU: 0 PID: 32022 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1946.084409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1946.093774] Call Trace: [ 1946.096365] dump_stack+0x1c4/0x2b4 [ 1946.099994] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1946.105199] should_fail.cold.4+0xa/0x17 [ 1946.109262] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1946.114375] ? __mutex_lock+0x85e/0x1700 [ 1946.118436] ? kernfs_activate+0x8e/0x2c0 [ 1946.122682] ? zap_class+0x640/0x640 02:48:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x1dd}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1946.126407] ? fs_reclaim_acquire+0x20/0x20 [ 1946.130730] ? lock_downgrade+0x900/0x900 [ 1946.134895] ? ___might_sleep+0x1ed/0x300 [ 1946.139044] ? arch_local_save_flags+0x40/0x40 [ 1946.143623] ? zap_class+0x640/0x640 [ 1946.147584] __should_failslab+0x124/0x180 [ 1946.151823] should_failslab+0x9/0x14 [ 1946.155624] kmem_cache_alloc+0x2be/0x730 [ 1946.159775] ? wait_for_completion+0x8a0/0x8a0 [ 1946.164353] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1946.169369] __kernfs_new_node+0x127/0x8d0 [ 1946.173607] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1946.178531] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1946.183273] ? wait_for_completion+0x8a0/0x8a0 [ 1946.183288] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1946.183303] ? mutex_unlock+0xd/0x10 [ 1946.196478] ? kernfs_activate+0x21a/0x2c0 [ 1946.200730] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1946.200752] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1946.200764] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1946.200777] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1946.200790] ? kernfs_put+0x49b/0x760 [ 1946.211127] kernfs_new_node+0x95/0x120 [ 1946.211144] kernfs_create_dir_ns+0x4d/0x160 [ 1946.211161] internal_create_group+0x5fc/0xd80 [ 1946.211182] ? remove_files.isra.1+0x190/0x190 [ 1946.221263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.221277] ? kernfs_create_link+0x1d4/0x250 [ 1946.221297] sysfs_create_groups+0x9b/0x141 [ 1946.221312] device_add+0x6d8/0x17b0 [ 1946.221330] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1946.229060] ? __kmalloc+0x31c/0x760 [ 1946.229073] ? kasan_unpoison_shadow+0x35/0x50 [ 1946.229085] ? kasan_kmalloc+0xc7/0xe0 [ 1946.229097] ? input_register_device+0x59f/0xce0 [ 1946.229114] input_register_device+0x728/0xce0 [ 1946.238076] ? devm_input_allocate_device+0x120/0x120 [ 1946.238091] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1946.238104] ? input_mt_init_slots+0xba/0x4a0 [ 1946.238121] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1946.248204] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1946.248222] ? __fget_light+0x2e9/0x430 [ 1946.248236] ? fget_raw+0x20/0x20 [ 1946.248255] ? __sb_end_write+0xd9/0x110 [ 1946.257041] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1946.257053] ? fput+0x130/0x1a0 [ 1946.257068] ? ksys_write+0x1ae/0x260 [ 1946.257079] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.257095] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1946.265863] uinput_compat_ioctl+0x6b/0x90 [ 1946.265893] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1946.265913] do_fast_syscall_32+0x34d/0xfb2 [ 1946.265929] ? do_int80_syscall_32+0x890/0x890 [ 1946.347640] ? entry_SYSENTER_compat+0x68/0x7f [ 1946.347657] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1946.347675] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1946.356639] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1946.356655] ? trace_hardirqs_on_caller+0x310/0x310 [ 1946.356667] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1946.356684] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1946.365542] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1946.365561] entry_SYSENTER_compat+0x70/0x7f [ 1946.365574] RIP: 0023:0xf7f58ca9 [ 1946.375125] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1946.380038] input: syz0 as /devices/virtual/input/input529 [ 1946.384748] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1946.384762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1946.384786] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1946.384793] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1946.384801] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:48:40 executing program 5 (fault-call:4 fault-nth:21): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 02:48:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x3f00000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:40 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:40 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 1946.384820] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1946.513073] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1946.513073] program syz-executor1 not setting count and/or reply_len properly 02:48:40 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580)='/dev/uinput\x00', 0x800, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe]}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$EVIOCGID(r1, 0x80084502, &(0x7f00000005c0)=""/105) openat$nullb(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nullb0\x00', 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x600000000000000]}, 0x48) [ 1946.563936] FAULT_INJECTION: forcing a failure. [ 1946.563936] name failslab, interval 1, probability 0, space 0, times 0 02:48:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x3f00}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:40 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1946.632865] CPU: 0 PID: 32066 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1946.640354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1946.649714] Call Trace: [ 1946.652312] dump_stack+0x1c4/0x2b4 [ 1946.655950] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1946.661152] should_fail.cold.4+0xa/0x17 [ 1946.665224] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1946.670337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.675877] ? check_preemption_disabled+0x48/0x200 02:48:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0xf0}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1946.679453] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1946.679453] program syz-executor1 not setting count and/or reply_len properly [ 1946.680895] ? debug_smp_processor_id+0x1c/0x20 [ 1946.680910] ? perf_trace_lock+0x14d/0x7a0 [ 1946.680932] ? lock_release+0x970/0x970 [ 1946.709448] ? zap_class+0x640/0x640 [ 1946.713175] ? check_preemption_disabled+0x48/0x200 [ 1946.718192] ? zap_class+0x640/0x640 [ 1946.721911] ? fs_reclaim_acquire+0x20/0x20 [ 1946.726236] ? lock_downgrade+0x900/0x900 02:48:40 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x5b42000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1946.730385] ? ___might_sleep+0x1ed/0x300 [ 1946.734539] ? arch_local_save_flags+0x40/0x40 [ 1946.739127] __should_failslab+0x124/0x180 [ 1946.743363] should_failslab+0x9/0x14 [ 1946.747189] kmem_cache_alloc+0x2be/0x730 [ 1946.751343] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1946.756358] __kernfs_new_node+0x127/0x8d0 [ 1946.760590] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1946.765342] ? kasan_check_write+0x14/0x20 [ 1946.769578] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1946.774519] ? __kernfs_new_node+0x697/0x8d0 [ 1946.778926] ? wait_for_completion+0x8a0/0x8a0 [ 1946.783588] ? kasan_check_write+0x14/0x20 [ 1946.787820] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1946.787940] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1946.787940] program syz-executor1 not setting count and/or reply_len properly [ 1946.792747] ? wait_for_completion+0x8a0/0x8a0 [ 1946.792763] ? kernfs_activate+0x21a/0x2c0 [ 1946.792787] ? mutex_unlock+0xd/0x10 [ 1946.820936] ? kernfs_activate+0x21a/0x2c0 [ 1946.825169] kernfs_new_node+0x95/0x120 [ 1946.829147] __kernfs_create_file+0x5a/0x340 [ 1946.833560] sysfs_add_file_mode_ns+0x222/0x530 [ 1946.838237] internal_create_group+0x3df/0xd80 [ 1946.842823] ? remove_files.isra.1+0x190/0x190 [ 1946.847404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.852947] ? kernfs_create_link+0x1d4/0x250 [ 1946.857447] sysfs_create_groups+0x9b/0x141 [ 1946.861769] device_add+0x6d8/0x17b0 [ 1946.865487] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1946.870592] ? __kmalloc+0x31c/0x760 [ 1946.874298] ? kasan_unpoison_shadow+0x35/0x50 [ 1946.878879] ? kasan_kmalloc+0xc7/0xe0 [ 1946.882766] ? input_register_device+0x59f/0xce0 [ 1946.887521] input_register_device+0x728/0xce0 [ 1946.892113] ? devm_input_allocate_device+0x120/0x120 [ 1946.897302] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1946.902312] ? input_mt_init_slots+0xba/0x4a0 [ 1946.906805] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1946.912080] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1946.917444] ? __fget_light+0x2e9/0x430 [ 1946.921415] ? fget_raw+0x20/0x20 [ 1946.924871] ? __sb_end_write+0xd9/0x110 [ 1946.928929] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1946.934458] ? fput+0x130/0x1a0 [ 1946.937737] ? ksys_write+0x1ae/0x260 [ 1946.941533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.947069] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1946.952604] uinput_compat_ioctl+0x6b/0x90 [ 1946.956853] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1946.961739] do_fast_syscall_32+0x34d/0xfb2 [ 1946.966065] ? do_int80_syscall_32+0x890/0x890 [ 1946.970645] ? entry_SYSENTER_compat+0x68/0x7f [ 1946.975226] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1946.980881] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1946.985721] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1946.990571] ? trace_hardirqs_on_caller+0x310/0x310 [ 1946.995590] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1947.000608] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1947.005646] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1947.010501] entry_SYSENTER_compat+0x70/0x7f [ 1947.014904] RIP: 0023:0xf7f58ca9 02:48:41 executing program 5 (fault-call:4 fault-nth:22): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x2000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:41 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xc000000]}, 0x48) [ 1947.018265] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1947.037243] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1947.037257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1947.037268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1947.052205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1947.052212] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1947.052219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1947.131338] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1947.131338] program syz-executor1 not setting count and/or reply_len properly [ 1947.156409] FAULT_INJECTION: forcing a failure. [ 1947.156409] name failslab, interval 1, probability 0, space 0, times 0 [ 1947.176077] CPU: 1 PID: 32101 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1947.183442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1947.192795] Call Trace: [ 1947.195365] dump_stack+0x1c4/0x2b4 [ 1947.198976] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1947.204161] should_fail.cold.4+0xa/0x17 [ 1947.208207] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1947.213291] ? perf_trace_lock+0x14d/0x7a0 [ 1947.217504] ? lock_release+0x970/0x970 [ 1947.221475] ? arch_local_save_flags+0x40/0x40 [ 1947.226035] ? zap_class+0x640/0x640 [ 1947.229729] ? check_preemption_disabled+0x48/0x200 [ 1947.234735] ? kernfs_activate+0x8e/0x2c0 [ 1947.238862] ? zap_class+0x640/0x640 [ 1947.242558] ? fs_reclaim_acquire+0x20/0x20 [ 1947.246874] ? lock_downgrade+0x900/0x900 [ 1947.251001] ? __mutex_lock+0x85e/0x1700 [ 1947.255041] ? ___might_sleep+0x1ed/0x300 [ 1947.259166] ? arch_local_save_flags+0x40/0x40 [ 1947.263827] ? kernfs_activate+0x21a/0x2c0 [ 1947.268044] __should_failslab+0x124/0x180 [ 1947.272256] should_failslab+0x9/0x14 [ 1947.276037] kmem_cache_alloc+0x2be/0x730 [ 1947.280165] ? lock_downgrade+0x900/0x900 [ 1947.284292] ? do_raw_spin_lock+0xc1/0x200 [ 1947.288509] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1947.293516] __kernfs_new_node+0x127/0x8d0 [ 1947.297734] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1947.302469] ? kasan_check_write+0x14/0x20 [ 1947.306707] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1947.311616] ? wait_for_completion+0x8a0/0x8a0 [ 1947.316178] ? wait_for_completion+0x8a0/0x8a0 [ 1947.320738] ? kasan_check_write+0x14/0x20 [ 1947.324953] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1947.329863] ? mutex_unlock+0xd/0x10 [ 1947.333565] ? kernfs_activate+0x21a/0x2c0 [ 1947.337780] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1947.342708] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1947.348225] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1947.352791] kernfs_new_node+0x95/0x120 [ 1947.356760] __kernfs_create_file+0x5a/0x340 [ 1947.361154] sysfs_add_file_mode_ns+0x222/0x530 [ 1947.365819] internal_create_group+0x3df/0xd80 [ 1947.370391] ? remove_files.isra.1+0x190/0x190 [ 1947.374956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1947.380474] ? kernfs_create_link+0x1d4/0x250 [ 1947.384962] sysfs_create_groups+0x9b/0x141 [ 1947.389261] device_add+0x6d8/0x17b0 [ 1947.392956] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1947.398041] ? __kmalloc+0x31c/0x760 [ 1947.401732] ? kasan_unpoison_shadow+0x35/0x50 [ 1947.406290] ? kasan_kmalloc+0xc7/0xe0 [ 1947.410159] ? input_register_device+0x59f/0xce0 [ 1947.414898] input_register_device+0x728/0xce0 [ 1947.419463] ? devm_input_allocate_device+0x120/0x120 [ 1947.424631] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1947.429640] ? input_mt_init_slots+0xba/0x4a0 [ 1947.434118] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1947.439380] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1947.444728] ? __fget_light+0x2e9/0x430 [ 1947.448686] ? fget_raw+0x20/0x20 [ 1947.452121] ? __sb_end_write+0xd9/0x110 [ 1947.456163] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1947.461675] ? fput+0x130/0x1a0 [ 1947.464936] ? ksys_write+0x1ae/0x260 [ 1947.468730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1947.474245] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1947.479760] uinput_compat_ioctl+0x6b/0x90 [ 1947.483975] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1947.488718] do_fast_syscall_32+0x34d/0xfb2 [ 1947.493024] ? do_int80_syscall_32+0x890/0x890 [ 1947.497602] ? entry_SYSENTER_compat+0x68/0x7f [ 1947.502166] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1947.507163] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1947.511986] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1947.516812] ? trace_hardirqs_on_caller+0x310/0x310 [ 1947.521812] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1947.526808] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1947.531806] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1947.536631] entry_SYSENTER_compat+0x70/0x7f [ 1947.541017] RIP: 0023:0xf7f58ca9 [ 1947.544373] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1947.563251] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1947.570952] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1947.578197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1947.585443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1947.592688] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1947.599936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:41 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:41 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f, {0x200000, 0x0, 0x3}}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffc0]}, 0x48) 02:48:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf0ffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:41 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000004c"], 0x2e) 02:48:41 executing program 5 (fault-call:4 fault-nth:23): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 02:48:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:41 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000007a00"], 0x2e) [ 1947.900941] FAULT_INJECTION: forcing a failure. [ 1947.900941] name failslab, interval 1, probability 0, space 0, times 0 [ 1947.913353] input: syz0 as /devices/virtual/input/input535 [ 1947.940016] input: syz0 as /devices/virtual/input/input536 [ 1947.982771] CPU: 0 PID: 32112 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1947.990159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1947.999508] Call Trace: [ 1948.002110] dump_stack+0x1c4/0x2b4 [ 1948.005750] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1948.010958] should_fail.cold.4+0xa/0x17 [ 1948.015031] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1948.020139] ? perf_trace_lock+0x14d/0x7a0 [ 1948.024375] ? lock_release+0x970/0x970 [ 1948.028362] ? arch_local_save_flags+0x40/0x40 [ 1948.032962] ? zap_class+0x640/0x640 [ 1948.036675] ? check_preemption_disabled+0x48/0x200 [ 1948.041693] ? kernfs_activate+0x8e/0x2c0 [ 1948.045842] ? zap_class+0x640/0x640 [ 1948.049558] ? fs_reclaim_acquire+0x20/0x20 [ 1948.053896] ? lock_downgrade+0x900/0x900 [ 1948.058044] ? __mutex_lock+0x85e/0x1700 [ 1948.062107] ? ___might_sleep+0x1ed/0x300 [ 1948.066253] ? arch_local_save_flags+0x40/0x40 [ 1948.070834] ? kernfs_activate+0x21a/0x2c0 [ 1948.075076] __should_failslab+0x124/0x180 [ 1948.079307] should_failslab+0x9/0x14 [ 1948.083117] kmem_cache_alloc+0x2be/0x730 [ 1948.087265] ? lock_downgrade+0x900/0x900 [ 1948.091426] ? do_raw_spin_lock+0xc1/0x200 [ 1948.095659] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1948.100675] __kernfs_new_node+0x127/0x8d0 [ 1948.104915] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1948.109669] ? kasan_check_write+0x14/0x20 [ 1948.113907] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1948.118844] ? wait_for_completion+0x8a0/0x8a0 [ 1948.123430] ? wait_for_completion+0x8a0/0x8a0 [ 1948.128010] ? kasan_check_write+0x14/0x20 [ 1948.132249] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1948.137176] ? mutex_unlock+0xd/0x10 [ 1948.140886] ? kernfs_activate+0x21a/0x2c0 [ 1948.145122] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1948.150197] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1948.155742] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1948.160330] kernfs_new_node+0x95/0x120 [ 1948.164317] __kernfs_create_file+0x5a/0x340 [ 1948.168739] sysfs_add_file_mode_ns+0x222/0x530 [ 1948.173433] internal_create_group+0x3df/0xd80 [ 1948.178012] ? remove_files.isra.1+0x190/0x190 [ 1948.182597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1948.188128] ? kernfs_create_link+0x1d4/0x250 [ 1948.192631] sysfs_create_groups+0x9b/0x141 [ 1948.196959] device_add+0x6d8/0x17b0 [ 1948.200679] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1948.205784] ? __kmalloc+0x31c/0x760 [ 1948.209508] ? kasan_unpoison_shadow+0x35/0x50 [ 1948.214090] ? kasan_kmalloc+0xc7/0xe0 [ 1948.217981] ? input_register_device+0x59f/0xce0 [ 1948.222748] input_register_device+0x728/0xce0 [ 1948.227345] ? devm_input_allocate_device+0x120/0x120 [ 1948.232539] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1948.237567] ? input_mt_init_slots+0xba/0x4a0 [ 1948.242066] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1948.247344] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1948.252716] ? __fget_light+0x2e9/0x430 [ 1948.256691] ? fget_raw+0x20/0x20 [ 1948.260144] ? __sb_end_write+0xd9/0x110 [ 1948.264211] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1948.269749] ? fput+0x130/0x1a0 [ 1948.273033] ? ksys_write+0x1ae/0x260 [ 1948.276837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1948.282373] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1948.282385] uinput_compat_ioctl+0x6b/0x90 [ 1948.282403] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1948.292140] do_fast_syscall_32+0x34d/0xfb2 [ 1948.292160] ? do_int80_syscall_32+0x890/0x890 [ 1948.305787] ? entry_SYSENTER_compat+0x68/0x7f [ 1948.310367] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1948.315376] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1948.320208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1948.325045] ? trace_hardirqs_on_caller+0x310/0x310 02:48:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x425b}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000bfff"], 0x2e) 02:48:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x60}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1948.330052] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1948.335072] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1948.340091] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1948.344949] entry_SYSENTER_compat+0x70/0x7f [ 1948.349350] RIP: 0023:0xf7f58ca9 [ 1948.352714] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1948.371610] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1948.379317] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1948.386583] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1948.393846] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1948.401106] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1948.408374] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:42 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xfcffffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 02:48:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:42 executing program 5 (fault-call:4 fault-nth:24): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:42 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x48) [ 1948.722692] FAULT_INJECTION: forcing a failure. [ 1948.722692] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.741598] input: syz0 as /devices/virtual/input/input538 02:48:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf0ffffffffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1948.774775] CPU: 0 PID: 32153 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1948.782161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1948.782167] Call Trace: [ 1948.782192] dump_stack+0x1c4/0x2b4 [ 1948.782216] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1948.802909] should_fail.cold.4+0xa/0x17 [ 1948.806971] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1948.812070] ? perf_trace_lock+0x14d/0x7a0 [ 1948.816305] ? lock_release+0x970/0x970 [ 1948.820278] ? arch_local_save_flags+0x40/0x40 02:48:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x5b42}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1948.824859] ? zap_class+0x640/0x640 [ 1948.828569] ? check_preemption_disabled+0x48/0x200 [ 1948.828590] ? kernfs_activate+0x8e/0x2c0 [ 1948.837713] ? zap_class+0x640/0x640 [ 1948.841431] ? fs_reclaim_acquire+0x20/0x20 [ 1948.845749] ? lock_downgrade+0x900/0x900 [ 1948.849898] ? __mutex_lock+0x85e/0x1700 [ 1948.853970] ? ___might_sleep+0x1ed/0x300 [ 1948.858107] ? arch_local_save_flags+0x40/0x40 [ 1948.858121] ? kernfs_activate+0x21a/0x2c0 [ 1948.858141] __should_failslab+0x124/0x180 [ 1948.871135] should_failslab+0x9/0x14 02:48:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x34000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1948.874936] kmem_cache_alloc+0x2be/0x730 [ 1948.879081] ? lock_downgrade+0x900/0x900 [ 1948.883221] ? do_raw_spin_lock+0xc1/0x200 [ 1948.887460] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1948.892477] __kernfs_new_node+0x127/0x8d0 [ 1948.896717] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1948.901470] ? kasan_check_write+0x14/0x20 [ 1948.905718] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1948.910641] ? wait_for_completion+0x8a0/0x8a0 [ 1948.915219] ? wait_for_completion+0x8a0/0x8a0 [ 1948.919800] ? kasan_check_write+0x14/0x20 [ 1948.919817] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1948.928974] ? mutex_unlock+0xd/0x10 [ 1948.932681] ? kernfs_activate+0x21a/0x2c0 [ 1948.932700] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1948.941741] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1948.947282] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1948.951871] kernfs_new_node+0x95/0x120 [ 1948.955848] __kernfs_create_file+0x5a/0x340 [ 1948.960274] sysfs_add_file_mode_ns+0x222/0x530 [ 1948.964952] internal_create_group+0x3df/0xd80 [ 1948.969539] ? remove_files.isra.1+0x190/0x190 02:48:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x4000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1948.974122] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1948.980163] ? kernfs_create_link+0x1d4/0x250 [ 1948.980187] sysfs_create_groups+0x9b/0x141 [ 1948.989050] device_add+0x6d8/0x17b0 [ 1948.989069] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1948.997853] ? __kmalloc+0x31c/0x760 [ 1949.001565] ? kasan_unpoison_shadow+0x35/0x50 [ 1949.006145] ? kasan_kmalloc+0xc7/0xe0 [ 1949.010037] ? input_register_device+0x59f/0xce0 [ 1949.014800] input_register_device+0x728/0xce0 [ 1949.019394] ? devm_input_allocate_device+0x120/0x120 [ 1949.024590] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1949.029610] ? input_mt_init_slots+0xba/0x4a0 [ 1949.034113] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1949.039394] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1949.044758] ? __fget_light+0x2e9/0x430 [ 1949.048730] ? fget_raw+0x20/0x20 [ 1949.052200] ? __sb_end_write+0xd9/0x110 [ 1949.056289] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1949.061845] ? fput+0x130/0x1a0 [ 1949.065131] ? ksys_write+0x1ae/0x260 [ 1949.068942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1949.074490] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1949.080025] uinput_compat_ioctl+0x6b/0x90 [ 1949.084276] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1949.089041] do_fast_syscall_32+0x34d/0xfb2 [ 1949.093363] ? do_int80_syscall_32+0x890/0x890 [ 1949.098058] ? entry_SYSENTER_compat+0x68/0x7f [ 1949.102650] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1949.107668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1949.112530] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1949.117392] ? trace_hardirqs_on_caller+0x310/0x310 [ 1949.122411] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1949.127428] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1949.132456] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1949.137313] entry_SYSENTER_compat+0x70/0x7f [ 1949.141722] RIP: 0023:0xf7f58ca9 [ 1949.145091] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1949.163990] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 02:48:43 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1949.171698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1949.178961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1949.186229] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1949.193628] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1949.200900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1949.212030] input: syz0 as /devices/virtual/input/input539 02:48:43 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x48) 02:48:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x40030000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:43 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000540)={{0x7, 0x800, 0x8, 0x9}, 'syz1\x00', 0x25}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:43 executing program 5 (fault-call:4 fault-nth:25): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:43 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000003"], 0x2e) [ 1949.660924] input: syz1 as /devices/virtual/input/input540 [ 1949.672446] FAULT_INJECTION: forcing a failure. [ 1949.672446] name failslab, interval 1, probability 0, space 0, times 0 02:48:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x6000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:43 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000006800"], 0x2e) [ 1949.704295] CPU: 0 PID: 32195 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1949.711686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1949.711692] Call Trace: [ 1949.711715] dump_stack+0x1c4/0x2b4 [ 1949.711738] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1949.732474] should_fail.cold.4+0xa/0x17 [ 1949.736551] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1949.741658] ? perf_trace_lock+0x14d/0x7a0 [ 1949.745882] ? lock_release+0x970/0x970 [ 1949.749844] ? arch_local_save_flags+0x40/0x40 02:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x900]}, 0x48) [ 1949.754429] ? zap_class+0x640/0x640 [ 1949.758138] ? check_preemption_disabled+0x48/0x200 [ 1949.763156] ? kernfs_activate+0x8e/0x2c0 [ 1949.763177] ? zap_class+0x640/0x640 [ 1949.763192] ? fs_reclaim_acquire+0x20/0x20 [ 1949.763206] ? lock_downgrade+0x900/0x900 [ 1949.779469] ? __mutex_lock+0x85e/0x1700 [ 1949.783531] ? ___might_sleep+0x1ed/0x300 [ 1949.787677] ? arch_local_save_flags+0x40/0x40 [ 1949.792254] ? kernfs_activate+0x21a/0x2c0 [ 1949.792275] __should_failslab+0x124/0x180 [ 1949.792287] should_failslab+0x9/0x14 02:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x48) [ 1949.792300] kmem_cache_alloc+0x2be/0x730 [ 1949.792316] ? lock_downgrade+0x900/0x900 [ 1949.800750] ? do_raw_spin_lock+0xc1/0x200 [ 1949.817006] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1949.822133] __kernfs_new_node+0x127/0x8d0 [ 1949.822147] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1949.822167] ? kasan_check_write+0x14/0x20 [ 1949.822184] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1949.822199] ? wait_for_completion+0x8a0/0x8a0 [ 1949.831175] ? wait_for_completion+0x8a0/0x8a0 [ 1949.831189] ? kasan_check_write+0x14/0x20 [ 1949.831203] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1949.831217] ? mutex_unlock+0xd/0x10 [ 1949.831227] ? kernfs_activate+0x21a/0x2c0 [ 1949.831240] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1949.831258] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1949.844942] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1949.844960] kernfs_new_node+0x95/0x120 [ 1949.853744] __kernfs_create_file+0x5a/0x340 [ 1949.889857] sysfs_add_file_mode_ns+0x222/0x530 [ 1949.894537] internal_create_group+0x3df/0xd80 [ 1949.899108] input: syz1 as /devices/virtual/input/input542 02:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xb0ffffff00000000]}, 0x48) [ 1949.899127] ? remove_files.isra.1+0x190/0x190 [ 1949.909307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1949.914844] ? kernfs_create_link+0x1d4/0x250 [ 1949.919346] sysfs_create_groups+0x9b/0x141 [ 1949.923677] device_add+0x6d8/0x17b0 [ 1949.927398] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1949.932518] ? __kmalloc+0x31c/0x760 [ 1949.936229] ? kasan_unpoison_shadow+0x35/0x50 [ 1949.940812] ? kasan_kmalloc+0xc7/0xe0 [ 1949.944699] ? input_register_device+0x59f/0xce0 [ 1949.949462] input_register_device+0x728/0xce0 02:48:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x48) [ 1949.954050] ? devm_input_allocate_device+0x120/0x120 [ 1949.959242] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1949.964278] ? input_mt_init_slots+0xba/0x4a0 [ 1949.964296] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1949.964312] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1949.979409] ? __fget_light+0x2e9/0x430 [ 1949.983393] ? fget_raw+0x20/0x20 [ 1949.986852] ? __sb_end_write+0xd9/0x110 [ 1949.990911] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1949.996446] ? fput+0x130/0x1a0 [ 1949.999728] ? ksys_write+0x1ae/0x260 [ 1950.003538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1950.009077] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1950.014617] uinput_compat_ioctl+0x6b/0x90 [ 1950.018873] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1950.023637] do_fast_syscall_32+0x34d/0xfb2 [ 1950.027962] ? do_int80_syscall_32+0x890/0x890 [ 1950.032547] ? entry_SYSENTER_compat+0x68/0x7f [ 1950.037142] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1950.042172] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1950.047010] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1950.051852] ? trace_hardirqs_on_caller+0x310/0x310 [ 1950.056875] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1950.061892] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1950.066908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1950.071788] entry_SYSENTER_compat+0x70/0x7f [ 1950.076201] RIP: 0023:0xf7f58ca9 [ 1950.079566] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1950.098468] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1950.106193] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1950.113453] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1950.113461] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1950.113471] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1950.135245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:44 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:44 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xfffff000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) 02:48:44 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000007400"], 0x2e) 02:48:44 executing program 5 (fault-call:4 fault-nth:26): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:44 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000580)=[@in6={0xa, 0x4e24, 0x10000, @dev={0xfe, 0x80, [], 0xb}, 0x8000}, @in6={0xa, 0x4e24, 0x3, @loopback, 0x5}, @in6={0xa, 0x4e21, 0x6, @mcast1, 0xa}, @in6={0xa, 0x4e21, 0x4, @ipv4={[], [], @rand_addr=0x1d}, 0x5}, @in6={0xa, 0x4e22, 0x4, @local, 0x2}, @in={0x2, 0x4e24}, @in={0x2, 0x4e24, @local}], 0xac) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f0000000540)=0x6, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1950.592364] sg_write: 10 callbacks suppressed [ 1950.592374] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1950.592374] program syz-executor1 not setting count and/or reply_len properly [ 1950.615780] FAULT_INJECTION: forcing a failure. [ 1950.615780] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.628286] input: syz0 as /devices/virtual/input/input543 [ 1950.633851] CPU: 0 PID: 32238 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1950.641266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1950.650607] Call Trace: [ 1950.650629] dump_stack+0x1c4/0x2b4 [ 1950.650646] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1950.650680] should_fail.cold.4+0xa/0x17 [ 1950.656854] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1950.656865] ? perf_trace_lock+0x14d/0x7a0 [ 1950.656879] ? lock_release+0x970/0x970 [ 1950.666093] ? arch_local_save_flags+0x40/0x40 [ 1950.666107] ? zap_class+0x640/0x640 [ 1950.666126] ? check_preemption_disabled+0x48/0x200 [ 1950.687662] ? kernfs_activate+0x8e/0x2c0 [ 1950.687680] ? zap_class+0x640/0x640 [ 1950.696839] ? fs_reclaim_acquire+0x20/0x20 [ 1950.704941] ? lock_downgrade+0x900/0x900 [ 1950.709093] ? __mutex_lock+0x85e/0x1700 [ 1950.713158] ? ___might_sleep+0x1ed/0x300 [ 1950.713174] ? arch_local_save_flags+0x40/0x40 [ 1950.713186] ? kernfs_activate+0x21a/0x2c0 [ 1950.713205] __should_failslab+0x124/0x180 [ 1950.726136] should_failslab+0x9/0x14 [ 1950.726149] kmem_cache_alloc+0x2be/0x730 [ 1950.726166] ? lock_downgrade+0x900/0x900 02:48:44 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1950.738291] ? do_raw_spin_lock+0xc1/0x200 [ 1950.738304] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1950.738323] __kernfs_new_node+0x127/0x8d0 [ 1950.746666] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1950.746682] ? kasan_check_write+0x14/0x20 [ 1950.760629] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1950.760641] ? wait_for_completion+0x8a0/0x8a0 [ 1950.760654] ? wait_for_completion+0x8a0/0x8a0 [ 1950.760669] ? kasan_check_write+0x14/0x20 [ 1950.770379] input: syz0 as /devices/virtual/input/input545 02:48:44 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1950.774354] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1950.774371] ? mutex_unlock+0xd/0x10 [ 1950.793697] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1950.793697] program syz-executor1 not setting count and/or reply_len properly [ 1950.797340] ? kernfs_activate+0x21a/0x2c0 [ 1950.797353] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1950.797375] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1950.827715] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1950.832315] kernfs_new_node+0x95/0x120 [ 1950.836304] __kernfs_create_file+0x5a/0x340 [ 1950.836328] sysfs_add_file_mode_ns+0x222/0x530 [ 1950.845358] internal_create_group+0x3df/0xd80 [ 1950.845379] ? remove_files.isra.1+0x190/0x190 [ 1950.854504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1950.860038] ? kernfs_create_link+0x1d4/0x250 [ 1950.864540] sysfs_create_groups+0x9b/0x141 [ 1950.868865] device_add+0x6d8/0x17b0 [ 1950.872585] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1950.873245] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1950.873245] program syz-executor1 not setting count and/or reply_len properly 02:48:44 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1950.877687] ? __kmalloc+0x31c/0x760 [ 1950.877699] ? kasan_unpoison_shadow+0x35/0x50 [ 1950.877717] ? kasan_kmalloc+0xc7/0xe0 [ 1950.905624] ? input_register_device+0x59f/0xce0 [ 1950.910387] input_register_device+0x728/0xce0 [ 1950.914973] ? devm_input_allocate_device+0x120/0x120 [ 1950.920164] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1950.925195] ? input_mt_init_slots+0xba/0x4a0 [ 1950.929692] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1950.934974] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1950.940345] ? __fget_light+0x2e9/0x430 [ 1950.944331] ? fget_raw+0x20/0x20 [ 1950.947788] ? __sb_end_write+0xd9/0x110 [ 1950.951857] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1950.957385] ? fput+0x130/0x1a0 [ 1950.960663] ? ksys_write+0x1ae/0x260 [ 1950.961404] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1950.961404] program syz-executor1 not setting count and/or reply_len properly [ 1950.964459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1950.964474] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 02:48:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1950.964494] uinput_compat_ioctl+0x6b/0x90 [ 1950.995743] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1951.000499] do_fast_syscall_32+0x34d/0xfb2 [ 1951.004819] ? do_int80_syscall_32+0x890/0x890 [ 1951.009405] ? entry_SYSENTER_compat+0x68/0x7f [ 1951.013992] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1951.019006] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1951.023846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1951.028680] ? trace_hardirqs_on_caller+0x310/0x310 [ 1951.033691] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1951.038708] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1951.043725] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1951.047160] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1951.047160] program syz-executor1 not setting count and/or reply_len properly [ 1951.048565] entry_SYSENTER_compat+0x70/0x7f [ 1951.048585] RIP: 0023:0xf7f58ca9 [ 1951.072033] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 02:48:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1951.090939] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1951.098651] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1951.105916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1951.113190] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1951.120457] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1951.127718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1951.131224] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x5000]}, 0x48) [ 1951.131224] program syz-executor1 not setting count and/or reply_len properly 02:48:45 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(0xffffffffffffffff, r0) 02:48:45 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf0ffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x5000000000000000]}, 0x48) 02:48:45 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x2, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000540)={0x0, 0x50, "9c7caa87522b7070010a01c25ba987a844a3aed4d5474682b747b12c5b127d556934d6dda80628f3130db6d6ee090252e69d61aeb510561bc9d339ea5900d917dd2dfee915f4ccfe2155f3840678bd83"}, &(0x7f00000005c0)=0x58) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000600)={r2, 0x9}, 0x8) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000007fff"], 0x2e) 02:48:45 executing program 5 (fault-call:4 fault-nth:27): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) [ 1951.619535] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1951.619535] program syz-executor1 not setting count and/or reply_len properly [ 1951.638607] input: syz0 as /devices/virtual/input/input546 [ 1951.645632] FAULT_INJECTION: forcing a failure. [ 1951.645632] name failslab, interval 1, probability 0, space 0, times 0 [ 1951.675864] CPU: 0 PID: 32275 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1951.683345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1951.692688] Call Trace: [ 1951.692712] dump_stack+0x1c4/0x2b4 [ 1951.692731] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1951.692759] should_fail.cold.4+0xa/0x17 [ 1951.704131] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1951.704145] ? perf_trace_lock+0x14d/0x7a0 [ 1951.717510] ? lock_release+0x970/0x970 [ 1951.717528] ? arch_local_save_flags+0x40/0x40 [ 1951.726126] ? zap_class+0x640/0x640 [ 1951.729833] ? check_preemption_disabled+0x48/0x200 [ 1951.729854] ? kernfs_activate+0x8e/0x2c0 [ 1951.738986] ? zap_class+0x640/0x640 [ 1951.742698] ? fs_reclaim_acquire+0x20/0x20 [ 1951.747023] ? lock_downgrade+0x900/0x900 [ 1951.747040] ? ___might_sleep+0x1ed/0x300 [ 1951.755310] ? arch_local_save_flags+0x40/0x40 [ 1951.759890] ? kernfs_activate+0x21a/0x2c0 [ 1951.759911] __should_failslab+0x124/0x180 [ 1951.768335] should_failslab+0x9/0x14 [ 1951.772125] kmem_cache_alloc+0x2be/0x730 [ 1951.772139] ? lock_downgrade+0x900/0x900 [ 1951.772151] ? do_raw_spin_lock+0xc1/0x200 [ 1951.772166] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1951.789646] __kernfs_new_node+0x127/0x8d0 [ 1951.789662] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1951.798619] ? kasan_check_write+0x14/0x20 [ 1951.802864] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1951.807796] ? wait_for_completion+0x8a0/0x8a0 [ 1951.811383] input: syz0 as /devices/virtual/input/input548 [ 1951.812375] ? wait_for_completion+0x8a0/0x8a0 [ 1951.812389] ? kasan_check_write+0x14/0x20 [ 1951.826789] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1951.831722] ? mutex_unlock+0xd/0x10 [ 1951.835433] ? kernfs_activate+0x21a/0x2c0 [ 1951.839663] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1951.844505] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1951.850058] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1951.854660] kernfs_new_node+0x95/0x120 [ 1951.858640] __kernfs_create_file+0x5a/0x340 [ 1951.863052] sysfs_add_file_mode_ns+0x222/0x530 [ 1951.867732] internal_create_group+0x3df/0xd80 [ 1951.872320] ? remove_files.isra.1+0x190/0x190 02:48:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000007"], 0x2e) [ 1951.876905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1951.882441] ? kernfs_create_link+0x1d4/0x250 [ 1951.886938] sysfs_create_groups+0x9b/0x141 [ 1951.886955] device_add+0x6d8/0x17b0 [ 1951.886979] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1951.894989] ? __kmalloc+0x31c/0x760 [ 1951.895003] ? kasan_unpoison_shadow+0x35/0x50 [ 1951.895017] ? kasan_kmalloc+0xc7/0xe0 [ 1951.912252] ? input_register_device+0x59f/0xce0 [ 1951.917017] input_register_device+0x728/0xce0 [ 1951.921607] ? devm_input_allocate_device+0x120/0x120 [ 1951.923627] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1951.923627] program syz-executor1 not setting count and/or reply_len properly [ 1951.926802] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1951.926814] ? input_mt_init_slots+0xba/0x4a0 [ 1951.926836] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1951.957288] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1951.962658] ? __fget_light+0x2e9/0x430 [ 1951.966633] ? fget_raw+0x20/0x20 [ 1951.970081] ? __sb_end_write+0xd9/0x110 02:48:46 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000007a"], 0x2e) [ 1951.974146] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1951.979681] ? fput+0x130/0x1a0 [ 1951.982968] ? ksys_write+0x1ae/0x260 [ 1951.986772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1951.992314] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1951.997849] uinput_compat_ioctl+0x6b/0x90 [ 1952.000760] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1952.000760] program syz-executor1 not setting count and/or reply_len properly [ 1952.002092] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1952.002114] do_fast_syscall_32+0x34d/0xfb2 02:48:46 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000004c00"], 0x2e) [ 1952.002137] ? do_int80_syscall_32+0x890/0x890 [ 1952.031436] ? entry_SYSENTER_compat+0x68/0x7f [ 1952.036022] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1952.041039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1952.045881] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1952.050719] ? trace_hardirqs_on_caller+0x310/0x310 [ 1952.055733] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1952.060745] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1952.065764] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1952.070619] entry_SYSENTER_compat+0x70/0x7f 02:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) [ 1952.073562] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1952.073562] program syz-executor1 not setting count and/or reply_len properly [ 1952.075020] RIP: 0023:0xf7f58ca9 [ 1952.075035] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1952.075042] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1952.120682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:48:46 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xdd01}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1952.127966] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1952.135239] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1952.142507] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1952.150109] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:46 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(0xffffffffffffffff, r0) 02:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 02:48:46 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000700"], 0x2e) 02:48:46 executing program 5 (fault-call:4 fault-nth:28): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:46 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf00}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:46 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x18) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:46 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xc00]}, 0x48) 02:48:46 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x2}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1952.634863] input: syz0 as /devices/virtual/input/input549 [ 1952.638040] FAULT_INJECTION: forcing a failure. [ 1952.638040] name failslab, interval 1, probability 0, space 0, times 0 [ 1952.671129] input: syz0 as /devices/virtual/input/input551 [ 1952.735310] CPU: 0 PID: 32311 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1952.742827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1952.752182] Call Trace: [ 1952.754781] dump_stack+0x1c4/0x2b4 [ 1952.758415] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1952.763620] should_fail.cold.4+0xa/0x17 [ 1952.767689] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1952.772798] ? perf_trace_lock+0x14d/0x7a0 [ 1952.777041] ? lock_release+0x970/0x970 [ 1952.781023] ? arch_local_save_flags+0x40/0x40 [ 1952.785606] ? __switch_to_asm+0x40/0x70 [ 1952.789669] ? zap_class+0x640/0x640 [ 1952.793388] ? check_preemption_disabled+0x48/0x200 [ 1952.798414] ? kernfs_activate+0x8e/0x2c0 [ 1952.802577] ? __sched_text_start+0x8/0x8 [ 1952.806731] ? zap_class+0x640/0x640 [ 1952.810446] ? fs_reclaim_acquire+0x20/0x20 [ 1952.814767] ? lock_downgrade+0x900/0x900 [ 1952.818918] ? __mutex_lock+0x85e/0x1700 [ 1952.822991] ? ___might_sleep+0x1ed/0x300 [ 1952.827160] ? arch_local_save_flags+0x40/0x40 [ 1952.831747] ? kernfs_activate+0x21a/0x2c0 [ 1952.835994] __should_failslab+0x124/0x180 [ 1952.840246] should_failslab+0x9/0x14 [ 1952.844045] kmem_cache_alloc+0x2be/0x730 [ 1952.848195] ? lock_downgrade+0x900/0x900 [ 1952.852340] ? ___preempt_schedule+0x16/0x18 [ 1952.856752] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1952.861772] __kernfs_new_node+0x127/0x8d0 [ 1952.866009] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1952.870764] ? kasan_check_write+0x14/0x20 [ 1952.875003] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1952.879962] ? wait_for_completion+0x8a0/0x8a0 [ 1952.884542] ? wait_for_completion+0x8a0/0x8a0 [ 1952.889121] ? kasan_check_write+0x14/0x20 [ 1952.893365] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1952.898294] ? mutex_unlock+0xd/0x10 [ 1952.902006] ? kernfs_activate+0x21a/0x2c0 [ 1952.906247] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1952.911089] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1952.916627] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1952.921211] kernfs_new_node+0x95/0x120 [ 1952.925187] __kernfs_create_file+0x5a/0x340 [ 1952.929599] sysfs_add_file_mode_ns+0x222/0x530 [ 1952.934276] internal_create_group+0x3df/0xd80 [ 1952.938864] ? remove_files.isra.1+0x190/0x190 [ 1952.943461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1952.948994] ? kernfs_create_link+0x1d4/0x250 [ 1952.953497] sysfs_create_groups+0x9b/0x141 [ 1952.957820] device_add+0x6d8/0x17b0 [ 1952.961629] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1952.966739] ? __kmalloc+0x31c/0x760 [ 1952.970456] ? kasan_unpoison_shadow+0x35/0x50 [ 1952.975034] ? kasan_kmalloc+0xc7/0xe0 [ 1952.979384] ? input_register_device+0x59f/0xce0 [ 1952.984152] input_register_device+0x728/0xce0 [ 1952.988740] ? devm_input_allocate_device+0x120/0x120 [ 1952.993930] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1952.998946] ? input_mt_init_slots+0xba/0x4a0 [ 1953.003448] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1953.008728] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1953.014096] ? __fget_light+0x2e9/0x430 [ 1953.018067] ? fget_raw+0x20/0x20 [ 1953.021519] ? __sb_end_write+0xd9/0x110 [ 1953.025584] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1953.031108] ? fput+0x130/0x1a0 02:48:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1953.034389] ? ksys_write+0x1ae/0x260 [ 1953.038188] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1953.043722] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1953.043738] uinput_compat_ioctl+0x6b/0x90 [ 1953.053476] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1953.053498] do_fast_syscall_32+0x34d/0xfb2 [ 1953.062541] ? do_int80_syscall_32+0x890/0x890 [ 1953.067134] ? entry_SYSENTER_compat+0x68/0x7f [ 1953.071719] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1953.076732] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1953.081571] ? trace_hardirqs_off_thunk+0x1a/0x1c 02:48:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1953.086416] ? trace_hardirqs_on_caller+0x310/0x310 [ 1953.091435] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1953.096454] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1953.101477] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1953.106329] entry_SYSENTER_compat+0x70/0x7f [ 1953.110732] RIP: 0023:0xf7f58ca9 [ 1953.114099] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1953.133006] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1953.140709] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1953.147965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1953.155211] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1953.162458] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1953.169706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:47 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(0xffffffffffffffff, r0) 02:48:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x10]}, 0x48) 02:48:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf00000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:47 executing program 5 (fault-call:4 fault-nth:29): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:47 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f, {0x0, 0x800000}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xdd010000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1953.487493] FAULT_INJECTION: forcing a failure. [ 1953.487493] name failslab, interval 1, probability 0, space 0, times 0 [ 1953.513528] input: syz0 as /devices/virtual/input/input553 [ 1953.531393] input: syz0 as /devices/virtual/input/input554 02:48:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1953.534671] CPU: 0 PID: 32348 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1953.544403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1953.553743] Call Trace: [ 1953.553766] dump_stack+0x1c4/0x2b4 [ 1953.553786] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1953.565164] should_fail.cold.4+0xa/0x17 [ 1953.569230] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1953.574328] ? perf_trace_lock+0x14d/0x7a0 [ 1953.578565] ? lock_release+0x970/0x970 [ 1953.582534] ? arch_local_save_flags+0x40/0x40 02:48:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1953.582549] ? zap_class+0x640/0x640 [ 1953.582563] ? check_preemption_disabled+0x48/0x200 [ 1953.582585] ? kernfs_activate+0x8e/0x2c0 [ 1953.599971] ? zap_class+0x640/0x640 [ 1953.599987] ? fs_reclaim_acquire+0x20/0x20 [ 1953.607982] ? lock_downgrade+0x900/0x900 [ 1953.612125] ? __mutex_lock+0x85e/0x1700 [ 1953.616185] ? ___might_sleep+0x1ed/0x300 [ 1953.620328] ? arch_local_save_flags+0x40/0x40 [ 1953.624903] ? kernfs_activate+0x21a/0x2c0 [ 1953.629140] __should_failslab+0x124/0x180 [ 1953.633374] should_failslab+0x9/0x14 02:48:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x60000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1953.637173] kmem_cache_alloc+0x2be/0x730 [ 1953.641316] ? lock_downgrade+0x900/0x900 [ 1953.645454] ? do_raw_spin_lock+0xc1/0x200 [ 1953.649685] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1953.654702] __kernfs_new_node+0x127/0x8d0 [ 1953.658937] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1953.663692] ? kasan_check_write+0x14/0x20 [ 1953.667930] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1953.672873] ? wait_for_completion+0x8a0/0x8a0 [ 1953.677456] ? wait_for_completion+0x8a0/0x8a0 [ 1953.682039] ? kasan_check_write+0x14/0x20 02:48:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000004800"], 0x2e) [ 1953.686277] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1953.691204] ? mutex_unlock+0xd/0x10 [ 1953.694930] ? kernfs_activate+0x21a/0x2c0 [ 1953.699163] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1953.704006] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1953.709545] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1953.714129] kernfs_new_node+0x95/0x120 [ 1953.718106] __kernfs_create_file+0x5a/0x340 [ 1953.722518] sysfs_add_file_mode_ns+0x222/0x530 [ 1953.727193] internal_create_group+0x3df/0xd80 [ 1953.731779] ? remove_files.isra.1+0x190/0x190 02:48:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x40000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1953.736378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1953.741911] ? kernfs_create_link+0x1d4/0x250 [ 1953.746411] sysfs_create_groups+0x9b/0x141 [ 1953.750738] device_add+0x6d8/0x17b0 [ 1953.754452] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1953.759560] ? __kmalloc+0x31c/0x760 [ 1953.763268] ? kasan_unpoison_shadow+0x35/0x50 [ 1953.767848] ? kasan_kmalloc+0xc7/0xe0 [ 1953.771737] ? input_register_device+0x59f/0xce0 [ 1953.776500] input_register_device+0x728/0xce0 [ 1953.776534] ? devm_input_allocate_device+0x120/0x120 [ 1953.786291] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1953.791304] ? input_mt_init_slots+0xba/0x4a0 [ 1953.791320] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1953.791334] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1953.791351] ? __fget_light+0x2e9/0x430 [ 1953.810408] ? fget_raw+0x20/0x20 [ 1953.813860] ? __sb_end_write+0xd9/0x110 [ 1953.817927] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1953.823462] ? fput+0x130/0x1a0 [ 1953.826739] ? ksys_write+0x1ae/0x260 [ 1953.830537] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1953.836078] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1953.841613] uinput_compat_ioctl+0x6b/0x90 [ 1953.845844] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1953.850600] do_fast_syscall_32+0x34d/0xfb2 [ 1953.854924] ? do_int80_syscall_32+0x890/0x890 [ 1953.859503] ? entry_SYSENTER_compat+0x68/0x7f [ 1953.864086] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1953.869097] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1953.873936] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1953.878777] ? trace_hardirqs_on_caller+0x310/0x310 [ 1953.883805] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1953.888824] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1953.893844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1953.898696] entry_SYSENTER_compat+0x70/0x7f [ 1953.903100] RIP: 0023:0xf7f58ca9 [ 1953.906466] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1953.925368] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1953.933102] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1953.940371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1953.947640] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1953.954913] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1953.962181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:48 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, 0xffffffffffffffff) 02:48:48 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000002600"], 0x2e) 02:48:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x50]}, 0x48) 02:48:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xffffff9e}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:48 executing program 5 (fault-call:4 fault-nth:30): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:48 executing program 3: r0 = syz_open_dev$adsp(&(0x7f0000000540)='/dev/adsp#\x00', 0x4, 0x1411d0) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r0, 0x40045730, &(0x7f0000000580)=0xfffffffffffffff7) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:48:48 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xfffffffc}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1954.341669] FAULT_INJECTION: forcing a failure. [ 1954.341669] name failslab, interval 1, probability 0, space 0, times 0 [ 1954.371120] input: syz0 as /devices/virtual/input/input556 [ 1954.401005] CPU: 1 PID: 32388 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1954.408416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1954.417759] Call Trace: [ 1954.417782] dump_stack+0x1c4/0x2b4 [ 1954.417799] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1954.417833] should_fail.cold.4+0xa/0x17 [ 1954.417853] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1954.438344] ? zap_class+0x640/0x640 [ 1954.442065] ? check_preemption_disabled+0x48/0x200 [ 1954.447098] ? mutex_trylock+0x2b0/0x2b0 [ 1954.451160] ? zap_class+0x640/0x640 [ 1954.454880] ? fs_reclaim_acquire+0x20/0x20 [ 1954.459214] ? lock_downgrade+0x900/0x900 [ 1954.463355] ? kernfs_activate+0x21a/0x2c0 [ 1954.467588] ? ___might_sleep+0x1ed/0x300 [ 1954.471742] ? arch_local_save_flags+0x40/0x40 [ 1954.476335] __should_failslab+0x124/0x180 [ 1954.480574] should_failslab+0x9/0x14 [ 1954.484378] kmem_cache_alloc+0x2be/0x730 [ 1954.488525] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1954.493471] ? __kernfs_new_node+0x697/0x8d0 [ 1954.497888] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1954.502907] __kernfs_new_node+0x127/0x8d0 [ 1954.507151] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1954.511911] ? wait_for_completion+0x8a0/0x8a0 [ 1954.516507] ? wait_for_completion+0x8a0/0x8a0 [ 1954.521081] ? kasan_check_write+0x14/0x20 [ 1954.521096] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1954.521112] ? mutex_unlock+0xd/0x10 [ 1954.521124] ? kernfs_activate+0x21a/0x2c0 [ 1954.521137] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1954.521152] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1954.521163] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1954.521179] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1954.521207] ? kernfs_put+0x49b/0x760 [ 1954.521226] kernfs_new_node+0x95/0x120 [ 1954.521244] kernfs_create_dir_ns+0x4d/0x160 [ 1954.530372] internal_create_group+0x5fc/0xd80 [ 1954.530386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1954.530402] ? internal_create_group+0x54c/0xd80 [ 1954.538312] ? remove_files.isra.1+0x190/0x190 [ 1954.538327] ? remove_files.isra.1+0x190/0x190 [ 1954.548674] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1954.548686] ? kernfs_create_link+0x1d4/0x250 [ 1954.548713] sysfs_create_group+0x1f/0x30 [ 1954.558855] dpm_sysfs_add+0x26/0x210 [ 1954.558874] device_add+0x846/0x17b0 [ 1954.581209] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1954.581227] ? __kmalloc+0x31c/0x760 [ 1954.581240] ? kasan_unpoison_shadow+0x35/0x50 [ 1954.581252] ? kasan_kmalloc+0xc7/0xe0 [ 1954.581264] ? input_register_device+0x59f/0xce0 [ 1954.581278] input_register_device+0x728/0xce0 [ 1954.581294] ? devm_input_allocate_device+0x120/0x120 [ 1954.581311] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1954.613094] ? input_mt_init_slots+0xba/0x4a0 [ 1954.621872] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1954.621900] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1954.621923] ? __fget_light+0x2e9/0x430 [ 1954.672588] ? fget_raw+0x20/0x20 [ 1954.676045] ? __sb_end_write+0xd9/0x110 [ 1954.680110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1954.685647] ? fput+0x130/0x1a0 [ 1954.688931] ? ksys_write+0x1ae/0x260 [ 1954.692745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1954.698289] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1954.703827] uinput_compat_ioctl+0x6b/0x90 [ 1954.708090] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1954.712853] do_fast_syscall_32+0x34d/0xfb2 [ 1954.717177] ? do_int80_syscall_32+0x890/0x890 [ 1954.721779] ? entry_SYSENTER_compat+0x68/0x7f [ 1954.726365] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1954.731387] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1954.736236] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1954.741085] ? trace_hardirqs_on_caller+0x310/0x310 [ 1954.746104] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1954.751123] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1954.756144] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1954.761000] entry_SYSENTER_compat+0x70/0x7f [ 1954.765407] RIP: 0023:0xf7f58ca9 [ 1954.768776] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1954.787676] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1954.795486] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:48:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xfffffffffffff000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:48 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000200"], 0x2e) 02:48:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffa0]}, 0x48) 02:48:48 executing program 5 (fault-call:4 fault-nth:31): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1954.802755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1954.810032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1954.817298] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1954.824689] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1954.883558] FAULT_INJECTION: forcing a failure. [ 1954.883558] name failslab, interval 1, probability 0, space 0, times 0 [ 1954.910008] CPU: 1 PID: 32413 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1954.917399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1954.926741] Call Trace: [ 1954.926765] dump_stack+0x1c4/0x2b4 [ 1954.926784] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1954.938142] should_fail.cold.4+0xa/0x17 [ 1954.938158] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1954.947305] ? debug_smp_processor_id+0x1c/0x20 [ 1954.947323] ? perf_trace_lock+0x14d/0x7a0 [ 1954.956209] ? lock_release+0x970/0x970 [ 1954.960184] ? arch_local_save_flags+0x40/0x40 [ 1954.964772] ? zap_class+0x640/0x640 [ 1954.968482] ? check_preemption_disabled+0x48/0x200 [ 1954.973505] ? zap_class+0x640/0x640 [ 1954.977224] ? fs_reclaim_acquire+0x20/0x20 [ 1954.981780] ? lock_downgrade+0x900/0x900 [ 1954.985925] ? debug_smp_processor_id+0x1c/0x20 [ 1954.990574] ? ___might_sleep+0x1ed/0x300 [ 1954.994708] ? arch_local_save_flags+0x40/0x40 [ 1954.999265] ? zap_class+0x640/0x640 [ 1955.002971] ? zap_class+0x640/0x640 [ 1955.006670] __should_failslab+0x124/0x180 [ 1955.010897] should_failslab+0x9/0x14 [ 1955.014694] kmem_cache_alloc+0x2be/0x730 [ 1955.018825] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1955.023820] __kernfs_new_node+0x127/0x8d0 [ 1955.028036] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1955.032768] ? zap_class+0x640/0x640 [ 1955.036463] ? kernfs_find_and_get_ns+0x59/0x70 [ 1955.041224] ? kasan_check_write+0x14/0x20 [ 1955.045444] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1955.050360] ? wait_for_completion+0x8a0/0x8a0 [ 1955.054919] ? mutex_unlock+0xd/0x10 [ 1955.058610] ? kasan_check_write+0x14/0x20 [ 1955.062940] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1955.067849] ? wait_for_completion+0x8a0/0x8a0 [ 1955.072410] ? kernfs_put+0x49b/0x760 [ 1955.076189] kernfs_new_node+0x95/0x120 [ 1955.080140] __kernfs_create_file+0x5a/0x340 [ 1955.084527] sysfs_add_file_mode_ns+0x222/0x530 [ 1955.089178] sysfs_merge_group+0x224/0x410 [ 1955.093396] ? sysfs_mount+0x240/0x240 [ 1955.097265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1955.102785] dpm_sysfs_add+0x161/0x210 [ 1955.106657] device_add+0x846/0x17b0 [ 1955.110361] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1955.115461] ? __kmalloc+0x31c/0x760 [ 1955.119160] ? kasan_unpoison_shadow+0x35/0x50 [ 1955.123719] ? kasan_kmalloc+0xc7/0xe0 [ 1955.127585] ? input_register_device+0x59f/0xce0 [ 1955.132322] input_register_device+0x728/0xce0 [ 1955.136884] ? devm_input_allocate_device+0x120/0x120 [ 1955.142058] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1955.147063] ? input_mt_init_slots+0xba/0x4a0 [ 1955.151539] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1955.156793] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1955.162198] ? __fget_light+0x2e9/0x430 [ 1955.166151] ? fget_raw+0x20/0x20 [ 1955.169585] ? __sb_end_write+0xd9/0x110 [ 1955.173630] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1955.179141] ? fput+0x130/0x1a0 [ 1955.182396] ? ksys_write+0x1ae/0x260 [ 1955.186175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1955.191694] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1955.197208] uinput_compat_ioctl+0x6b/0x90 [ 1955.201428] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1955.206167] do_fast_syscall_32+0x34d/0xfb2 [ 1955.210470] ? do_int80_syscall_32+0x890/0x890 [ 1955.215033] ? entry_SYSENTER_compat+0x68/0x7f [ 1955.219590] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1955.224596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1955.229437] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1955.234256] ? trace_hardirqs_on_caller+0x310/0x310 [ 1955.239252] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1955.244248] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1955.249242] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1955.254077] entry_SYSENTER_compat+0x70/0x7f [ 1955.258462] RIP: 0023:0xf7f58ca9 [ 1955.261807] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1955.280690] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1955.288388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1955.295635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1955.302888] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1955.310131] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1955.317387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:49 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, 0xffffffffffffffff) 02:48:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) socketpair(0x8, 0x4, 0xffffffffffffff7f, &(0x7f0000000540)={0xffffffffffffffff}) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40186417, &(0x7f0000000580)={0x3ec, 0x7, 0x9ab, 0x5, 0x2, 0x3}) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:49 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000006000"], 0x2e) 02:48:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 02:48:49 executing program 5 (fault-call:4 fault-nth:32): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xc00000000000000]}, 0x48) [ 1955.566592] FAULT_INJECTION: forcing a failure. [ 1955.566592] name failslab, interval 1, probability 0, space 0, times 0 [ 1955.596530] input: syz0 as /devices/virtual/input/input559 [ 1955.610379] CPU: 1 PID: 32421 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1955.617852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1955.627189] Call Trace: [ 1955.627210] dump_stack+0x1c4/0x2b4 [ 1955.627226] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1955.627247] should_fail.cold.4+0xa/0x17 [ 1955.642660] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1955.647765] ? debug_smp_processor_id+0x1c/0x20 [ 1955.652435] ? perf_trace_lock+0x14d/0x7a0 [ 1955.656670] ? lock_release+0x970/0x970 [ 1955.660283] input: failed to attach handler leds to device input559, error: -6 [ 1955.660644] ? arch_local_save_flags+0x40/0x40 [ 1955.660659] ? zap_class+0x640/0x640 [ 1955.660678] ? check_preemption_disabled+0x48/0x200 [ 1955.681398] ? zap_class+0x640/0x640 [ 1955.681412] ? fs_reclaim_acquire+0x20/0x20 [ 1955.681426] ? lock_downgrade+0x900/0x900 [ 1955.693552] ? debug_smp_processor_id+0x1c/0x20 [ 1955.693569] ? ___might_sleep+0x1ed/0x300 [ 1955.702352] ? arch_local_save_flags+0x40/0x40 [ 1955.706955] ? zap_class+0x640/0x640 [ 1955.710665] ? zap_class+0x640/0x640 [ 1955.710685] __should_failslab+0x124/0x180 [ 1955.710700] should_failslab+0x9/0x14 [ 1955.718609] kmem_cache_alloc+0x2be/0x730 [ 1955.718633] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1955.718650] __kernfs_new_node+0x127/0x8d0 [ 1955.731569] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1955.731581] ? zap_class+0x640/0x640 [ 1955.731595] ? kernfs_find_and_get_ns+0x59/0x70 [ 1955.744388] ? kasan_check_write+0x14/0x20 [ 1955.744423] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1955.751014] sg_write: 13 callbacks suppressed [ 1955.751024] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1955.751024] program syz-executor1 not setting count and/or reply_len properly [ 1955.753292] ? wait_for_completion+0x8a0/0x8a0 [ 1955.753305] ? mutex_unlock+0xd/0x10 [ 1955.753321] ? kasan_check_write+0x14/0x20 [ 1955.762713] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1955.762732] ? wait_for_completion+0x8a0/0x8a0 [ 1955.762745] ? kernfs_put+0x49b/0x760 [ 1955.762764] kernfs_new_node+0x95/0x120 [ 1955.800408] __kernfs_create_file+0x5a/0x340 [ 1955.800427] sysfs_add_file_mode_ns+0x222/0x530 [ 1955.800446] sysfs_merge_group+0x224/0x410 [ 1955.808195] ? sysfs_mount+0x240/0x240 [ 1955.821460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1955.821480] dpm_sysfs_add+0x161/0x210 [ 1955.821497] device_add+0x846/0x17b0 [ 1955.830905] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1955.830922] ? __kmalloc+0x31c/0x760 [ 1955.830932] ? kasan_unpoison_shadow+0x35/0x50 [ 1955.830947] ? kasan_kmalloc+0xc7/0xe0 [ 1955.838154] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1955.838154] program syz-executor1 not setting count and/or reply_len properly [ 1955.838513] ? input_register_device+0x59f/0xce0 [ 1955.838531] input_register_device+0x728/0xce0 [ 1955.847326] ? devm_input_allocate_device+0x120/0x120 [ 1955.847342] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1955.847360] ? input_mt_init_slots+0xba/0x4a0 [ 1955.871497] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1955.871514] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1955.871537] ? __fget_light+0x2e9/0x430 [ 1955.895475] ? fget_raw+0x20/0x20 [ 1955.895489] ? __sb_end_write+0xd9/0x110 [ 1955.895505] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1955.906103] ? fput+0x130/0x1a0 [ 1955.906117] ? ksys_write+0x1ae/0x260 [ 1955.906134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1955.913520] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1955.913533] uinput_compat_ioctl+0x6b/0x90 [ 1955.913552] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1955.924686] input: syz0 as /devices/virtual/input/input560 [ 1955.926474] do_fast_syscall_32+0x34d/0xfb2 [ 1955.926490] ? do_int80_syscall_32+0x890/0x890 02:48:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xfffffff0}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:49 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:49 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:49 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000026"], 0x2e) 02:48:50 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000006c"], 0x2e) [ 1955.935783] ? entry_SYSENTER_compat+0x68/0x7f [ 1955.935797] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1955.935813] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1955.945074] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1955.945074] program syz-executor1 not setting count and/or reply_len properly [ 1955.945547] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1955.955885] ? trace_hardirqs_on_caller+0x310/0x310 [ 1955.955899] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1955.955914] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1955.964788] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1955.994875] entry_SYSENTER_compat+0x70/0x7f [ 1955.994885] RIP: 0023:0xf7f58ca9 [ 1955.994898] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1955.994909] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 [ 1956.004743] ORIG_RAX: 0000000000000036 [ 1956.004752] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1956.004759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1956.004770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1956.038037] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1956.038037] program syz-executor1 not setting count and/or reply_len properly [ 1956.046210] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1956.046218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1956.132509] input: failed to attach handler leds to device input560, error: -6 02:48:50 executing program 5 (fault-call:4 fault-nth:33): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:50 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, 0xffffffffffffffff) 02:48:50 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x100000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) 02:48:50 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000500"], 0x2e) 02:48:50 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000540)='/dev/mixer\x00', 0x18000, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000580)={0x0}, &(0x7f00000005c0)=0xc) fcntl$setownex(r2, 0xf, &(0x7f0000000600)={0x2, r3}) [ 1956.656019] input: syz0 as /devices/virtual/input/input561 [ 1956.667779] FAULT_INJECTION: forcing a failure. [ 1956.667779] name failslab, interval 1, probability 0, space 0, times 0 [ 1956.668919] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1956.668919] program syz-executor1 not setting count and/or reply_len properly [ 1956.700498] CPU: 0 PID: 32471 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1956.707907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1956.717256] Call Trace: [ 1956.719848] dump_stack+0x1c4/0x2b4 [ 1956.723484] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1956.728689] should_fail.cold.4+0xa/0x17 [ 1956.732760] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1956.737867] ? perf_trace_lock+0x14d/0x7a0 [ 1956.742105] ? lock_release+0x970/0x970 [ 1956.746074] ? arch_local_save_flags+0x40/0x40 [ 1956.750668] ? zap_class+0x640/0x640 [ 1956.754384] ? check_preemption_disabled+0x48/0x200 [ 1956.759412] ? __mutex_lock+0x85e/0x1700 [ 1956.763472] ? kernfs_activate+0x8e/0x2c0 [ 1956.767619] ? zap_class+0x640/0x640 [ 1956.771333] ? fs_reclaim_acquire+0x20/0x20 [ 1956.775654] ? lock_downgrade+0x900/0x900 [ 1956.779825] ? ___might_sleep+0x1ed/0x300 [ 1956.783980] ? arch_local_save_flags+0x40/0x40 [ 1956.788563] ? kernfs_activate+0x21a/0x2c0 [ 1956.792807] __should_failslab+0x124/0x180 [ 1956.797038] should_failslab+0x9/0x14 [ 1956.800848] kmem_cache_alloc+0x2be/0x730 [ 1956.805004] ? lock_downgrade+0x900/0x900 [ 1956.809239] ? do_raw_spin_lock+0xc1/0x200 [ 1956.813478] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1956.818496] __kernfs_new_node+0x127/0x8d0 [ 1956.822742] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1956.827522] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1956.832460] ? wait_for_completion+0x8a0/0x8a0 [ 1956.837051] ? wait_for_completion+0x8a0/0x8a0 [ 1956.841640] ? mutex_unlock+0xd/0x10 [ 1956.845354] ? kernfs_activate+0x21a/0x2c0 [ 1956.849597] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1956.854448] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1956.859989] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1956.864577] kernfs_new_node+0x95/0x120 [ 1956.868572] __kernfs_create_file+0x5a/0x340 [ 1956.872985] sysfs_add_file_mode_ns+0x222/0x530 [ 1956.877667] sysfs_merge_group+0x224/0x410 [ 1956.881911] ? sysfs_mount+0x240/0x240 [ 1956.885807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1956.891355] dpm_sysfs_add+0x161/0x210 [ 1956.895252] device_add+0x846/0x17b0 [ 1956.898979] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1956.904095] ? __kmalloc+0x31c/0x760 [ 1956.907811] ? kasan_unpoison_shadow+0x35/0x50 [ 1956.912393] ? kasan_kmalloc+0xc7/0xe0 [ 1956.916282] ? input_register_device+0x59f/0xce0 [ 1956.921045] input_register_device+0x728/0xce0 [ 1956.925644] ? devm_input_allocate_device+0x120/0x120 [ 1956.930841] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1956.935857] ? input_mt_init_slots+0xba/0x4a0 [ 1956.940366] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1956.945655] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1956.951024] ? __fget_light+0x2e9/0x430 [ 1956.954997] ? fget_raw+0x20/0x20 [ 1956.958452] ? __sb_end_write+0xd9/0x110 [ 1956.962530] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1956.968071] ? fput+0x130/0x1a0 [ 1956.971355] ? ksys_write+0x1ae/0x260 [ 1956.975156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1956.981184] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1956.986723] uinput_compat_ioctl+0x6b/0x90 [ 1956.990971] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1956.995740] do_fast_syscall_32+0x34d/0xfb2 [ 1957.000076] ? do_int80_syscall_32+0x890/0x890 [ 1957.004676] ? entry_SYSENTER_compat+0x68/0x7f [ 1957.009265] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1957.014287] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1957.019129] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1957.024099] ? trace_hardirqs_on_caller+0x310/0x310 [ 1957.024117] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1957.024134] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1957.024153] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1957.034162] entry_SYSENTER_compat+0x70/0x7f [ 1957.034175] RIP: 0023:0xf7f58ca9 02:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xd]}, 0x48) 02:48:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf0ffffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1957.034190] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1957.034199] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1957.034214] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1957.034226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1957.051799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1957.051808] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:48:51 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000001000"], 0x2e) [ 1957.051817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x3000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 02:48:51 executing program 5 (fault-call:4 fault-nth:34): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1957.156924] input: syz0 as /devices/virtual/input/input563 [ 1957.175544] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1957.175544] program syz-executor1 not setting count and/or reply_len properly 02:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) [ 1957.248926] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1957.248926] program syz-executor1 not setting count and/or reply_len properly [ 1957.295934] FAULT_INJECTION: forcing a failure. [ 1957.295934] name failslab, interval 1, probability 0, space 0, times 0 [ 1957.338984] CPU: 1 PID: 32497 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1957.346383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1957.355735] Call Trace: [ 1957.358331] dump_stack+0x1c4/0x2b4 [ 1957.361968] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1957.367165] should_fail.cold.4+0xa/0x17 [ 1957.371229] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1957.376327] ? perf_trace_lock+0x14d/0x7a0 [ 1957.380557] ? lock_release+0x970/0x970 [ 1957.384543] ? arch_local_save_flags+0x40/0x40 [ 1957.389120] ? zap_class+0x640/0x640 [ 1957.392829] ? check_preemption_disabled+0x48/0x200 [ 1957.397860] ? __mutex_lock+0x85e/0x1700 [ 1957.401910] ? kernfs_activate+0x8e/0x2c0 [ 1957.406043] ? zap_class+0x640/0x640 [ 1957.409739] ? fs_reclaim_acquire+0x20/0x20 [ 1957.414040] ? lock_downgrade+0x900/0x900 [ 1957.418168] ? ___might_sleep+0x1ed/0x300 [ 1957.422297] ? arch_local_save_flags+0x40/0x40 [ 1957.426856] ? kernfs_activate+0x21a/0x2c0 [ 1957.431077] __should_failslab+0x124/0x180 [ 1957.435298] should_failslab+0x9/0x14 [ 1957.439080] kmem_cache_alloc+0x2be/0x730 [ 1957.443207] ? lock_downgrade+0x900/0x900 [ 1957.447342] ? do_raw_spin_lock+0xc1/0x200 [ 1957.451663] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1957.456661] __kernfs_new_node+0x127/0x8d0 [ 1957.460877] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1957.465620] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1957.470815] ? wait_for_completion+0x8a0/0x8a0 [ 1957.475381] ? wait_for_completion+0x8a0/0x8a0 [ 1957.479949] ? mutex_unlock+0xd/0x10 [ 1957.483645] ? kernfs_activate+0x21a/0x2c0 [ 1957.487864] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1957.492690] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1957.498208] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1957.502780] kernfs_new_node+0x95/0x120 [ 1957.506738] __kernfs_create_file+0x5a/0x340 [ 1957.511134] sysfs_add_file_mode_ns+0x222/0x530 [ 1957.515790] sysfs_merge_group+0x224/0x410 [ 1957.520026] ? sysfs_mount+0x240/0x240 [ 1957.523898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1957.529424] dpm_sysfs_add+0x161/0x210 [ 1957.533295] device_add+0x846/0x17b0 [ 1957.536992] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1957.542078] ? __kmalloc+0x31c/0x760 [ 1957.545774] ? kasan_unpoison_shadow+0x35/0x50 [ 1957.550341] ? kasan_kmalloc+0xc7/0xe0 [ 1957.554213] ? input_register_device+0x59f/0xce0 [ 1957.559036] input_register_device+0x728/0xce0 [ 1957.563601] ? devm_input_allocate_device+0x120/0x120 [ 1957.568772] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1957.573771] ? input_mt_init_slots+0xba/0x4a0 [ 1957.578251] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1957.583510] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1957.588858] ? __fget_light+0x2e9/0x430 [ 1957.592813] ? fget_raw+0x20/0x20 [ 1957.596250] ? __sb_end_write+0xd9/0x110 [ 1957.600309] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1957.605842] ? fput+0x130/0x1a0 [ 1957.609107] ? ksys_write+0x1ae/0x260 [ 1957.612891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1957.618409] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1957.623925] uinput_compat_ioctl+0x6b/0x90 [ 1957.628143] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1957.632899] do_fast_syscall_32+0x34d/0xfb2 [ 1957.637204] ? do_int80_syscall_32+0x890/0x890 [ 1957.641770] ? entry_SYSENTER_compat+0x68/0x7f [ 1957.646335] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1957.651333] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1957.656168] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1957.660991] ? trace_hardirqs_on_caller+0x310/0x310 [ 1957.665987] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1957.670984] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1957.675981] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1957.680808] entry_SYSENTER_compat+0x70/0x7f [ 1957.685198] RIP: 0023:0xf7f58ca9 [ 1957.688570] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1957.707453] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1957.715142] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1957.722390] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1957.729636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1957.736884] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1957.744131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:48:51 executing program 5 (fault-call:4 fault-nth:35): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_cache\x00') ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000600)={0x100, @tick=0x9f1, 0x200, {0x7fffffff}, 0x3, 0x3, 0x80}) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000640)='/dev/full\x00', 0x20000, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xc) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000580)={0x38000000000000, 0x3, 0xf0}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000005c0)={0x3, 0xffffffffffffff9c}) write$FUSE_STATFS(r1, &(0x7f00000010c0)={0x60, 0xffffffffffffffda, 0x5, {{0x40000000000000, 0x4, 0x6, 0x100000000008, 0x5, 0x1, 0x542f7ef4, 0x1ff}}}, 0x60) ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc00c6419, &(0x7f0000001000)={0xa, &(0x7f0000000840)=""/155, &(0x7f0000000f40)=[{0x9, 0x9c, 0x8000, &(0x7f0000000900)=""/156}, {0x0, 0x87, 0x1, &(0x7f00000009c0)=""/135}, {0xfffffffffffffff8, 0x0, 0x3, &(0x7f0000000a80)}, {0x4, 0x92, 0x0, &(0x7f0000000ac0)=""/146}, {0x1, 0x67, 0x2166f02, &(0x7f0000000b80)=""/103}, {0x2, 0xc6, 0x200, &(0x7f0000000c00)=""/198}, {0x4, 0xc9, 0x7ff, &(0x7f0000000d00)=""/201}, {0x1, 0x3d, 0x7dc5eb58, &(0x7f0000000e00)=""/61}, {0x15a0, 0x0, 0x4, 0x0}, {0x49, 0xc8, 0x1, &(0x7f0000000e40)=""/200}]}) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000680)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000700)={{0x6, 0x0, 0x9, 0x0, 'syz0\x00', 0x2}, 0x3, 0x8, 0xc2eb, r3, 0x4, 0x635, 'syz1\x00', &(0x7f00000006c0)=['/dev/full\x00', '/dev/full\x00', '-\'lokeyring{\x00', 'vmnet0)(\x00'], 0x2a, [], [0x1, 0x600, 0x20, 0x5]}) ioctl$KDGKBTYPE(r2, 0x4b33, &(0x7f0000000540)) 02:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x48) 02:48:51 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:51 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000007400"], 0x2e) 02:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x30]}, 0x48) [ 1957.931225] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1957.931225] program syz-executor1 not setting count and/or reply_len properly [ 1957.965788] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1957.965788] program syz-executor4 not setting count and/or reply_len properly [ 1957.984353] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1957.984353] program syz-executor1 not setting count and/or reply_len properly [ 1957.996170] FAULT_INJECTION: forcing a failure. [ 1957.996170] name failslab, interval 1, probability 0, space 0, times 0 [ 1958.011444] CPU: 1 PID: 32515 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1958.018801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1958.028145] Call Trace: [ 1958.030739] dump_stack+0x1c4/0x2b4 02:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x8]}, 0x48) 02:48:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1958.034372] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1958.039584] should_fail.cold.4+0xa/0x17 [ 1958.043661] ? input_register_device+0x728/0xce0 [ 1958.048421] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1958.053518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1958.059041] ? check_preemption_disabled+0x48/0x200 [ 1958.064059] ? debug_smp_processor_id+0x1c/0x20 [ 1958.068726] ? perf_trace_lock+0x14d/0x7a0 [ 1958.072961] ? debug_smp_processor_id+0x1c/0x20 [ 1958.072978] ? zap_class+0x640/0x640 [ 1958.072994] ? zap_class+0x640/0x640 [ 1958.085041] ? check_preemption_disabled+0x48/0x200 [ 1958.090073] ? mark_held_locks+0x130/0x130 [ 1958.090089] ? mark_held_locks+0x130/0x130 [ 1958.098531] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1958.103545] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 1958.108299] ? zap_class+0x640/0x640 [ 1958.112028] __should_failslab+0x124/0x180 [ 1958.116264] should_failslab+0x9/0x14 [ 1958.120063] kmem_cache_alloc+0x47/0x730 [ 1958.124122] ? plist_requeue+0x620/0x620 [ 1958.128196] ? kasan_check_read+0x11/0x20 02:48:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x48) [ 1958.132345] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 1958.137626] radix_tree_node_alloc.constprop.18+0x1f7/0x370 [ 1958.143336] idr_get_free+0x725/0xec0 [ 1958.147617] ? ida_pre_get+0x130/0x130 [ 1958.151524] ? save_stack+0xa9/0xd0 [ 1958.155145] ? save_stack+0x43/0xd0 [ 1958.158770] ? kasan_kmalloc+0xc7/0xe0 [ 1958.162647] ? kasan_slab_alloc+0x12/0x20 [ 1958.162661] ? kmem_cache_alloc+0x12e/0x730 [ 1958.162673] ? __kernfs_new_node+0x127/0x8d0 [ 1958.162687] ? kernfs_new_node+0x95/0x120 [ 1958.171112] ? __kernfs_create_file+0x5a/0x340 02:48:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1958.171123] ? sysfs_add_file_mode_ns+0x222/0x530 [ 1958.171138] ? sysfs_merge_group+0x224/0x410 [ 1958.193453] ? dpm_sysfs_add+0x161/0x210 [ 1958.197531] ? device_add+0x846/0x17b0 [ 1958.201436] ? input_register_device+0x728/0xce0 [ 1958.206195] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1958.211656] ? uinput_compat_ioctl+0x6b/0x90 [ 1958.216067] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1958.220993] ? do_fast_syscall_32+0x34d/0xfb2 [ 1958.225487] ? entry_SYSENTER_compat+0x70/0x7f [ 1958.230068] ? __mutex_lock+0x85e/0x1700 [ 1958.234135] idr_alloc_u32+0x201/0x3f0 [ 1958.238021] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 1958.242865] ? lock_acquire+0x1ed/0x520 [ 1958.246839] ? __kernfs_new_node+0x14e/0x8d0 [ 1958.251246] ? __kernfs_new_node+0x127/0x8d0 [ 1958.255655] idr_alloc_cyclic+0x166/0x350 [ 1958.259799] ? idr_alloc+0x1b0/0x1b0 [ 1958.263521] ? kasan_check_write+0x14/0x20 [ 1958.267756] ? do_raw_spin_lock+0xc1/0x200 [ 1958.272022] __kernfs_new_node+0x1ee/0x8d0 [ 1958.276274] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1958.281041] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1958.285978] ? wait_for_completion+0x8a0/0x8a0 [ 1958.290569] ? wait_for_completion+0x8a0/0x8a0 [ 1958.295162] ? mutex_unlock+0xd/0x10 [ 1958.298873] ? kernfs_activate+0x21a/0x2c0 [ 1958.303107] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1958.307948] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1958.312525] kernfs_new_node+0x95/0x120 [ 1958.312545] __kernfs_create_file+0x5a/0x340 [ 1958.320903] sysfs_add_file_mode_ns+0x222/0x530 [ 1958.325579] sysfs_merge_group+0x224/0x410 [ 1958.329820] ? sysfs_mount+0x240/0x240 [ 1958.333713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1958.339255] dpm_sysfs_add+0x161/0x210 [ 1958.343141] device_add+0x846/0x17b0 [ 1958.346867] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1958.351980] ? __kmalloc+0x31c/0x760 [ 1958.355722] ? kasan_unpoison_shadow+0x35/0x50 [ 1958.360306] ? kasan_kmalloc+0xc7/0xe0 [ 1958.364189] ? input_register_device+0x59f/0xce0 [ 1958.368955] input_register_device+0x728/0xce0 [ 1958.373544] ? devm_input_allocate_device+0x120/0x120 [ 1958.378735] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1958.383747] ? input_mt_init_slots+0xba/0x4a0 [ 1958.388233] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1958.393517] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1958.398886] ? __fget_light+0x2e9/0x430 [ 1958.402861] ? fget_raw+0x20/0x20 [ 1958.406306] ? __sb_end_write+0xd9/0x110 [ 1958.410362] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1958.415893] ? fput+0x130/0x1a0 [ 1958.419151] ? ksys_write+0x1ae/0x260 [ 1958.422927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1958.428451] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1958.433966] uinput_compat_ioctl+0x6b/0x90 [ 1958.438181] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1958.442918] do_fast_syscall_32+0x34d/0xfb2 [ 1958.447221] ? do_int80_syscall_32+0x890/0x890 [ 1958.451795] ? entry_SYSENTER_compat+0x68/0x7f [ 1958.456469] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1958.461466] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1958.466421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1958.471348] ? trace_hardirqs_on_caller+0x310/0x310 [ 1958.476354] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1958.481356] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1958.486358] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1958.491191] entry_SYSENTER_compat+0x70/0x7f [ 1958.495576] RIP: 0023:0xf7f58ca9 [ 1958.498925] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1958.517807] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1958.525499] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:48:52 executing program 5 (fault-call:4 fault-nth:36): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x48) 02:48:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:52 executing program 4 (fault-call:5 fault-nth:0): r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x3f000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:52 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000540)='/dev/full\x00', 0x40, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000580)) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) openat$zero(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/zero\x00', 0x404200, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) [ 1958.532750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1958.539998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1958.547243] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1958.554487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1958.562695] input: syz0 as /devices/virtual/input/input565 02:48:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x3}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xd0ffffff]}, 0x48) [ 1958.652409] input: syz0 as /devices/virtual/input/input568 [ 1958.671698] FAULT_INJECTION: forcing a failure. [ 1958.671698] name failslab, interval 1, probability 0, space 0, times 0 02:48:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1958.710754] input: syz0 as /devices/virtual/input/input569 [ 1958.732627] CPU: 0 PID: 32556 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1958.740017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1958.749373] Call Trace: [ 1958.751970] dump_stack+0x1c4/0x2b4 [ 1958.755610] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1958.760818] should_fail.cold.4+0xa/0x17 [ 1958.764889] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1958.769997] ? save_stack+0xa9/0xd0 [ 1958.773621] ? save_stack+0x43/0xd0 [ 1958.777242] ? kmem_cache_alloc_trace+0x152/0x750 [ 1958.782082] ? kobject_uevent_env+0x2f3/0x101e [ 1958.786667] ? kobject_uevent+0x1f/0x24 [ 1958.790635] ? device_add+0x936/0x17b0 [ 1958.794514] ? input_register_device+0x728/0xce0 [ 1958.799262] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1958.804708] ? uinput_compat_ioctl+0x6b/0x90 [ 1958.809115] ? do_fast_syscall_32+0x34d/0xfb2 [ 1958.813611] ? entry_SYSENTER_compat+0x70/0x7f [ 1958.818286] ? zap_class+0x640/0x640 [ 1958.821994] ? fs_reclaim_acquire+0x20/0x20 [ 1958.826316] ? lock_downgrade+0x900/0x900 [ 1958.830471] ? ___might_sleep+0x1ed/0x300 [ 1958.834628] ? lock_downgrade+0x900/0x900 [ 1958.838778] ? arch_local_save_flags+0x40/0x40 [ 1958.843367] __should_failslab+0x124/0x180 [ 1958.847597] should_failslab+0x9/0x14 [ 1958.851390] __kmalloc+0x2d4/0x760 [ 1958.854931] ? kobject_get_path+0xc2/0x1b0 [ 1958.859167] ? kmem_cache_alloc_trace+0x31f/0x750 [ 1958.864009] kobject_get_path+0xc2/0x1b0 [ 1958.868069] kobject_uevent_env+0x314/0x101e [ 1958.872529] ? device_pm_add+0x229/0x360 [ 1958.872543] ? device_pm_check_callbacks+0x3f0/0x3f0 [ 1958.881668] kobject_uevent+0x1f/0x24 [ 1958.881682] device_add+0x936/0x17b0 [ 1958.881700] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1958.894266] ? __kmalloc+0x31c/0x760 [ 1958.897976] ? kasan_unpoison_shadow+0x35/0x50 [ 1958.902554] ? kasan_kmalloc+0xc7/0xe0 [ 1958.906443] ? input_register_device+0x59f/0xce0 02:48:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x300000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1958.911202] input_register_device+0x728/0xce0 [ 1958.915775] ? devm_input_allocate_device+0x120/0x120 [ 1958.920962] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1958.925971] ? input_mt_init_slots+0xba/0x4a0 [ 1958.930466] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1958.935743] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1958.941113] ? __fget_light+0x2e9/0x430 [ 1958.945091] ? fget_raw+0x20/0x20 [ 1958.948546] ? __sb_end_write+0xd9/0x110 [ 1958.952611] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1958.958162] ? fput+0x130/0x1a0 [ 1958.961445] ? ksys_write+0x1ae/0x260 [ 1958.965250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1958.970793] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1958.976333] uinput_compat_ioctl+0x6b/0x90 [ 1958.981089] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1958.985855] do_fast_syscall_32+0x34d/0xfb2 [ 1958.990176] ? do_int80_syscall_32+0x890/0x890 [ 1958.994757] ? entry_SYSENTER_compat+0x68/0x7f [ 1958.999343] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1959.004356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1959.009196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1959.014052] ? trace_hardirqs_on_caller+0x310/0x310 [ 1959.019065] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1959.024078] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1959.029090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1959.033932] entry_SYSENTER_compat+0x70/0x7f [ 1959.038340] RIP: 0023:0xf7f58ca9 [ 1959.041701] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1959.060600] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1959.068314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1959.075583] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1959.082845] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1959.090101] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1959.097360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1959.104814] input: syz0 as /devices/virtual/input/input570 02:48:53 executing program 5 (fault-call:4 fault-nth:37): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:53 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xffffff7f00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1959.259926] FAULT_INJECTION: forcing a failure. [ 1959.259926] name failslab, interval 1, probability 0, space 0, times 0 [ 1959.290447] CPU: 0 PID: 32590 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1959.297845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1959.297851] Call Trace: [ 1959.297873] dump_stack+0x1c4/0x2b4 [ 1959.297891] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1959.318603] should_fail.cold.4+0xa/0x17 [ 1959.318619] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1959.327749] ? save_stack+0xa9/0xd0 [ 1959.331374] ? save_stack+0x43/0xd0 [ 1959.334998] ? kmem_cache_alloc_trace+0x152/0x750 [ 1959.339836] ? kobject_uevent_env+0x2f3/0x101e [ 1959.344418] ? kobject_uevent+0x1f/0x24 [ 1959.348384] ? device_add+0x936/0x17b0 [ 1959.352267] ? input_register_device+0x728/0xce0 [ 1959.357034] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1959.362471] ? uinput_compat_ioctl+0x6b/0x90 [ 1959.366865] ? do_fast_syscall_32+0x34d/0xfb2 [ 1959.371341] ? entry_SYSENTER_compat+0x70/0x7f [ 1959.375906] ? zap_class+0x640/0x640 [ 1959.379600] ? fs_reclaim_acquire+0x20/0x20 [ 1959.383906] ? lock_downgrade+0x900/0x900 [ 1959.388035] ? ___might_sleep+0x1ed/0x300 [ 1959.392162] ? lock_downgrade+0x900/0x900 [ 1959.396295] ? arch_local_save_flags+0x40/0x40 [ 1959.400870] __should_failslab+0x124/0x180 [ 1959.405085] should_failslab+0x9/0x14 [ 1959.408868] __kmalloc+0x2d4/0x760 [ 1959.412389] ? kobject_get_path+0xc2/0x1b0 [ 1959.416634] ? kmem_cache_alloc_trace+0x31f/0x750 [ 1959.421457] kobject_get_path+0xc2/0x1b0 [ 1959.425501] kobject_uevent_env+0x314/0x101e [ 1959.429893] ? device_pm_add+0x229/0x360 [ 1959.433932] ? device_pm_check_callbacks+0x3f0/0x3f0 [ 1959.439016] kobject_uevent+0x1f/0x24 [ 1959.442798] device_add+0x936/0x17b0 [ 1959.446495] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1959.451577] ? __kmalloc+0x31c/0x760 [ 1959.455267] ? kasan_unpoison_shadow+0x35/0x50 [ 1959.459835] ? kasan_kmalloc+0xc7/0xe0 [ 1959.463703] ? input_register_device+0x59f/0xce0 [ 1959.468444] input_register_device+0x728/0xce0 [ 1959.473009] ? devm_input_allocate_device+0x120/0x120 [ 1959.478189] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1959.483185] ? input_mt_init_slots+0xba/0x4a0 [ 1959.487663] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1959.492921] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1959.498267] ? __fget_light+0x2e9/0x430 [ 1959.502230] ? fget_raw+0x20/0x20 [ 1959.505667] ? __sb_end_write+0xd9/0x110 [ 1959.509710] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1959.515224] ? fput+0x130/0x1a0 [ 1959.518485] ? ksys_write+0x1ae/0x260 [ 1959.522288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1959.527806] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1959.533325] uinput_compat_ioctl+0x6b/0x90 [ 1959.537545] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1959.542289] do_fast_syscall_32+0x34d/0xfb2 [ 1959.546590] ? do_int80_syscall_32+0x890/0x890 [ 1959.551155] ? entry_SYSENTER_compat+0x68/0x7f [ 1959.555724] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1959.560723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1959.565545] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1959.570366] ? trace_hardirqs_on_caller+0x310/0x310 [ 1959.575364] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1959.580363] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1959.585360] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1959.590184] entry_SYSENTER_compat+0x70/0x7f [ 1959.594569] RIP: 0023:0xf7f58ca9 [ 1959.597917] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1959.616815] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1959.624502] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1959.631862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1959.639107] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1959.646358] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1959.653605] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1959.674444] input: syz0 as /devices/virtual/input/input571 02:48:53 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 02:48:53 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000074"], 0x2e) 02:48:53 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000540)={0x3, {0x7, 0xffffffffffffffee, 0x4, 0xfffffffffffffffd, 0x3}}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) ioprio_get$pid(0x3, r1) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x200000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:53 executing program 5 (fault-call:4 fault-nth:38): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6000000]}, 0x48) 02:48:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x3f00000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:53 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1959.829205] input: syz0 as /devices/virtual/input/input572 [ 1959.859649] input: syz0 as /devices/virtual/input/input573 [ 1959.866011] FAULT_INJECTION: forcing a failure. [ 1959.866011] name failslab, interval 1, probability 0, space 0, times 0 [ 1959.908412] CPU: 1 PID: 32608 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1959.915780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1959.925124] Call Trace: [ 1959.927721] dump_stack+0x1c4/0x2b4 [ 1959.931366] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1959.936563] should_fail.cold.4+0xa/0x17 [ 1959.940630] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1959.945750] ? __save_stack_trace+0x8d/0xf0 [ 1959.950167] ? save_stack+0x43/0xd0 [ 1959.953789] ? kasan_kmalloc+0xc7/0xe0 [ 1959.957673] ? kasan_slab_alloc+0x12/0x20 [ 1959.961823] ? kmem_cache_alloc_node+0x144/0x730 [ 1959.966581] ? alloc_uevent_skb+0x84/0x1da [ 1959.970814] ? kobject_uevent_env+0xa52/0x101e [ 1959.975409] ? kobject_uevent+0x1f/0x24 [ 1959.979384] ? device_add+0x936/0x17b0 [ 1959.983269] ? input_register_device+0x728/0xce0 [ 1959.988022] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1959.993471] ? zap_class+0x640/0x640 [ 1959.997181] ? fs_reclaim_acquire+0x20/0x20 [ 1960.001499] ? lock_downgrade+0x900/0x900 [ 1960.005648] ? ___might_sleep+0x1ed/0x300 [ 1960.009795] ? arch_local_save_flags+0x40/0x40 [ 1960.014393] ? lock_downgrade+0x900/0x900 [ 1960.018549] __should_failslab+0x124/0x180 [ 1960.022787] should_failslab+0x9/0x14 [ 1960.026588] kmem_cache_alloc_node_trace+0x270/0x740 [ 1960.031684] ? kasan_unpoison_shadow+0x35/0x50 [ 1960.036260] ? kasan_kmalloc+0xc7/0xe0 [ 1960.040153] __kmalloc_node_track_caller+0x33/0x70 [ 1960.045077] __kmalloc_reserve.isra.39+0x41/0xe0 [ 1960.049833] __alloc_skb+0x155/0x770 [ 1960.053552] ? skb_scrub_packet+0x490/0x490 [ 1960.057873] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1960.063666] ? pointer+0x990/0x990 [ 1960.067209] ? device_get_devnode+0x2d0/0x2d0 [ 1960.071726] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1960.076741] ? netlink_has_listeners+0x2cb/0x4a0 [ 1960.081497] ? netlink_tap_init_net+0x3d0/0x3d0 [ 1960.086164] alloc_uevent_skb+0x84/0x1da [ 1960.090237] kobject_uevent_env+0xa52/0x101e [ 1960.094645] ? device_pm_add+0x229/0x360 [ 1960.098705] ? device_pm_check_callbacks+0x3f0/0x3f0 [ 1960.103814] kobject_uevent+0x1f/0x24 [ 1960.107614] device_add+0x936/0x17b0 [ 1960.111338] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1960.116446] ? __kmalloc+0x31c/0x760 [ 1960.120155] ? kasan_unpoison_shadow+0x35/0x50 [ 1960.124738] ? kasan_kmalloc+0xc7/0xe0 [ 1960.128623] ? input_register_device+0x59f/0xce0 [ 1960.133398] input_register_device+0x728/0xce0 [ 1960.137997] ? devm_input_allocate_device+0x120/0x120 [ 1960.143192] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1960.148749] ? input_mt_init_slots+0xba/0x4a0 [ 1960.153245] uinput_ioctl_handler.isra.10+0xb88/0x2540 02:48:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xfcffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x50000000]}, 0x48) 02:48:54 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1960.158531] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1960.163901] ? __fget_light+0x2e9/0x430 [ 1960.167873] ? fget_raw+0x20/0x20 [ 1960.171324] ? __sb_end_write+0xd9/0x110 [ 1960.175388] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1960.180915] ? fput+0x130/0x1a0 [ 1960.184187] ? ksys_write+0x1ae/0x260 [ 1960.187991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1960.193528] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1960.199061] uinput_compat_ioctl+0x6b/0x90 [ 1960.203302] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1960.208063] do_fast_syscall_32+0x34d/0xfb2 [ 1960.212388] ? do_int80_syscall_32+0x890/0x890 [ 1960.216977] ? entry_SYSENTER_compat+0x68/0x7f [ 1960.221580] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1960.226594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1960.231438] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1960.236302] ? trace_hardirqs_on_caller+0x310/0x310 [ 1960.241313] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1960.246310] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1960.251326] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1960.256148] entry_SYSENTER_compat+0x70/0x7f [ 1960.260534] RIP: 0023:0xf7f58ca9 [ 1960.263893] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1960.282770] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1960.290455] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1960.297705] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1960.304963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1960.312218] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1960.319464] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1960.343910] input: syz0 as /devices/virtual/input/input574 02:48:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x5b420000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 02:48:54 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:54 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000540)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0106434, &(0x7f0000000580)={0x3, 0x0, 0x10001, 0x3d}) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:54 executing program 5 (fault-call:4 fault-nth:39): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:54 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x1000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1960.652051] sg_write: 13 callbacks suppressed [ 1960.652061] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1960.652061] program syz-executor1 not setting count and/or reply_len properly [ 1960.675894] FAULT_INJECTION: forcing a failure. [ 1960.675894] name failslab, interval 1, probability 0, space 0, times 0 02:48:54 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1960.700468] CPU: 0 PID: 32644 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1960.707839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1960.717185] Call Trace: [ 1960.719778] dump_stack+0x1c4/0x2b4 [ 1960.723415] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1960.728626] should_fail.cold.4+0xa/0x17 [ 1960.732691] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1960.737262] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:48:54 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1960.737262] program syz-executor1 not setting count and/or reply_len properly [ 1960.737797] ? lock_release+0x970/0x970 [ 1960.757436] ? arch_local_save_flags+0x40/0x40 [ 1960.762014] ? format_decode+0x1b2/0xaf0 [ 1960.766075] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 1960.771266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1960.776807] ? check_preemption_disabled+0x48/0x200 [ 1960.781832] ? zap_class+0x640/0x640 [ 1960.785550] ? fs_reclaim_acquire+0x20/0x20 [ 1960.789870] ? lock_downgrade+0x900/0x900 [ 1960.794012] ? zap_class+0x640/0x640 [ 1960.797726] ? ___might_sleep+0x1ed/0x300 [ 1960.801871] ? put_dec+0x3b/0xf0 [ 1960.805241] ? arch_local_save_flags+0x40/0x40 [ 1960.809825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1960.815361] ? number+0x972/0xca0 [ 1960.816420] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1960.816420] program syz-executor1 not setting count and/or reply_len properly [ 1960.818817] __should_failslab+0x124/0x180 [ 1960.818841] should_failslab+0x9/0x14 [ 1960.842523] kmem_cache_alloc_node+0x26e/0x730 [ 1960.847104] ? set_precision+0xe0/0xe0 02:48:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xf0}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1960.850994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1960.856535] __alloc_skb+0x119/0x770 [ 1960.860257] ? skb_scrub_packet+0x490/0x490 [ 1960.864585] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1960.870379] ? pointer+0x990/0x990 [ 1960.873918] ? device_get_devnode+0x2d0/0x2d0 [ 1960.878420] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1960.883441] ? netlink_has_listeners+0x2cb/0x4a0 [ 1960.888198] ? netlink_tap_init_net+0x3d0/0x3d0 [ 1960.892867] alloc_uevent_skb+0x84/0x1da [ 1960.896932] kobject_uevent_env+0xa52/0x101e 02:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xc0ffffff]}, 0x48) 02:48:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x6000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:54 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1960.901341] ? device_pm_add+0x229/0x360 [ 1960.905411] ? device_pm_check_callbacks+0x3f0/0x3f0 [ 1960.910517] kobject_uevent+0x1f/0x24 [ 1960.914318] device_add+0x936/0x17b0 [ 1960.918037] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1960.923137] ? __kmalloc+0x31c/0x760 [ 1960.926855] ? kasan_unpoison_shadow+0x35/0x50 [ 1960.931432] ? kasan_kmalloc+0xc7/0xe0 [ 1960.935330] ? input_register_device+0x59f/0xce0 [ 1960.940088] input_register_device+0x728/0xce0 [ 1960.944673] ? devm_input_allocate_device+0x120/0x120 [ 1960.949865] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1960.954889] ? input_mt_init_slots+0xba/0x4a0 [ 1960.959386] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1960.961534] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1960.961534] program syz-executor1 not setting count and/or reply_len properly [ 1960.964671] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1960.964691] ? __fget_light+0x2e9/0x430 [ 1960.964712] ? fget_raw+0x20/0x20 [ 1960.993365] ? __sb_end_write+0xd9/0x110 [ 1960.997434] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1961.002968] ? fput+0x130/0x1a0 [ 1961.006248] ? ksys_write+0x1ae/0x260 [ 1961.010047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1961.015586] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1961.021122] uinput_compat_ioctl+0x6b/0x90 [ 1961.025363] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1961.030156] do_fast_syscall_32+0x34d/0xfb2 [ 1961.034481] ? do_int80_syscall_32+0x890/0x890 [ 1961.039060] ? entry_SYSENTER_compat+0x68/0x7f [ 1961.043663] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1961.048681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1961.053527] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1961.055605] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1961.055605] program syz-executor1 not setting count and/or reply_len properly [ 1961.058372] ? trace_hardirqs_on_caller+0x310/0x310 [ 1961.058393] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1961.058405] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1961.058427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1961.093932] entry_SYSENTER_compat+0x70/0x7f [ 1961.098340] RIP: 0023:0xf7f58ca9 [ 1961.101708] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1961.120601] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1961.128307] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1961.135568] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1961.142834] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 02:48:55 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:55 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000006c"], 0x2e) [ 1961.150100] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1961.157383] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1961.166693] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1961.166693] program syz-executor1 not setting count and/or reply_len properly [ 1961.194921] input: syz0 as /devices/virtual/input/input576 [ 1961.239454] input: syz0 as /devices/virtual/input/input575 [ 1961.295234] input: syz0 as /devices/virtual/input/input577 02:48:55 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x9]}, 0x48) [ 1961.398227] input: syz0 as /devices/virtual/input/input578 [ 1961.415134] input: syz0 as /devices/virtual/input/input579 02:48:56 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:56 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x1dd}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:56 executing program 5 (fault-call:4 fault-nth:40): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) 02:48:56 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x2d) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) [ 1962.005879] FAULT_INJECTION: forcing a failure. [ 1962.005879] name failslab, interval 1, probability 0, space 0, times 0 [ 1962.017749] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1962.017749] program syz-executor1 not setting count and/or reply_len properly [ 1962.047600] CPU: 0 PID: 32692 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1962.054970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1962.064326] Call Trace: [ 1962.066918] dump_stack+0x1c4/0x2b4 [ 1962.070563] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1962.075766] should_fail.cold.4+0xa/0x17 [ 1962.079831] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1962.084933] ? rcu_bh_qs+0xc0/0xc0 [ 1962.088470] ? unwind_dump+0x190/0x190 [ 1962.092361] ? is_bpf_text_address+0xd3/0x170 [ 1962.096855] ? check_preemption_disabled+0x48/0x200 [ 1962.101874] ? debug_smp_processor_id+0x1c/0x20 [ 1962.106550] ? zap_class+0x640/0x640 [ 1962.110267] ? fs_reclaim_acquire+0x20/0x20 [ 1962.114594] ? lock_downgrade+0x900/0x900 [ 1962.118746] ? ___might_sleep+0x1ed/0x300 [ 1962.122892] ? kobject_uevent+0x1f/0x24 [ 1962.126865] ? arch_local_save_flags+0x40/0x40 [ 1962.131450] ? uinput_compat_ioctl+0x6b/0x90 [ 1962.135860] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1962.140785] ? do_fast_syscall_32+0x34d/0xfb2 [ 1962.145281] ? fs_reclaim_acquire+0x20/0x20 [ 1962.149864] __should_failslab+0x124/0x180 [ 1962.154097] should_failslab+0x9/0x14 [ 1962.157895] kmem_cache_alloc+0x2be/0x730 [ 1962.162047] skb_clone+0x1bb/0x500 [ 1962.165588] ? skb_split+0x11e0/0x11e0 [ 1962.169471] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1962.174489] ? netlink_trim+0x1b4/0x380 [ 1962.178478] ? netlink_skb_destructor+0x210/0x210 [ 1962.183325] netlink_broadcast_filtered+0x110f/0x1680 [ 1962.188608] ? __netlink_sendskb+0xd0/0xd0 [ 1962.192844] ? pointer+0x990/0x990 [ 1962.196384] ? device_get_devnode+0x2d0/0x2d0 [ 1962.200886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1962.206449] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 1962.211908] ? refcount_add_not_zero_checked+0x330/0x330 [ 1962.217360] ? netlink_has_listeners+0x2cb/0x4a0 [ 1962.222121] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1962.227149] netlink_broadcast+0x3a/0x50 [ 1962.231213] kobject_uevent_env+0xa83/0x101e [ 1962.235619] ? device_pm_add+0x229/0x360 [ 1962.239680] ? device_pm_check_callbacks+0x3f0/0x3f0 [ 1962.244789] kobject_uevent+0x1f/0x24 [ 1962.248591] device_add+0x936/0x17b0 [ 1962.252308] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1962.257414] ? __kmalloc+0x31c/0x760 [ 1962.261127] ? kasan_unpoison_shadow+0x35/0x50 [ 1962.265711] ? kasan_kmalloc+0xc7/0xe0 [ 1962.269604] ? input_register_device+0x59f/0xce0 [ 1962.274367] input_register_device+0x728/0xce0 [ 1962.278951] ? devm_input_allocate_device+0x120/0x120 [ 1962.284150] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1962.289166] ? input_mt_init_slots+0xba/0x4a0 [ 1962.293666] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1962.298958] ? uinput_request_submit.part.9+0x2d0/0x2d0 02:48:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000010"], 0x2e) 02:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x600]}, 0x48) [ 1962.304327] ? __fget_light+0x2e9/0x430 [ 1962.308307] ? fget_raw+0x20/0x20 [ 1962.311767] ? __sb_end_write+0xd9/0x110 [ 1962.315828] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1962.321367] ? fput+0x130/0x1a0 [ 1962.324647] ? ksys_write+0x1ae/0x260 [ 1962.328447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1962.334004] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1962.339549] uinput_compat_ioctl+0x6b/0x90 [ 1962.343785] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1962.348554] do_fast_syscall_32+0x34d/0xfb2 [ 1962.352880] ? do_int80_syscall_32+0x890/0x890 02:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x500]}, 0x48) [ 1962.357470] ? entry_SYSENTER_compat+0x68/0x7f [ 1962.362059] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1962.367081] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1962.371931] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1962.375849] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1962.375849] program syz-executor1 not setting count and/or reply_len properly [ 1962.376785] ? trace_hardirqs_on_caller+0x310/0x310 [ 1962.376802] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1962.376817] ? prepare_exit_to_usermode+0x291/0x3b0 02:48:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000003"], 0x2e) [ 1962.376841] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1962.412365] entry_SYSENTER_compat+0x70/0x7f [ 1962.416784] RIP: 0023:0xf7f58ca9 [ 1962.420150] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1962.439050] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1962.441866] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x5]}, 0x48) [ 1962.441866] program syz-executor1 not setting count and/or reply_len properly [ 1962.446754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1962.446761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1962.446769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1962.446776] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1962.446784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1962.477394] input: syz0 as /devices/virtual/input/input580 [ 1962.503770] input: syz0 as /devices/virtual/input/input581 [ 1962.524261] input: syz0 as /devices/virtual/input/input582 02:48:57 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:57 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x8000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:57 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 02:48:57 executing program 5 (fault-call:4 fault-nth:41): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:57 executing program 3: r0 = syz_open_dev$sndpcmp(&(0x7f0000000540)='/dev/snd/pcmC#D#p\x00', 0x7, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000580)={@mcast2, 0x0}, &(0x7f00000005c0)=0x14) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000600)={@mcast2, @mcast2, @local, 0xffffffff00000001, 0x1, 0x5, 0x400, 0x4, 0x3000010, r1}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r2, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r2, 0x5501) 02:48:57 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xdd01000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 1963.462029] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1963.462029] program syz-executor1 not setting count and/or reply_len properly [ 1963.480523] FAULT_INJECTION: forcing a failure. [ 1963.480523] name failslab, interval 1, probability 0, space 0, times 0 [ 1963.526022] input: syz0 as /devices/virtual/input/input583 [ 1963.530501] CPU: 0 PID: 32726 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1963.539002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1963.548343] Call Trace: [ 1963.548367] dump_stack+0x1c4/0x2b4 [ 1963.548383] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1963.548405] should_fail.cold.4+0xa/0x17 [ 1963.563799] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1963.568904] ? kasan_check_write+0x14/0x20 [ 1963.573141] ? zap_class+0x640/0x640 [ 1963.576860] ? klist_add_tail+0x1a5/0x230 [ 1963.581005] ? kasan_check_write+0x14/0x20 [ 1963.585239] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1963.590296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1963.595834] ? refcount_sub_and_test_checked+0x203/0x310 [ 1963.601378] ? zap_class+0x640/0x640 [ 1963.605095] ? fs_reclaim_acquire+0x20/0x20 [ 1963.609412] ? lock_downgrade+0x900/0x900 [ 1963.613559] ? ___might_sleep+0x1ed/0x300 [ 1963.617707] ? arch_local_save_flags+0x40/0x40 [ 1963.622288] ? kobject_put+0x86/0xe0 [ 1963.625999] __should_failslab+0x124/0x180 [ 1963.630234] should_failslab+0x9/0x14 [ 1963.634030] __kmalloc+0x2d4/0x760 [ 1963.637573] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1963.642678] ? kobject_get_path+0xc2/0x1b0 [ 1963.646918] kobject_get_path+0xc2/0x1b0 [ 1963.650981] input_register_device+0xc22/0xce0 [ 1963.655566] ? devm_input_allocate_device+0x120/0x120 [ 1963.660755] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1963.665766] ? input_mt_init_slots+0xba/0x4a0 [ 1963.670262] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1963.675540] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1963.680914] ? __fget_light+0x2e9/0x430 [ 1963.684896] ? fget_raw+0x20/0x20 [ 1963.688348] ? __sb_end_write+0xd9/0x110 [ 1963.692409] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1963.697945] ? fput+0x130/0x1a0 [ 1963.701221] ? ksys_write+0x1ae/0x260 [ 1963.705020] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1963.710557] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1963.716090] uinput_compat_ioctl+0x6b/0x90 [ 1963.720325] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1963.725102] do_fast_syscall_32+0x34d/0xfb2 [ 1963.729450] ? do_int80_syscall_32+0x890/0x890 [ 1963.734038] ? entry_SYSENTER_compat+0x68/0x7f [ 1963.738615] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1963.743627] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1963.748464] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1963.753304] ? trace_hardirqs_on_caller+0x310/0x310 [ 1963.758321] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1963.763369] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1963.768393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1963.773248] entry_SYSENTER_compat+0x70/0x7f [ 1963.777740] RIP: 0023:0xf7f58ca9 [ 1963.781111] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1963.800129] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1963.807837] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1963.815105] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 02:48:57 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 02:48:57 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x9effffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1963.822367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1963.822375] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1963.822382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1963.823590] input: syz0 as N/A 02:48:57 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:48:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0xffffff7f}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x48) 02:48:58 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:48:58 executing program 5 (fault-call:4 fault-nth:42): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:48:58 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x20000802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1964.856228] FAULT_INJECTION: forcing a failure. [ 1964.856228] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.873466] input: syz0 as /devices/virtual/input/input587 [ 1964.886925] CPU: 0 PID: 32752 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1964.894295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1964.903643] Call Trace: 02:48:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x400300}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) [ 1964.906238] dump_stack+0x1c4/0x2b4 [ 1964.909867] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1964.909895] should_fail.cold.4+0xa/0x17 [ 1964.919111] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1964.924214] ? kasan_check_write+0x14/0x20 [ 1964.928454] ? zap_class+0x640/0x640 [ 1964.932168] ? klist_add_tail+0x1a5/0x230 [ 1964.936320] ? kasan_check_write+0x14/0x20 [ 1964.940558] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1964.945491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1964.951028] ? refcount_sub_and_test_checked+0x203/0x310 02:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x8000000000000000]}, 0x48) [ 1964.956478] ? zap_class+0x640/0x640 [ 1964.956495] ? fs_reclaim_acquire+0x20/0x20 [ 1964.956506] ? lock_downgrade+0x900/0x900 [ 1964.956523] ? ___might_sleep+0x1ed/0x300 [ 1964.964532] ? arch_local_save_flags+0x40/0x40 [ 1964.964549] ? kobject_put+0x86/0xe0 [ 1964.964566] __should_failslab+0x124/0x180 [ 1964.972819] should_failslab+0x9/0x14 [ 1964.972833] __kmalloc+0x2d4/0x760 [ 1964.972848] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1964.972862] ? kobject_get_path+0xc2/0x1b0 [ 1964.985518] kobject_get_path+0xc2/0x1b0 02:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xd00000000000000]}, 0x48) [ 1964.985537] input_register_device+0xc22/0xce0 [ 1964.985553] ? devm_input_allocate_device+0x120/0x120 [ 1964.997943] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1964.997958] ? input_mt_init_slots+0xba/0x4a0 [ 1964.997974] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1965.010799] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1965.010818] ? __fget_light+0x2e9/0x430 [ 1965.010830] ? fget_raw+0x20/0x20 [ 1965.010845] ? __sb_end_write+0xd9/0x110 [ 1965.036093] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1965.036103] ? fput+0x130/0x1a0 02:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x30000000]}, 0x48) [ 1965.036119] ? ksys_write+0x1ae/0x260 [ 1965.043499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1965.065635] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1965.071181] uinput_compat_ioctl+0x6b/0x90 [ 1965.075412] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1965.080170] do_fast_syscall_32+0x34d/0xfb2 [ 1965.084501] ? do_int80_syscall_32+0x890/0x890 [ 1965.089084] ? entry_SYSENTER_compat+0x68/0x7f [ 1965.093666] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1965.093682] ? trace_hardirqs_off_thunk+0x1a/0x1c 02:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) [ 1965.093692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1965.093708] ? trace_hardirqs_on_caller+0x310/0x310 [ 1965.103534] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1965.118347] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1965.123359] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1965.128205] entry_SYSENTER_compat+0x70/0x7f [ 1965.132867] RIP: 0023:0xf7f58ca9 [ 1965.136235] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1965.155125] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1965.155139] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1965.155147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1965.155154] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1965.155161] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1965.155167] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1965.160929] input: syz0 as N/A [ 1965.235717] input: syz0 as /devices/virtual/input/input588 02:49:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x5, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:00 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x48) 02:49:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x9effffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:00 executing program 5 (fault-call:4 fault-nth:43): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:00 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000005c0)={0x0, 0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000580)='wlan0[nodev&,}]\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000600)=r0, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x0, 0x0) ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f0000000740)) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) [ 1966.470503] input: syz0 as /devices/virtual/input/input589 [ 1966.476713] sg_write: 3 callbacks suppressed [ 1966.476724] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1966.476724] program syz-executor1 not setting count and/or reply_len properly [ 1966.486942] FAULT_INJECTION: forcing a failure. [ 1966.486942] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.498949] Unknown ioctl -2120175988 02:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 02:49:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x3f00}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1966.531089] input: syz0 as /devices/virtual/input/input590 [ 1966.562246] CPU: 0 PID: 317 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1966.569447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1966.578795] Call Trace: [ 1966.581384] dump_stack+0x1c4/0x2b4 [ 1966.585016] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1966.590220] should_fail.cold.4+0xa/0x17 [ 1966.594283] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1966.599401] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1966.604864] ? zap_class+0x640/0x640 [ 1966.608580] ? fs_reclaim_acquire+0x20/0x20 [ 1966.612915] ? lock_downgrade+0x900/0x900 [ 1966.617063] ? ___might_sleep+0x1ed/0x300 [ 1966.621211] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1966.626663] ? arch_local_save_flags+0x40/0x40 [ 1966.631241] ? entry_SYSENTER_compat+0x70/0x7f [ 1966.635819] ? trace_hardirqs_off+0xb8/0x310 [ 1966.640226] __should_failslab+0x124/0x180 [ 1966.644455] should_failslab+0x9/0x14 [ 1966.648252] kmem_cache_alloc_trace+0x2d7/0x750 [ 1966.652919] ? trace_hardirqs_off+0xb8/0x310 [ 1966.657422] evdev_connect+0xdc/0x5c0 [ 1966.661222] ? evdev_read+0xe70/0xe70 [ 1966.665025] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1966.670561] input_attach_handler+0x1b1/0x210 [ 1966.675056] input_register_device.cold.22+0xe8/0x297 [ 1966.680250] ? devm_input_allocate_device+0x120/0x120 [ 1966.685444] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1966.690460] ? input_mt_init_slots+0xba/0x4a0 [ 1966.694955] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1966.700232] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1966.705599] ? __fget_light+0x2e9/0x430 [ 1966.709593] ? fget_raw+0x20/0x20 [ 1966.713045] ? __sb_end_write+0xd9/0x110 [ 1966.717102] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1966.722643] ? fput+0x130/0x1a0 [ 1966.725934] ? ksys_write+0x1ae/0x260 [ 1966.729729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1966.735265] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1966.740794] uinput_compat_ioctl+0x6b/0x90 [ 1966.745025] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1966.749786] do_fast_syscall_32+0x34d/0xfb2 [ 1966.754107] ? do_int80_syscall_32+0x890/0x890 [ 1966.758691] ? entry_SYSENTER_compat+0x68/0x7f [ 1966.763286] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1966.768303] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1966.773146] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1966.777999] ? trace_hardirqs_on_caller+0x310/0x310 [ 1966.783010] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1966.788027] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1966.793047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1966.797898] entry_SYSENTER_compat+0x70/0x7f [ 1966.802302] RIP: 0023:0xf7f58ca9 [ 1966.805665] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1966.824560] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 02:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) [ 1966.832262] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1966.839519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1966.846774] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1966.854035] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1966.861295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1966.874992] input: failed to attach handler evdev to device input589, error: -12 [ 1966.892275] Unknown ioctl -2120175988 02:49:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x300}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:00 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:00 executing program 5 (fault-call:4 fault-nth:44): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1966.915447] input: syz0 as /devices/virtual/input/input591 [ 1966.953290] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1966.953290] program syz-executor1 not setting count and/or reply_len properly [ 1966.972461] input: syz0 as /devices/virtual/input/input592 [ 1967.040936] FAULT_INJECTION: forcing a failure. [ 1967.040936] name failslab, interval 1, probability 0, space 0, times 0 [ 1967.063670] CPU: 1 PID: 337 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1967.070871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1967.070877] Call Trace: [ 1967.070900] dump_stack+0x1c4/0x2b4 [ 1967.070916] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1967.070936] should_fail.cold.4+0xa/0x17 [ 1967.070953] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1967.082864] ? kobj_map+0x1d3/0x430 [ 1967.082888] ? mutex_trylock+0x2b0/0x2b0 [ 1967.108437] ? zap_class+0x640/0x640 [ 1967.112157] ? cdev_add+0x91/0x100 [ 1967.115692] ? lock_downgrade+0x900/0x900 [ 1967.119829] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1967.124750] ? do_fast_syscall_32+0x34d/0xfb2 [ 1967.129236] ? zap_class+0x640/0x640 [ 1967.132949] ? fs_reclaim_acquire+0x20/0x20 [ 1967.137266] ? lock_downgrade+0x900/0x900 [ 1967.141436] ? ___might_sleep+0x1ed/0x300 [ 1967.146084] ? arch_local_save_flags+0x40/0x40 [ 1967.150659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1967.156187] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 1967.161633] __should_failslab+0x124/0x180 [ 1967.165860] should_failslab+0x9/0x14 [ 1967.169653] kmem_cache_alloc_trace+0x2d7/0x750 [ 1967.174316] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1967.179853] device_add+0xecb/0x17b0 [ 1967.183576] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1967.188671] ? kobj_map+0x356/0x430 [ 1967.192292] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1967.197821] ? refcount_inc_checked+0x29/0x70 [ 1967.202309] ? kobject_get+0x6b/0xc0 [ 1967.206026] cdev_device_add+0xb4/0x110 [ 1967.209997] evdev_connect+0x487/0x5c0 [ 1967.213887] ? evdev_read+0xe70/0xe70 [ 1967.217690] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1967.223225] input_attach_handler+0x1b1/0x210 [ 1967.227719] input_register_device.cold.22+0xe8/0x297 [ 1967.232901] ? devm_input_allocate_device+0x120/0x120 [ 1967.238084] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1967.243092] ? input_mt_init_slots+0xba/0x4a0 [ 1967.247588] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1967.252861] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1967.258221] ? __fget_light+0x2e9/0x430 [ 1967.262193] ? fget_raw+0x20/0x20 [ 1967.265646] ? __sb_end_write+0xd9/0x110 [ 1967.269703] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1967.275232] ? fput+0x130/0x1a0 [ 1967.278526] ? ksys_write+0x1ae/0x260 [ 1967.282325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1967.287843] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1967.293357] uinput_compat_ioctl+0x6b/0x90 [ 1967.297588] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1967.302331] do_fast_syscall_32+0x34d/0xfb2 [ 1967.306632] ? do_int80_syscall_32+0x890/0x890 [ 1967.311193] ? entry_SYSENTER_compat+0x68/0x7f [ 1967.315753] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1967.320747] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1967.325577] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1967.330399] ? trace_hardirqs_on_caller+0x310/0x310 [ 1967.335395] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1967.340388] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1967.345393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1967.350218] entry_SYSENTER_compat+0x70/0x7f [ 1967.354602] RIP: 0023:0xf7f58ca9 [ 1967.357947] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1967.376822] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1967.384507] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1967.391754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1967.399001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1967.406247] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1967.413491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1967.460503] input: failed to attach handler evdev to device input592, error: -12 02:49:01 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffd0]}, 0x48) 02:49:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x4000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:01 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000000000000000000000000003800000000bf"], 0x2e) 02:49:01 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) preadv(r0, &(0x7f0000000c80)=[{&(0x7f0000000580)=""/128, 0x80}, {&(0x7f0000000600)=""/179, 0xb3}, {&(0x7f00000006c0)=""/226, 0xe2}, {&(0x7f00000007c0)=""/113, 0x71}, {&(0x7f0000000840)=""/220, 0xdc}, {&(0x7f0000000940)=""/100, 0x64}, {&(0x7f00000009c0)=""/158, 0x9e}, {&(0x7f0000000a80)=""/204, 0xcc}, {&(0x7f0000000b80)=""/218, 0xda}], 0x9, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000540)) 02:49:01 executing program 5 (fault-call:4 fault-nth:45): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) 02:49:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x5b42000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1967.646934] input: syz0 as /devices/virtual/input/input593 [ 1967.655692] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1967.655692] program syz-executor1 not setting count and/or reply_len properly [ 1967.675730] FAULT_INJECTION: forcing a failure. [ 1967.675730] name failslab, interval 1, probability 0, space 0, times 0 [ 1967.712166] input: syz0 as /devices/virtual/input/input594 [ 1967.716795] CPU: 1 PID: 343 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1967.724964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1967.724970] Call Trace: [ 1967.724992] dump_stack+0x1c4/0x2b4 [ 1967.725009] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1967.725031] should_fail.cold.4+0xa/0x17 [ 1967.725048] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1967.725061] ? zap_class+0x640/0x640 [ 1967.725080] ? input_register_handle+0x28c/0x710 [ 1967.736983] ? __lockdep_init_map+0x105/0x590 [ 1967.736995] ? lockdep_init_map+0x9/0x10 [ 1967.737010] ? __lockdep_init_map+0x105/0x590 [ 1967.776336] ? lockdep_init_map+0x9/0x10 [ 1967.780407] ? __init_waitqueue_head+0x9e/0x150 [ 1967.785085] ? init_wait_entry+0x1c0/0x1c0 [ 1967.789317] ? zap_class+0x640/0x640 [ 1967.793031] ? fs_reclaim_acquire+0x20/0x20 [ 1967.797348] ? lock_downgrade+0x900/0x900 [ 1967.801492] ? ___might_sleep+0x1ed/0x300 [ 1967.805646] ? arch_local_save_flags+0x40/0x40 [ 1967.810220] ? async_suspend_late+0x110/0x110 [ 1967.814717] __should_failslab+0x124/0x180 [ 1967.818942] should_failslab+0x9/0x14 [ 1967.822731] __kmalloc+0x2d4/0x760 [ 1967.826264] ? kset_unregister+0x40/0x40 [ 1967.830326] ? input_register_handle+0x3dc/0x710 [ 1967.835072] ? kobj_map+0x70/0x430 [ 1967.838606] kobj_map+0x70/0x430 [ 1967.841967] ? cdev_get+0xb0/0xb0 [ 1967.845412] ? freeze_super.cold.19+0x9f/0x9f [ 1967.849897] cdev_add+0x91/0x100 [ 1967.853256] cdev_device_add+0x98/0x110 [ 1967.857227] evdev_connect+0x487/0x5c0 [ 1967.861110] ? evdev_read+0xe70/0xe70 [ 1967.864913] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1967.870451] input_attach_handler+0x1b1/0x210 [ 1967.874942] input_register_device.cold.22+0xe8/0x297 [ 1967.880132] ? devm_input_allocate_device+0x120/0x120 [ 1967.885320] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1967.890327] ? input_mt_init_slots+0xba/0x4a0 [ 1967.894821] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1967.900088] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1967.905547] ? __fget_light+0x2e9/0x430 [ 1967.909520] ? fget_raw+0x20/0x20 [ 1967.912977] ? __sb_end_write+0xd9/0x110 [ 1967.917037] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1967.922564] ? fput+0x130/0x1a0 [ 1967.925836] ? ksys_write+0x1ae/0x260 [ 1967.929626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1967.935160] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1967.940691] uinput_compat_ioctl+0x6b/0x90 [ 1967.944920] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1967.949673] do_fast_syscall_32+0x34d/0xfb2 [ 1967.954009] ? do_int80_syscall_32+0x890/0x890 [ 1967.958601] ? entry_SYSENTER_compat+0x68/0x7f [ 1967.963182] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1967.968193] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1967.973058] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1967.977892] ? trace_hardirqs_on_caller+0x310/0x310 [ 1967.982901] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1967.987911] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1967.992927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1967.997771] entry_SYSENTER_compat+0x70/0x7f [ 1968.002173] RIP: 0023:0xf7f58ca9 [ 1968.005535] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1968.024424] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1968.032135] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1968.039393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1968.046650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1968.053908] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:49:02 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1968.061168] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:49:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf0ffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xd0ffffff00000000]}, 0x48) 02:49:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1968.120796] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1968.120796] program syz-executor1 not setting count and/or reply_len properly [ 1968.140743] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1968.140743] program syz-executor1 not setting count and/or reply_len properly [ 1968.331034] input: failed to attach handler evdev to device input593, error: -12 [ 1968.342693] input: syz0 as /devices/virtual/input/input595 02:49:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xb0ffffff]}, 0x48) 02:49:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xdd01}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:03 executing program 5 (fault-call:4 fault-nth:46): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:03 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1969.280981] input: syz0 as /devices/virtual/input/input596 [ 1969.286700] FAULT_INJECTION: forcing a failure. [ 1969.286700] name failslab, interval 1, probability 0, space 0, times 0 [ 1969.298718] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1969.298718] program syz-executor1 not setting count and/or reply_len properly [ 1969.325164] input: syz0 as /devices/virtual/input/input597 02:49:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xfffffffffffff000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1969.325741] CPU: 0 PID: 371 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1969.338175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1969.338180] Call Trace: [ 1969.338200] dump_stack+0x1c4/0x2b4 [ 1969.338217] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1969.358945] should_fail.cold.4+0xa/0x17 [ 1969.363016] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1969.368123] ? kobj_map+0x1d3/0x430 [ 1969.371761] ? mutex_trylock+0x2b0/0x2b0 [ 1969.375829] ? zap_class+0x640/0x640 [ 1969.375845] ? cdev_add+0x91/0x100 [ 1969.375862] ? lock_downgrade+0x900/0x900 [ 1969.383085] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1969.383101] ? do_fast_syscall_32+0x34d/0xfb2 [ 1969.383118] ? zap_class+0x640/0x640 [ 1969.392161] ? fs_reclaim_acquire+0x20/0x20 [ 1969.392178] ? lock_downgrade+0x900/0x900 [ 1969.392196] ? ___might_sleep+0x1ed/0x300 [ 1969.412957] ? arch_local_save_flags+0x40/0x40 [ 1969.417540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1969.423083] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 1969.428543] __should_failslab+0x124/0x180 [ 1969.432778] should_failslab+0x9/0x14 [ 1969.436584] kmem_cache_alloc_trace+0x2d7/0x750 [ 1969.441253] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1969.446792] device_add+0xecb/0x17b0 [ 1969.450516] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1969.455625] ? kobj_map+0x356/0x430 [ 1969.459259] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1969.464799] ? refcount_inc_checked+0x29/0x70 [ 1969.469291] ? kobject_get+0x6b/0xc0 [ 1969.473012] cdev_device_add+0xb4/0x110 [ 1969.476989] evdev_connect+0x487/0x5c0 [ 1969.480877] ? evdev_read+0xe70/0xe70 [ 1969.484683] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1969.490229] input_attach_handler+0x1b1/0x210 [ 1969.494724] input_register_device.cold.22+0xe8/0x297 [ 1969.499915] ? devm_input_allocate_device+0x120/0x120 [ 1969.505106] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1969.510124] ? input_mt_init_slots+0xba/0x4a0 [ 1969.514644] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1969.519922] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1969.525291] ? __fget_light+0x2e9/0x430 [ 1969.529264] ? fget_raw+0x20/0x20 [ 1969.532720] ? __sb_end_write+0xd9/0x110 [ 1969.536782] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1969.542329] ? fput+0x130/0x1a0 [ 1969.545634] ? ksys_write+0x1ae/0x260 [ 1969.549528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1969.555069] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1969.560622] uinput_compat_ioctl+0x6b/0x90 [ 1969.564857] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1969.569622] do_fast_syscall_32+0x34d/0xfb2 [ 1969.573941] ? do_int80_syscall_32+0x890/0x890 [ 1969.578523] ? entry_SYSENTER_compat+0x68/0x7f [ 1969.583103] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1969.588116] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1969.592952] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1969.597793] ? trace_hardirqs_on_caller+0x310/0x310 [ 1969.602810] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1969.607827] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1969.612840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1969.617698] entry_SYSENTER_compat+0x70/0x7f [ 1969.622097] RIP: 0023:0xf7f58ca9 [ 1969.625461] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1969.644450] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1969.652152] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1969.659417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1969.666676] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1969.673939] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 02:49:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x3}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1969.681202] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:49:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}, 0x48) 02:49:03 executing program 5 (fault-call:4 fault-nth:47): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1969.730641] input: failed to attach handler evdev to device input596, error: -12 [ 1969.756058] input: syz0 as /devices/virtual/input/input598 [ 1969.761014] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1969.761014] program syz-executor1 not setting count and/or reply_len properly [ 1969.818783] input: syz0 as /devices/virtual/input/input599 [ 1969.870632] FAULT_INJECTION: forcing a failure. [ 1969.870632] name failslab, interval 1, probability 0, space 0, times 0 [ 1969.881863] CPU: 1 PID: 393 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1969.889028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1969.898362] Call Trace: [ 1969.900934] dump_stack+0x1c4/0x2b4 [ 1969.904542] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1969.909712] ? mark_held_locks+0x130/0x130 [ 1969.913931] should_fail.cold.4+0xa/0x17 [ 1969.917973] ? check_preemption_disabled+0x48/0x200 [ 1969.922969] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1969.928049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1969.933565] ? check_preemption_disabled+0x48/0x200 [ 1969.938561] ? debug_smp_processor_id+0x1c/0x20 [ 1969.943210] ? perf_trace_lock+0x14d/0x7a0 [ 1969.947421] ? zap_class+0x640/0x640 [ 1969.951122] ? zap_class+0x640/0x640 [ 1969.954818] ? task_fork_fair+0x6d0/0x6d0 [ 1969.958951] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1969.963945] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 1969.968681] ? zap_class+0x640/0x640 [ 1969.972462] __should_failslab+0x124/0x180 [ 1969.976677] should_failslab+0x9/0x14 [ 1969.980459] kmem_cache_alloc+0x47/0x730 [ 1969.984503] ? plist_requeue+0x620/0x620 [ 1969.988540] ? kasan_check_write+0x14/0x20 [ 1969.992757] radix_tree_node_alloc.constprop.18+0x1f7/0x370 [ 1969.998448] idr_get_free+0x725/0xec0 [ 1970.002237] ? ida_pre_get+0x130/0x130 [ 1970.006107] ? save_stack+0xa9/0xd0 [ 1970.009708] ? save_stack+0x43/0xd0 [ 1970.013324] ? kasan_kmalloc+0xc7/0xe0 [ 1970.017190] ? kasan_slab_alloc+0x12/0x20 [ 1970.021321] ? kmem_cache_alloc+0x12e/0x730 [ 1970.025619] ? __kernfs_new_node+0x127/0x8d0 [ 1970.030003] ? kernfs_new_node+0x95/0x120 [ 1970.034130] ? kernfs_create_dir_ns+0x4d/0x160 [ 1970.038691] ? sysfs_create_dir_ns+0x19b/0x340 [ 1970.043251] ? kobject_add_internal.cold.11+0x116/0x6af [ 1970.048588] ? kobject_add+0x13f/0x1b0 [ 1970.052455] ? device_add+0x3cf/0x17b0 [ 1970.056324] ? cdev_device_add+0xb4/0x110 [ 1970.060454] ? evdev_connect+0x487/0x5c0 [ 1970.064492] ? input_attach_handler+0x1b1/0x210 [ 1970.069152] ? input_register_device.cold.22+0xe8/0x297 [ 1970.074496] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1970.079922] ? uinput_compat_ioctl+0x6b/0x90 [ 1970.084320] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1970.089489] ? do_fast_syscall_32+0x34d/0xfb2 [ 1970.093981] ? entry_SYSENTER_compat+0x70/0x7f [ 1970.098558] idr_alloc_u32+0x201/0x3f0 [ 1970.102438] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 1970.107273] ? lock_acquire+0x1ed/0x520 [ 1970.111229] ? __kernfs_new_node+0x14e/0x8d0 [ 1970.115616] ? __kernfs_new_node+0x127/0x8d0 [ 1970.120007] idr_alloc_cyclic+0x166/0x350 [ 1970.124135] ? idr_alloc+0x1b0/0x1b0 [ 1970.127832] ? do_raw_spin_lock+0x1a7/0x200 [ 1970.132137] __kernfs_new_node+0x1ee/0x8d0 [ 1970.136354] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1970.141092] ? tick_nohz_tick_stopped+0x1a/0x90 [ 1970.146255] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1970.151783] ? irq_work_queue+0x36/0x1d0 [ 1970.155824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1970.161345] ? wake_up_klogd+0x11a/0x180 [ 1970.165390] ? console_device+0xc0/0xc0 [ 1970.169348] ? vprintk_emit+0x322/0x930 [ 1970.173313] ? __down_trylock_console_sem+0x155/0x200 [ 1970.178486] ? vprintk_emit+0x268/0x930 [ 1970.182472] ? wake_up_klogd+0x180/0x180 [ 1970.186510] ? kernel_text_address+0x79/0xf0 [ 1970.190897] ? __kernel_text_address+0xd/0x40 [ 1970.195374] ? unwind_get_return_address+0x61/0xa0 [ 1970.200284] ? __save_stack_trace+0x8d/0xf0 [ 1970.204598] kernfs_new_node+0x95/0x120 [ 1970.208557] kernfs_create_dir_ns+0x4d/0x160 [ 1970.212948] sysfs_create_dir_ns+0x19b/0x340 [ 1970.217342] ? sysfs_create_mount_point+0xa0/0xa0 [ 1970.222167] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1970.226901] ? kasan_check_write+0x14/0x20 [ 1970.231114] ? do_raw_spin_lock+0xc1/0x200 [ 1970.235352] kobject_add_internal.cold.11+0x116/0x6af [ 1970.240526] ? kobj_ns_type_registered+0x60/0x60 [ 1970.245265] ? ___might_sleep+0x1ed/0x300 [ 1970.249397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1970.254916] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 1970.260349] kobject_add+0x13f/0x1b0 [ 1970.264042] ? kset_create_and_add+0x190/0x190 [ 1970.268606] ? klist_iter_init+0x70/0x70 [ 1970.272653] device_add+0x3cf/0x17b0 [ 1970.276369] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1970.281455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1970.286975] ? refcount_inc_checked+0x29/0x70 [ 1970.291458] ? kobject_get+0x6b/0xc0 [ 1970.295151] cdev_device_add+0xb4/0x110 [ 1970.299108] evdev_connect+0x487/0x5c0 [ 1970.302979] ? evdev_read+0xe70/0xe70 [ 1970.306762] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1970.312294] input_attach_handler+0x1b1/0x210 [ 1970.316777] input_register_device.cold.22+0xe8/0x297 [ 1970.321950] ? devm_input_allocate_device+0x120/0x120 [ 1970.327130] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1970.332127] ? input_mt_init_slots+0xba/0x4a0 [ 1970.336605] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1970.341860] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1970.347208] ? __fget_light+0x2e9/0x430 [ 1970.351165] ? fget_raw+0x20/0x20 [ 1970.354596] ? __sb_end_write+0xd9/0x110 [ 1970.358657] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1970.364171] ? fput+0x130/0x1a0 [ 1970.367436] ? ksys_write+0x1ae/0x260 [ 1970.371217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1970.376733] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1970.382263] uinput_compat_ioctl+0x6b/0x90 [ 1970.386483] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1970.391226] do_fast_syscall_32+0x34d/0xfb2 [ 1970.395530] ? do_int80_syscall_32+0x890/0x890 [ 1970.400094] ? entry_SYSENTER_compat+0x68/0x7f [ 1970.404655] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1970.409651] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1970.414473] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1970.419299] ? trace_hardirqs_on_caller+0x310/0x310 [ 1970.424298] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1970.429300] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1970.434301] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1970.439128] entry_SYSENTER_compat+0x70/0x7f [ 1970.443516] RIP: 0023:0xf7f58ca9 [ 1970.446867] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1970.465755] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1970.473444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1970.480690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1970.487939] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1970.495185] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1970.502433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:49:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x1dd}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}, 0x48) 02:49:05 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:05 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ashmem\x00', 0x40, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000580)={0x0, 0x0}) ppoll(&(0x7f0000000540)=[{r1, 0x4004}, {r0, 0x2000}, {r0, 0x400}], 0x3, &(0x7f00000005c0)={r2, r3+10000000}, &(0x7f0000000600)={0x5}, 0x8) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:05 executing program 5 (fault-call:4 fault-nth:48): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3000000000000000]}, 0x48) [ 1971.410193] input: syz0 as /devices/virtual/input/input600 [ 1971.415942] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1971.415942] program syz-executor1 not setting count and/or reply_len properly [ 1971.441981] input: syz0 as /devices/virtual/input/input601 [ 1971.452866] input: syz0 as /devices/virtual/input/input602 [ 1971.471045] FAULT_INJECTION: forcing a failure. [ 1971.471045] name failslab, interval 1, probability 0, space 0, times 0 [ 1971.498207] CPU: 1 PID: 401 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1971.505424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1971.514772] Call Trace: [ 1971.517365] dump_stack+0x1c4/0x2b4 [ 1971.520996] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1971.521019] should_fail.cold.4+0xa/0x17 [ 1971.521035] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1971.521048] ? kernfs_activate+0x8e/0x2c0 [ 1971.521065] ? mutex_trylock+0x2b0/0x2b0 [ 1971.535377] ? __mutex_lock+0x85e/0x1700 [ 1971.547584] ? zap_class+0x640/0x640 [ 1971.551298] ? kernfs_activate+0x21a/0x2c0 [ 1971.555536] ? lock_downgrade+0x900/0x900 [ 1971.559693] ? zap_class+0x640/0x640 [ 1971.563398] ? fs_reclaim_acquire+0x20/0x20 [ 1971.567710] ? lock_downgrade+0x900/0x900 [ 1971.571856] ? ___might_sleep+0x1ed/0x300 [ 1971.575996] ? arch_local_save_flags+0x40/0x40 [ 1971.580568] ? kasan_check_write+0x14/0x20 [ 1971.584794] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1971.589718] __should_failslab+0x124/0x180 [ 1971.593952] should_failslab+0x9/0x14 [ 1971.597745] kmem_cache_alloc+0x2be/0x730 [ 1971.601899] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1971.606834] ? vprintk_emit+0x322/0x930 [ 1971.610805] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1971.615818] __kernfs_new_node+0x127/0x8d0 02:49:05 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1971.620048] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1971.624818] ? mutex_unlock+0xd/0x10 [ 1971.628526] ? kernfs_activate+0x21a/0x2c0 [ 1971.632757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1971.638290] ? check_preemption_disabled+0x48/0x200 [ 1971.643307] ? debug_smp_processor_id+0x1c/0x20 [ 1971.647971] ? perf_trace_lock+0x14d/0x7a0 [ 1971.652210] ? zap_class+0x640/0x640 [ 1971.655930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1971.661462] ? kernfs_create_dir_ns+0x10c/0x160 [ 1971.666138] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1971.671683] kernfs_new_node+0x95/0x120 [ 1971.675656] __kernfs_create_file+0x5a/0x340 [ 1971.680063] sysfs_add_file_mode_ns+0x222/0x530 [ 1971.684732] sysfs_create_file_ns+0x1a3/0x270 [ 1971.689225] ? __down_interruptible+0x700/0x700 [ 1971.693885] ? sysfs_add_file_mode_ns+0x530/0x530 [ 1971.698723] ? kobject_add+0x14c/0x1b0 [ 1971.702603] ? up_read+0x1a/0x110 [ 1971.706054] device_create_file+0xf4/0x1e0 [ 1971.710283] ? acpi_bind_one+0x8e0/0x8e0 [ 1971.714335] device_add+0x416/0x17b0 [ 1971.718049] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1971.723172] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1971.728701] ? refcount_inc_checked+0x29/0x70 [ 1971.733190] ? kobject_get+0x6b/0xc0 [ 1971.736898] cdev_device_add+0xb4/0x110 [ 1971.740871] evdev_connect+0x487/0x5c0 [ 1971.744754] ? evdev_read+0xe70/0xe70 [ 1971.748552] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1971.754105] input_attach_handler+0x1b1/0x210 [ 1971.758599] input_register_device.cold.22+0xe8/0x297 [ 1971.763783] ? devm_input_allocate_device+0x120/0x120 [ 1971.768967] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1971.773976] ? input_mt_init_slots+0xba/0x4a0 [ 1971.778575] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1971.783860] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1971.789221] ? __fget_light+0x2e9/0x430 [ 1971.793192] ? fget_raw+0x20/0x20 [ 1971.796641] ? __sb_end_write+0xd9/0x110 [ 1971.800702] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1971.806233] ? fput+0x130/0x1a0 [ 1971.809507] ? ksys_write+0x1ae/0x260 [ 1971.813302] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1971.818837] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1971.824361] uinput_compat_ioctl+0x6b/0x90 [ 1971.828595] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1971.833356] do_fast_syscall_32+0x34d/0xfb2 [ 1971.837675] ? do_int80_syscall_32+0x890/0x890 [ 1971.842258] ? entry_SYSENTER_compat+0x68/0x7f [ 1971.846831] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1971.851844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1971.856683] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1971.861519] ? trace_hardirqs_on_caller+0x310/0x310 [ 1971.866533] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1971.871546] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1971.876562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1971.881404] entry_SYSENTER_compat+0x70/0x7f [ 1971.885805] RIP: 0023:0xf7f58ca9 [ 1971.889172] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1971.908061] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1971.915762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:49:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xffffff7f}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xc0ffffff00000000]}, 0x48) 02:49:06 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000026"], 0x2e) [ 1971.923128] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1971.930396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1971.937660] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1971.944923] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1972.013502] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1972.013502] program syz-executor1 not setting count and/or reply_len properly [ 1972.040798] input: failed to attach handler evdev to device input601, error: -12 [ 1972.064287] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1972.064287] program syz-executor1 not setting count and/or reply_len properly 02:49:07 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x425b}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 02:49:07 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000060"], 0x2e) 02:49:07 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x1, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x100}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f0000000580)={0x6, 0x0, 0x3f, 0x82}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000540)) 02:49:07 executing program 5 (fault-call:4 fault-nth:49): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1973.049832] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1973.049832] program syz-executor1 not setting count and/or reply_len properly [ 1973.068844] input: syz0 as /devices/virtual/input/input603 [ 1973.076469] input: syz0 as /devices/virtual/input/input604 [ 1973.089701] FAULT_INJECTION: forcing a failure. 02:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6000000000000000]}, 0x48) 02:49:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf0ffffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:07 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000004"], 0x2e) [ 1973.089701] name failslab, interval 1, probability 0, space 0, times 0 [ 1973.145099] CPU: 1 PID: 434 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1973.152311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1973.161658] Call Trace: [ 1973.164249] dump_stack+0x1c4/0x2b4 [ 1973.167875] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1973.173068] should_fail.cold.4+0xa/0x17 [ 1973.177136] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1973.182235] ? mutex_trylock+0x2b0/0x2b0 [ 1973.186306] ? __mutex_lock+0x85e/0x1700 [ 1973.190370] ? zap_class+0x640/0x640 [ 1973.194081] ? lock_downgrade+0x900/0x900 [ 1973.198228] ? zap_class+0x640/0x640 [ 1973.201942] ? fs_reclaim_acquire+0x20/0x20 [ 1973.206258] ? lock_downgrade+0x900/0x900 [ 1973.210423] ? ___might_sleep+0x1ed/0x300 [ 1973.214563] ? __kernfs_new_node+0x697/0x8d0 [ 1973.218971] ? arch_local_save_flags+0x40/0x40 [ 1973.223564] ? wait_for_completion+0x8a0/0x8a0 [ 1973.228146] __should_failslab+0x124/0x180 [ 1973.232379] should_failslab+0x9/0x14 [ 1973.236174] kmem_cache_alloc+0x2be/0x730 [ 1973.240313] ? debug_smp_processor_id+0x1c/0x20 [ 1973.244976] ? perf_trace_lock+0x14d/0x7a0 [ 1973.249213] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1973.254231] __kernfs_new_node+0x127/0x8d0 [ 1973.258470] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1973.263227] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1973.268072] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1973.273621] ? kernfs_add_one+0x12b/0x4d0 [ 1973.277780] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1973.283323] ? __kernfs_create_file+0x2ac/0x340 [ 1973.287992] ? zap_class+0x640/0x640 [ 1973.291717] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1973.297168] ? lock_downgrade+0x900/0x900 [ 1973.301325] kernfs_new_node+0x95/0x120 [ 1973.305305] kernfs_create_link+0xdb/0x250 [ 1973.309545] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1973.314822] sysfs_create_link+0x65/0xc0 [ 1973.318882] device_add+0x4ac/0x17b0 [ 1973.322605] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1973.327710] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1973.333243] ? refcount_inc_checked+0x29/0x70 [ 1973.337737] ? kobject_get+0x6b/0xc0 [ 1973.341458] cdev_device_add+0xb4/0x110 [ 1973.345434] evdev_connect+0x487/0x5c0 [ 1973.349321] ? evdev_read+0xe70/0xe70 [ 1973.353128] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1973.358669] input_attach_handler+0x1b1/0x210 [ 1973.358687] input_register_device.cold.22+0xe8/0x297 [ 1973.368357] ? devm_input_allocate_device+0x120/0x120 [ 1973.373556] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1973.378575] ? input_mt_init_slots+0xba/0x4a0 [ 1973.383075] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1973.388357] ? uinput_request_submit.part.9+0x2d0/0x2d0 02:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa0ffffff00000000]}, 0x48) [ 1973.393724] ? __fget_light+0x2e9/0x430 [ 1973.397698] ? fget_raw+0x20/0x20 [ 1973.401151] ? __sb_end_write+0xd9/0x110 [ 1973.405216] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1973.410749] ? fput+0x130/0x1a0 [ 1973.414040] ? ksys_write+0x1ae/0x260 [ 1973.417839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1973.423382] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1973.428922] uinput_compat_ioctl+0x6b/0x90 [ 1973.433160] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1973.437920] do_fast_syscall_32+0x34d/0xfb2 [ 1973.442243] ? do_int80_syscall_32+0x890/0x890 [ 1973.446828] ? entry_SYSENTER_compat+0x68/0x7f [ 1973.451410] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1973.456424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1973.461269] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1973.466112] ? trace_hardirqs_on_caller+0x310/0x310 [ 1973.471130] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1973.476145] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1973.481158] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1973.486011] entry_SYSENTER_compat+0x70/0x7f [ 1973.490414] RIP: 0023:0xf7f58ca9 [ 1973.493784] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1973.512674] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1973.520387] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1973.527653] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1973.534915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 02:49:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x300000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) [ 1973.542180] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1973.549446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1973.563547] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1973.563547] program syz-executor1 not setting count and/or reply_len properly [ 1973.640474] input: failed to attach handler evdev to device input604, error: -12 [ 1973.661634] input: syz0 as /devices/virtual/input/input605 02:49:08 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xdd010000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 02:49:08 executing program 5 (fault-call:4 fault-nth:50): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:08 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r2 = gettid() perf_event_open(&(0x7f0000000580)={0x3, 0x70, 0x6, 0x637d, 0x42, 0x81, 0x0, 0x4, 0xffd, 0x3, 0x3, 0x5, 0x3, 0x0, 0x1000100000000000, 0xffffffffffff1c94, 0x1, 0x3, 0x20, 0x9, 0x0, 0x10000, 0x6e06, 0x4, 0x4, 0x9, 0x3, 0x1000, 0x81, 0x7fff, 0xfffffffffffffffe, 0x40000, 0x8, 0x7, 0x7, 0x2, 0x1f, 0x7fffffff, 0x0, 0x6, 0x2, @perf_bp={&(0x7f0000000540), 0x2}, 0x1, 0x3, 0x5, 0x4, 0x3, 0x7, 0x40}, r2, 0x8, r1, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1974.651620] input: syz0 as /devices/virtual/input/input606 [ 1974.659602] FAULT_INJECTION: forcing a failure. [ 1974.659602] name failslab, interval 1, probability 0, space 0, times 0 [ 1974.660245] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1974.660245] program syz-executor1 not setting count and/or reply_len properly [ 1974.691258] CPU: 0 PID: 458 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1974.698451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1974.698457] Call Trace: [ 1974.698485] dump_stack+0x1c4/0x2b4 [ 1974.713995] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1974.719199] should_fail.cold.4+0xa/0x17 [ 1974.723256] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1974.723271] ? mutex_trylock+0x2b0/0x2b0 [ 1974.723289] ? __mutex_lock+0x85e/0x1700 [ 1974.732410] ? zap_class+0x640/0x640 [ 1974.732426] ? lock_downgrade+0x900/0x900 [ 1974.732443] ? zap_class+0x640/0x640 [ 1974.732460] ? fs_reclaim_acquire+0x20/0x20 02:49:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1974.740189] ? lock_downgrade+0x900/0x900 [ 1974.740207] ? ___might_sleep+0x1ed/0x300 [ 1974.740222] ? __kernfs_new_node+0x697/0x8d0 [ 1974.757821] input: syz0 as /devices/virtual/input/input607 [ 1974.760619] ? arch_local_save_flags+0x40/0x40 [ 1974.760635] ? wait_for_completion+0x8a0/0x8a0 [ 1974.760653] __should_failslab+0x124/0x180 [ 1974.760666] should_failslab+0x9/0x14 [ 1974.774954] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1974.774954] program syz-executor1 not setting count and/or reply_len properly [ 1974.775235] kmem_cache_alloc+0x2be/0x730 [ 1974.803484] ? debug_smp_processor_id+0x1c/0x20 [ 1974.803498] ? perf_trace_lock+0x14d/0x7a0 [ 1974.803512] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1974.803527] __kernfs_new_node+0x127/0x8d0 [ 1974.803544] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1974.816548] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1974.816565] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1974.816583] ? kernfs_add_one+0x12b/0x4d0 [ 1974.825793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1974.825808] ? __kernfs_create_file+0x2ac/0x340 [ 1974.825824] ? zap_class+0x640/0x640 [ 1974.858876] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1974.864320] ? lock_downgrade+0x900/0x900 [ 1974.868465] kernfs_new_node+0x95/0x120 [ 1974.872435] kernfs_create_link+0xdb/0x250 [ 1974.876669] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1974.881943] sysfs_create_link+0x65/0xc0 [ 1974.886001] device_add+0x4ac/0x17b0 [ 1974.889713] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1974.894815] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1974.900344] ? refcount_inc_checked+0x29/0x70 [ 1974.904851] ? kobject_get+0x6b/0xc0 [ 1974.908571] cdev_device_add+0xb4/0x110 [ 1974.912555] evdev_connect+0x487/0x5c0 [ 1974.916436] ? evdev_read+0xe70/0xe70 [ 1974.920237] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1974.925775] input_attach_handler+0x1b1/0x210 [ 1974.930267] input_register_device.cold.22+0xe8/0x297 [ 1974.935450] ? devm_input_allocate_device+0x120/0x120 [ 1974.940636] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1974.945649] ? input_mt_init_slots+0xba/0x4a0 [ 1974.950164] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1974.955436] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1974.960795] ? __fget_light+0x2e9/0x430 [ 1974.964763] ? fget_raw+0x20/0x20 [ 1974.968210] ? __sb_end_write+0xd9/0x110 [ 1974.972264] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1974.978049] ? fput+0x130/0x1a0 [ 1974.981323] ? ksys_write+0x1ae/0x260 [ 1974.985136] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1974.990670] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1974.996196] uinput_compat_ioctl+0x6b/0x90 [ 1975.000428] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1975.005209] do_fast_syscall_32+0x34d/0xfb2 [ 1975.009528] ? do_int80_syscall_32+0x890/0x890 [ 1975.014109] ? entry_SYSENTER_compat+0x68/0x7f [ 1975.018694] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1975.023704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1975.028538] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1975.033373] ? trace_hardirqs_on_caller+0x310/0x310 [ 1975.038381] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1975.043389] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1975.048402] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1975.053239] entry_SYSENTER_compat+0x70/0x7f [ 1975.057639] RIP: 0023:0xf7f58ca9 [ 1975.061009] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1975.079906] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1975.087618] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1975.094876] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 02:49:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6]}, 0x48) 02:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x60]}, 0x48) [ 1975.102156] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1975.109420] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1975.116678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1975.132834] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1975.132834] program syz-executor1 not setting count and/or reply_len properly 02:49:09 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1975.196672] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1975.196672] program syz-executor1 not setting count and/or reply_len properly [ 1975.240445] input: failed to attach handler evdev to device input606, error: -12 [ 1975.250196] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1975.250196] program syz-executor1 not setting count and/or reply_len properly [ 1975.298252] input: syz0 as /devices/virtual/input/input608 02:49:10 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x600000000000000]}, 0x48) 02:49:10 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x200000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:10 executing program 5 (fault-call:4 fault-nth:51): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:10 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:10 executing program 3: r0 = syz_open_dev$sndmidi(&(0x7f0000000600)='/dev/snd/midiC#D#\x00', 0x80, 0x41) r1 = syz_open_dev$dmmidi(&(0x7f00000006c0)='/dev/dmmidi#\x00', 0x1e, 0x1) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000700)={0x1ff, 0x0, &(0x7f0000ffd000/0x1000)=nil}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000540)=[@in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e20, 0xfff, @mcast2, 0x7fff}, @in={0x2, 0x4e24, @rand_addr=0x6}, @in6={0xa, 0x4e23, 0x4, @local, 0x7}], 0x68) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000680)={r2, 0x2, 0x0, 0x1f, &(0x7f0000000640)=[0x0, 0x0], 0x2}, 0x20) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000740)='/dev/snapshot\x00', 0x100, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000040)={0x72, {0x0, 0x0, 0x3, 0xfffffffffffffffc}}) write$uinput_user_dev(r3, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$EVIOCSREP(r2, 0x40084503, &(0x7f00000005c0)=[0x74c, 0x3]) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r3, 0x5501) [ 1976.501778] input: syz0 as /devices/virtual/input/input609 [ 1976.507657] FAULT_INJECTION: forcing a failure. [ 1976.507657] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.540040] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:49:10 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x100000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xd000000]}, 0x48) [ 1976.540040] program syz-executor1 not setting count and/or reply_len properly [ 1976.567591] input: syz0 as /devices/virtual/input/input610 [ 1976.604414] CPU: 1 PID: 485 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1976.611642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1976.620982] Call Trace: [ 1976.623572] dump_stack+0x1c4/0x2b4 [ 1976.627201] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1976.632394] should_fail.cold.4+0xa/0x17 [ 1976.636476] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1976.641573] ? mutex_trylock+0x2b0/0x2b0 [ 1976.645624] ? __mutex_lock+0x85e/0x1700 [ 1976.649679] ? zap_class+0x640/0x640 02:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x60000000]}, 0x48) [ 1976.653394] ? lock_downgrade+0x900/0x900 [ 1976.657536] ? zap_class+0x640/0x640 [ 1976.661247] ? fs_reclaim_acquire+0x20/0x20 [ 1976.665565] ? lock_downgrade+0x900/0x900 [ 1976.669715] ? ___might_sleep+0x1ed/0x300 [ 1976.673856] ? __kernfs_new_node+0x697/0x8d0 [ 1976.678256] ? arch_local_save_flags+0x40/0x40 [ 1976.682835] ? wait_for_completion+0x8a0/0x8a0 [ 1976.688302] __should_failslab+0x124/0x180 [ 1976.694127] should_failslab+0x9/0x14 [ 1976.698108] kmem_cache_alloc+0x2be/0x730 02:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6000]}, 0x48) [ 1976.702257] ? debug_smp_processor_id+0x1c/0x20 [ 1976.706922] ? perf_trace_lock+0x14d/0x7a0 [ 1976.711158] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1976.716175] __kernfs_new_node+0x127/0x8d0 [ 1976.720409] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1976.725172] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1976.730033] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1976.735576] ? kernfs_add_one+0x12b/0x4d0 [ 1976.739738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1976.745272] ? __kernfs_create_file+0x2ac/0x340 [ 1976.749941] ? zap_class+0x640/0x640 02:49:10 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000007"], 0x2e) [ 1976.753652] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1976.759101] ? lock_downgrade+0x900/0x900 [ 1976.763251] kernfs_new_node+0x95/0x120 [ 1976.767229] kernfs_create_link+0xdb/0x250 [ 1976.771468] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1976.776831] sysfs_create_link+0x65/0xc0 [ 1976.780903] device_add+0x4ac/0x17b0 [ 1976.784627] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1976.789739] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1976.795274] ? refcount_inc_checked+0x29/0x70 [ 1976.799765] ? kobject_get+0x6b/0xc0 02:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) [ 1976.803485] cdev_device_add+0xb4/0x110 [ 1976.807464] evdev_connect+0x487/0x5c0 [ 1976.811350] ? evdev_read+0xe70/0xe70 [ 1976.815146] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1976.820696] input_attach_handler+0x1b1/0x210 [ 1976.825195] input_register_device.cold.22+0xe8/0x297 [ 1976.830382] ? devm_input_allocate_device+0x120/0x120 [ 1976.835568] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1976.840583] ? input_mt_init_slots+0xba/0x4a0 [ 1976.845083] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1976.850370] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1976.855745] ? __fget_light+0x2e9/0x430 [ 1976.859714] ? fget_raw+0x20/0x20 [ 1976.863165] ? __sb_end_write+0xd9/0x110 [ 1976.867230] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1976.872759] ? fput+0x130/0x1a0 [ 1976.872775] ? ksys_write+0x1ae/0x260 [ 1976.872789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1976.872805] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1976.885360] uinput_compat_ioctl+0x6b/0x90 [ 1976.885379] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1976.885397] do_fast_syscall_32+0x34d/0xfb2 [ 1976.904191] ? do_int80_syscall_32+0x890/0x890 [ 1976.908771] ? entry_SYSENTER_compat+0x68/0x7f [ 1976.913361] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1976.918374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1976.923214] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1976.928047] ? trace_hardirqs_on_caller+0x310/0x310 [ 1976.928063] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1976.928075] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1976.928091] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1976.947902] entry_SYSENTER_compat+0x70/0x7f [ 1976.952314] RIP: 0023:0xf7f58ca9 [ 1976.955683] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1976.974574] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1976.974589] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1976.974598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1976.974605] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1976.974612] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1976.974619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1977.070815] input: failed to attach handler evdev to device input609, error: -12 02:49:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x2, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xc000000]}, 0x48) 02:49:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x9effffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:12 executing program 5 (fault-call:4 fault-nth:52): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:12 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'erspan0\x00', 0x0}) r3 = getuid() setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000640)={{{@in6=@remote, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x4e24, 0x0, 0x4e22, 0x0, 0xa, 0x20, 0xa0, 0x0, r2, r3}, {0x5, 0x0, 0x80000001, 0x0, 0x3, 0xfffffffffffffff7, 0x2, 0x2}, {0x0, 0x6, 0x95, 0x40}, 0x10001, 0x6e6bb1, 0x2, 0x87389e700dd6c017, 0x2, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x19}, 0x4d4, 0x33}, 0xa, @in=@multicast1, 0x3501, 0x4, 0x1, 0x0, 0x8, 0x6, 0x6}}, 0xe8) [ 1978.141040] input: syz0 as /devices/virtual/input/input612 [ 1978.149045] sg_write: 1 callbacks suppressed [ 1978.149055] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1978.149055] program syz-executor1 not setting count and/or reply_len properly [ 1978.166203] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1978.166203] program syz-executor1 not setting count and/or reply_len properly 02:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xc]}, 0x48) 02:49:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1978.186968] input: syz0 as /devices/virtual/input/input613 [ 1978.197124] FAULT_INJECTION: forcing a failure. [ 1978.197124] name failslab, interval 1, probability 0, space 0, times 0 [ 1978.225352] CPU: 1 PID: 517 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1978.232546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1978.241906] Call Trace: [ 1978.244519] dump_stack+0x1c4/0x2b4 [ 1978.248153] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1978.253357] should_fail.cold.4+0xa/0x17 [ 1978.257425] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1978.262532] ? mutex_trylock+0x2b0/0x2b0 [ 1978.266615] ? __mutex_lock+0x85e/0x1700 [ 1978.270680] ? zap_class+0x640/0x640 [ 1978.274397] ? lock_downgrade+0x900/0x900 [ 1978.278545] ? zap_class+0x640/0x640 [ 1978.282264] ? fs_reclaim_acquire+0x20/0x20 [ 1978.286587] ? lock_downgrade+0x900/0x900 [ 1978.290737] ? ___might_sleep+0x1ed/0x300 [ 1978.294882] ? __kernfs_new_node+0x697/0x8d0 [ 1978.299290] ? arch_local_save_flags+0x40/0x40 [ 1978.303883] ? wait_for_completion+0x8a0/0x8a0 [ 1978.308471] __should_failslab+0x124/0x180 [ 1978.312706] should_failslab+0x9/0x14 [ 1978.312722] kmem_cache_alloc+0x2be/0x730 [ 1978.312741] ? debug_smp_processor_id+0x1c/0x20 [ 1978.320650] ? perf_trace_lock+0x14d/0x7a0 [ 1978.320667] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1978.320683] __kernfs_new_node+0x127/0x8d0 [ 1978.320699] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1978.320716] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1978.348423] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1978.353959] ? kernfs_add_one+0x12b/0x4d0 [ 1978.358110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1978.363647] ? __kernfs_create_file+0x2ac/0x340 [ 1978.368314] ? zap_class+0x640/0x640 [ 1978.372027] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1978.377475] ? lock_downgrade+0x900/0x900 [ 1978.381627] kernfs_new_node+0x95/0x120 [ 1978.385604] kernfs_create_link+0xdb/0x250 [ 1978.389842] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1978.395118] sysfs_create_link+0x65/0xc0 [ 1978.399206] device_add+0x4ac/0x17b0 [ 1978.402944] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1978.408047] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1978.413583] ? refcount_inc_checked+0x29/0x70 [ 1978.418074] ? kobject_get+0x6b/0xc0 [ 1978.421792] cdev_device_add+0xb4/0x110 [ 1978.425766] evdev_connect+0x487/0x5c0 [ 1978.429663] ? evdev_read+0xe70/0xe70 [ 1978.433467] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1978.439015] input_attach_handler+0x1b1/0x210 [ 1978.443511] input_register_device.cold.22+0xe8/0x297 [ 1978.448706] ? devm_input_allocate_device+0x120/0x120 [ 1978.453898] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1978.458934] ? input_mt_init_slots+0xba/0x4a0 [ 1978.463430] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1978.468711] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1978.474077] ? __fget_light+0x2e9/0x430 [ 1978.478049] ? fget_raw+0x20/0x20 [ 1978.481506] ? __sb_end_write+0xd9/0x110 [ 1978.485595] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1978.491124] ? fput+0x130/0x1a0 [ 1978.494397] ? ksys_write+0x1ae/0x260 [ 1978.498209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1978.503748] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1978.509307] uinput_compat_ioctl+0x6b/0x90 [ 1978.513548] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1978.518320] do_fast_syscall_32+0x34d/0xfb2 [ 1978.522649] ? do_int80_syscall_32+0x890/0x890 [ 1978.527233] ? entry_SYSENTER_compat+0x68/0x7f [ 1978.531822] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1978.536846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1978.541684] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1978.546519] ? trace_hardirqs_on_caller+0x310/0x310 [ 1978.546540] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1978.546557] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1978.561577] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1978.566422] entry_SYSENTER_compat+0x70/0x7f [ 1978.570824] RIP: 0023:0xf7f58ca9 02:49:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x300}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 02:49:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1978.574458] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1978.594150] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1978.601865] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1978.609131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1978.616395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1978.623655] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1978.630917] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:49:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xfffffffc}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1978.664616] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1978.664616] program syz-executor1 not setting count and/or reply_len properly [ 1978.701584] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1978.701584] program syz-executor1 not setting count and/or reply_len properly [ 1978.760462] input: failed to attach handler evdev to device input612, error: -12 [ 1978.774027] input: syz0 as /devices/virtual/input/input614 02:49:13 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 02:49:13 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:13 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf0ffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:13 executing program 5 (fault-call:4 fault-nth:53): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:13 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x4040ae79, &(0x7f0000000140)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x5ae8}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) [ 1979.770453] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1979.770453] program syz-executor1 not setting count and/or reply_len properly 02:49:13 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x60000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x500000000000000]}, 0x48) [ 1979.815857] input: syz0 as /devices/virtual/input/input616 [ 1979.825551] input: syz0 as /devices/virtual/input/input615 [ 1979.847457] FAULT_INJECTION: forcing a failure. [ 1979.847457] name failslab, interval 1, probability 0, space 0, times 0 [ 1979.859564] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1979.859564] program syz-executor1 not setting count and/or reply_len properly [ 1979.894253] input: syz0 as /devices/virtual/input/input617 [ 1979.901677] CPU: 0 PID: 550 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1979.908870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1979.918210] Call Trace: [ 1979.920799] dump_stack+0x1c4/0x2b4 [ 1979.924434] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1979.929640] should_fail.cold.4+0xa/0x17 [ 1979.933712] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1979.933729] ? mutex_trylock+0x2b0/0x2b0 [ 1979.942851] ? __mutex_lock+0x85e/0x1700 [ 1979.946902] ? zap_class+0x640/0x640 [ 1979.946921] ? lock_downgrade+0x900/0x900 [ 1979.952509] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1979.952509] program syz-executor1 not setting count and/or reply_len properly [ 1979.954757] ? zap_class+0x640/0x640 [ 1979.954784] ? fs_reclaim_acquire+0x20/0x20 [ 1979.954802] ? lock_downgrade+0x900/0x900 [ 1979.982608] ? ___might_sleep+0x1ed/0x300 [ 1979.986747] ? __kernfs_new_node+0x697/0x8d0 [ 1979.991147] ? arch_local_save_flags+0x40/0x40 [ 1979.995725] ? wait_for_completion+0x8a0/0x8a0 [ 1980.000305] __should_failslab+0x124/0x180 [ 1980.004546] should_failslab+0x9/0x14 [ 1980.008339] kmem_cache_alloc+0x2be/0x730 [ 1980.012481] ? debug_smp_processor_id+0x1c/0x20 [ 1980.017152] ? perf_trace_lock+0x14d/0x7a0 [ 1980.021384] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1980.026423] __kernfs_new_node+0x127/0x8d0 [ 1980.030660] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1980.035418] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1980.037936] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1980.037936] program syz-executor1 not setting count and/or reply_len properly [ 1980.040257] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1980.040273] ? kernfs_add_one+0x12b/0x4d0 [ 1980.040293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1980.071121] ? __kernfs_create_file+0x2ac/0x340 [ 1980.075785] ? zap_class+0x640/0x640 [ 1980.079495] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1980.084941] ? lock_downgrade+0x900/0x900 [ 1980.089093] kernfs_new_node+0x95/0x120 [ 1980.093064] kernfs_create_link+0xdb/0x250 [ 1980.097309] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1980.102600] sysfs_create_link+0x65/0xc0 [ 1980.106684] device_add+0x4ac/0x17b0 [ 1980.106704] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1980.115497] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1980.121034] ? refcount_inc_checked+0x29/0x70 [ 1980.123702] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1980.123702] program syz-executor1 not setting count and/or reply_len properly [ 1980.125540] ? kobject_get+0x6b/0xc0 [ 1980.125557] cdev_device_add+0xb4/0x110 [ 1980.125576] evdev_connect+0x487/0x5c0 [ 1980.152976] ? evdev_read+0xe70/0xe70 [ 1980.156785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1980.162318] input_attach_handler+0x1b1/0x210 [ 1980.166818] input_register_device.cold.22+0xe8/0x297 [ 1980.172004] ? devm_input_allocate_device+0x120/0x120 [ 1980.177204] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1980.182212] ? input_mt_init_slots+0xba/0x4a0 [ 1980.186706] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1980.191981] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1980.191999] ? __fget_light+0x2e9/0x430 [ 1980.192014] ? fget_raw+0x20/0x20 [ 1980.201419] ? __sb_end_write+0xd9/0x110 [ 1980.201435] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1980.201447] ? fput+0x130/0x1a0 [ 1980.217685] ? ksys_write+0x1ae/0x260 [ 1980.221481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1980.227011] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1980.232541] uinput_compat_ioctl+0x6b/0x90 [ 1980.236773] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1980.241529] do_fast_syscall_32+0x34d/0xfb2 [ 1980.245846] ? do_int80_syscall_32+0x890/0x890 [ 1980.250426] ? entry_SYSENTER_compat+0x68/0x7f [ 1980.255000] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1980.260023] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1980.264856] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1980.269691] ? trace_hardirqs_on_caller+0x310/0x310 [ 1980.274702] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1980.279713] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1980.284725] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1980.289562] entry_SYSENTER_compat+0x70/0x7f [ 1980.293971] RIP: 0023:0xf7f58ca9 [ 1980.297332] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 02:49:13 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:14 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:14 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1980.316236] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1980.323935] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1980.331192] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1980.338453] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1980.345712] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1980.352981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1980.390473] input: failed to attach handler evdev to device input616, error: -12 02:49:15 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0xd, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:15 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x3f00000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x48) 02:49:15 executing program 5 (fault-call:4 fault-nth:54): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:15 executing program 3: r0 = syz_open_dev$adsp(&(0x7f0000000540)='/dev/adsp#\x00', 0x5490, 0x800) write$uinput_user_dev(r0, &(0x7f0000000580)={'syz0\x00', {0x100, 0x8001, 0xfffffffffffff001, 0x8}, 0x3c, [0x1000, 0x3, 0x1f, 0xfffffffffffffffd, 0x8, 0x10001, 0x8000, 0x8, 0x3, 0xffffffffffffffff, 0x4, 0x3, 0x5, 0x3ff, 0x9, 0x4, 0x76, 0x254, 0x3, 0xfffffffffffffffb, 0x6, 0x8, 0x4, 0x7, 0xd143, 0x3, 0x2, 0xc21, 0x10001, 0xfffffffffffffffb, 0x1, 0xfffffffffffffffb, 0x2, 0x7ff, 0xff70, 0x7, 0x1, 0xd7, 0x100000001, 0x328b, 0x8, 0xd8, 0x9, 0x2, 0x8, 0xffffffffd64f1db7, 0x8001, 0x2, 0x7, 0x2, 0xffffffff, 0x6, 0x56, 0x4, 0x9, 0xfffffffffffffe00, 0x5, 0x58, 0x5, 0x7ff, 0x33e6, 0xfff, 0x3ff, 0x93c], [0x8, 0x0, 0x800, 0x2, 0x6, 0x1ff, 0x2, 0x1, 0x40, 0x1, 0x5, 0x5, 0x8, 0x831, 0x3, 0x31, 0xca5, 0xefc, 0x8, 0x6, 0x7f, 0x8, 0x1, 0x6, 0x7fffffff, 0x9, 0xff, 0x10001, 0x7f, 0xff, 0x20, 0x5, 0x6, 0xcdfb, 0x80000001, 0x5, 0x5, 0x7fffffff, 0x6, 0x9, 0x7, 0x5, 0x101, 0x4, 0x0, 0x9, 0x200, 0x9, 0x9, 0x7, 0x2, 0x0, 0x2, 0x81, 0x1000, 0x100000001, 0x9, 0x8, 0x0, 0x0, 0x6ac2, 0x3d99, 0xfffffffffffffffd, 0xc785], [0x40, 0x80000001, 0xffffffff, 0x80, 0xfffffffffffffff9, 0x539d, 0x8, 0x1, 0xfff, 0x5, 0x8, 0xffff, 0x100000000, 0x6, 0x3, 0x800, 0x5, 0x5, 0x9, 0x4, 0x3, 0x0, 0x27, 0x10000, 0xffff, 0x2, 0x3, 0x7, 0x9, 0x2, 0x10001, 0x8, 0x10001, 0x7b, 0x20, 0xe1cc, 0x6, 0x8, 0xfffffffffffff801, 0x9, 0x8, 0x1, 0x9, 0x800, 0xad8, 0x3, 0x101, 0x101, 0x7f, 0x9, 0x100, 0xfffffffffffffff7, 0x7fff, 0x8001, 0x727, 0x573, 0x2, 0x800, 0x9, 0x9, 0x7ff, 0x8001, 0xfff, 0x2], [0x20, 0xbf7b, 0xfffffffffffff644, 0x8, 0x3, 0x582, 0x9, 0xa, 0x3, 0x200, 0x6, 0x5, 0x9, 0x9, 0x8, 0x8000, 0x4cf, 0x7ff, 0x9, 0x7ff, 0x8a01877, 0xdfd5, 0x9, 0x5, 0x1, 0x800000010000000, 0x8, 0x9, 0x80000001, 0x800, 0xd2, 0xd812, 0x0, 0x6, 0x8d03, 0x7fff, 0x40, 0xaafb, 0x80, 0x7f, 0xffffffff, 0x5, 0x1f, 0x6ff2, 0x3f, 0xfff, 0x0, 0x7, 0x9b, 0x3ff, 0x2, 0x400, 0x27f6, 0x2, 0x3, 0x5, 0xa2, 0x8, 0x2, 0x3, 0x7fff, 0x9, 0x8, 0x80000001]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:49:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 02:49:15 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xdd01000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1981.412356] input: syz0 as /devices/virtual/input/input619 [ 1981.419450] input: syz0 as /devices/virtual/input/input618 [ 1981.420940] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1981.420940] program syz-executor1 not setting count and/or reply_len properly [ 1981.441555] FAULT_INJECTION: forcing a failure. [ 1981.441555] name failslab, interval 1, probability 0, space 0, times 0 [ 1981.486310] CPU: 0 PID: 579 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1981.493502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1981.502848] Call Trace: [ 1981.505444] dump_stack+0x1c4/0x2b4 [ 1981.509072] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1981.514277] should_fail.cold.4+0xa/0x17 [ 1981.518349] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1981.523465] ? perf_trace_lock+0x14d/0x7a0 [ 1981.527695] ? lock_release+0x970/0x970 [ 1981.531666] ? arch_local_save_flags+0x40/0x40 [ 1981.536241] ? zap_class+0x640/0x640 [ 1981.539958] ? check_preemption_disabled+0x48/0x200 [ 1981.544981] ? __mutex_lock+0x85e/0x1700 [ 1981.549062] ? kernfs_activate+0x8e/0x2c0 [ 1981.553220] ? zap_class+0x640/0x640 [ 1981.556933] ? fs_reclaim_acquire+0x20/0x20 [ 1981.561250] ? lock_downgrade+0x900/0x900 [ 1981.565407] ? ___might_sleep+0x1ed/0x300 [ 1981.569552] ? arch_local_save_flags+0x40/0x40 [ 1981.574128] ? kernfs_activate+0x21a/0x2c0 [ 1981.578372] __should_failslab+0x124/0x180 [ 1981.582606] should_failslab+0x9/0x14 [ 1981.586407] kmem_cache_alloc+0x2be/0x730 [ 1981.590553] ? lock_downgrade+0x900/0x900 [ 1981.594783] ? do_raw_spin_lock+0xc1/0x200 [ 1981.599023] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1981.604037] __kernfs_new_node+0x127/0x8d0 [ 1981.608294] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1981.613056] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1981.617983] ? wait_for_completion+0x8a0/0x8a0 [ 1981.622562] ? wait_for_completion+0x8a0/0x8a0 [ 1981.627149] ? mutex_unlock+0xd/0x10 [ 1981.630860] ? kernfs_activate+0x21a/0x2c0 [ 1981.635090] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1981.639931] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1981.645472] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1981.650061] kernfs_new_node+0x95/0x120 [ 1981.654040] __kernfs_create_file+0x5a/0x340 [ 1981.658453] sysfs_add_file_mode_ns+0x222/0x530 [ 1981.663213] sysfs_merge_group+0x224/0x410 [ 1981.667453] ? sysfs_mount+0x240/0x240 [ 1981.671343] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1981.676883] dpm_sysfs_add+0x161/0x210 [ 1981.680772] device_add+0x846/0x17b0 [ 1981.684490] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1981.689634] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1981.695172] ? refcount_inc_checked+0x29/0x70 [ 1981.699666] ? kobject_get+0x6b/0xc0 [ 1981.703381] cdev_device_add+0xb4/0x110 [ 1981.707351] evdev_connect+0x487/0x5c0 [ 1981.711234] ? evdev_read+0xe70/0xe70 [ 1981.715041] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1981.720585] input_attach_handler+0x1b1/0x210 [ 1981.725078] input_register_device.cold.22+0xe8/0x297 [ 1981.730273] ? devm_input_allocate_device+0x120/0x120 [ 1981.735458] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1981.740472] ? input_mt_init_slots+0xba/0x4a0 [ 1981.744972] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1981.750247] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1981.750265] ? __fget_light+0x2e9/0x430 [ 1981.750279] ? fget_raw+0x20/0x20 [ 1981.759569] ? __sb_end_write+0xd9/0x110 [ 1981.759588] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1981.759596] ? fput+0x130/0x1a0 [ 1981.759612] ? ksys_write+0x1ae/0x260 [ 1981.780035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1981.785571] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1981.791098] uinput_compat_ioctl+0x6b/0x90 [ 1981.795338] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1981.800098] do_fast_syscall_32+0x34d/0xfb2 [ 1981.804414] ? do_int80_syscall_32+0x890/0x890 [ 1981.808991] ? entry_SYSENTER_compat+0x68/0x7f [ 1981.813567] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1981.818577] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1981.823409] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1981.828249] ? trace_hardirqs_on_caller+0x310/0x310 [ 1981.833264] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1981.838284] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1981.843296] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1981.848139] entry_SYSENTER_compat+0x70/0x7f [ 1981.852538] RIP: 0023:0xf7f58ca9 [ 1981.855895] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1981.874788] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 02:49:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000004c"], 0x2e) 02:49:15 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xfffff000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3000]}, 0x48) 02:49:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000048"], 0x2e) [ 1981.882499] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1981.889759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1981.897020] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1981.904292] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1981.911553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1981.960885] input: failed to attach handler evdev to device input618, error: -12 [ 1981.977971] input: syz0 as /devices/virtual/input/input620 02:49:16 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x20000004) dup2(r2, r0) 02:49:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:16 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000007a"], 0x2e) 02:49:16 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe]}, 0x48) 02:49:16 executing program 5 (fault-call:4 fault-nth:55): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:16 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0086426, &(0x7f0000000100)={0x7, &(0x7f00000000c0)=[{}, {0x0}, {}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4008641c, &(0x7f0000000240)={r2, &(0x7f0000000140)=""/218}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000280)={0x5, 0x0, [{0x5, 0x3, 0x0, 0x0, @sint={0x3, 0x2bc}}, {0x1, 0x7, 0x0, 0x0, @irqchip={0xea, 0x8}}, {0xb293, 0x3, 0x0, 0x0, @sint={0x9, 0xffffffffffffff81}}, {0x20000000, 0x7, 0x0, 0x0, @sint={0x0, 0x8}}, {0x1, 0x7, 0x0, 0x0, @irqchip={0x3, 0xe024}}]}) [ 1982.832384] input: syz0 as /devices/virtual/input/input621 [ 1982.847819] FAULT_INJECTION: forcing a failure. [ 1982.847819] name failslab, interval 1, probability 0, space 0, times 0 [ 1982.874561] CPU: 0 PID: 606 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1982.881771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1982.891153] Call Trace: [ 1982.893765] dump_stack+0x1c4/0x2b4 [ 1982.897420] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1982.902635] should_fail.cold.4+0xa/0x17 [ 1982.906720] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1982.911842] ? idr_destroy+0x1c0/0x1c0 [ 1982.915751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1982.921306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1982.926860] ? check_preemption_disabled+0x48/0x200 [ 1982.931894] ? zap_class+0x640/0x640 [ 1982.935626] ? fs_reclaim_acquire+0x20/0x20 [ 1982.939959] ? lock_downgrade+0x900/0x900 [ 1982.944122] ? ___might_sleep+0x1ed/0x300 [ 1982.948303] ? arch_local_save_flags+0x40/0x40 [ 1982.952909] __should_failslab+0x124/0x180 [ 1982.957176] should_failslab+0x9/0x14 [ 1982.960990] kmem_cache_alloc+0x2be/0x730 [ 1982.965171] ? __mutex_lock+0x85e/0x1700 [ 1982.969249] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1982.974282] __kernfs_new_node+0x127/0x8d0 [ 1982.979030] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1982.983800] ? zap_class+0x640/0x640 [ 1982.987532] ? lock_downgrade+0x900/0x900 [ 1982.991691] ? do_raw_spin_lock+0xc1/0x200 [ 1982.995935] ? kasan_check_write+0x14/0x20 [ 1983.000194] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1983.005155] ? __kernfs_new_node+0x697/0x8d0 [ 1983.009581] ? wait_for_completion+0x8a0/0x8a0 [ 1983.014180] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1983.019032] ? kasan_check_write+0x14/0x20 [ 1983.023278] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1983.028229] kernfs_new_node+0x95/0x120 [ 1983.032220] kernfs_create_dir_ns+0x4d/0x160 [ 1983.036641] internal_create_group+0x5fc/0xd80 [ 1983.041240] ? kernfs_put+0x49b/0x760 [ 1983.045052] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1983.049647] ? remove_files.isra.1+0x190/0x190 [ 1983.054239] ? kernfs_add_one+0x12b/0x4d0 [ 1983.058408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1983.063955] ? kernfs_create_link+0x1d4/0x250 [ 1983.068535] sysfs_create_group+0x1f/0x30 [ 1983.072696] dpm_sysfs_add+0x26/0x210 [ 1983.076513] device_add+0x846/0x17b0 [ 1983.080246] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1983.085365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1983.090920] ? refcount_inc_checked+0x29/0x70 [ 1983.095430] ? kobject_get+0x6b/0xc0 [ 1983.099176] cdev_device_add+0xb4/0x110 [ 1983.103183] evdev_connect+0x487/0x5c0 [ 1983.107082] ? evdev_read+0xe70/0xe70 [ 1983.110923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1983.116487] input_attach_handler+0x1b1/0x210 [ 1983.120997] input_register_device.cold.22+0xe8/0x297 [ 1983.126201] ? devm_input_allocate_device+0x120/0x120 [ 1983.131405] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1983.136431] ? input_mt_init_slots+0xba/0x4a0 [ 1983.140940] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1983.146230] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1983.151610] ? __fget_light+0x2e9/0x430 [ 1983.155597] ? fget_raw+0x20/0x20 [ 1983.159061] ? __sb_end_write+0xd9/0x110 [ 1983.163151] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1983.168697] ? fput+0x130/0x1a0 [ 1983.171992] ? ksys_write+0x1ae/0x260 [ 1983.175804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1983.181356] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1983.186899] uinput_compat_ioctl+0x6b/0x90 [ 1983.186919] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1983.186939] do_fast_syscall_32+0x34d/0xfb2 [ 1983.195914] ? do_int80_syscall_32+0x890/0x890 [ 1983.195929] ? entry_SYSENTER_compat+0x68/0x7f [ 1983.195948] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1983.204828] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1983.204842] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1983.204859] ? trace_hardirqs_on_caller+0x310/0x310 [ 1983.214441] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1983.214459] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1983.214481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1983.224155] entry_SYSENTER_compat+0x70/0x7f [ 1983.224167] RIP: 0023:0xf7f58ca9 [ 1983.224184] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1983.234185] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 02:49:17 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) lsetxattr(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)=ANY=[@ANYBLOB="6f7b322e3379e0f5d2"], &(0x7f00000005c0)='\x00', 0x1, 0x1) openat$ppp(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ppp\x00', 0x80, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:17 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000068"], 0x2e) 02:49:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 02:49:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1983.234202] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1983.234210] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1983.234219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1983.234226] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1983.234237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1983.329241] input: syz0 as /devices/virtual/input/input624 [ 1983.330829] sg_write: 3 callbacks suppressed [ 1983.330840] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1983.330840] program syz-executor1 not setting count and/or reply_len properly 02:49:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x34000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:17 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1983.380427] input: failed to attach handler evdev to device input621, error: -12 [ 1983.394910] input: syz0 as /devices/virtual/input/input625 [ 1983.429521] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1983.429521] program syz-executor1 not setting count and/or reply_len properly [ 1983.460857] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1983.460857] program syz-executor1 not setting count and/or reply_len properly 02:49:18 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x80000, 0x4) ioctl$EVIOCGVERSION(r1, 0x80044501, &(0x7f0000000100)=""/48) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000080)={0x0, 0x5, 0x72d1, &(0x7f0000000040)}) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffb0]}, 0x48) 02:49:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xfcffffff00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:18 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:18 executing program 5 (fault-call:4 fault-nth:56): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:18 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000680)={'veth1_to_bridge\x00', {0x2, 0x4e23, @rand_addr=0x10000}}) fstat(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$security_capability(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='security.capability\x00', &(0x7f0000000640)=@v3={0x3000000, [{0x6b, 0xfffffffffffffe00}, {0x0, 0x569}], r2}, 0x18, 0x0) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1984.385678] input: syz0 as /devices/virtual/input/input627 [ 1984.389291] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1984.389291] program syz-executor1 not setting count and/or reply_len properly [ 1984.423218] input: syz0 as /devices/virtual/input/input628 02:49:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf0ffffffffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x48) 02:49:18 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1984.442500] input: syz0 as /devices/virtual/input/input626 [ 1984.504185] FAULT_INJECTION: forcing a failure. [ 1984.504185] name failslab, interval 1, probability 0, space 0, times 0 [ 1984.512534] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1984.512534] program syz-executor1 not setting count and/or reply_len properly [ 1984.554497] CPU: 0 PID: 630 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1984.561703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1984.561709] Call Trace: [ 1984.561728] dump_stack+0x1c4/0x2b4 [ 1984.561748] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1984.573685] should_fail.cold.4+0xa/0x17 [ 1984.573704] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1984.582502] ? debug_smp_processor_id+0x1c/0x20 [ 1984.582517] ? perf_trace_lock+0x14d/0x7a0 [ 1984.582533] ? lock_release+0x970/0x970 [ 1984.591683] ? arch_local_save_flags+0x40/0x40 [ 1984.591700] ? zap_class+0x640/0x640 [ 1984.591720] ? check_preemption_disabled+0x48/0x200 [ 1984.617869] ? zap_class+0x640/0x640 [ 1984.621592] ? fs_reclaim_acquire+0x20/0x20 [ 1984.625920] ? lock_downgrade+0x900/0x900 [ 1984.630077] ? debug_smp_processor_id+0x1c/0x20 [ 1984.634759] ? ___might_sleep+0x1ed/0x300 [ 1984.638918] ? arch_local_save_flags+0x40/0x40 [ 1984.643507] ? zap_class+0x640/0x640 [ 1984.647224] ? zap_class+0x640/0x640 [ 1984.650959] __should_failslab+0x124/0x180 [ 1984.655219] should_failslab+0x9/0x14 [ 1984.659034] kmem_cache_alloc+0x2be/0x730 [ 1984.663192] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1984.668222] __kernfs_new_node+0x127/0x8d0 [ 1984.672471] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1984.677240] ? zap_class+0x640/0x640 [ 1984.680965] ? kernfs_find_and_get_ns+0x59/0x70 [ 1984.685665] ? kasan_check_write+0x14/0x20 [ 1984.689907] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1984.694845] ? wait_for_completion+0x8a0/0x8a0 [ 1984.699442] ? kasan_check_write+0x14/0x20 [ 1984.703682] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1984.708621] ? kasan_check_write+0x14/0x20 [ 1984.712863] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1984.717806] ? wait_for_completion+0x8a0/0x8a0 [ 1984.722393] ? kernfs_put+0x49b/0x760 [ 1984.726207] kernfs_new_node+0x95/0x120 [ 1984.730198] __kernfs_create_file+0x5a/0x340 [ 1984.734626] sysfs_add_file_mode_ns+0x222/0x530 [ 1984.739308] sysfs_merge_group+0x224/0x410 [ 1984.743555] ? sysfs_mount+0x240/0x240 [ 1984.747456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.753024] dpm_sysfs_add+0x161/0x210 [ 1984.756926] device_add+0x846/0x17b0 [ 1984.760652] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1984.765765] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1984.771308] ? refcount_inc_checked+0x29/0x70 [ 1984.775815] ? kobject_get+0x6b/0xc0 [ 1984.779538] cdev_device_add+0xb4/0x110 [ 1984.783520] evdev_connect+0x487/0x5c0 [ 1984.787413] ? evdev_read+0xe70/0xe70 [ 1984.791234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1984.796781] input_attach_handler+0x1b1/0x210 [ 1984.801290] input_register_device.cold.22+0xe8/0x297 [ 1984.806489] ? devm_input_allocate_device+0x120/0x120 [ 1984.811690] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1984.816719] ? input_mt_init_slots+0xba/0x4a0 [ 1984.821234] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1984.826520] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1984.831897] ? __fget_light+0x2e9/0x430 [ 1984.835877] ? fget_raw+0x20/0x20 [ 1984.839341] ? __sb_end_write+0xd9/0x110 [ 1984.843415] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1984.848953] ? fput+0x130/0x1a0 [ 1984.852262] ? ksys_write+0x1ae/0x260 [ 1984.856067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.861613] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1984.867153] uinput_compat_ioctl+0x6b/0x90 [ 1984.871403] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1984.876176] do_fast_syscall_32+0x34d/0xfb2 [ 1984.880510] ? do_int80_syscall_32+0x890/0x890 [ 1984.885105] ? entry_SYSENTER_compat+0x68/0x7f [ 1984.889695] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1984.894715] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1984.899562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1984.904414] ? trace_hardirqs_on_caller+0x310/0x310 [ 1984.909438] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1984.914462] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1984.919488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1984.924342] entry_SYSENTER_compat+0x70/0x7f [ 1984.928756] RIP: 0023:0xf7f58ca9 [ 1984.932128] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 02:49:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x800000000000000]}, 0x48) 02:49:19 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x100000000802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1984.951035] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1984.958749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1984.966021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1984.973293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1984.980832] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1984.988105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1985.020824] input: syz0 as /devices/virtual/input/input629 [ 1985.100558] input: failed to attach handler evdev to device input626, error: -12 [ 1985.116333] input: syz0 as /devices/virtual/input/input630 02:49:20 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, r1) 02:49:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x3000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 02:49:20 executing program 5 (fault-call:4 fault-nth:57): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:20 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000580)={0x4, &(0x7f0000000540)=[{0x3ff, 0x2, 0x7, 0x40}, {0xe266, 0x1, 0x9, 0x6}, {0x4, 0x200000, 0x6a23, 0x5}, {0x18, 0x10001, 0x200, 0x3}]}, 0x8) [ 1986.133390] input: syz0 as /devices/virtual/input/input631 [ 1986.150731] input: syz0 as /devices/virtual/input/input632 02:49:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xfcffffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa0ffffff]}, 0x48) [ 1986.177990] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1986.177990] program syz-executor1 not setting count and/or reply_len properly [ 1986.198928] FAULT_INJECTION: forcing a failure. [ 1986.198928] name failslab, interval 1, probability 0, space 0, times 0 [ 1986.213963] input: syz0 as /devices/virtual/input/input633 [ 1986.219676] CPU: 0 PID: 660 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1986.226876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1986.226883] Call Trace: [ 1986.226904] dump_stack+0x1c4/0x2b4 [ 1986.226924] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1986.247697] should_fail.cold.4+0xa/0x17 [ 1986.251773] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1986.251789] ? perf_trace_lock+0x14d/0x7a0 [ 1986.251804] ? lock_release+0x970/0x970 [ 1986.251822] ? arch_local_save_flags+0x40/0x40 [ 1986.269712] ? zap_class+0x640/0x640 [ 1986.273437] ? check_preemption_disabled+0x48/0x200 [ 1986.278473] ? __mutex_lock+0x85e/0x1700 [ 1986.282553] ? kernfs_activate+0x8e/0x2c0 [ 1986.286714] ? zap_class+0x640/0x640 [ 1986.290440] ? fs_reclaim_acquire+0x20/0x20 [ 1986.294775] ? lock_downgrade+0x900/0x900 [ 1986.298941] ? ___might_sleep+0x1ed/0x300 [ 1986.303106] ? arch_local_save_flags+0x40/0x40 [ 1986.307696] ? kernfs_activate+0x21a/0x2c0 [ 1986.311948] __should_failslab+0x124/0x180 [ 1986.316197] should_failslab+0x9/0x14 [ 1986.320009] kmem_cache_alloc+0x2be/0x730 [ 1986.324170] ? lock_downgrade+0x900/0x900 [ 1986.328328] ? do_raw_spin_lock+0xc1/0x200 [ 1986.332581] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1986.337606] __kernfs_new_node+0x127/0x8d0 [ 1986.341872] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1986.346646] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1986.351593] ? wait_for_completion+0x8a0/0x8a0 [ 1986.356191] ? wait_for_completion+0x8a0/0x8a0 [ 1986.360792] ? mutex_unlock+0xd/0x10 [ 1986.364534] ? kernfs_activate+0x21a/0x2c0 [ 1986.368781] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1986.373635] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1986.379182] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1986.383782] kernfs_new_node+0x95/0x120 [ 1986.387790] __kernfs_create_file+0x5a/0x340 [ 1986.392230] sysfs_add_file_mode_ns+0x222/0x530 [ 1986.396915] sysfs_merge_group+0x224/0x410 [ 1986.401175] ? sysfs_mount+0x240/0x240 [ 1986.405087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1986.410642] dpm_sysfs_add+0x161/0x210 [ 1986.414542] device_add+0x846/0x17b0 [ 1986.418270] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1986.423390] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1986.428936] ? refcount_inc_checked+0x29/0x70 [ 1986.433442] ? kobject_get+0x6b/0xc0 [ 1986.437167] cdev_device_add+0xb4/0x110 [ 1986.441154] evdev_connect+0x487/0x5c0 [ 1986.445057] ? evdev_read+0xe70/0xe70 [ 1986.448876] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1986.454431] input_attach_handler+0x1b1/0x210 [ 1986.458942] input_register_device.cold.22+0xe8/0x297 [ 1986.464149] ? devm_input_allocate_device+0x120/0x120 [ 1986.469349] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1986.474375] ? input_mt_init_slots+0xba/0x4a0 [ 1986.478889] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1986.484179] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1986.489561] ? __fget_light+0x2e9/0x430 [ 1986.493545] ? fget_raw+0x20/0x20 [ 1986.497013] ? __sb_end_write+0xd9/0x110 [ 1986.501091] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1986.506634] ? fput+0x130/0x1a0 [ 1986.509924] ? ksys_write+0x1ae/0x260 [ 1986.513734] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1986.519286] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1986.524851] uinput_compat_ioctl+0x6b/0x90 [ 1986.529099] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1986.533873] do_fast_syscall_32+0x34d/0xfb2 [ 1986.538223] ? do_int80_syscall_32+0x890/0x890 [ 1986.542831] ? entry_SYSENTER_compat+0x68/0x7f [ 1986.547428] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1986.552459] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1986.557307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1986.562167] ? trace_hardirqs_on_caller+0x310/0x310 [ 1986.567199] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1986.572226] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1986.577257] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1986.582114] entry_SYSENTER_compat+0x70/0x7f [ 1986.586526] RIP: 0023:0xf7f58ca9 [ 1986.589902] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1986.608825] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1986.616548] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:49:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x50000000]}, 0x48) 02:49:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1986.623834] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1986.631113] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1986.638388] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1986.645663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1986.657708] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1986.657708] program syz-executor1 not setting count and/or reply_len properly 02:49:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1986.730412] input: failed to attach handler evdev to device input631, error: -12 [ 1986.765903] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:49:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf0}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1986.765903] program syz-executor1 not setting count and/or reply_len properly [ 1986.824800] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1986.824800] program syz-executor1 not setting count and/or reply_len properly 02:49:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0xa86, 0x80) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0xffffffff}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r3, 0x9}, &(0x7f00000001c0)=0x8) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r4 = socket$inet6(0xa, 0x1000000000003, 0x81) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udplite6\x00') connect$rds(r5, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) dup2(r4, r0) 02:49:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x48) 02:49:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xfffffff0}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:21 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) fchdir(r0) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4bdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa888], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:21 executing program 5 (fault-call:4 fault-nth:58): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000000000000000000000000003800000000ff"], 0x2e) [ 1987.850619] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1987.850619] program syz-executor1 not setting count and/or reply_len properly [ 1987.867274] input: syz0 as /devices/virtual/input/input634 [ 1987.873549] input: syz0 as /devices/virtual/input/input635 02:49:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf00000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6000]}, 0x48) [ 1987.900714] FAULT_INJECTION: forcing a failure. [ 1987.900714] name failslab, interval 1, probability 0, space 0, times 0 [ 1987.926191] CPU: 1 PID: 691 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1987.933403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1987.942768] Call Trace: [ 1987.945376] dump_stack+0x1c4/0x2b4 02:49:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1987.949019] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1987.954233] should_fail.cold.4+0xa/0x17 [ 1987.958313] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1987.958329] ? lock_release+0x970/0x970 [ 1987.958348] ? arch_local_save_flags+0x40/0x40 [ 1987.967417] ? zap_class+0x640/0x640 [ 1987.967439] ? check_preemption_disabled+0x48/0x200 [ 1987.967463] ? __mutex_lock+0x85e/0x1700 [ 1987.984803] ? kernfs_activate+0x8e/0x2c0 [ 1987.984822] ? zap_class+0x640/0x640 [ 1987.992702] ? fs_reclaim_acquire+0x20/0x20 [ 1987.997036] ? lock_downgrade+0x900/0x900 [ 1987.997054] ? ___might_sleep+0x1ed/0x300 [ 1987.997072] ? arch_local_save_flags+0x40/0x40 [ 1988.005345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1988.005362] ? check_preemption_disabled+0x48/0x200 [ 1988.005383] __should_failslab+0x124/0x180 [ 1988.015478] should_failslab+0x9/0x14 [ 1988.015495] kmem_cache_alloc+0x2be/0x730 [ 1988.015510] ? zap_class+0x640/0x640 [ 1988.024738] ? do_raw_spin_lock+0xc1/0x200 [ 1988.024757] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1988.024776] __kernfs_new_node+0x127/0x8d0 [ 1988.040446] input: syz0 as /devices/virtual/input/input636 [ 1988.040686] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1988.060291] ? debug_smp_processor_id+0x1c/0x20 [ 1988.064978] ? zap_class+0x640/0x640 [ 1988.068716] ? device_pm_add+0x229/0x360 [ 1988.072794] ? lock_downgrade+0x900/0x900 [ 1988.076954] ? mutex_unlock+0xd/0x10 [ 1988.080702] ? kernfs_activate+0x21a/0x2c0 [ 1988.084950] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1988.089802] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1988.094403] kernfs_new_node+0x95/0x120 [ 1988.098395] __kernfs_create_file+0x5a/0x340 [ 1988.102826] sysfs_add_file_mode_ns+0x222/0x530 [ 1988.107516] sysfs_create_file_ns+0x1a3/0x270 [ 1988.112027] ? do_raw_spin_lock+0xc1/0x200 [ 1988.116275] ? sysfs_add_file_mode_ns+0x530/0x530 [ 1988.121136] ? mutex_unlock+0xd/0x10 [ 1988.124858] ? device_pm_add+0x229/0x360 [ 1988.128936] ? device_pm_check_callbacks+0x3f0/0x3f0 [ 1988.134059] device_create_file+0xf4/0x1e0 [ 1988.138310] device_add+0x1132/0x17b0 [ 1988.142132] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1988.147784] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1988.153337] ? refcount_inc_checked+0x29/0x70 [ 1988.157846] ? kobject_get+0x6b/0xc0 [ 1988.161572] cdev_device_add+0xb4/0x110 [ 1988.165562] evdev_connect+0x487/0x5c0 [ 1988.169458] ? evdev_read+0xe70/0xe70 [ 1988.173275] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1988.178830] input_attach_handler+0x1b1/0x210 [ 1988.183347] input_register_device.cold.22+0xe8/0x297 [ 1988.188552] ? devm_input_allocate_device+0x120/0x120 [ 1988.193757] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1988.198783] ? input_mt_init_slots+0xba/0x4a0 [ 1988.203294] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1988.208582] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1988.213963] ? __fget_light+0x2e9/0x430 [ 1988.217949] ? fget_raw+0x20/0x20 [ 1988.221421] ? __sb_end_write+0xd9/0x110 [ 1988.225498] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1988.231046] ? fput+0x130/0x1a0 [ 1988.234341] ? ksys_write+0x1ae/0x260 [ 1988.238150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1988.243722] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 02:49:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x3f000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1988.249273] uinput_compat_ioctl+0x6b/0x90 [ 1988.253524] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1988.258293] do_fast_syscall_32+0x34d/0xfb2 [ 1988.262625] ? do_int80_syscall_32+0x890/0x890 [ 1988.267238] ? entry_SYSENTER_compat+0x68/0x7f [ 1988.271830] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1988.271848] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1988.271863] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1988.271877] ? trace_hardirqs_on_caller+0x310/0x310 [ 1988.271895] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1988.281749] ? prepare_exit_to_usermode+0x291/0x3b0 02:49:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) [ 1988.301623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1988.306502] entry_SYSENTER_compat+0x70/0x7f [ 1988.310920] RIP: 0023:0xf7f58ca9 [ 1988.314299] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1988.333210] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1988.340935] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:49:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x400300}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1988.348206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1988.348215] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1988.348224] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1988.348232] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1988.440906] input: failed to attach handler evdev to device input635, error: -12 02:49:23 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x80000001, 0x2) ioctl$GIO_FONT(r3, 0x4b60, &(0x7f00000000c0)=""/12) ioctl$UI_SET_MSCBIT(r3, 0x40045568, 0x1d) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000080)={'tunl0\x00', {0x2, 0x4e21}}) r4 = socket$inet6(0xa, 0x800, 0x8) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r4, r0) 02:49:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x48) 02:49:23 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x3f00}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:23 executing program 5 (fault-call:4 fault-nth:59): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:23 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f0000000540)='/dev/dmmidi#\x00', 0x7, 0x400) ioctl$PPPOEIOCSFWD(r0, 0x4004b100, &(0x7f0000000580)={0x18, 0x0, {0x4, @local, 'ifb0\x00'}}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) [ 1989.422256] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1989.422256] program syz-executor1 not setting count and/or reply_len properly [ 1989.444363] input: syz0 as /devices/virtual/input/input637 [ 1989.456411] input: syz0 as /devices/virtual/input/input638 02:49:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xffffff7f00000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1989.471924] input: syz0 as /devices/virtual/input/input639 02:49:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 02:49:23 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1989.522137] FAULT_INJECTION: forcing a failure. [ 1989.522137] name failslab, interval 1, probability 0, space 0, times 0 [ 1989.540646] CPU: 1 PID: 725 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1989.547853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1989.547859] Call Trace: [ 1989.547881] dump_stack+0x1c4/0x2b4 [ 1989.547901] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1989.563394] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1989.563394] program syz-executor1 not setting count and/or reply_len properly [ 1989.563457] should_fail.cold.4+0xa/0x17 [ 1989.584410] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1989.584427] ? __mutex_lock+0x85e/0x1700 [ 1989.584443] ? kernfs_activate+0x8e/0x2c0 [ 1989.584460] ? ___ratelimit.cold.2+0x6b/0x6b [ 1989.584477] ? mutex_trylock+0x2b0/0x2b0 [ 1989.610292] ? __mutex_lock+0x85e/0x1700 [ 1989.610307] ? zap_class+0x640/0x640 [ 1989.610327] ? kernfs_activate+0x21a/0x2c0 [ 1989.618084] ? zap_class+0x640/0x640 [ 1989.618101] ? fs_reclaim_acquire+0x20/0x20 [ 1989.618117] ? lock_downgrade+0x900/0x900 [ 1989.634513] ? ___might_sleep+0x1ed/0x300 [ 1989.638691] ? lock_downgrade+0x900/0x900 [ 1989.642852] ? arch_local_save_flags+0x40/0x40 [ 1989.647450] ? mark_held_locks+0x130/0x130 [ 1989.651702] __should_failslab+0x124/0x180 [ 1989.655947] should_failslab+0x9/0x14 [ 1989.659901] __kmalloc_track_caller+0x2d0/0x750 [ 1989.664579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.670134] ? check_preemption_disabled+0x48/0x200 [ 1989.675163] ? kstrdup_const+0x66/0x80 [ 1989.679067] kstrdup+0x39/0x70 [ 1989.682281] kstrdup_const+0x66/0x80 [ 1989.686011] __kernfs_new_node+0xe8/0x8d0 [ 1989.690174] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1989.694939] ? number+0x972/0xca0 [ 1989.698407] ? put_dec+0xf0/0xf0 [ 1989.701777] ? format_decode+0x1b2/0xaf0 [ 1989.701794] ? set_precision+0xe0/0xe0 [ 1989.701810] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.701828] ? __kernfs_create_file+0x2ac/0x340 [ 1989.709761] ? zap_class+0x640/0x640 [ 1989.709780] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1989.729132] ? lock_downgrade+0x900/0x900 [ 1989.733307] kernfs_new_node+0x95/0x120 [ 1989.737298] kernfs_create_link+0xdb/0x250 [ 1989.741569] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1989.746859] sysfs_create_link+0x65/0xc0 [ 1989.750937] device_add+0x123c/0x17b0 [ 1989.754757] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1989.759882] ? refcount_inc_checked+0x29/0x70 [ 1989.764388] ? kobject_get+0x6b/0xc0 [ 1989.768121] cdev_device_add+0xb4/0x110 [ 1989.772112] evdev_connect+0x487/0x5c0 [ 1989.776011] ? evdev_read+0xe70/0xe70 [ 1989.779830] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1989.785381] input_attach_handler+0x1b1/0x210 [ 1989.789897] input_register_device.cold.22+0xe8/0x297 [ 1989.795102] ? devm_input_allocate_device+0x120/0x120 [ 1989.800306] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1989.805331] ? input_mt_init_slots+0xba/0x4a0 [ 1989.809841] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1989.815132] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1989.820535] ? __fget_light+0x2e9/0x430 [ 1989.824536] ? fget_raw+0x20/0x20 [ 1989.828001] ? __sb_end_write+0xd9/0x110 [ 1989.832083] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1989.837629] ? fput+0x130/0x1a0 [ 1989.840927] ? ksys_write+0x1ae/0x260 [ 1989.844737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.850297] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1989.855840] uinput_compat_ioctl+0x6b/0x90 [ 1989.860085] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1989.860106] do_fast_syscall_32+0x34d/0xfb2 [ 1989.869180] ? do_int80_syscall_32+0x890/0x890 [ 1989.873774] ? entry_SYSENTER_compat+0x68/0x7f [ 1989.873791] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1989.873809] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1989.888226] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1989.893088] ? trace_hardirqs_on_caller+0x310/0x310 [ 1989.898114] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1989.903147] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1989.908179] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1989.913039] entry_SYSENTER_compat+0x70/0x7f [ 1989.917452] RIP: 0023:0xf7f58ca9 [ 1989.920832] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1989.939740] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1989.947458] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1989.954752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1989.962028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 02:49:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 02:49:24 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x40030000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1989.969304] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1989.976584] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1989.994719] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1989.994719] program syz-executor1 not setting count and/or reply_len properly [ 1990.060663] input: failed to attach handler evdev to device input638, error: -12 02:49:25 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400203) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e21, @local}}, 0x80, 0xe0de0000000, 0x10001, 0x5, 0x7fff}, &(0x7f0000000100)=0x98) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000140)={r4, @in={{0x2, 0x5, @broadcast}}}, &(0x7f0000000200)=0x84) r5 = dup2(r3, r0) write(r1, &(0x7f0000000280)="f52d58b4d182dda9822407689b3dc1e9321a76718fb269ecf01dfdaa1c45131c3ec0b01e4249eb8d27c51f72cc27e82983bdaa9629213350da2451091d66b6b88fca9e8dff8d415c392049412a05f0395a6c315c096d2caa36284c", 0x5b) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000340)={0x7f, 0x7, 0x2000}, 0x4) 02:49:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 02:49:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:25 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:25 executing program 5 (fault-call:4 fault-nth:60): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:25 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) utimensat(r1, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={{}, {0x0, 0x2710}}, 0x100) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000540)={0x10f004, 0xa000}) write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f00000005c0)={0x2, 0x200}, 0x2) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000580)) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000600)={0x0}) ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000800)) ioctl$DRM_IOCTL_DMA(r1, 0xc0286429, &(0x7f0000000740)={r2, 0x6, &(0x7f0000000640)=[0x3f, 0x77f9, 0x9, 0x7, 0x9, 0x81], &(0x7f0000000680)=[0x2], 0xde954ede46b736d0, 0x3, 0xfffffffffffffffc, &(0x7f00000006c0)=[0x60fc42cf, 0x4, 0xff], &(0x7f0000000700)=[0x3, 0x5, 0x4]}) 02:49:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb0ffffff]}, 0x48) [ 1991.167281] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1991.167281] program syz-executor1 not setting count and/or reply_len properly [ 1991.191171] input: syz0 as /devices/virtual/input/input641 [ 1991.210662] FAULT_INJECTION: forcing a failure. 02:49:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x60}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1991.210662] name failslab, interval 1, probability 0, space 0, times 0 [ 1991.222491] input: syz0 as /devices/virtual/input/input640 [ 1991.250429] CPU: 0 PID: 758 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1991.257646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 02:49:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 02:49:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xffffff9e}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1991.267002] Call Trace: [ 1991.269617] dump_stack+0x1c4/0x2b4 [ 1991.273273] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1991.278488] should_fail.cold.4+0xa/0x17 [ 1991.282567] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1991.287682] ? perf_trace_lock+0x14d/0x7a0 [ 1991.291929] ? lock_release+0x970/0x970 [ 1991.295912] ? arch_local_save_flags+0x40/0x40 [ 1991.300503] ? zap_class+0x640/0x640 [ 1991.304226] ? check_preemption_disabled+0x48/0x200 [ 1991.309271] ? __mutex_lock+0x85e/0x1700 [ 1991.313348] ? kernfs_activate+0x8e/0x2c0 [ 1991.317535] ? zap_class+0x640/0x640 [ 1991.321261] ? fs_reclaim_acquire+0x20/0x20 [ 1991.325596] ? lock_downgrade+0x900/0x900 [ 1991.329768] ? ___might_sleep+0x1ed/0x300 [ 1991.333936] ? arch_local_save_flags+0x40/0x40 [ 1991.338531] ? kernfs_activate+0x21a/0x2c0 [ 1991.342789] __should_failslab+0x124/0x180 [ 1991.347037] should_failslab+0x9/0x14 [ 1991.350851] kmem_cache_alloc+0x2be/0x730 [ 1991.355011] ? lock_downgrade+0x900/0x900 [ 1991.359179] ? do_raw_spin_lock+0xc1/0x200 02:49:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x6000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 1991.363440] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1991.368467] __kernfs_new_node+0x127/0x8d0 [ 1991.372719] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1991.377499] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 1991.382448] ? wait_for_completion+0x8a0/0x8a0 [ 1991.387050] ? wait_for_completion+0x8a0/0x8a0 [ 1991.391655] ? mutex_unlock+0xd/0x10 [ 1991.395400] ? kernfs_activate+0x21a/0x2c0 [ 1991.399657] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1991.404513] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1991.410066] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1991.414663] kernfs_new_node+0x95/0x120 [ 1991.418656] __kernfs_create_file+0x5a/0x340 [ 1991.423080] sysfs_add_file_mode_ns+0x222/0x530 [ 1991.427772] sysfs_merge_group+0x224/0x410 [ 1991.432031] ? sysfs_mount+0x240/0x240 [ 1991.435936] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1991.441495] dpm_sysfs_add+0x161/0x210 [ 1991.445415] device_add+0x846/0x17b0 [ 1991.449154] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1991.454282] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1991.459836] ? refcount_inc_checked+0x29/0x70 [ 1991.464340] ? kobject_get+0x6b/0xc0 [ 1991.468091] cdev_device_add+0xb4/0x110 [ 1991.472076] evdev_connect+0x487/0x5c0 [ 1991.475979] ? evdev_read+0xe70/0xe70 [ 1991.479792] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1991.485348] input_attach_handler+0x1b1/0x210 [ 1991.489882] input_register_device.cold.22+0xe8/0x297 [ 1991.495090] ? devm_input_allocate_device+0x120/0x120 [ 1991.500290] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1991.505321] ? input_mt_init_slots+0xba/0x4a0 [ 1991.509856] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1991.515148] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1991.520526] ? __fget_light+0x2e9/0x430 [ 1991.524511] ? fget_raw+0x20/0x20 [ 1991.527982] ? __sb_end_write+0xd9/0x110 [ 1991.532060] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1991.537616] ? fput+0x130/0x1a0 [ 1991.540914] ? ksys_write+0x1ae/0x260 [ 1991.544724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1991.550277] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1991.555825] uinput_compat_ioctl+0x6b/0x90 [ 1991.560079] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1991.564850] do_fast_syscall_32+0x34d/0xfb2 [ 1991.569189] ? do_int80_syscall_32+0x890/0x890 [ 1991.573785] ? entry_SYSENTER_compat+0x68/0x7f [ 1991.578395] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1991.583419] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1991.588273] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1991.593132] ? trace_hardirqs_on_caller+0x310/0x310 [ 1991.598163] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1991.603191] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1991.608228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1991.613090] entry_SYSENTER_compat+0x70/0x7f [ 1991.617506] RIP: 0023:0xf7f58ca9 [ 1991.620886] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1991.639796] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1991.647515] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1991.654793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1991.662155] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1991.669436] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1991.676711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1991.722218] input: failed to attach handler evdev to device input641, error: -12 [ 1991.734812] input: syz0 as /devices/virtual/input/input642 02:49:26 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x4000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc0ffffff00000000]}, 0x48) 02:49:26 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:26 executing program 5 (fault-call:4 fault-nth:61): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:26 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0xc004aea7, &(0x7f0000000580)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1992.732570] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1992.732570] program syz-executor1 not setting count and/or reply_len properly [ 1992.752372] input: syz0 as /devices/virtual/input/input643 [ 1992.771601] input: syz0 as /devices/virtual/input/input644 [ 1992.780259] FAULT_INJECTION: forcing a failure. [ 1992.780259] name failslab, interval 1, probability 0, space 0, times 0 [ 1992.797558] CPU: 1 PID: 786 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1992.804769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1992.814127] Call Trace: [ 1992.816738] dump_stack+0x1c4/0x2b4 [ 1992.820383] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1992.825592] should_fail.cold.4+0xa/0x17 [ 1992.829667] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1992.834778] ? lock_release+0x970/0x970 [ 1992.838759] ? arch_local_save_flags+0x40/0x40 [ 1992.843373] ? zap_class+0x640/0x640 [ 1992.847099] ? check_preemption_disabled+0x48/0x200 [ 1992.852138] ? __mutex_lock+0x85e/0x1700 [ 1992.856211] ? kernfs_activate+0x8e/0x2c0 [ 1992.860384] ? zap_class+0x640/0x640 [ 1992.864110] ? fs_reclaim_acquire+0x20/0x20 [ 1992.868442] ? lock_downgrade+0x900/0x900 [ 1992.872599] ? ___might_sleep+0x1ed/0x300 [ 1992.876760] ? arch_local_save_flags+0x40/0x40 [ 1992.881352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1992.886898] ? check_preemption_disabled+0x48/0x200 [ 1992.891930] __should_failslab+0x124/0x180 [ 1992.896175] should_failslab+0x9/0x14 [ 1992.899991] kmem_cache_alloc+0x2be/0x730 [ 1992.904142] ? zap_class+0x640/0x640 [ 1992.907866] ? do_raw_spin_lock+0xc1/0x200 [ 1992.912114] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1992.917137] __kernfs_new_node+0x127/0x8d0 [ 1992.921378] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1992.926149] ? debug_smp_processor_id+0x1c/0x20 [ 1992.930833] ? zap_class+0x640/0x640 [ 1992.934552] ? device_pm_add+0x229/0x360 [ 1992.938623] ? lock_downgrade+0x900/0x900 [ 1992.942775] ? mutex_unlock+0xd/0x10 [ 1992.946492] ? kernfs_activate+0x21a/0x2c0 [ 1992.950725] ? kernfs_walk_and_get_ns+0x340/0x340 [ 1992.955570] ? kernfs_link_sibling+0x1d2/0x3b0 [ 1992.960153] kernfs_new_node+0x95/0x120 [ 1992.964127] __kernfs_create_file+0x5a/0x340 [ 1992.968535] sysfs_add_file_mode_ns+0x222/0x530 [ 1992.973202] sysfs_create_file_ns+0x1a3/0x270 [ 1992.978003] ? do_raw_spin_lock+0xc1/0x200 [ 1992.982261] ? sysfs_add_file_mode_ns+0x530/0x530 [ 1992.987104] ? mutex_unlock+0xd/0x10 [ 1992.990816] ? device_pm_add+0x229/0x360 [ 1992.994874] ? device_pm_check_callbacks+0x3f0/0x3f0 [ 1992.999977] device_create_file+0xf4/0x1e0 [ 1993.004207] device_add+0x1132/0x17b0 [ 1993.008012] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1993.013134] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1993.018666] ? refcount_inc_checked+0x29/0x70 [ 1993.023154] ? kobject_get+0x6b/0xc0 [ 1993.026868] cdev_device_add+0xb4/0x110 [ 1993.030841] evdev_connect+0x487/0x5c0 [ 1993.034723] ? evdev_read+0xe70/0xe70 [ 1993.038542] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1993.044077] input_attach_handler+0x1b1/0x210 [ 1993.048570] input_register_device.cold.22+0xe8/0x297 [ 1993.053756] ? devm_input_allocate_device+0x120/0x120 [ 1993.058963] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1993.063985] ? input_mt_init_slots+0xba/0x4a0 [ 1993.068476] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1993.073751] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1993.079112] ? __fget_light+0x2e9/0x430 [ 1993.083098] ? fget_raw+0x20/0x20 [ 1993.086557] ? __sb_end_write+0xd9/0x110 [ 1993.090628] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1993.096168] ? fput+0x130/0x1a0 [ 1993.099452] ? ksys_write+0x1ae/0x260 [ 1993.103259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1993.108800] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1993.114336] uinput_compat_ioctl+0x6b/0x90 [ 1993.118581] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1993.123359] do_fast_syscall_32+0x34d/0xfb2 [ 1993.127700] ? do_int80_syscall_32+0x890/0x890 [ 1993.132293] ? entry_SYSENTER_compat+0x68/0x7f [ 1993.136880] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1993.141907] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1993.146758] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1993.151610] ? trace_hardirqs_on_caller+0x310/0x310 [ 1993.156632] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1993.161655] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1993.166681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1993.171537] entry_SYSENTER_compat+0x70/0x7f [ 1993.175946] RIP: 0023:0xf7f58ca9 [ 1993.179328] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1993.198242] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1993.205963] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1993.213236] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1993.220508] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1993.227777] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:49:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 02:49:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x8000000000000000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1993.235047] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1993.272869] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:49:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000006"], 0x2e) 02:49:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x9effffff}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa0ffffff00000000]}, 0x48) [ 1993.272869] program syz-executor1 not setting count and/or reply_len properly [ 1993.325058] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1993.325058] program syz-executor1 not setting count and/or reply_len properly [ 1993.360556] input: failed to attach handler evdev to device input643, error: -12 [ 1993.382572] input: syz0 as /devices/virtual/input/input645 02:49:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='rdma.current\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x500, 0x0) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r3, r0) r4 = fcntl$dupfd(r0, 0x0, r0) syz_kvm_setup_cpu$x86(r4, r1, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000000c0)="640f01cb64f3406fc744240005000000c7442402e7af02b2c7442406000000000f01142465f77fa40f0e66460f5c63c0c423f914e30066bad004ecb9800000c00f3235000400000f300f01cf", 0x4c}], 0x1, 0x20, &(0x7f0000000180), 0x0) 02:49:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000005"], 0x2e) 02:49:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000]}, 0x48) 02:49:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x5b420000}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:28 executing program 5 (fault-call:4 fault-nth:62): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:28 executing program 3: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vhci\x00', 0x0, 0x0) ioctl$KDSETMODE(r0, 0x4b3a, 0x7fff) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:49:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0xf00}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb0ffffff00000000]}, 0x48) [ 1994.089894] input: syz0 as /devices/virtual/input/input646 [ 1994.097777] input: syz0 as /devices/virtual/input/input647 [ 1994.104252] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1994.104252] program syz-executor1 not setting count and/or reply_len properly [ 1994.120260] FAULT_INJECTION: forcing a failure. [ 1994.120260] name failslab, interval 1, probability 0, space 0, times 0 02:49:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000000038000000007f"], 0x2e) [ 1994.160553] CPU: 0 PID: 808 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1994.167782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1994.177155] Call Trace: [ 1994.179755] dump_stack+0x1c4/0x2b4 [ 1994.183407] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1994.188613] should_fail.cold.4+0xa/0x17 [ 1994.192690] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1994.197809] ? __mutex_lock+0x85e/0x1700 [ 1994.201883] ? kernfs_activate+0x8e/0x2c0 [ 1994.206047] ? ___ratelimit.cold.2+0x6b/0x6b 02:49:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) [ 1994.210468] ? mutex_trylock+0x2b0/0x2b0 [ 1994.214540] ? __mutex_lock+0x85e/0x1700 [ 1994.218611] ? zap_class+0x640/0x640 [ 1994.222336] ? kernfs_activate+0x21a/0x2c0 [ 1994.226121] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1994.226121] program syz-executor1 not setting count and/or reply_len properly [ 1994.226591] ? zap_class+0x640/0x640 [ 1994.245996] ? fs_reclaim_acquire+0x20/0x20 [ 1994.250332] ? lock_downgrade+0x900/0x900 [ 1994.254503] ? ___might_sleep+0x1ed/0x300 02:49:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}, 0x48) [ 1994.258664] ? lock_downgrade+0x900/0x900 [ 1994.262825] ? arch_local_save_flags+0x40/0x40 [ 1994.267423] ? mark_held_locks+0x130/0x130 [ 1994.271671] __should_failslab+0x124/0x180 [ 1994.275917] should_failslab+0x9/0x14 [ 1994.279735] __kmalloc_track_caller+0x2d0/0x750 [ 1994.284420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1994.289972] ? check_preemption_disabled+0x48/0x200 [ 1994.295001] ? kstrdup_const+0x66/0x80 [ 1994.298897] kstrdup+0x39/0x70 [ 1994.302115] kstrdup_const+0x66/0x80 [ 1994.305844] __kernfs_new_node+0xe8/0x8d0 02:49:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 1994.310006] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1994.314773] ? number+0x972/0xca0 [ 1994.318248] ? put_dec+0xf0/0xf0 [ 1994.321622] ? format_decode+0x1b2/0xaf0 [ 1994.325693] ? set_precision+0xe0/0xe0 [ 1994.329595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1994.335159] ? __kernfs_create_file+0x2ac/0x340 [ 1994.339839] ? zap_class+0x640/0x640 [ 1994.343565] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1994.347659] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1994.347659] program syz-executor1 not setting count and/or reply_len properly [ 1994.349021] ? lock_downgrade+0x900/0x900 [ 1994.349046] kernfs_new_node+0x95/0x120 [ 1994.349069] kernfs_create_link+0xdb/0x250 [ 1994.377121] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1994.382411] sysfs_create_link+0x65/0xc0 [ 1994.386485] device_add+0x123c/0x17b0 [ 1994.390303] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1994.395424] ? refcount_inc_checked+0x29/0x70 [ 1994.399927] ? kobject_get+0x6b/0xc0 [ 1994.403651] cdev_device_add+0xb4/0x110 [ 1994.407629] evdev_connect+0x487/0x5c0 [ 1994.411524] ? evdev_read+0xe70/0xe70 [ 1994.415350] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1994.420904] input_attach_handler+0x1b1/0x210 [ 1994.425415] input_register_device.cold.22+0xe8/0x297 [ 1994.430622] ? devm_input_allocate_device+0x120/0x120 [ 1994.435823] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1994.440852] ? input_mt_init_slots+0xba/0x4a0 [ 1994.445365] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1994.450652] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1994.456029] ? __fget_light+0x2e9/0x430 [ 1994.460012] ? fget_raw+0x20/0x20 [ 1994.463472] ? __sb_end_write+0xd9/0x110 [ 1994.467546] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1994.473100] ? fput+0x130/0x1a0 [ 1994.476388] ? ksys_write+0x1ae/0x260 [ 1994.480201] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1994.485749] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1994.491293] uinput_compat_ioctl+0x6b/0x90 [ 1994.495547] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1994.500314] do_fast_syscall_32+0x34d/0xfb2 [ 1994.504652] ? do_int80_syscall_32+0x890/0x890 [ 1994.509244] ? entry_SYSENTER_compat+0x68/0x7f [ 1994.513832] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1994.518855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1994.523710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1994.528557] ? trace_hardirqs_on_caller+0x310/0x310 [ 1994.533583] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1994.538608] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1994.543638] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1994.548497] entry_SYSENTER_compat+0x70/0x7f [ 1994.552911] RIP: 0023:0xf7f58ca9 [ 1994.556288] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1994.581874] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1994.589590] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1994.596864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1994.604142] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1994.611416] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1994.618694] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1994.670689] input: failed to attach handler evdev to device input646, error: -12 [ 1994.684037] input: syz0 as /devices/virtual/input/input648 02:49:29 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x3c, &(0x7f00000002c0)=[@in6={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, [], 0x18}, 0xffffffffffffdaad}, @in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e22, @multicast1}]}, &(0x7f0000000340)=0xc) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000380)={r2, 0x9}, 0x8) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000240)={r1, 0x60, 0x1, "312d113b0412e77e49e969d1095c5271737d332927cc5e4919c543e833b424108efeba731fc8f2615f6ee90285beb6ad336d148d9bc517a074bb152b828c724919727e85aa78624257a6fa1167c83f458ea72f1abeb8f91c4bc6e2ac0654eb3507da20ebbfee5c2223289cc3c14538510a71a8744eac"}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x169) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) timer_create(0x7, &(0x7f0000000100)={0x0, 0x34, 0x6, @thr={&(0x7f0000000040)="7140f4b2e7d78a12dafc4296276672b9a757e10841431d24fd755ef8963b66462c6418086c0a4b99e2daa768203ffb0cc8cd1aadc3b55719b9b42da7f60363a1", &(0x7f0000000080)="4cc7c04159b502cf2b9f612c8761eabb08bb4fa333f0253bebef30eb52296ae2b441218ad3a5b30612fae8c3d0a9c90379c2dff470902a107305b84a837c2a9f7eb4046514ad8fe149435757238e211975ada1abb8dea75140b309905db66717d3dd8d"}}, &(0x7f0000000140)=0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r4, 0x1, &(0x7f00000001c0)={{r5, r6+10000000}, {0x77359400}}, 0x0) dup2(r3, r3) 02:49:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x48) 02:49:29 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000)={0x10, 0x0, 0x0, 0x5b42}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:29 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$RTC_IRQP_READ(r1, 0x8004700b, &(0x7f0000000540)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:29 executing program 5 (fault-call:4 fault-nth:63): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 1995.497568] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1995.497568] program syz-executor1 not setting count and/or reply_len properly [ 1995.517883] input: syz0 as /devices/virtual/input/input650 [ 1995.528765] input: syz0 as /devices/virtual/input/input649 [ 1995.542219] Unknown ioctl 1074021064 02:49:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0x8, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x48) [ 1995.549774] FAULT_INJECTION: forcing a failure. [ 1995.549774] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.550557] Unknown ioctl 35090 [ 1995.570797] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1995.570797] program syz-executor1 not setting count and/or reply_len properly [ 1995.587330] input: syz0 as /devices/virtual/input/input651 [ 1995.599972] CPU: 1 PID: 838 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1995.607193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1995.616549] Call Trace: [ 1995.619150] dump_stack+0x1c4/0x2b4 [ 1995.622794] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1995.628015] should_fail.cold.4+0xa/0x17 [ 1995.632094] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1995.637205] ? save_stack+0xa9/0xd0 [ 1995.640831] ? save_stack+0x43/0xd0 [ 1995.644464] ? kmem_cache_alloc_trace+0x152/0x750 [ 1995.649310] ? kobject_uevent_env+0x2f3/0x101e [ 1995.653895] ? kobject_uevent+0x1f/0x24 [ 1995.657876] ? device_add+0x936/0x17b0 [ 1995.661767] ? cdev_device_add+0xb4/0x110 [ 1995.665921] ? evdev_connect+0x487/0x5c0 [ 1995.670006] ? input_attach_handler+0x1b1/0x210 [ 1995.674684] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1995.680146] ? uinput_compat_ioctl+0x6b/0x90 [ 1995.684568] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1995.689508] ? do_fast_syscall_32+0x34d/0xfb2 [ 1995.694015] ? entry_SYSENTER_compat+0x70/0x7f [ 1995.698610] ? zap_class+0x640/0x640 [ 1995.702335] ? fs_reclaim_acquire+0x20/0x20 [ 1995.706664] ? lock_downgrade+0x900/0x900 [ 1995.710825] ? ___might_sleep+0x1ed/0x300 [ 1995.714989] ? lock_downgrade+0x900/0x900 [ 1995.719150] ? arch_local_save_flags+0x40/0x40 [ 1995.723752] __should_failslab+0x124/0x180 [ 1995.723767] should_failslab+0x9/0x14 [ 1995.723782] __kmalloc+0x2d4/0x760 [ 1995.723801] ? kobject_get_path+0xc2/0x1b0 [ 1995.731816] ? kmem_cache_alloc_trace+0x31f/0x750 [ 1995.731835] kobject_get_path+0xc2/0x1b0 [ 1995.731849] kobject_uevent_env+0x314/0x101e [ 1995.731868] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1995.758442] ? sysfs_do_create_link_sd.isra.2+0xd6/0x130 [ 1995.763902] kobject_uevent+0x1f/0x24 [ 1995.767713] device_add+0x936/0x17b0 [ 1995.771446] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1995.776563] ? refcount_inc_checked+0x29/0x70 [ 1995.781069] ? kobject_get+0x6b/0xc0 [ 1995.784800] cdev_device_add+0xb4/0x110 [ 1995.788789] evdev_connect+0x487/0x5c0 [ 1995.792685] ? evdev_read+0xe70/0xe70 [ 1995.795632] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1995.795632] program syz-executor1 not setting count and/or reply_len properly [ 1995.796502] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1995.796521] input_attach_handler+0x1b1/0x210 [ 1995.796545] input_register_device.cold.22+0xe8/0x297 [ 1995.827445] ? devm_input_allocate_device+0x120/0x120 [ 1995.832645] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1995.837666] ? input_mt_init_slots+0xba/0x4a0 [ 1995.842174] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1995.847461] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1995.852840] ? __fget_light+0x2e9/0x430 [ 1995.856830] ? fget_raw+0x20/0x20 [ 1995.860297] ? __sb_end_write+0xd9/0x110 [ 1995.864372] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1995.869911] ? fput+0x130/0x1a0 [ 1995.873203] ? ksys_write+0x1ae/0x260 [ 1995.877008] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1995.882554] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1995.888102] uinput_compat_ioctl+0x6b/0x90 [ 1995.892350] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1995.897126] do_fast_syscall_32+0x34d/0xfb2 02:49:29 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000002"], 0x2e) 02:49:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xb, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:29 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0xa) [ 1995.901461] ? do_int80_syscall_32+0x890/0x890 [ 1995.901478] ? entry_SYSENTER_compat+0x68/0x7f [ 1995.901493] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1995.901510] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1995.920495] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1995.920513] ? trace_hardirqs_on_caller+0x310/0x310 [ 1995.920529] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1995.920542] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1995.920559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1995.920580] entry_SYSENTER_compat+0x70/0x7f [ 1995.949652] RIP: 0023:0xf7f58ca9 [ 1995.949667] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1995.949679] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 [ 1995.971921] ORIG_RAX: 0000000000000036 [ 1995.971932] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1995.971952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 02:49:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x48) [ 1995.971960] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1995.971968] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1995.971976] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1996.282793] Unknown ioctl 35090 [ 1996.286171] Unknown ioctl 1074021064 02:49:31 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)=0x1, 0x4) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4) dup2(r2, r0) 02:49:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0x2002400c, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:31 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x25) 02:49:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 02:49:31 executing program 5 (fault-call:4 fault-nth:64): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:31 executing program 3: r0 = syz_open_dev$midi(&(0x7f0000000600)='/dev/midi#\x00', 0x3, 0xa2902) ioctl$KVM_X86_SET_MCE(r0, 0x4040ae9e, &(0x7f0000000640)={0x400000000000000, 0x2, 0xfffffffffffffff9, 0x0, 0x12}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06055c8, &(0x7f0000000540)={0x6, 0x141, {0x56, 0xffff, 0xfffffffffffffffe, {0xf9e, 0x7fff}, {0x1ff}, @ramp={0x49, 0x5, {0x40000000, 0x401, 0x0, 0xa38}}}, {0xaea6baa1622f26c3, 0x81, 0x2, {0x0, 0xfffffffffffffeff}, {0xec, 0xd6}, @const={0x8, {0x800, 0x7, 0x8, 0x6}}}}) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/full\x00', 0x400, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r2, 0x5501) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/qat_adf_ctl\x00', 0x400000, 0x0) openat(r3, &(0x7f0000000680)='./file0\x00', 0x4200, 0xb) 02:49:31 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0xb1) 02:49:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x80806, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:49:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0x3, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 1997.199511] input: syz0 as /devices/virtual/input/input652 [ 1997.222242] FAULT_INJECTION: forcing a failure. [ 1997.222242] name failslab, interval 1, probability 0, space 0, times 0 [ 1997.262555] CPU: 1 PID: 865 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1997.269784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1997.279134] Call Trace: [ 1997.281733] dump_stack+0x1c4/0x2b4 [ 1997.281754] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1997.281778] should_fail.cold.4+0xa/0x17 [ 1997.285861] sg_write: data in/out 393180/135 bytes for SCSI command 0x0-- guessing data in; [ 1997.285861] program syz-executor1 not setting count and/or reply_len properly [ 1997.290587] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1997.290604] ? debug_smp_processor_id+0x1c/0x20 [ 1997.290617] ? perf_trace_lock+0x14d/0x7a0 [ 1997.290631] ? lock_release+0x970/0x970 [ 1997.290650] ? arch_local_save_flags+0x40/0x40 [ 1997.310561] ? zap_class+0x640/0x640 [ 1997.310583] ? check_preemption_disabled+0x48/0x200 [ 1997.310607] ? widen_string+0xe0/0x2e0 [ 1997.333121] ? __mutex_lock+0x85e/0x1700 [ 1997.341842] ? zap_class+0x640/0x640 [ 1997.341859] ? fs_reclaim_acquire+0x20/0x20 [ 1997.341879] ? lock_downgrade+0x900/0x900 [ 1997.353522] ? ___might_sleep+0x1ed/0x300 [ 1997.353536] ? widen_string+0x2e0/0x2e0 [ 1997.353552] ? arch_local_save_flags+0x40/0x40 [ 1997.353578] ? kernfs_activate+0x21a/0x2c0 [ 1997.362023] __should_failslab+0x124/0x180 [ 1997.362039] should_failslab+0x9/0x14 [ 1997.370136] __kmalloc_track_caller+0x2d0/0x750 [ 1997.370152] ? pointer+0x990/0x990 [ 1997.383171] ? lock_downgrade+0x900/0x900 [ 1997.383189] ? do_raw_spin_lock+0xc1/0x200 [ 1997.391631] ? kasprintf+0xab/0xe0 [ 1997.391648] kvasprintf+0xb5/0x150 [ 1997.410607] ? bust_spinlocks+0xe0/0xe0 [ 1997.414598] ? number+0x972/0xca0 [ 1997.418061] kasprintf+0xab/0xe0 [ 1997.421435] ? kvasprintf_const+0x190/0x190 [ 1997.425770] ? wait_for_completion+0x8a0/0x8a0 [ 1997.430354] ? set_precision+0xe0/0xe0 [ 1997.434256] ? input_default_getkeycode+0x520/0x520 [ 1997.439286] input_devnode+0x4c/0x90 [ 1997.443013] device_get_devnode+0x16f/0x2d0 [ 1997.447347] devtmpfs_create_node+0x17e/0x480 [ 1997.451866] ? devtmpfsd+0x4c0/0x4c0 [ 1997.455596] ? kernfs_get+0x30/0x30 [ 1997.459231] ? kernfs_add_one+0x12b/0x4d0 [ 1997.463396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1997.468941] ? kernfs_create_link+0x1d4/0x250 [ 1997.473448] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1997.478992] ? sysfs_do_create_link_sd.isra.2+0xd6/0x130 [ 1997.484459] device_add+0x1392/0x17b0 [ 1997.488274] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1997.493390] ? refcount_inc_checked+0x29/0x70 [ 1997.497896] ? kobject_get+0x6b/0xc0 [ 1997.501633] cdev_device_add+0xb4/0x110 [ 1997.505623] evdev_connect+0x487/0x5c0 [ 1997.509519] ? evdev_read+0xe70/0xe70 [ 1997.513331] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1997.518879] input_attach_handler+0x1b1/0x210 [ 1997.523392] input_register_device.cold.22+0xe8/0x297 [ 1997.528598] ? devm_input_allocate_device+0x120/0x120 [ 1997.533819] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1997.538855] ? input_mt_init_slots+0xba/0x4a0 [ 1997.543358] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1997.548648] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1997.554023] ? __fget_light+0x2e9/0x430 [ 1997.558010] ? fget_raw+0x20/0x20 [ 1997.561473] ? __sb_end_write+0xd9/0x110 [ 1997.565547] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1997.571095] ? fput+0x130/0x1a0 [ 1997.574384] ? ksys_write+0x1ae/0x260 [ 1997.578192] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1997.583740] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1997.589286] uinput_compat_ioctl+0x6b/0x90 [ 1997.593531] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1997.598318] do_fast_syscall_32+0x34d/0xfb2 [ 1997.602651] ? do_int80_syscall_32+0x890/0x890 [ 1997.607241] ? entry_SYSENTER_compat+0x68/0x7f [ 1997.611841] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1997.616864] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1997.621716] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1997.626572] ? trace_hardirqs_on_caller+0x310/0x310 [ 1997.631599] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1997.636625] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1997.641658] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1997.646519] entry_SYSENTER_compat+0x70/0x7f [ 1997.650936] RIP: 0023:0xf7f58ca9 02:49:31 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2000046e) 02:49:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 1997.654311] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1997.673214] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1997.680933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1997.688207] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1997.695478] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1997.702765] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 02:49:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f0000000540)={'ip6_vti0\x00', 0xb632}) [ 1997.710056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1997.749659] sg_write: data in/out 393180/536872004 bytes for SCSI command 0x0-- guessing data in; [ 1997.749659] program syz-executor1 not setting count and/or reply_len properly [ 1997.781673] input: syz0 as /devices/virtual/input/input656 [ 1997.800664] input: syz0 as /devices/virtual/input/input657 02:49:32 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) ioctl$TIOCLINUX6(r2, 0x541c, &(0x7f0000000080)={0x6, 0x3bbdbc43}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r3, r0) 02:49:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 02:49:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x14, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x23) 02:49:32 executing program 5 (fault-call:4 fault-nth:65): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:32 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000640)='/dev/uinput\x00', 0x5, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000000540)={{0x6, 0x1234}, {0x9, 0x2}, 0x3ff, 0x5, 0x800}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x1fd, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x29) 02:49:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa0ffffff]}, 0x48) [ 1998.885978] input: syz0 as /devices/virtual/input/input658 [ 1998.901453] input: syz0 as /devices/virtual/input/input659 [ 1998.922621] FAULT_INJECTION: forcing a failure. [ 1998.922621] name failslab, interval 1, probability 0, space 0, times 0 [ 1998.950449] CPU: 1 PID: 901 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 1998.957746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1998.967096] Call Trace: [ 1998.969697] dump_stack+0x1c4/0x2b4 [ 1998.973323] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1998.978746] should_fail.cold.4+0xa/0x17 [ 1998.978762] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1998.978778] ? kasan_kmalloc+0xc7/0xe0 [ 1998.991781] ? __kmalloc_track_caller+0x14a/0x750 [ 1998.996621] ? kstrdup+0x39/0x70 02:49:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3, 0x200000) readahead(r1, 0xffffffffffffff01, 0xd0e5) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000080)=0x7) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c46000006000000000000000000000000020000000000000000000000000000000000380000000000000000"], 0x2e) [ 1999.000010] ? kstrdup_const+0x66/0x80 [ 1999.003907] ? __kernfs_new_node+0xe8/0x8d0 [ 1999.003920] ? kernfs_new_node+0x95/0x120 [ 1999.003943] ? kernfs_create_link+0xdb/0x250 [ 1999.003959] ? sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1999.016773] ? sysfs_create_link+0x65/0xc0 [ 1999.026429] ? cdev_device_add+0xb4/0x110 [ 1999.030575] ? evdev_connect+0x487/0x5c0 [ 1999.033278] input: syz0 as /devices/virtual/input/input660 [ 1999.034649] ? input_attach_handler+0x1b1/0x210 [ 1999.034671] ? input_register_device.cold.22+0xe8/0x297 [ 1999.034685] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1999.049287] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1999.049287] program syz-executor1 not setting count and/or reply_len properly [ 1999.050364] ? uinput_compat_ioctl+0x6b/0x90 [ 1999.050380] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 1999.050397] ? entry_SYSENTER_compat+0x70/0x7f [ 1999.050423] ? fs_reclaim_acquire+0x20/0x20 [ 1999.050437] ? zap_class+0x640/0x640 [ 1999.050454] ? fs_reclaim_acquire+0x20/0x20 [ 1999.071564] ? lock_downgrade+0x900/0x900 [ 1999.071582] ? ___might_sleep+0x1ed/0x300 [ 1999.071597] ? arch_local_save_flags+0x40/0x40 [ 1999.089795] ? kasan_kmalloc+0xc7/0xe0 [ 1999.089817] __should_failslab+0x124/0x180 [ 1999.089830] should_failslab+0x9/0x14 [ 1999.089846] kmem_cache_alloc+0x2be/0x730 [ 1999.126763] ? kstrdup+0x59/0x70 [ 1999.130134] __kernfs_new_node+0x127/0x8d0 [ 1999.134367] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1999.139260] ? number+0x972/0xca0 [ 1999.142738] ? put_dec+0xf0/0xf0 [ 1999.146100] ? format_decode+0x1b2/0xaf0 [ 1999.150159] ? set_precision+0xe0/0xe0 [ 1999.154046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1999.159588] ? __kernfs_create_file+0x2ac/0x340 [ 1999.164262] ? zap_class+0x640/0x640 [ 1999.167976] ? sysfs_do_create_link_sd.isra.2+0x82/0x130 [ 1999.173434] ? lock_downgrade+0x900/0x900 [ 1999.177588] kernfs_new_node+0x95/0x120 [ 1999.181568] kernfs_create_link+0xdb/0x250 [ 1999.185806] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 1999.191079] sysfs_create_link+0x65/0xc0 [ 1999.195177] device_add+0x123c/0x17b0 [ 1999.198986] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 1999.204095] ? refcount_inc_checked+0x29/0x70 [ 1999.208588] ? kobject_get+0x6b/0xc0 [ 1999.212304] cdev_device_add+0xb4/0x110 [ 1999.216275] evdev_connect+0x487/0x5c0 [ 1999.220160] ? evdev_read+0xe70/0xe70 [ 1999.223964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1999.229508] input_attach_handler+0x1b1/0x210 [ 1999.234005] input_register_device.cold.22+0xe8/0x297 [ 1999.239194] ? devm_input_allocate_device+0x120/0x120 [ 1999.244501] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1999.249512] ? input_mt_init_slots+0xba/0x4a0 [ 1999.254012] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 1999.259293] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 1999.264665] ? __fget_light+0x2e9/0x430 [ 1999.268648] ? fget_raw+0x20/0x20 [ 1999.272099] ? __sb_end_write+0xd9/0x110 [ 1999.276155] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1999.281698] ? fput+0x130/0x1a0 [ 1999.284975] ? ksys_write+0x1ae/0x260 [ 1999.288768] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1999.294304] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 1999.299839] uinput_compat_ioctl+0x6b/0x90 [ 1999.304075] __ia32_compat_sys_ioctl+0x20e/0x630 [ 1999.308836] do_fast_syscall_32+0x34d/0xfb2 [ 1999.313158] ? do_int80_syscall_32+0x890/0x890 [ 1999.317739] ? entry_SYSENTER_compat+0x68/0x7f [ 1999.322316] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1999.327346] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1999.332190] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1999.337027] ? trace_hardirqs_on_caller+0x310/0x310 [ 1999.342043] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1999.347065] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1999.352080] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1999.356923] entry_SYSENTER_compat+0x70/0x7f [ 1999.361320] RIP: 0023:0xf7f58ca9 [ 1999.364683] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1999.383575] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1999.391279] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 02:49:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080)) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000000000000000000000000c6430000000000"], 0x2e) [ 1999.398538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1999.405796] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1999.413055] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1999.420331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:49:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) [ 1999.498092] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1999.498092] program syz-executor1 not setting count and/or reply_len properly [ 1999.514609] input: failed to attach handler evdev to device input658, error: -12 [ 1999.553129] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 1999.553129] program syz-executor1 not setting count and/or reply_len properly 02:49:34 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r2) 02:49:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0xf, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x48) 02:49:34 executing program 5 (fault-call:4 fault-nth:66): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:34 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000780)='/dev/zero\x00', 0x100, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x7704, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={r2, 0x10, &(0x7f0000000680)={&(0x7f0000000580)=""/200, 0xc8, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000740)={r2, 0x10, &(0x7f0000000700)={&(0x7f0000000540)=""/64, 0x40, r3}}, 0x10) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:49:34 executing program 1: r0 = open(&(0x7f0000000000)='./file0\x00', 0x501000, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000080)={{{@in=@dev, @in6=@local}}, {{@in=@rand_addr}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f0000000180)=0xe8) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[], 0x0) 02:49:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x48) 02:49:34 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0x27d) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhci\x00', 0x200, 0x0) ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f0000000380)={0x1, 0x0, 0xfffffffffffffff7}) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x220000, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r2, 0x80e05411, &(0x7f0000000080)=""/253) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000180)={0xffffffffffffffff}, 0x117}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r2, &(0x7f0000000200)={0x15, 0x110, 0xfa00, {r3, 0xb12ef79, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @loopback}, @in6={0xa, 0x4e24, 0x0, @remote, 0x40}}}, 0x118) ioctl$ASHMEM_PURGE_ALL_CACHES(r2, 0x770a, 0x0) 02:49:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x100120, 0x27, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2000.611295] input: syz0 as /devices/virtual/input/input661 [ 2000.617750] input: syz0 as /devices/virtual/input/input662 [ 2000.641444] input: syz0 as /devices/virtual/input/input663 02:49:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0xf, 0xaff, 0x0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x48) 02:49:34 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) pause() write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) [ 2000.692619] FAULT_INJECTION: forcing a failure. [ 2000.692619] name failslab, interval 1, probability 0, space 0, times 0 [ 2000.715878] CPU: 1 PID: 934 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 2000.723182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2000.732541] Call Trace: [ 2000.735137] dump_stack+0x1c4/0x2b4 [ 2000.738767] ? dump_stack_print_info.cold.2+0x52/0x52 [ 2000.743977] should_fail.cold.4+0xa/0x17 [ 2000.748040] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2000.753148] ? lock_release+0x970/0x970 [ 2000.757126] ? arch_local_save_flags+0x40/0x40 [ 2000.761713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2000.767245] ? check_preemption_disabled+0x48/0x200 [ 2000.772276] ? zap_class+0x640/0x640 [ 2000.775989] ? fs_reclaim_acquire+0x20/0x20 [ 2000.780319] ? lock_downgrade+0x900/0x900 [ 2000.784468] ? zap_class+0x640/0x640 [ 2000.788180] ? ___might_sleep+0x1ed/0x300 [ 2000.792328] ? put_dec+0x3b/0xf0 [ 2000.795695] ? arch_local_save_flags+0x40/0x40 [ 2000.800277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2000.805810] ? number+0x972/0xca0 [ 2000.809284] __should_failslab+0x124/0x180 [ 2000.813525] should_failslab+0x9/0x14 [ 2000.817326] kmem_cache_alloc_node+0x26e/0x730 [ 2000.821907] ? set_precision+0xe0/0xe0 [ 2000.825793] __alloc_skb+0x119/0x770 [ 2000.829517] ? skb_scrub_packet+0x490/0x490 [ 2000.833839] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 2000.839626] ? pointer+0x990/0x990 [ 2000.839820] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2000.839820] program syz-executor1 not setting count and/or reply_len properly [ 2000.843160] ? device_get_devnode+0x2d0/0x2d0 [ 2000.843180] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2000.843199] ? netlink_has_listeners+0x2cb/0x4a0 [ 2000.843219] ? netlink_tap_init_net+0x3d0/0x3d0 [ 2000.877760] alloc_uevent_skb+0x84/0x1da [ 2000.881821] kobject_uevent_env+0xa52/0x101e [ 2000.886232] kobject_uevent+0x1f/0x24 [ 2000.890038] device_add+0x936/0x17b0 [ 2000.893759] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 2000.898868] ? refcount_inc_checked+0x29/0x70 [ 2000.903357] ? kobject_get+0x6b/0xc0 [ 2000.907089] cdev_device_add+0xb4/0x110 [ 2000.911055] evdev_connect+0x487/0x5c0 [ 2000.914940] ? evdev_read+0xe70/0xe70 [ 2000.918751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2000.924288] input_attach_handler+0x1b1/0x210 [ 2000.928784] input_register_device.cold.22+0xe8/0x297 [ 2000.933978] ? devm_input_allocate_device+0x120/0x120 [ 2000.939165] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2000.944191] ? input_mt_init_slots+0xba/0x4a0 [ 2000.948692] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 2000.954075] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 2000.959530] ? __fget_light+0x2e9/0x430 [ 2000.963512] ? fget_raw+0x20/0x20 [ 2000.966964] ? __sb_end_write+0xd9/0x110 [ 2000.971030] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2000.976839] ? fput+0x130/0x1a0 [ 2000.980126] ? ksys_write+0x1ae/0x260 [ 2000.983928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2000.989471] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 2000.995013] uinput_compat_ioctl+0x6b/0x90 [ 2000.999253] __ia32_compat_sys_ioctl+0x20e/0x630 [ 2001.004019] do_fast_syscall_32+0x34d/0xfb2 [ 2001.008349] ? do_int80_syscall_32+0x890/0x890 [ 2001.012929] ? entry_SYSENTER_compat+0x68/0x7f [ 2001.017512] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2001.022523] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2001.027365] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2001.032209] ? trace_hardirqs_on_caller+0x310/0x310 [ 2001.037227] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2001.042252] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2001.047274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2001.052118] entry_SYSENTER_compat+0x70/0x7f [ 2001.056511] RIP: 0023:0xf7f58ca9 [ 2001.059858] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 2001.078739] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 2001.086425] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 2001.093675] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2001.100925] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2001.108172] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2001.115424] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2001.546795] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2001.546795] program syz-executor1 not setting count and/or reply_len properly 02:49:36 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req={0x1ff, 0x2, 0x206d, 0x81}, 0xb8) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x2, 0x20400) dup2(r2, r0) 02:49:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x48) 02:49:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x4000000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'veth1_to_team\x00', 0x8}, 0x18) ioctl(r2, 0x8916, &(0x7f0000000000)) ioctl(r2, 0x8936, &(0x7f0000000000)) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:49:36 executing program 5 (fault-call:4 fault-nth:67): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0xd, 0x2) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0x49c) 02:49:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x40000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2002.021561] input: syz0 as /devices/virtual/input/input665 [ 2002.043547] FAULT_INJECTION: forcing a failure. [ 2002.043547] name failslab, interval 1, probability 0, space 0, times 0 02:49:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x48) 02:49:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000a38600"], 0x2e) 02:49:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xffffff7f, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2002.080523] CPU: 1 PID: 964 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 2002.087720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2002.097069] Call Trace: [ 2002.099659] dump_stack+0x1c4/0x2b4 [ 2002.103313] ? dump_stack_print_info.cold.2+0x52/0x52 [ 2002.108511] should_fail.cold.4+0xa/0x17 [ 2002.112570] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2002.117672] ? save_stack+0xa9/0xd0 [ 2002.121296] ? save_stack+0x43/0xd0 [ 2002.121311] ? kmem_cache_alloc_trace+0x152/0x750 [ 2002.121326] ? kobject_uevent_env+0x2f3/0x101e [ 2002.129753] ? kobject_uevent+0x1f/0x24 [ 2002.129766] ? device_add+0x936/0x17b0 [ 2002.129781] ? cdev_device_add+0xb4/0x110 [ 2002.142635] ? evdev_connect+0x487/0x5c0 [ 2002.142649] ? input_attach_handler+0x1b1/0x210 [ 2002.142663] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 2002.142672] ? uinput_compat_ioctl+0x6b/0x90 [ 2002.142688] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 2002.150846] ? do_fast_syscall_32+0x34d/0xfb2 [ 2002.150861] ? entry_SYSENTER_compat+0x70/0x7f 02:49:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = gettid() fcntl$lock(r0, 0x5, &(0x7f00000005c0)={0x1, 0x1, 0x4, 0x8, r1}) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000580)=0xc) 02:49:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1, 0x200000) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000080)={0x3, 0x3ff, 0xfffffffffffffff8}) ioctl$SG_IO(r1, 0x2285, &(0x7f00000005c0)={0x0, 0xfffffffffffffffe, 0x86, 0x8, @scatter={0x4, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/191, 0xbf}, {&(0x7f0000000180)=""/143, 0x8f}, {&(0x7f0000000240)=""/166, 0xa6}, {&(0x7f0000000300)=""/214, 0xd6}]}, &(0x7f0000000480)="09f6df09facb1648c047fabac55c78fb795d3d43d58ecd6a9b6998cc0423cbe70f51b87d1512341f8da1739f194d477e80824c1844d3ad6ef82d6e87370516c8a16fdc9e4e521ae7da92450ad5e5b15da8ed9821ef3e1c0e0b33f5f14f19df328e70b6fbde061b4183584bd8eb9df7b18b53d71a666862ae4af1f0643fbef19bc2e0013a69d5", &(0x7f0000000540)=""/24, 0xee, 0x0, 0x1, &(0x7f0000000580)}) [ 2002.150876] ? zap_class+0x640/0x640 [ 2002.150891] ? fs_reclaim_acquire+0x20/0x20 [ 2002.150905] ? lock_downgrade+0x900/0x900 [ 2002.157426] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2002.157426] program syz-executor1 not setting count and/or reply_len properly [ 2002.160979] ? ___might_sleep+0x1ed/0x300 [ 2002.160993] ? arch_local_save_flags+0x40/0x40 [ 2002.161004] ? kasan_check_read+0x11/0x20 [ 2002.161017] ? do_raw_spin_unlock+0xa7/0x2f0 [ 2002.161035] __should_failslab+0x124/0x180 [ 2002.170331] should_failslab+0x9/0x14 [ 2002.170345] __kmalloc+0x2d4/0x760 [ 2002.170360] ? kobject_get_path+0xc2/0x1b0 [ 2002.170372] ? kmem_cache_alloc_trace+0x31f/0x750 [ 2002.170394] kobject_get_path+0xc2/0x1b0 [ 2002.183116] kobject_uevent_env+0x314/0x101e [ 2002.183139] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2002.183155] ? sysfs_do_create_link_sd.isra.2+0xd6/0x130 [ 2002.183169] kobject_uevent+0x1f/0x24 [ 2002.183185] device_add+0x936/0x17b0 [ 2002.207287] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 2002.207306] ? refcount_inc_checked+0x29/0x70 [ 2002.207317] ? kobject_get+0x6b/0xc0 [ 2002.207332] cdev_device_add+0xb4/0x110 [ 2002.207346] evdev_connect+0x487/0x5c0 [ 2002.220169] ? evdev_read+0xe70/0xe70 [ 2002.220187] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2002.220203] input_attach_handler+0x1b1/0x210 [ 2002.220218] input_register_device.cold.22+0xe8/0x297 [ 2002.236123] ? devm_input_allocate_device+0x120/0x120 [ 2002.236145] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2002.236161] ? input_mt_init_slots+0xba/0x4a0 [ 2002.244934] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2002.244934] program syz-executor1 not setting count and/or reply_len properly [ 2002.245196] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 2002.253614] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 2002.253633] ? __fget_light+0x2e9/0x430 [ 2002.253646] ? fget_raw+0x20/0x20 [ 2002.253660] ? __sb_end_write+0xd9/0x110 [ 2002.253674] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2002.253686] ? fput+0x130/0x1a0 [ 2002.272119] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2002.272119] program syz-executor1 not setting count and/or reply_len properly [ 2002.277181] ? ksys_write+0x1ae/0x260 [ 2002.277196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2002.277210] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 2002.277224] uinput_compat_ioctl+0x6b/0x90 [ 2002.302521] __ia32_compat_sys_ioctl+0x20e/0x630 [ 2002.302542] do_fast_syscall_32+0x34d/0xfb2 [ 2002.302555] ? do_int80_syscall_32+0x890/0x890 [ 2002.302572] ? entry_SYSENTER_compat+0x68/0x7f [ 2002.312206] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2002.312221] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2002.312234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2002.312246] ? trace_hardirqs_on_caller+0x310/0x310 [ 2002.312258] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2002.312273] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2002.353215] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2002.360607] entry_SYSENTER_compat+0x70/0x7f [ 2002.360617] RIP: 0023:0xf7f58ca9 [ 2002.360632] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 2002.360639] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 2002.360652] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 2002.360663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2002.509745] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2002.517009] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2002.524274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 02:49:36 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) r4 = fcntl$dupfd(r1, 0x406, r0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000040)=0x1ff) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r3, r0) 02:49:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x48) 02:49:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) poll(&(0x7f0000000100)=[{r0, 0x2}, {r0, 0x10}, {r0, 0x100}, {r0, 0x20}, {r0}, {r0, 0x80}, {r0}, {r0, 0x2}, {r0, 0x8}, {r0, 0x50}], 0xa, 0x7) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x41, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x40, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000000c0)={0x2, r2, 0x1}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0485510, &(0x7f0000000280)={0xffffffff, 0x4, 0x0, 0x6, &(0x7f0000000180)=[{}, {}, {}, {}]}) 02:49:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x400300, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2002.542063] input: syz0 as /devices/virtual/input/input667 [ 2002.605162] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2002.605162] program syz-executor1 not setting count and/or reply_len properly 02:49:36 executing program 5 (fault-call:4 fault-nth:68): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1d) ioctl$UI_DEV_CREATE(r0, 0x5501) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001600)={r1, 0x0, 0x1000, 0x99, &(0x7f0000000540)="614dfb22f145e106001488197e8221b0ad81adf08c949ae27b2099ff9a04f66a6ec81ec5a05e5b29fc226f391cc5a6d06b37e03bd8cee11c748dad8dd88c1968b22ed4286f19fd55714277efdb807d2bb88eff5b035253fd10a1509295a641c03b787b58a8ef67222ba1944a53768e5342f5ad0296577bf02ac2f3781bedc20ef6eab26558c9a7fabcee5db994c7e26804607dfee6603323e2dcf3b17b158977ace57f044fd7af1ae218140072a76de6fb6ca0ca7d918cecf16268f9fcfd39ea2e255e3e139f2d9ff087a17904314b955c2366dfdabe0efbd60cc7cc92e2ec89e7b51cec3cd39f6f8a47934c51885823c258c1c8d607ce68db5f3caacbc15b54bb0d6a42e3c44e367dfd8563ceb0bb96e41822a7a1ceb228c85860109c842723690f7b063e97e769430afba6e682499e3e618591765cedaa8135785a99ed47ad7e8f2b4b07a1983f1f73675efbd852b8984811baaa3c2b3796bc90e7dcfdbe0b5da8c61a0f521413284da98d14192ef627164390b41be201d27a028da8dbcdff507a5143dd22460478b271d30910fcd6b9f7ea0e39481ae66e931bb395f6e6bec60bd18870645cae96b73c707102d287a9ae45546e69a36f42c911eb1ff9a4431a3cb47d9fbdf06be8a79b3d609789029c0019e4618bf1d55a90599453be4192d3c894fd9f7ad091ac7c1b4cdeedebd10ecb06e2a1578437f4c01797221dd9b09977fc2c3b0409da89225f092df7d85718cdbf83e03142df1aad0d23ba9ed3f0d7d0c45f1b2636da85fc1bcc8c4dd65dcc708398cecfaa75ff5a9b526f754bb7db054c7b6fa2c919365d847bb9c6c982c1b14cf44c6efd4bfc835515856e1bb405936a03ff8b422b4c1ed50f69feae6b8c0b9952aea9359034c24c44920b839cbe46dce4ef1045de2341b41f524fab383631b62912bf3fba92253f49602279ae058e1f5a28369e8b29e683f73412219e4dc566d5dbc3626c50e749d117b3c20d002407ee44d68bcf11d6146561ad4de739c83e4bd51bad1b2ddb1fb62b23a57fec4e6672ae0985adc3b749ed5b362645f351c67b5dd39eb26e9f2d9761676498b68ecf55ba5072674f09c0893e8f04d51d3a427abec8f0fb3cf21b5c0667e2077d760bd2230dd03366bc261155053430143db09e1d29210de64dc9adaf79d7bd13e95cbf6c6e3e34bd92a7ecdac8980e0f9dce23823e0ba47872084f3c151a848f2cf430b89ba47b4982e723c5410400cc283b0cd2b1b30b83ac2f71949121187a0711d7ea9612789a2f6833c6dba9c2fd44d85240dcbac6149c9c4e0c9afc29c7617cbdcbabfe5e2df9843b22b2da11f61748ca96536e3548b9ce60f4f21e7f4713e07528efd68bb9f9745eea46aaea2444b5bc0a26d85d4a1464bd402fac9d618b0b1c6d1b1f25cd9faf28c727fa5f77d75d9fbbc8eff441df6bdfe441f4ec50c5da37e0ba82356aaa109f9934ee0e47fce33ebf5ec0b43061f4df83e3d21e11d1b8e137af33d8a2d7307bf390697e07965b6c5e15e32bc3c0507ad0969808f8a93a4f19edbace890299a79b9b4ae58919cbfe17f1a533f5d52ac90ab47832850cca09278c1894c6d87b3647156d32514eb0d461fb7abf2857a5a2c29832dcd090875632098c38079f79bcbf6aefed88fda0e0a6950b12d33581d8a8129385c74ac048f50af6f12499185514d61cbedb1456c82bc9f7fae2820e0aa93e67e0a5611b4755d97eba541ec8385fa35eaa8ae1658e1e5d7f0b4e063d076a6ee369310028a4cc4f05fc9fff33b70cec67e2ce18b41edbacd5b14b0de90f4b41d6ffed963185d6595418dbc5d6a0f106e041b2b79ab5fa4226d21db37c28535c41ef324feb27154a2dd28b45c6568dd0cb0be6501c8dfce5ca61b4c18e5b9e990f55cd6e080975e3c2a6e30daeabb0f6dc8b59bf249823b8a0286eb79afa0eff340173596f864f8958f53cb65f69590e89956dc88788d218875587e135829d291ceba95c21d3e2322ee17c4e68fba7f7c84619802fa58054167385d04d2935962702d6e5bd0d4fe5cac9a57a225ca04121a323956d438600ae6e632de8556b2e5aaceacf450f63d044407dcaa6d44bae3e3308e06eeef909e40267838f5dc980bbd9b29cb8502531d6193ab73904e21331e1ad0a52698187161a983b4d405209162f444ad680c9da0b03abcf480bc22652cd173660c8d8458f9cd2a926cb930f862855922cc2a4d1cddfcc9212676efd466633e80bf54eeda778e6ef030685396d2c96f26d8aa81c0b980064ea568299f8862d2a0ec3d265d804854fec92eda5e32d5033f60452a5ee0ad37e56342ffd0d7cfe56972ee4103d89563196e24d2b2c9b6725a9bf3705f12a2db75d281207a7248104c97fe8c55df2a1ccc8389240ffc1f054d049933a23a0761e78e8c5807cb01ba2e3d4fef419bf9ecf442c101974a7afed9f95cf9f957447df64306bd861abfb9aa4a70bde8f6c97226c696d7d8a0ec49036a0f88642eca1e13f4fc7b86e43d7537d5fe53043a94fbb8fe2177699f92b6d52477377783bb3b19162166ec7f1439b13024ac0d5ee86b9d9f24a2907f72f337db6a15700e3ba9be1856ef1ba1009ba214b2024dc1ce60a997cd5526677665c8dd84454e947771aa710f2ed1c3c454b1048377ece56a5ea7335975998e51d5eb0e41d267eb3c95cefdd99cde695e4ebe9f04779780bbe4fa7aa9070ed40cbe97eac7812e2c8cf1c8823b2183712eb84b2a6a50266a5ecbc12fcc1225d75938a0e3f63ab6c41ff4f78792f6ecb588014edf30133639157101987e8f981ef098a28335d57e95576fd399d3b9aafe16f377572ad57f51c567c62015987c30b081c6e86d93abf0bbb001e146036c4a48ff435b6f50ffac7bcee0b75e5efbb45289460cc45affae824721830243819bc8f99b0d94821e6dc699c06fc90701bb2c189aa77d28f0152b92d8d25a0885d0fd89d2277bf865968664af8ab052acb6dadc10b467df63d16d3200f7c9007331481b9c50e605b6e8282c55af919081c61871bccda2343817926eef6365cea26b01b7e278929adc3515df02883ec1ff53c2811ae8dc21559449dd1b616a7d6d72029d7decc9a208ac8b8d2220d5d2045ce05580e5bc3b09b6709d6129595baa98aa0a14ee0a53cb0f190ebe2661e139c1c8c76193f98f03e3710ae454884f6758046a1b80d439be040870cdf86c96735160619f6ad779e8222d3b3a5740901ac450fd29c574c372c60d88438b0545ff7b4f85f3dc8f118af70e635d7d0f5619fd6e70c695ec15e6f98b8699f284a98dfc9a92f2e8078dd962dbccdcc71d4f21c164c6530b65562fc99752696faa32a9722a00e3d1afe0172fb49a699c064746ea2c02b21f177c0a08cd2620226f22a015f81d4003986d897223313277168e1fa5ffc9a1d179bf832083300e0406063e155e49934c9e02a907eec3f759774a730fef7495cceb19e313f4e364e8c680e4e3d7cb6af2321836702e35fe215fa7a5d8a1a15a146da910741517d0caaee2e9fc7e950856c0723f0794e7fc87c3305a88008756761b810fbfd86b758d5b971374169c54e311f2563b05c0f2f929f017a209ab9bf9cafde446edee6b0669766763fd01e120002b8782bb051fd681e20b877c9e6523ffc55a9078100bcbfca7751a961103fc7b6abb4e595f207dac3f9794e001fa1dbd86dfaecaa1ecf26f998fd2533bbeb09f0156eb799933bf73068cf2716d5c53329f8c92fea551c7faf1fb9963720f866a071a9c5ffea93265e0be690f832ad495b6db500be3a10b8e18393bbe8a712f0a69c4beb35c12580c9be73baf20611f44f3a92f7c8e5ea7bc14014dec0028fd9c5efb5045f5db2de949c22cff642c50f7f8f05eac73d59fc1e17dbe4a6e7f0c4895b0b2d2f47b4689414dfbb4510daaf19ca744d697602b59b2841d092b6032976125599cf3dce00ab909260184792e851aaee1c837f1d8db3e4cf7f79a914824c4b464e45f17b452140f017e01efeb73cb2aa081693b71c7bbb3d45eee326eb2f3b8cb9b5c64941b540f7984b1a1d836297eb3bf17578d041f8107f67f7cc197a5a90cea04f93d827a6dd0df8d01237411c76473cd2439057281cc786539db74bd869b064c12512e14ef6a1a3a07fb9c41009622e9e13ddbf3dd490c026b22627f19b71cd8bace4aafe9ae020195d6752a235c011ccbbc9ab60e013c930200ff6c236dc9e62a54fef2fe2d409e1f3079a657c88676284a50995fba4a3f77b4ce816b139fdeeaec1dd1976d87fc4fe8bbdbb643f2e108814cb7669c3557ad9bbdaaa48618cdf0d775dcb27381aee84b5c8a851a4cf1dca360ef9ce0f17c86bb36cb9acd17b66951807106fea951aefee14538c98cc519b6974c007d967668b05db2d2cf888df0feb21243b45ba5544dffc2a3813710d9c03b2ed81615d994b3da8c647474b210818d1bc18aa3827937cf7bfc86fb451b62a3e9ee6ad2b0ad115f0b94826993a3a62b0109fe6aed9939a0df5dfeab02080ef8a33f858b1e268356579f59f543578d6d7388cd5af61028a9421de458f9cb1a67ca823ce9b0c224e7cc15acf534cc3ec317a88f7e88f634907bff12031bae2546ea8c619f401489478442a7b72fa89e2b0ef26f3d65141d7b99d1670730da6904571d45f8091b4a42708a79900539151d33e305cc9666e29f56ca11147775acfb771aae73aaac84aa47eacb10282fc5ed231c9c551dcd7ea4272a3730fd562b32fe3f515d185df794a2081bbe080ba307e537c4dea4216a5d0507a966f8b95ab1462f5cdfcbe7fbbf151c308513f0e4794454d99a8ef829de797e2cac768aebbfca13b91544daae0c73e0e0d602f96d76b2fb5c7cc2ac20ec89ac25eba5156b61dee558dcad4c5c2d59aae95b1fa61363081cb4372cf65cbcc50b5e715cd05bacfe7b8f4cd7c7b7de524ef7f952375d94c5ab51c9eae44646bf20896a196dc1b144e420e4b8646ae22706f56e156ccc3a3654969ba74bb0ca482a7581986d848208580e619897768c9540ee4fb1ff2518edf52f579def907475dc8b965bc1c3cb2b452f98ce97565eb2b483f74ecc649fe9a46b4c92eb163af21061413862805f3ced66dbdcd28c000f4aba162bd9640cda6bb74dacf109c35ae60afcc689585a6e716d1c7c4fdf14f19b207767d03f2773b9b0fbc8073486342f693251b761c416254646214a3ee5794685e305c80b6cc6c8bd1ac443cbf3453d6da5ffc990a9873091d2e57309e3bf5924b3ec93c78da593310e30fb3c1ec0eae20a34dfd1423b1e229ddbe0d0e91139800081de5d776e792f11b61f8723cad93a3d04b4eb3773208e12670c3341eb319a1d1dcf98d2bb434f0e8de2054a3025b2076624656f79cbdfb4c22a920869922fb8e915daf81ac5b30471c140b89a89a9e81adc66ff9b2aeed019b2c76c8a12c1c0529a94db73aab3a88f0327c24dd4c79fa574135f2c5b33bb511c22aa7da9c790f9d68d8f519c1adbefea5e25d17641eaf084edbb2a1063b058e7438a5dc4760035db968c4d744df3736eef25df02af97ed04cbb632123d5b985cb18c610f4f8162279494e0b27a64139fee560fa0778339310af99c1825d568bbd86e0b50fb65b192c175e14c0f35f45fd00eeb58b02d7d37450dacf262fce62caa413b016ff60b195915a714b8b19605bf4a574de6069b7d9e279b279e63ec641bfb14abbf4d26723b9e22dfad40ce97e8bcee011d3f22792167b8042ffc4ada0f6ee52970d1ad89976d8c2e02fcab2ed75713b8037c9944b2c9739a128", &(0x7f0000001540)=""/153, 0x44e897a2}, 0x28) 02:49:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3000]}, 0x48) 02:49:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2002.691383] input: syz0 as /devices/virtual/input/input668 [ 2002.709545] input: syz0 as /devices/virtual/input/input669 [ 2002.720467] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2002.720467] program syz-executor1 not setting count and/or reply_len properly 02:49:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) [ 2002.741246] FAULT_INJECTION: forcing a failure. [ 2002.741246] name failslab, interval 1, probability 0, space 0, times 0 [ 2002.772391] CPU: 1 PID: 1013 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 2002.779694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2002.789048] Call Trace: 02:49:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, 0x48) 02:49:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) lsetxattr$trusted_overlay_redirect(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='trusted.overlay.redirect\x00', &(0x7f0000000240)='./file0\x00', 0x8, 0x2) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xfffffffffffffff8, 0x8000) mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='gfs2\x00', 0x2000000, &(0x7f0000000180)='/dev/dsp#\x00') setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000080)=0x1, 0x4) [ 2002.791647] dump_stack+0x1c4/0x2b4 [ 2002.795276] ? dump_stack_print_info.cold.2+0x52/0x52 [ 2002.800477] should_fail.cold.4+0xa/0x17 [ 2002.804548] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2002.809658] ? rcu_bh_qs+0xc0/0xc0 [ 2002.813203] ? unwind_dump+0x190/0x190 [ 2002.817124] ? is_bpf_text_address+0xd3/0x170 [ 2002.821625] ? check_preemption_disabled+0x48/0x200 [ 2002.826661] ? debug_smp_processor_id+0x1c/0x20 [ 2002.831341] ? zap_class+0x640/0x640 [ 2002.835058] ? fs_reclaim_acquire+0x20/0x20 02:49:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) [ 2002.835356] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2002.835356] program syz-executor1 not setting count and/or reply_len properly [ 2002.839384] ? lock_downgrade+0x900/0x900 [ 2002.839403] ? ___might_sleep+0x1ed/0x300 [ 2002.839413] ? kobject_uevent+0x1f/0x24 [ 2002.839434] ? arch_local_save_flags+0x40/0x40 [ 2002.871882] ? input_attach_handler+0x1b1/0x210 [ 2002.876548] ? input_register_device.cold.22+0xe8/0x297 [ 2002.881905] ? uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 2002.882491] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2002.882491] program syz-executor1 not setting count and/or reply_len properly [ 2002.887352] ? entry_SYSENTER_compat+0x70/0x7f [ 2002.887371] __should_failslab+0x124/0x180 [ 2002.887392] should_failslab+0x9/0x14 [ 2002.915739] kmem_cache_alloc+0x2be/0x730 [ 2002.919896] skb_clone+0x1bb/0x500 [ 2002.923443] ? skb_split+0x11e0/0x11e0 [ 2002.927332] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2002.932349] ? netlink_trim+0x1b4/0x380 [ 2002.936330] ? netlink_skb_destructor+0x210/0x210 [ 2002.941179] netlink_broadcast_filtered+0x110f/0x1680 [ 2002.946374] ? __netlink_sendskb+0xd0/0xd0 [ 2002.950611] ? pointer+0x990/0x990 [ 2002.954149] ? device_get_devnode+0x2d0/0x2d0 [ 2002.958644] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2002.964199] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 2002.969645] ? refcount_add_not_zero_checked+0x330/0x330 [ 2002.975402] ? netlink_has_listeners+0x2cb/0x4a0 [ 2002.980155] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2002.985166] netlink_broadcast+0x3a/0x50 [ 2002.989226] kobject_uevent_env+0xa83/0x101e [ 2002.993632] kobject_uevent+0x1f/0x24 [ 2002.997433] device_add+0x936/0x17b0 [ 2003.001151] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 2003.006273] ? refcount_inc_checked+0x29/0x70 [ 2003.010771] ? kobject_get+0x6b/0xc0 [ 2003.014483] cdev_device_add+0xb4/0x110 [ 2003.018454] evdev_connect+0x487/0x5c0 [ 2003.022341] ? evdev_read+0xe70/0xe70 [ 2003.026141] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2003.031706] input_attach_handler+0x1b1/0x210 [ 2003.036204] input_register_device.cold.22+0xe8/0x297 [ 2003.041390] ? devm_input_allocate_device+0x120/0x120 [ 2003.046578] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2003.051588] ? input_mt_init_slots+0xba/0x4a0 [ 2003.056090] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 2003.061365] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 2003.066729] ? __fget_light+0x2e9/0x430 [ 2003.070702] ? fget_raw+0x20/0x20 [ 2003.074153] ? __sb_end_write+0xd9/0x110 [ 2003.078216] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2003.083748] ? fput+0x130/0x1a0 [ 2003.087030] ? ksys_write+0x1ae/0x260 [ 2003.090833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2003.096367] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 2003.101902] uinput_compat_ioctl+0x6b/0x90 [ 2003.106137] __ia32_compat_sys_ioctl+0x20e/0x630 [ 2003.110898] do_fast_syscall_32+0x34d/0xfb2 [ 2003.115219] ? do_int80_syscall_32+0x890/0x890 [ 2003.119803] ? entry_SYSENTER_compat+0x68/0x7f [ 2003.124378] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2003.129389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2003.134230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2003.139062] ? trace_hardirqs_on_caller+0x310/0x310 [ 2003.144065] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2003.149060] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2003.154055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2003.158877] entry_SYSENTER_compat+0x70/0x7f [ 2003.163262] RIP: 0023:0xf7f58ca9 [ 2003.166620] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 2003.185587] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 2003.193295] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 2003.200545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2003.207789] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2003.215034] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2003.222291] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2003.240709] input: syz0 as /devices/virtual/input/input670 02:49:38 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x3, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000080)=0x1, r4, 0x0, 0x1, 0x4}}, 0x20) 02:49:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 02:49:38 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x22) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x300, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:38 executing program 5 (fault-call:4 fault-nth:69): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = socket(0x7, 0x6, 0x101) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000540), &(0x7f0000000580)=0x4) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f00000005c0)={0x3, 0x6}) [ 2004.167340] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2004.167340] program syz-executor1 not setting count and/or reply_len properly [ 2004.191237] input: syz0 as /devices/virtual/input/input672 [ 2004.209672] input: syz0 as /devices/virtual/input/input671 02:49:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x3, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) [ 2004.220563] FAULT_INJECTION: forcing a failure. [ 2004.220563] name failslab, interval 1, probability 0, space 0, times 0 [ 2004.239395] CPU: 1 PID: 1043 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 2004.246674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2004.256023] Call Trace: [ 2004.258618] dump_stack+0x1c4/0x2b4 [ 2004.262259] ? dump_stack_print_info.cold.2+0x52/0x52 [ 2004.267468] should_fail.cold.4+0xa/0x17 [ 2004.271534] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2004.276632] ? __save_stack_trace+0x8d/0xf0 [ 2004.280980] ? save_stack+0x43/0xd0 [ 2004.284606] ? kasan_kmalloc+0xc7/0xe0 [ 2004.288489] ? kasan_slab_alloc+0x12/0x20 [ 2004.292637] ? kmem_cache_alloc_node+0x144/0x730 [ 2004.297392] ? alloc_uevent_skb+0x84/0x1da [ 2004.301628] ? kobject_uevent_env+0xa52/0x101e [ 2004.306295] ? kobject_uevent+0x1f/0x24 [ 2004.310267] ? device_add+0x936/0x17b0 [ 2004.314149] ? cdev_device_add+0xb4/0x110 [ 2004.318313] ? evdev_connect+0x487/0x5c0 [ 2004.322382] ? zap_class+0x640/0x640 [ 2004.326096] ? fs_reclaim_acquire+0x20/0x20 [ 2004.330415] ? lock_downgrade+0x900/0x900 [ 2004.334564] ? ___might_sleep+0x1ed/0x300 [ 2004.338714] ? arch_local_save_flags+0x40/0x40 [ 2004.343302] ? lock_downgrade+0x900/0x900 [ 2004.347452] __should_failslab+0x124/0x180 [ 2004.351693] should_failslab+0x9/0x14 [ 2004.355495] kmem_cache_alloc_node_trace+0x270/0x740 [ 2004.360593] ? kasan_unpoison_shadow+0x35/0x50 [ 2004.365168] ? kasan_kmalloc+0xc7/0xe0 [ 2004.369066] __kmalloc_node_track_caller+0x33/0x70 [ 2004.373990] __kmalloc_reserve.isra.39+0x41/0xe0 [ 2004.378745] __alloc_skb+0x155/0x770 [ 2004.382461] ? skb_scrub_packet+0x490/0x490 [ 2004.386787] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 2004.392580] ? pointer+0x990/0x990 [ 2004.396120] ? device_get_devnode+0x2d0/0x2d0 [ 2004.400639] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2004.405665] ? netlink_has_listeners+0x2cb/0x4a0 [ 2004.410429] ? netlink_tap_init_net+0x3d0/0x3d0 [ 2004.415097] alloc_uevent_skb+0x84/0x1da [ 2004.419156] kobject_uevent_env+0xa52/0x101e [ 2004.423581] kobject_uevent+0x1f/0x24 [ 2004.427380] device_add+0x936/0x17b0 [ 2004.431101] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 2004.436216] ? refcount_inc_checked+0x29/0x70 [ 2004.440708] ? kobject_get+0x6b/0xc0 [ 2004.444422] cdev_device_add+0xb4/0x110 [ 2004.448394] evdev_connect+0x487/0x5c0 [ 2004.452281] ? evdev_read+0xe70/0xe70 [ 2004.456081] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2004.461621] input_attach_handler+0x1b1/0x210 [ 2004.466118] input_register_device.cold.22+0xe8/0x297 [ 2004.471313] ? devm_input_allocate_device+0x120/0x120 [ 2004.476519] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2004.481534] ? input_mt_init_slots+0xba/0x4a0 [ 2004.486153] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 2004.491524] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 2004.496890] ? __fget_light+0x2e9/0x430 [ 2004.500866] ? fget_raw+0x20/0x20 [ 2004.504318] ? __sb_end_write+0xd9/0x110 [ 2004.508377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2004.513909] ? fput+0x130/0x1a0 [ 2004.517200] ? ksys_write+0x1ae/0x260 02:49:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x1dd, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2004.520996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2004.526539] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 2004.532075] uinput_compat_ioctl+0x6b/0x90 [ 2004.536408] __ia32_compat_sys_ioctl+0x20e/0x630 [ 2004.541177] do_fast_syscall_32+0x34d/0xfb2 [ 2004.545503] ? do_int80_syscall_32+0x890/0x890 [ 2004.550081] ? entry_SYSENTER_compat+0x68/0x7f [ 2004.554656] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2004.559668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2004.564511] ? trace_hardirqs_off_thunk+0x1a/0x1c 02:49:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x200000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf00000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2004.569354] ? trace_hardirqs_on_caller+0x310/0x310 [ 2004.574369] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2004.579382] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2004.584402] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2004.589251] entry_SYSENTER_compat+0x70/0x7f [ 2004.593654] RIP: 0023:0xf7f58ca9 [ 2004.597020] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 02:49:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x8000000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2004.615918] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 2004.623624] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 2004.630891] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2004.638169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2004.645432] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2004.652702] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2004.670296] input: syz0 as /devices/virtual/input/input673 02:49:39 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000040), 0x0) dup2(r2, r0) 02:49:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xdd01000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x50]}, 0x48) 02:49:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x200, 0x4) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:39 executing program 5 (fault-call:4 fault-nth:70): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:39 executing program 3: openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000840)={0x1, 0x0, [0x9, 0x80000000, 0x7, 0x4, 0xfff, 0x4, 0x0, 0x3]}) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000580)) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) fsetxattr$security_smack_transmute(r0, &(0x7f00000007c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000800)='TRUE', 0x4, 0x1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={0x0, r1, 0x0, 0x13, &(0x7f00000005c0)='eth1mime_typeproc]\x00'}, 0x30) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000680)={{0x5, 0x6, 0x3f, 0x0, 'syz1\x00', 0x4}, 0x0, 0x30000010, 0x4, r2, 0x3, 0x8, 'syz0\x00', &(0x7f0000000640)=['syz0\x00', '#nodeveth1eth1[^vboxnet0}keyring-trustedcpuset\x00', '@^\x00'], 0x37, [], [0x8, 0x8a13, 0x2, 0xbe]}) accept4$alg(r1, 0x0, 0x0, 0x800) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000]}, 0x48) 02:49:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x101000, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000080)="ab4d39baf6d3a6c4279e0e40d5669c9f", 0x10) [ 2005.666793] input: syz0 as /devices/virtual/input/input674 [ 2005.699755] input: syz0 as /devices/virtual/input/input675 [ 2005.705734] FAULT_INJECTION: forcing a failure. [ 2005.705734] name failslab, interval 1, probability 0, space 0, times 0 02:49:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x1000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2005.717824] CPU: 1 PID: 1070 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 2005.725108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2005.734458] Call Trace: [ 2005.737066] dump_stack+0x1c4/0x2b4 [ 2005.740706] ? dump_stack_print_info.cold.2+0x52/0x52 [ 2005.745910] should_fail.cold.4+0xa/0x17 [ 2005.749977] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2005.755088] ? __save_stack_trace+0x8d/0xf0 [ 2005.759425] ? save_stack+0x43/0xd0 [ 2005.763066] ? kasan_kmalloc+0xc7/0xe0 02:49:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x4000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2005.766959] ? kasan_slab_alloc+0x12/0x20 [ 2005.771132] ? kmem_cache_alloc_node+0x144/0x730 [ 2005.775892] ? alloc_uevent_skb+0x84/0x1da [ 2005.780133] ? kobject_uevent_env+0xa52/0x101e [ 2005.784718] ? kobject_uevent+0x1f/0x24 [ 2005.788715] ? device_add+0x936/0x17b0 [ 2005.792608] ? cdev_device_add+0xb4/0x110 [ 2005.796760] ? evdev_connect+0x487/0x5c0 [ 2005.800834] ? zap_class+0x640/0x640 [ 2005.804553] ? fs_reclaim_acquire+0x20/0x20 [ 2005.808901] ? lock_downgrade+0x900/0x900 [ 2005.813062] ? ___might_sleep+0x1ed/0x300 02:49:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x3f00000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2005.817219] ? arch_local_save_flags+0x40/0x40 [ 2005.821809] ? lock_downgrade+0x900/0x900 [ 2005.825962] __should_failslab+0x124/0x180 [ 2005.830200] should_failslab+0x9/0x14 [ 2005.834005] kmem_cache_alloc_node_trace+0x270/0x740 [ 2005.839133] ? kasan_unpoison_shadow+0x35/0x50 [ 2005.843717] ? kasan_kmalloc+0xc7/0xe0 [ 2005.847616] __kmalloc_node_track_caller+0x33/0x70 [ 2005.852548] __kmalloc_reserve.isra.39+0x41/0xe0 [ 2005.857309] __alloc_skb+0x155/0x770 [ 2005.861028] ? skb_scrub_packet+0x490/0x490 02:49:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x300000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2005.865362] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 2005.871158] ? pointer+0x990/0x990 [ 2005.874696] ? device_get_devnode+0x2d0/0x2d0 [ 2005.879213] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2005.884257] ? netlink_has_listeners+0x2cb/0x4a0 [ 2005.889020] ? netlink_tap_init_net+0x3d0/0x3d0 [ 2005.893701] alloc_uevent_skb+0x84/0x1da [ 2005.897760] kobject_uevent_env+0xa52/0x101e [ 2005.902179] kobject_uevent+0x1f/0x24 [ 2005.905980] device_add+0x936/0x17b0 [ 2005.909707] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 2005.914822] ? refcount_inc_checked+0x29/0x70 [ 2005.919403] ? kobject_get+0x6b/0xc0 [ 2005.923126] cdev_device_add+0xb4/0x110 [ 2005.927108] evdev_connect+0x487/0x5c0 [ 2005.930995] ? evdev_read+0xe70/0xe70 [ 2005.934805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2005.940349] input_attach_handler+0x1b1/0x210 [ 2005.944857] input_register_device.cold.22+0xe8/0x297 [ 2005.950060] ? devm_input_allocate_device+0x120/0x120 [ 2005.955252] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2005.960263] ? input_mt_init_slots+0xba/0x4a0 [ 2005.964767] uinput_ioctl_handler.isra.10+0xb88/0x2540 [ 2005.970060] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 2005.975430] ? __fget_light+0x2e9/0x430 [ 2005.979403] ? fget_raw+0x20/0x20 [ 2005.982853] ? __sb_end_write+0xd9/0x110 [ 2005.986915] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2005.992457] ? fput+0x130/0x1a0 [ 2005.995745] ? ksys_write+0x1ae/0x260 [ 2005.999545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2006.005085] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 2006.010624] uinput_compat_ioctl+0x6b/0x90 [ 2006.014865] __ia32_compat_sys_ioctl+0x20e/0x630 [ 2006.019628] do_fast_syscall_32+0x34d/0xfb2 [ 2006.023958] ? do_int80_syscall_32+0x890/0x890 [ 2006.028552] ? entry_SYSENTER_compat+0x68/0x7f [ 2006.033137] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2006.038156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2006.043007] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2006.047859] ? trace_hardirqs_on_caller+0x310/0x310 [ 2006.052875] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2006.057897] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2006.062924] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2006.067785] entry_SYSENTER_compat+0x70/0x7f [ 2006.072195] RIP: 0023:0xf7f58ca9 [ 2006.075557] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 2006.094632] RSP: 002b:00000000f5f540cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 2006.102349] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 2006.109627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2006.116888] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2006.124166] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2006.131433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2006.155769] input: syz0 as /devices/virtual/input/input676 02:49:41 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x40100, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x4000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r1, r0) 02:49:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xdd010000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd0ffffff00000000]}, 0x48) 02:49:41 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x200080000000, 0x1) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:41 executing program 5 (fault-call:4 fault-nth:71): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:41 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) syz_open_dev$admmidi(&(0x7f00000005c0)='/dev/admmidi#\x00', 0x7fffffff, 0x80) fsync(r0) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x5b420000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000]}, 0x48) 02:49:41 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080)) ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000000)=0x1) [ 2007.128864] input: syz0 as /devices/virtual/input/input677 [ 2007.141579] input: syz0 as /devices/virtual/input/input678 [ 2007.159078] input: syz0 as /devices/virtual/input/input679 02:49:41 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x3f000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2007.207819] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2007.207819] program syz-executor1 not setting count and/or reply_len properly 02:49:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000]}, 0x48) [ 2007.259888] input: syz0 as /devices/virtual/input/input680 [ 2007.266896] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2007.266896] program syz-executor1 not setting count and/or reply_len properly 02:49:42 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0xc8e7) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) prctl$void(0x0) dup2(r2, r0) 02:49:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x6000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) r1 = dup3(r0, r0, 0x80000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x9b, 0xa1, &(0x7f00000000c0)="af8ecfb18c7a1551b53e442af17dc1cf609571ec4ef6f179ec01502e0f4925f4518bd486fe5b6cc6e6e37877c322731952f36f232e5a7fc0f9958b4e86b5d7286e81945fad43d7d3d73a06d815d19de1081b1fc0756f23c19580989362d23c97e4b88f427cec81b82ad715529f5cba04d26cd4f0e07470b2d39cbaac907512069aa4b281f58b684680f05cf57637c6b3a11ca41d98b48bdecd3171", &(0x7f0000000180)=""/161, 0xfff}, 0x28) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0xa00, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)={0x1000}) 02:49:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 02:49:42 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='cpuacct.usage_sys\x00', 0x0, 0x0) getsockopt$inet_buf(r1, 0x0, 0x2b, &(0x7f0000000580)=""/204, &(0x7f0000000680)=0xcc) syncfs(r0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556c) [ 2008.576287] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2008.576287] program syz-executor1 not setting count and/or reply_len properly [ 2008.605176] input: syz0 as /devices/virtual/input/input681 02:49:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf00, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x48) 02:49:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556a) [ 2008.627285] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2008.627285] program syz-executor1 not setting count and/or reply_len properly 02:49:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) sendfile(r0, r0, &(0x7f0000000000), 0x8) dup3(r0, r0, 0x80000) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x3f00, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000]}, 0x48) [ 2008.697747] input: syz0 as /devices/virtual/input/input684 [ 2008.736558] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2008.736558] program syz-executor1 not setting count and/or reply_len properly [ 2008.774667] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2008.774667] program syz-executor1 not setting count and/or reply_len properly 02:49:43 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x180, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000080)={0x7b, 0x0, [0x1f, 0x4, 0x3, 0x744]}) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r3, r0) 02:49:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4020940d) 02:49:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xfffffffffffff000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa0]}, 0x48) 02:49:43 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x40800, 0x0) write$P9_RLINK(r1, &(0x7f0000000580)={0x7, 0x47, 0x2}, 0x7) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:43 executing program 1: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/pid\x00') fdatasync(r0) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRES32=0x0], 0x8) iopl(0x5) r2 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x2, 0x1000400800) ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f00000000c0)) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x80, 0x0) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) socketpair$inet6(0xa, 0x2, 0x60, &(0x7f0000000140)) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$sock_proto_private(r4, 0x89ea, &(0x7f00000001c0)="2f2ddabcb2a34e4cc3f86f18baba8bba9802af5c58b123aa6ff0f47c76ec35283dfa82e321e0095b3096a39c493b5613d1b706a3d0607b6bb082b8ae155bced883e279136c33646965a5b92244f5adbe2567c6c63210911e2474bbc4a79b927454d9f894e770e70765c8bc30334bde540f831420c19719d2c3e30976d82e86cac44d") 02:49:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x48) 02:49:44 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x2, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x550f) [ 2009.945574] input: syz0 as /devices/virtual/input/input687 [ 2009.978921] input: syz0 as /devices/virtual/input/input690 02:49:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x30]}, 0x48) 02:49:44 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffff4a3f82638a0af13e00000041d900000038000000000077b8ea1fee0ad33903035f0ec1fad60dc580e9ed7f8dd802a3342c45f5989c1cea0da2edb98232d2b90f15f84692493282d2d0f3c06e9dc8043e1eb1460420712fb541ac20aab68b1239c03812ee6192a6bcdce9a74bd4"], 0x2e) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f0000000080)={0x7fffffff, 0x65}) 02:49:44 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f, {0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x7}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f0000000540)={0x5d5, 0x7}) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2010.118820] input: syz0 as /devices/virtual/input/input693 [ 2010.135533] input: syz0 as /devices/virtual/input/input694 02:49:45 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x40000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000100)={r0, 0x0, 0x2, 0x6, 0x8e}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket(0x10, 0x802, 0x0) write(r4, &(0x7f0000000140)="fc0000004800070fab092500090007000a060000000000000000369321000100ff0100000005d00000000000000398996c92773411419da79bb94b46fe090000bc00020000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f017b1d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) dup2(r3, r0) 02:49:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x553e) 02:49:45 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xfffffff0, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x48) 02:49:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x8000000000040, 0x4428c0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYRESHEX=r0], 0xfffffffffffffe3c) 02:49:45 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) setsockopt$inet6_dccp_buf(r1, 0x21, 0xd, &(0x7f0000000580)="1b2c42df878d441b8a6f769387b5086c498982c3129f6aeccc60618a16dbab3b805c353c662abe88d345767a7b131dcb5a806e396de38081ec16ecd4e29c500451f6943d63e37f99860237415b00cb80e19d7cbc49fabcd276aaf05c9d2c8e41dbdb36a691fe5e71d3f18245b7769707a37556162c0ee2dfe9fe0cf01b7990a23307038b8257b7a9bac89df70422e7c16dfc5675c776268fafd4dfe9f8b43ae30942786f467da85bd25af7787667d3d965f46baa2bacf493d1a9329c81dade274d03ddaf082ab1e870e8b6b2c01f76d9edfd570d1b0a5cc2c1569e57ca946df74068ec3485377bdd1e925dad935374ee59382961a09f3ae9ee8af7da", 0xfc) fcntl$dupfd(r1, 0x0, r1) write$apparmor_current(r1, &(0x7f0000000540)=@profile={'stack ', 'cpusetwlan1systemtrusted\x00'}, 0x1f) r2 = dup2(r0, r0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:45 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x5b42000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 02:49:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556d) 02:49:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3, 0x6181) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x2000, 0x8000}) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x17) [ 2011.355392] input: syz0 as /devices/virtual/input/input695 [ 2011.391006] input: syz0 as /devices/virtual/input/input698 02:49:45 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x6000000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5000]}, 0x48) 02:49:46 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0xe, 0x0, 0x8000}) dup2(r2, r0) 02:49:46 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0xf) 02:49:46 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [], [], [], [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe]}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x100, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:46 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x2000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5452) 02:49:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}, 0x48) 02:49:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x2) 02:49:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}, 0x48) 02:49:46 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf0ffff, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:46 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffff512da3c5394ef2fb6dc6bed14d0cffffff000000000000000000000005000000000000000039159c6c07eb02456c9b69e7495b9f01d7536326308cac857a1fd9fc7e70c6018b5666bb43c2137b99f3ce986f940d4701e492b481c13812551dd629b2fab0a149d85792a1150d529ae28668391ab8500643c987a3b8eb4e0c670000000000000000000000000000"], 0x2e) [ 2012.695188] input: syz0 as /devices/virtual/input/input703 [ 2012.734358] input: syz0 as /devices/virtual/input/input704 02:49:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc0189436) 02:49:46 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x34000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:48 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40, 0x0) getsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4) write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000100)={0xe, 0x0, 0x2, 0x40, 0x39, "c61dbfd9363b74418fb572d71ef799c017789bd2027c4d0ccda541f2f14da426dc46343770ed5fb811109752910e20ff1e81990ac548486901"}, 0x45) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r3, r0) 02:49:48 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f3e4c460000000002cdde3f9d00000800404dffffffff9c470401000042bd3fc93a1b7d11bc00000000000000079ce8736360e240795042684bf000000000f0a3ffa4dfc98807e3f6761f0f0f9c1eda83ff816d08982b385f6bee42764d6d6941690422bfd51ef15661f483d74f7be3ba1616e2c97f016147a0fcd1fb29040bb064de05cd51e75d94edfd755caf07dcd52235d97fd3b95d50a4f5d347ad11ec9becfd67c258bd7d484bc2c4ba880e2ec76d311ca76c828dea6f083f0cd0c83ade5f22ee16fc9686c7870f591dd097fafeb6ccebd1a9f965f5ebcb52c91a42bb3ab3969138f196a740f1bddc18c52296bc967e712647074c67c655a267e32a626d92df0b852a5e6c8a8db3c360370d4c22fbd5f045990c8727ece1aef16c297084159090f2126ec1952964a6a6c78301674491ae17b839d021e6da148ae3bc4ef23102dda4dc9bcec19fbc4d7368755fe909ad77b8ccd4dbaf8ef6b39ca5a1acb5c27fb6e32e5eb09dac01a0e9f4b7b855891c26fd5c4768bacfedad4dbea7b77ed1701d3dcef69ea8646af7274c73d4ad2f8e315c86a0261e5992dec34d0dab87216fd48d087dba3aa1322facbac091bd8af94732aa7fad6315442b25feeac5d1c2a5d02bea0fff03000073129bb8ab8ffa026af77a393656000000000000712d9d95d4864fede1f2544e32a3be24924e6fe03c469fc6"], 0x2e) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/autofs\x00', 0x2080, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0xc4, 0x482001) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000400)={@empty, 0x10001, 0x0, 0x0, 0xf, 0x100, 0x1000}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={&(0x7f0000000000), 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@ipv6_getaddr={0x2c, 0x16, 0x1, 0x0, 0x0, {}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}}, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000f40), &(0x7f0000000f80)=0x14) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000180)={0x1ff, 0x2, 0x265}) r4 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x7ffffffd, 0x2) getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f00000000c0)=0x1, &(0x7f0000000100)=0x4) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xb0, r5, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x75e6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6d}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7f}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3f}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfffffffffffffff8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfffffffffffff000}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfffffffffffffffe}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x6}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x20044080) fallocate(r0, 0xfffffffffffffffe, 0x1, 0x800000000000800) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000200)={0x4, 0x3ff}) ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000000080)=0x3f, 0x4) 02:49:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x60]}, 0x48) 02:49:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5421) 02:49:48 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000540)={0x0, 0x6}, &(0x7f0000000580)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f00000005c0)={r2, 0x7ff}, 0x8) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x60, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 02:49:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045568) 02:49:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xfcffffff00000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:48 executing program 1: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x12) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460000060000dd000000e3ffffe7ff4cffffffffffffff0000000000000000000000000000380000000000adb4112da4f28d906c68489faafc3b3531a78cdcb7f2931a232db841b2df3f5a2200000000000000000000"], 0x2e) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0xffffffffffffffff, 0x400) fadvise64(r0, 0x0, 0xffffffff, 0x2) [ 2014.100274] input: syz0 as /devices/virtual/input/input711 [ 2014.132858] input: syz0 as /devices/virtual/input/input712 02:49:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x48) 02:49:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x100000000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2014.206209] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2014.206209] program syz-executor1 not setting count and/or reply_len properly [ 2014.261681] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2014.261681] program syz-executor1 not setting count and/or reply_len properly 02:49:49 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0xffffffff, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000100)={0x8, 0x120, 0xfa00, {0x4, {0x0, 0x8, "c49c6abefd39cdff6d24447adc8ceac76b51670e58d04251cde279c3287fffceb8615c6f2895c6e9649ea31417d3f7b7c22fbb08f5353336b7050cef2f22b6b68acc0fea85eee167513b4a76b41a3b66e4d5ba3eecd82154fc8d0b954b766a9c6db235340c9d657c9f095652ef30e0674a6a4c57a61e39b9e61d4baf440f194191fae281f4e2886ee101ce9bde5b454c598690c8327c06e2bcbc5da9c360244872f881b5ad0e0c36d8b73af5a833e2784a884dbc4bf21e569a5f994e4fa8520e5fdec5f48bd87e07fbe20de94f2f4f3dfff16f7a9c2dbff56570fb7bf7cb813d84a876db0555d19ebfbe69e4c0f5a636f637a73c1d9cd3cad55c140c9ea02499", 0xde, 0x7, 0x1, 0x4, 0x707, 0xfffffffffffffff7, 0x1, 0x1}, r1}}, 0x128) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000002c0)={0xffffffff, 0xe, 0x2, 0x9, 0x0}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000340)={r2, 0x6, 0x10, 0x5, 0x85b5}, &(0x7f0000000380)=0x18) r3 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x8001) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r6 = socket$inet6(0xa, 0x1000000000002, 0x3) fcntl$getownex(r5, 0x10, &(0x7f0000000240)={0x0, 0x0}) write$binfmt_aout(r4, &(0x7f0000000480)={{0x1cf, 0x8000, 0x8, 0x10b, 0x207, 0x2, 0x270, 0x7ff}, "970ec388918f0183a36a6f538315548f82ff83e78d5d6d2b260a5669a2b1b868abc2f3b8048cba68ff0507afaee8e50f1bc26733836bf2fdd8194d3b285a46424b4d7344322f7cf8bc8230d5b2333fc3cd3a1b4df9fcee91b638593be63d42b3049c79992e6b40faa71c914c7c8bffddaac43ec8804f708733d76fd76740af61e64967ba652223702e5db487cba82585271539f7fdfa709834bee8e59b", [[]]}, 0x1bd) ioctl$sock_SIOCSPGRP(r4, 0x8902, &(0x7f0000000280)=r7) setsockopt$packet_int(r3, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r6, r3) 02:49:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045564) 02:49:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = syz_open_dev$midi(&(0x7f0000000580)='/dev/midi#\x00', 0x80000000, 0x2) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000005c0)={0x0, r1, 0x8}, 0x14) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000600)={'syz1\x00', {0x7, 0x1, 0x5, 0xfffffffffffffffa}, 0x23, [0x400, 0x0, 0x800, 0xc641, 0xfffffffffffffffe, 0x1, 0x8, 0x101, 0x2, 0x8, 0x6c, 0x49987d0d, 0x0, 0x1, 0x2, 0x9, 0x1, 0x3, 0x6a047310, 0x3, 0x6, 0x6, 0x100, 0x5, 0x14a, 0x636, 0x0, 0x8, 0x2, 0x2, 0x4, 0x9, 0x80000001, 0xff, 0x0, 0x8, 0xab49, 0x8, 0x5, 0x1, 0x200, 0x4, 0x707, 0x0, 0xfff, 0x3, 0x9, 0x4, 0x2, 0xb3, 0x8a48, 0x1, 0x4, 0xdb, 0xd9c, 0x2, 0x6, 0x6, 0x4, 0x3, 0x6, 0x0, 0xef10b36, 0x3], [0x3fffffff8000, 0xa000000000000000, 0x98, 0x8, 0x6, 0x4, 0x6, 0x2, 0x0, 0x7, 0x1, 0xffffffff, 0xffffffffffffffe0, 0xd6, 0xc2, 0x7, 0x0, 0x7f, 0xffffffffffff47df, 0x3, 0x3, 0x5, 0x9, 0x3, 0xffffffffffffffff, 0xffffffffffffffff, 0x3, 0x2, 0xf6, 0x8, 0x200, 0x1, 0x1000000000, 0x5, 0x2, 0x1, 0x8, 0x3, 0x1, 0x7fffffff, 0xfffffffffffffffb, 0xbe, 0x3, 0x1, 0x1, 0x2000000000000000, 0x9e73, 0x5, 0x0, 0x9, 0x9, 0x9, 0x5, 0x100000001, 0x3, 0xfffffffeffffffff, 0x0, 0x2, 0x1000, 0x9, 0x8001, 0x0, 0xef9, 0x6], [0x3f, 0x4ed7, 0x3, 0xe4, 0x1000, 0xa6, 0x9, 0x4, 0x8cd0, 0x8a, 0x0, 0x6, 0x1, 0x4, 0x100000001, 0xffffffff80000001, 0x7ff, 0x100, 0xfff, 0x6, 0xfffffffffffffff8, 0x8, 0x8, 0x4, 0x2, 0x0, 0x4, 0xfffffffffffffff8, 0xffffffff, 0x54, 0x1, 0x81, 0x8, 0x1, 0x7, 0x9, 0x2, 0x5228, 0x5, 0x1, 0x456, 0x6, 0x8, 0x0, 0xfffffffffffffff8, 0xb14, 0x8ad, 0x6, 0xffffffffffffff1f, 0x0, 0x8000, 0xffffffff80000001, 0x80000001, 0x9, 0x1, 0x82a2, 0xfff, 0xf97c, 0x0, 0x22, 0x100000000, 0x7f, 0xab4, 0x6], [0x7, 0x6, 0x2000000, 0x3, 0x9a, 0x3, 0xadd, 0x2038, 0x1000000000000, 0x4c86a35a, 0x6, 0x7, 0xe98, 0xfffffffffffffff9, 0x9, 0x1, 0x7, 0x2, 0xffff, 0xff, 0x7f, 0x1c, 0x5, 0x2, 0x5b, 0x9, 0xb0, 0x10000000000000, 0x3, 0x40, 0x40, 0x7, 0x0, 0x400, 0x0, 0x3, 0x5, 0x4, 0x100, 0x21fae861, 0x4, 0x9, 0x5, 0x9, 0xed37, 0x6, 0x1000, 0x1, 0x8, 0x8, 0x6, 0x100000001, 0x7f, 0x1, 0x8, 0x7, 0x8, 0x1ff, 0x100, 0x1, 0x39b, 0xffffffffffffff43, 0x76, 0x5]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000540), 0x4) write$uinput_user_dev(r2, &(0x7f0000000a80)={'syz1\x00', {0x2, 0x8, 0x6, 0x1}, 0x55, [0x2, 0x80000000, 0x3, 0x479, 0xf235, 0x8, 0x200, 0x2, 0x3ff, 0x0, 0x5, 0x0, 0x100, 0x1cb53cb2, 0x80000000, 0x0, 0xe12, 0x51, 0x4, 0x6, 0x0, 0x80000001, 0xfffffffffffffb4c, 0xfffffffffffffff9, 0xa41f, 0x6, 0x23d, 0x1, 0x0, 0x26, 0x7, 0x0, 0x1f, 0x1, 0x9, 0xa3, 0x1, 0x1, 0x810000000, 0x8, 0x3, 0x1, 0x3, 0x5, 0x4, 0x9, 0xffffffff, 0xe22, 0x4, 0x41, 0xd82, 0x400, 0x5, 0xffffffffffffffff, 0x7, 0x8, 0x0, 0x1e, 0x0, 0x1ff, 0x5, 0x40, 0x7, 0x10000], [0x1f, 0x4244, 0x1, 0xfffffffffffffe01, 0x800, 0x9, 0x0, 0x400, 0x7, 0xffffffff, 0x3, 0xff, 0x8001, 0x4, 0x9, 0x7f, 0xfff, 0xe7d2, 0x7fff, 0xffffffff, 0x7, 0xf4, 0x131, 0xeaa1, 0xffffffffffffffff, 0x7ff, 0x7e000000000, 0x3, 0x1, 0x80000001, 0x9, 0x0, 0x4, 0x400, 0x3, 0x1, 0x3ff, 0x4, 0x9, 0x401, 0x5, 0x0, 0x5, 0x3, 0x5, 0xfe, 0xfffffffffffffffa, 0x80, 0x6, 0x3, 0x4, 0x3, 0x1, 0x798, 0x4, 0x9, 0x7, 0x3, 0x1240, 0x7, 0x6, 0x5, 0x9, 0x7fff], [0x7, 0x8, 0x189c000000000, 0x9, 0x8, 0xfffffffffffffffe, 0x1, 0x200, 0x7, 0x8, 0xf800000000000, 0x200, 0x7, 0x9, 0x80, 0x7, 0x591, 0x1, 0x2af, 0xafd1, 0x3f, 0x3, 0x1, 0x7f, 0x2, 0x20, 0x7, 0x10000, 0x101, 0x9, 0x101, 0x5, 0x4, 0x4, 0x6, 0x4, 0x10001, 0x1, 0xbb53, 0x1000000000000, 0x4, 0xffff, 0x1ff, 0x2, 0x8, 0x35, 0xef, 0x0, 0x0, 0x100000001, 0x7fff, 0x6, 0x3, 0x3, 0x95, 0x1, 0x80000000, 0x7, 0xb691, 0x9, 0x1ff, 0x5, 0x0, 0xffffffffffffff4c], [0x7, 0x9, 0x5, 0x7, 0x6, 0x7ff, 0x10000, 0x4, 0x2, 0x711, 0xda, 0x6, 0x22, 0x3, 0x6, 0x6, 0x3, 0x7fff800000, 0x6, 0x0, 0x1, 0x6, 0x8, 0x2, 0x6d3, 0xff, 0x7, 0x0, 0x400, 0x5, 0x3, 0x41c9, 0x4, 0x6, 0x9, 0xffffffff, 0x30000000000000, 0x8000, 0x1ff, 0x2, 0x3, 0x8, 0x5, 0x1, 0x9, 0x9, 0xfff, 0x1, 0x20, 0x9, 0x55b, 0xff, 0x690c, 0x9, 0x1, 0x1, 0x7ff, 0x10000, 0x6, 0x80, 0x81, 0xfffffffffffffffa, 0x8, 0x8]}, 0x45c) 02:49:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) 02:49:49 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000080)=""/36) 02:49:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf0ffffff, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2015.494677] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2015.494677] program syz-executor1 not setting count and/or reply_len properly 02:49:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xdd01, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x8004552d) 02:49:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 02:49:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x400, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2015.550939] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2015.550939] program syz-executor1 not setting count and/or reply_len properly 02:49:49 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffff60640000000000000000000000000000380000000000de95d7e7ea205383cc3c37e4911256036118ce1308dc0a33f4d74f044bf2ec63629491309223a381a5296774d10a0c6efef9c75cdf6ca3ac676ea2123fa8a5b761a154fc7c6cb30550199f2b97a95e23cab375489be4520b0c79281da12ec393de0798ceb54fd9903d52c3611cfc1530464ea974b91fa33dcce2eafd6b99b42e391c1ee7ebdf495d296549cc183adab6b8a178919556d99cc9d44be22165da841f4f23fd99c4d8f126d0363093489867c24e9fcc59eedb2d002b14743d745ad84ee064e4acdb482e6ff565a1c789f750137f1f932d70ef1c89f58b9163059e3e09212d141ff91e25539aa54a"], 0x2e) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xf3a, 0x20000) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f00000001c0)={0x2c, {{0x2, 0x4e23, @rand_addr=0x60000000000000}}, 0x0, 0x5, [{{0x2, 0x4e20, @loopback}}, {{0x2, 0x4e21}}, {{0x2, 0x4e20, @multicast2}}, {{0x2, 0x4e24, @multicast2}}, {{0x2, 0x4e24, @multicast1}}]}, 0x30c) [ 2015.612264] input: syz0 as /devices/virtual/input/input719 [ 2015.639878] input: syz0 as /devices/virtual/input/input722 02:49:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0]}, 0x48) [ 2015.665076] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2015.665076] program syz-executor1 not setting count and/or reply_len properly [ 2015.715875] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2015.715875] program syz-executor1 not setting count and/or reply_len properly 02:49:50 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$inet(0x2, 0xf, 0x1000, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e20, @local}}, 0xff5, 0x9, 0x3, 0x1f, 0x1}, &(0x7f00000003c0)=0x98) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000400)={r4, 0x8}, 0x8) r5 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x20b32b3e, 0x400200) ioctl$SG_SET_DEBUG(r5, 0x227e, &(0x7f0000000280)=0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x100, 0x0) ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0) ioctl$TIOCGSID(r6, 0x5429, &(0x7f0000000740)=0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000780)={{{@in=@broadcast, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f0000000880)=0xe8) lstat(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000002000)=0x0) fstat(r6, &(0x7f0000002040)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r13 = gettid() getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000002180)={{{@in, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f0000002280)=0xe8) stat(&(0x7f00000022c0)='./file0\x00', &(0x7f0000002300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r16 = fcntl$getown(r3, 0x9) stat(&(0x7f0000002380)='./file0\x00', &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000002440)='./file0\x00', &(0x7f0000002480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r19 = fcntl$getown(r0, 0x9) r20 = geteuid() getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000002bc0)={0x0, 0x0, 0x0}, &(0x7f0000002c00)=0xc) ioctl$sock_SIOCGPGRP(r6, 0x8904, &(0x7f0000002c40)=0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000002c80)={0x0, 0x0}, &(0x7f0000002cc0)=0xc) stat(&(0x7f0000002d00)='./file0\x00', &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000002dc0)=0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000002e00)={0x0, 0x0}, &(0x7f0000002e40)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002e80)={0x0, 0x0, 0x0}, &(0x7f0000002ec0)=0xc) r28 = getpgrp(0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000002f00)={0x0, 0x0}, &(0x7f0000002f40)=0xc) getgroups(0x3, &(0x7f0000002f80)=[0xee01, 0xee00, 0x0]) r31 = fcntl$getown(r2, 0x9) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000002fc0)={{{@in=@rand_addr, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f00000030c0)=0xe8) getgroups(0x2, &(0x7f0000003100)=[0xffffffffffffffff, 0xffffffffffffffff]) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000003140)=0x0) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000003180)={{{@in=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000003280)=0xe8) lstat(&(0x7f00000032c0)='./file0\x00', &(0x7f0000003300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000004800)=0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000004840)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@dev}}, &(0x7f0000004940)=0xe8) r39 = getegid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000004d00)={0x0, r6, 0x0, 0xc, &(0x7f0000004cc0)='eth1nodev%\'\x00', 0xffffffffffffffff}, 0x30) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000004d40)={{{@in=@multicast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000004e40)=0xe8) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000004e80)={0x0, 0x0, 0x0}, &(0x7f0000004ec0)=0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000004f40)={0xffffffffffffffff, r6, 0x0, 0x5, &(0x7f0000004f00)='eth1\x00', 0xffffffffffffffff}, 0x30) r44 = geteuid() fstat(r1, &(0x7f0000004f80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000005000)=0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000005040)={{{@in6=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, &(0x7f0000005140)=0xe8) lstat(&(0x7f0000005180)='./file0\x00', &(0x7f00000051c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fcntl$getownex(r6, 0x10, &(0x7f0000005240)={0x0, 0x0}) lstat(&(0x7f0000005280)='./file0\x00', &(0x7f00000052c0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000005340)='./file0\x00', &(0x7f0000005380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000005400)=0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000005440)={{{@in6=@loopback, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@multicast2}}, &(0x7f0000005540)=0xe8) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000005580)={0x0, 0x0, 0x0}, &(0x7f00000055c0)=0xc) r55 = fcntl$getown(r1, 0x9) lstat(&(0x7f0000005840)='./file0\x00', &(0x7f0000005880)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r6, &(0x7f0000005900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r6, &(0x7f0000005a00)=[{&(0x7f0000000480)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000500)="367e26c9325ad09f59d1b32830614f2f0a5e5146b5c1e161f019c9dadeb62123a43c3592fd2f85b77dea194df8cafdc69af733651dd40b12fe8bdf9210b4", 0x3e}, {&(0x7f0000000540)="ea3b3a604f67b1d988e71df6270ae94e87a9b29583457823d0bc93fbab8ef811e3d2295251bd8eecf6d5d1f7e3dedfcbdd1ddd5b43e7dff56136a184a72fb19a3055ecfd1c287aa8d80e01f31706ed77b4d28f68ca5a479d334fc2347efb370a0593a7938350a54864029ab8b46c999cfe03c81ef2a1fe47c138ad6b32f155999256c8d1cddf20a230006d53d60ee658ba098458fcc02f29eb080b40657c79c42e370623d34e2c5ca15e6b33a71ce23f36e361cc9063ebf5dfa7c1fd7e90fa3cc55a1abfcd64a3e1379eba4ba8b5e5ceba7100d667d72de4f354cc2b035969c9e19c97e73b0c96aeafe2f2", 0xeb}, {&(0x7f0000000640)="647eba480f66fdd63be21358bfedc2a6136d5b31469ed3ed370534625a44cc03d51147f16f01a94096b449519caa327963aedad36b8eefc4b059189f57f2b61c47c3b1e32995bc937f4df4ac5480493aa3e3b40236663d6dc18b48ae1c4cb24520f0e7feef1c54bacb24821a316e64cc5f2be850aeb84fa2ae7830514f8ceec85dbac3d0b18db197df3a69faff2e30c5e39456e918534960378cc3c0b9c6e3d525af16f73f3363901b422dea0b572178faa79498", 0xb4}], 0x3, &(0x7f0000000980)=[@cred={0x18, 0x1, 0x2, r7, r8, r9}, @rights={0x14, 0x1, 0x1, [r1, r3]}, @rights={0x10, 0x1, 0x1, [r3]}, @rights={0x18, 0x1, 0x1, [r2, r6, r5]}], 0x54, 0x80}, {&(0x7f0000000a00)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000001f80)=[{&(0x7f0000000a80)="6b63fc9b4e0abaa31dedfc41f85be70fbdc958f50b3953381123c9d2489a67677181fefa6184c20021882d6f51b4ca22f27d0d13d9c084f844e0591b7310696641a51e7d10d49b17191f0a724f6c4d6bdabed131fb300b2b215f3e840693540ba01159784e1ae6d49be631fdc7c57f34c44cfa1be6d9418dec22034a3f83d5103af1e20d1090c0b233455c3b295599c2644461f69570550502f45b5cdd39f4502ede235d0fef", 0xa6}, {&(0x7f0000000b40)="00dcf155442e659942318f6d104696840df6bad2aa7a185531f6ce7a7efe555bf65d8b0f", 0x24}, {&(0x7f0000000b80)="7f1fd6f7c8f22d0218caf69e0d35c3a47bbca77a4ebadeabe7d0973d98b40d6c3d3e96b55f1800af05a5f6aa82f092a39a965b2a6b898dea8a50896cf612eb746868e18d968bd014bdddbb60e4d99286ca09720edbd9f4c538e78aa1ff2d8dbc349c8457642b655e9709c33905ff64ac154465c278587bcc08aade2f565624c1252f67c4917d30cc5eb7f2f8aa55a0afc61e8bd4060d78fc9a23087f1abadca5a84b43d3dcfdf4b93f29d6f5ae20dd1e8cb6031762a98b24b781df96c98c778264ba3b1cb0f344c2e89a82c9fcb59d47dfb1f7a716855754f51f49162702bc0f819d43efbc3ad80028dc4f7ea0cd75", 0xef}, {&(0x7f0000000c80)="30f9ed27d3164711be8d990c1374178462bbb10fd4e76eae40bec39cc134a94603ab1d7808", 0x25}, {&(0x7f0000000cc0)="2d86ba4f63aeb0d2de1f75f64e76bc7ddd3e38af8b1a1fd1749cf662f47a226ed258c099ac0be5fc773c2abe1c665575613f1fade59f186edb392742dbc83d7cc94ef489e8fc563671d4327c3b6c5fb45116c3635f8bed6c82d82adc2ae781f35f582a4a2ec76023ceb0197f82fec510b5fb3b23fd8f2422cab6cf4b214dba5bf8eb5392645e791e13960e5a458a1f64f5501981224d27a645a5579efd16426c9827aa7843d09b99cadcd7e7a2d004119c52a633f2b92783384bf14b0a5ee2f20cd23549207706b0e2f2d721b079b334a34fa97b0d5c20db169109a30f73e659da17441f0139ccb04016d32eb5bf394b5bfe116f1d4d66fa91724c72c1082ccae969135c5f25790a3c981c727e0b199da80bc0aea0918cd32fed0f25707377996e32836615245d5161e1ac3df878871829a4023bb1023ddccbf1bb2813775db301713d949c65beee66a42b5445f493331bd784b82e63b8fdb1c08e1028223cf7f1e9cad0d09cca8322e1f02a8c308d789de149bdedc95ebb4e3a39a76a0d4f4e7dab0e279765f806af61419f60de2a75bbddc5e6182e67eb2def6f031f7e71aa05f47ea63d56eaabfea9d1bcfd951f06a69e270e255815015c423553b4aa7ae340f3a9cbf418e98f47cac921176915d5ebb628d5f9e6959185e900501e4b9cbbb3bd0a8620b6a763aef28ffe5d4f9cbc4f8837213e8ef0cfc7a3c05e536d4018e1258b89f28108a11742659134aaa2af93e61eb1a43ed770b1531d73c6732a62b4cf0d7cbd222fd0c2ec28e725984fc6170e00f9e6cb498d4b4f097f54408a46a6c2b115b0c9879f987c018f1081269d72c40dfec946acc29a831c34798740c0bad527e766de36971d27b6dc87e4a01936299956ebf06d3e201943e5a4ae9f60d05e7af5c8d2c6d6f878f8560ebf83b08e9d58f4c6afd3d440d6a31c689d5bf4c4b066ade26f65d8bf5f6bab6f7f32c2c0c958dd322bc36d842886fca47e887e5ed1e855d6857be4b176c2b85279bb30df7c16a65a193ab4461715ea6fd2c40ec03e498c337205a928934345da3db0910ccc3f2cd4475ced0905908c149fbb35e4fa017af2da28baac9f8a632e587edc6b88587e42190441ec098d70ef179caf82c82f3e29abefb9638975ceed7aa7cdb25d4a1bd8defd4561cc90375b0bf22add5b2e0232b37b8aa41f7ebe3f8d8be545b732ce6316c41811e4efc2973d4b0f0685216c244351e95ab6f59a3f9225e8cc7a84c779f3b266842c4c264ffe7e0f4cb990af7a4941ce20cc573c5e2cc7c805d39a2cf706af91c8b3a10ccd6b738422cb31f55a859d39786c2be810fbd176cb496895119b6d16984d7093ceab7624ac8b9a2879fdafe64f7552122c32f72560a78ed51e3440c91eeb1d2cc5a1c838dceda3ad0b5320e91588b776c9994780eb862561bb9a5d3299979663c34ce8b6868b737d82bff35b97dac28d2133a662d30b0826d307dc84fde2f33e0ea93bbfd015534c962ba94c0bb52aa5d904ec8866aa9e2825bf3d75a363da931a89365a8abce46bd18042ab37f1caed86f8c741b3157d6d902382432e657dd12c7fa66c0ad04024506bb7db5a7776246c3aeddff52437c6abfbb3033d782abc0e69f5d9b7d9f741e9a8c37553ad1371bf9fc5951d4cb2777ac4d68d1e294cab7ce8726d8bb6e94af67fa5470ec943b28ef308e5492fc9fb3b064738bc95a0a47051bc8c4cf230ce7447328a3e4f2af7786ec5ac4e46e18618e73bcfff925af7c1cb92c784db9d57a8e40b394217412cec485257d634e26a5ddf2760c0b9a41f13248d0c30523407d120731c92044206e2f60fa87fde68a5a8452c77831dd6660caab10433bc61deac4eeb8dfac09a45b8cada1a3ce6bbae66d1dff06421a099779e13adc7af37d19b2a696508e7a8b5d1ca1b4327cae8b8b22e6d4bb1c87dde8d422dab3bb5906f47b8de2fe3b8c8ac29aa5c11f5624e833e55ada4e4e8e8653b09e96fa7256360729bb5168cb2471736b536a83702f5cf1fe7ed2541e3e46f7db1caa2f14c4ee52af64e7bac9ce78b3907ceb825bd854c61ba97b72cfd8cdaf0da030e6b6a9ced3e8defa2eeb230df3795398806d0baa9c126aeb6b68a767af6f67d1166dff55ccf5ab65b9b56cfb8248893979b1e07955d5776d3ece4240f9760cd7422082a3ceffb18a0cceba2b51be59b595598e845a23e370c6a029811b1591bbc331a06e2a2572b7bedd630039903cf11acc2917f13ec180a7818ec5fe78102b608e094c70286baf5781b976933bf1efe33ec11f26cf85d02fd9f4a6c02b981a1ce9b476b77a689042573569f1133a501b744db6377233cdc11d6f7d756646a2c2649afe5afe8a2b85a0f8ec16a2791501a464e881faf10587a674661a16c10c1651b6dc650619325160cd06b6745f37db86eb9df09ad397de02a6d130adf74d88865e2d6b81996f22ea221f815ddb9f933a33148e9f2902c1a196e3e492d6ef062fe12a452859c0163cafc351abb8c9b5e19566f20a5e7d484e7024ba196f61f4e8469fe14039f849c2f97b2029f4516a4ec0366423633d5366c901206d771e74c86675c8dd4c8755c95fa118076066a0215a01fc9de262b0e47cef1ce2bcb54ed49193a641e265b22ba44d9a839d8d9ebea4af1a62ae67bae1c3bab8dc1cc4e5167f3e213e015ef0740a62d63116100803740f0b1a41e0d22fcda6249c338d9bd182288b263b1379cab1bb0a1307fa612e2f716b68ed806d9fba9055f7dd559ff5118e9b38915193f221c182cbcaf388c4ed31ff5bdad44ed94eb5dae95f12e3248de0097e7dd1c35a9d696be67f16a3bd7e9212c65be7bdb16085c02ff4d611e9603a3e39e081ddf6130a5f380d5a5f257cd328b3faadde4483979e7e45e7ee7adff81656f2093706c723b536f4f1bddd4d1cbb9acbacb81280a878c06aeb18141da42f332d82288664cc8a73f6078b7063028823b8b7f00d20ff108fe886c49f8716f79803ac282dd00f27962c36672f4de7791daf1124046c9dc3975aefbe115273aecbfcab36751d25690291a21e639ad96204bed80f29f5157867ece951b8719e348dd1f0be452ff736619d5e49b4f983675cb6e2a4f880b0231a4e78786a7aafa9c718350217164dcc57e7c0945104384e2118b12b98a8f1fd1ae5e7ed3d3b94bc67fc2d3b84334fd915396a8730eac5624d4c3eef22d802dfb289318b3ebbd9809ce1e188a69d87384944f67a76d1f2353f4f6828425c3d11204413ac15f1e1d931e65c0eab5b4a1beda6217eca18c082f9fec01bddd807d1bc848d781bfab89e44f9ee96da2211f6446ffe154b28ac334835ff33bf7a495f51630c376c9aa82ae1e3def4afc0829ac9599e786a06792156054bfaa8529a1896f8111ebdcf3f37a315e8e42d7f8cc7c7f8c53e7e47b6a7020950020f763d92e021067a84e953a6ae9c14915edb1d1ce8ce9d0abbba6e3c26e092e52b243ce9f316ec22eb589fc549b2690e49461b43c0a7dd272d198502483ed326d5c1cf29d91ccce7038f35765f80192535fb7f23033aedfb513c46befe48ce4cf93a67dc0c92c54c096965fbad50b5f9a0ede215e7acea6faab017327e1d4f813346f38f15aed4fb8bf56d2ac680d36a5a13df08ec13ccd88947f13db41625255d5136336af099560cba124ef0cbc22aa94743ee40c3283af6ae0d7efa3ca7a0076ff231fb1a71e7858566d613da13e556b9c9815cabb231a44fb36c258fc21378375ef0e0b1381958522cd0136f4c42b1cc07d11d88b5fe6bca7ac9f35fce0b64c5e85d32a300d94c1276f9c49421e676cbf0b198f7ac86ed8771876f568c11c25debacf56f933c81c2b2063fc318b0b53a5bd306298e1b70d2c1bd746ad66d6ae709b2aea055ee7990b8510ef36548340b3ad1bb8b3b3071ece14a25278f332a4b73d71ffc9ca66cef70c480fef7136cf070d9796aec8a458cc0b2a28ff5be8a61110c64502554ea4a59ee5ab32f569781134b66d633260fb4439e4387bc6c035c00f9eed400fa142e045939d141b9689d2a4b7cd587ca40c22c6f8b2fbaf502bc270677824e66f6c02eaa50ebc55e3d8e983b86f184e8b987ba96157c02564193dae9c57057c8239628f542719e6d7ec2534ca71220022218d516cee37b2a2ac9adc4559b00c1e91468cfb3e1e6a82d86cc3cbd30c84c01f855bf3fc3d7e150b02b4214a52f092195a2536b3e5b3bd244e8a4f693e7fd330ae4081b7bbdb1135f52e2db27484bdaa00a74c36d4ef3ecf7aec1ab63eed4363037ca6a6ef564be719e2af2b1f5b019d5939fd639c8ee0e37685ca5ad074850db2ba7b513d42247a9da63f0559dc7d2d5521a750b9e4f04a5a4d1a43177426e6f5c921d2dd9f52866aafc6833bd36b5353aa32e5cace267828f1434dccf52365add0292082e4ae3d07936ee32219123b6bdc9b041295bd2e4d20eb361f1f9171e029cb7906d0895211dadea5bed10ee26b28116f8e66c7a209cc70d9258d11024d3dd1b77a6ebcea4f5be4d30682cbc4457c5e2810e24717eb7fe878dd5f76ff68362fc6b81ee081fb8b7572f185dc168ce698943a92e9b2a4177fdd6d6d348e4f1c7d33d51d3733145d9662ead304f6feb077767ce7f8d1b20607b8115a406557a0dc48168b3c9d544e174ac3d3af6ad3a0c5e8c457c30bf233712af48d3478b5cf2f6624b8b3bf9d45dcc38d9990b02d15b6acdd4995c938ce09d7e611eaaa492d6854b7909261e5843820a1ff0e326c06b9582661df06348667793643f23a67f5fdabd9fc72ddb599f00c1733c41b71f5df1991b9b4b54a9f291cacc671df4796059b5ffa3cce3f1366ee8b6dc4370fc6d4fd6f70489b87c74841d81fcd531c4f608d364e9b88b2a8b9b0e8c6cff248e0dbe5d210f88e8f06293c50aa8fed8a3e2f59d8610d098852f80d5e4ccc79e90d44eb1c9bf7ca05b4fb8ec17d1d58bfee3e59ba9fab2760416e845af0a6971ea344961aac095c68dfceb9620df591486a9eae281f9492aef85fb7c430eb87f153defab39963a8601f2124cf83f234c6c69c0366d963c5c0137dc41b86a68e9dec831419e2dd024aedae1a4261c93ff1afcd7288ee7e8af865817d5ba4bbea5295643d44f55f0d4dff3a760ee56311ae12ada8af7248f8e8e4b287d538e04b7365589939badfe86280f3c1809d4076d5ec471c5cb533525c89a483f92af3c701eee6be7f5045961c59567e62b254ba013198b29dc2f7b34a4d4a8315447220fd4e342b5b5cc6c379f5f686a60c2b7cc272005dc9814eff21fdea4b5563e5fbca254242ee95905a2a7388182df0beada3b5864abba6ee08a5e45ab95fd05f8881d15eccbf8141b5f4d11a94126bf2f3d4ef5bbe05d69759b84cb2d53c2ed13b0ea693af9170367f1297713c173b3053bd211a9619941b5f34d59212a9ac997f1a5e5bd695508b07dc40f1ea315014f6ab1b1f59315015f260e05099ed4658c7ef6825495a80c03191ff1e93d89c09138a2ede7ac88093b45b654afe49be4f36b174fb7100727e3a2c5a0ea6150ab0951ba3cc7d52ec797d2e3e43815a114d6e8c8c992465f17f6c2065618b94e3d43df569429e4e11b12a1b547af87d70e5c1c0ba89bf137cc82b39b1c781c7077eda15faf90e27ce3a7c5c6a010db96a279d72a18b92167d37989e4b199711c7432d91cfc1a23d2a64cf6d91611486f127cd7378b3f6bb044176d0ed2532d92c237cd7e25e941b5a09f35dae82025ae15e3bd4b0d42ecffd652660e1880380cb1c5c793eff6b119e7abfd10aa4cf89e4", 0x1000}, {&(0x7f0000001cc0)="020d3632105e21132f635390c605596e58b815764178ec484bc44bdbd7e73299f0b23a063bac7dd12e99b2a7e3d8a0328e174d69ee136e2af0b7e3c3c323fb66692991142c29f3d47c8919813cf215fd4e77624b63373f4ea91f2a2cbc994e82", 0x60}, {&(0x7f0000001d40)}, {&(0x7f0000001d80)="c36bdd5985e324513f1e59fe2113e47c77d2a2e3bc2f4fcd26d259a68794ae1fff2a56cb89dee18293d36d6338325c75b110eb399db9a752f2406e9432c807b79cfc502b82aafae1fc8ab9bee7484acf932143ce12c1058f441b788d40f282c18029c40fc4c7daab29fe0c2a50b8b2b78bc41b713a764c4c21ca0c0db9f1e11e83e95434280f865e20add50d9eaf1dfd87234b2cde6766c7e682bc81ee01a1f9a4325a22d1c0479158cfe74cc9dd211903056de9c324f04f872acc257796b8f66cbe62dfd7b7cecbbb21f4afb7119d9465ca8404d6e1781ee746c63da8bea06d25059b2dce1ff317e11c80ff42252f", 0xef}, {&(0x7f0000001e80)="668f32c61bbb0d7458250cb2d76a147f3f94507a41b24469a2f9e93675224fa4bb7747cc3bec40a743a359a1d3160d77f035bb5939625855b1d36f0727637a64745415472d183407cfdf63aab197a10c1f924ea76a3d6e950cebe71f4285e5db40d28693f8696d8823de24d9c8b6f0f982cf62f5964284ae5e17dc52a4adddd5a4bd8d35ac9c6ce387cc3ecd81def13d8c9c3841f527611bc31b34882b5e7beeea61ee933624d1c23967241ce7b69bd33de23ea5aa9358b5435ebe1965706736946fa8c3e81504d182", 0xc9}], 0x9, &(0x7f0000002500)=[@rights={0x18, 0x1, 0x1, [r5, r3, r3]}, @cred={0x18, 0x1, 0x2, r10, r11, r12}, @rights={0x30, 0x1, 0x1, [r5, r1, r1, r5, r3, r3, r6, r6, r1]}, @rights={0x14, 0x1, 0x1, [r3, r1]}, @cred={0x18, 0x1, 0x2, r13, r14, r15}, @cred={0x18, 0x1, 0x2, r16, r17, r18}, @rights={0x14, 0x1, 0x1, [r6, r0]}], 0xb8, 0x4040000}, {&(0x7f00000025c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000002b40)=[{&(0x7f0000002640)="c0ff9b4232efdd762956e094e767cfb0f6e43c3fc85bcc1a6c0ce87433ae8b8020af6fec7bd7dfa150a34435efaed142835141dae6992c455936836f111310fcd396ba85aa5c05", 0x47}, {&(0x7f00000026c0)="0e3b68363477425322f02495a84f6974c01836b6757995", 0x17}, {&(0x7f0000002700)="fee83f7331efea69e35753a73433f040dc919a527c2bff432ddd6030f294536c88560d76f0de0f49539ef68ba40453459882153f1b413ef41d9541e4d3ee9db848bd7882144f97488c21e50c674fadb5da47dc2cfdf2ed965e5049c1c26817288ee59e862155f20d47b86ea78be40131f67025e07cc300bd852261063629c03a5eaaab3a7c92f09625dfcb6be0e6c51f64b779c9999938151c12c6b1c4edd3eeeb084c88b574c986ec473fb9aa6bb032e43f", 0xb2}, {&(0x7f00000027c0)="d1c01d027d74ba981626c125a49b9ea0000552e2bcd169a4fa7826dd745aae04463986b99d0ce81fd5f5eeb8bb3de9d38ee320dbf59bdd3aa0179977e7e8a19aa60c359c84fa4fabca7e806b127f0a3dfdabe5e9f8efdc9eb1b9534ed12522b2d7997dc2999ab2664d9960a7122609fb3f141448fe5f3e38c0b2eb567980ae39df267b70bc2758cb76a5ff9ab2c37a7ad4574794898b6463886562ad8e100006b64d6ce0b367175bae870cf50af247e4b0c7fb0f427a00f415ed68c81b1259a51a216636", 0xc4}, {&(0x7f00000028c0)="43da0fc6e456b5b050a4257309bb3e3e065a0cb32fdce81959a638ccb5f49e5c78289a075f63e64dc218166ddede910999601eee26e2f6da5e07af0d9c6fc670e3714da117306a582ecf1278dc0fca6705af252db1e8d961544be43cdaa943165bad51b8af70529aaeb609f69c97f2f293aa4699c5eb5b6b8542462390b53c5bdcd6e34a88545e11f87b3af49d6c35f034e70947dc372cec172671de937478108c0d9e352b2e7375c5f60c882b93dc1e04a7287ffad3587f407fae252859fa33d4f3455d475bdbe5c5471b8eb2a43369abed66c99542022def3bed8d", 0xdc}, {&(0x7f00000029c0)=' 7', 0x2}, {&(0x7f0000002a00)="4aed0242f0f01f31c3335a9c4b4bee649e8f5d6e73e3f4f4d86f726d94488275bed5920337b56474052d3989e0971fa748f995d1f28e9842094a9f112ca3135571a85efc68f0efc4ee9b0105ac25de754e3c8fe440b0af75be28a05372b188acd4c569", 0x63}, {&(0x7f0000002a80)="14f6c50a175255e5a243123d10e61b2e8c989b3e160190c5ea83d75c2355f444e10a1ca51424fc20ccb56f283aeb33e6cc26096349b6df679932a1117311e04fc9336bd06ee6c68d08c88997c422e3b898", 0x51}, {&(0x7f0000002b00)="27cd065ba82eeb77d6cdec1c78549b64de", 0x11}], 0x9, &(0x7f0000003380)=[@cred={0x18, 0x1, 0x2, r19, r20, r21}, @rights={0x14, 0x1, 0x1, [r1, r2]}, @cred={0x18, 0x1, 0x2, r22, r23, r24}, @rights={0x1c, 0x1, 0x1, [r6, r3, r5, r3]}, @cred={0x18, 0x1, 0x2, r25, r26, r27}, @cred={0x18, 0x1, 0x2, r28, r29, r30}, @rights={0x1c, 0x1, 0x1, [r5, r2, r2, r0]}, @cred={0x18, 0x1, 0x2, r31, r32, r33}, @cred={0x18, 0x1, 0x2, r34, r35, r36}], 0xdc}, {&(0x7f0000003480)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f00000047c0)=[{&(0x7f0000003500)="ed6b829e73a47b34ca244912feede379649631f3664f2cfc5c3a634a93d7d535ceb5e504d4f550aee6c49954d2e72003d2f1fea9a298cf63dcaff75788fc842e29a6bcdcebd5d7265aea56c496c5bd78de34c7f14b0cf4802f99dff02383abe0f3eaa9c06ff2ebc2bdbbde6decf1ff3200bfaeb22b0b7668a93ab6adb3bf12d3a5eedf949fab2a857eaf1c232c86216fba839638fa", 0x95}, {&(0x7f00000035c0)="08db0b217f8eccb4633e09f268af5fb63a1acd6ffadb75f81203765a97132c0b26e75472faecff7ca7ce0a763e6c356c3fa883913788b200ae3ee6a01380c0add5c525ae8a03382b4b16a483706c5cc2dfd5ee81def114182a1c0b76e1", 0x5d}, {&(0x7f0000003640)="9420a1d527", 0x5}, {&(0x7f0000003680)="f0a170e5fdf29fde27fc52fe79e7c8e5cc22406e2b30e9ab3241b01b8fb6008f6d43ca5b62382b41499c65fe6a6a5cc41b6f88d6595d2abfbe9ade23c1b4b17fe993dbe355381094fd355d7f4fc5efbcdbd4d40410c4c416aa25cdb4f56bf6eafee4334d88046701f43e3f29c6504e408ff7843ac630d66d6b226e94cabb6954e55d73e3e4ff8bb7ed1dcebe5972764bfb39573fadef7311a38de26ddb772bcc5614affbe481f0094a69664cc415e2a530809aa66c820e1f2cb716f98091da2ffba0500d82c42c828123eb9ec6a6f19ae9", 0xd1}, {&(0x7f0000003780)="ccfe82cd5812c112ee", 0x9}, {&(0x7f00000037c0)="410196facf3378b59dc8b81bdfff5075a47893d00cca83209b0aedbfda31eef39364e76833c4d8cc261f4e66cb414b50fcff47aa7958bf36816a6aa745a9272005df2ef8a541418cec283277e2a9da492d960b07cdac423342ae0202781eb55bc48d1df8fcd814d3a5944505365a2958fbd4fbed48fca2e0d9d70eba2d705bdc285e7347a88bf98e3bf438cba1d8e45b8130d79a9cb501c43b5889d3009c851cf674fc582f16dfbc320476417ceabe3b46e406157bb4636866e47457badda0a0f1b81543158516cefbfa52783399f00a001d06fb08d8011fa32a598acf6ff5d690da4009985744ccdb0b2402ea7fc4daeeaa537b19f82dd5bc38d19f5ed8799688c91e84b4f683007d7536ed980f0ce567d739915210918190a9e937aaacb3b4b3ad6bfc7f6b81be3a6879e79b4f2a01f609be7f7b60d0feb37a914953cabef21f07758517aec4ffde04fca130f8aad65eeb7f417965ef175212d6bd7a1bd5255fd11a7b73296e2208302fe0f38d36e077cf04ffe4ccdea8f346696df36f2c1af96bb9f8e0e7dac9dc2bd588a1f65627ff68cc9e7892362ccfeb10c881a267529e4b8b3ad3c8f64a60a056f43d5c61a08b7f4b55b65ad69e57112838f52e6aa8cf22c85b4e8b49609dc464c41ca9997c74c5bc2508d99cc1f3c9af47e32a84efee336b8f0070daf65ee35320da1eb084cd1414063a6ec5b0ee49a0eebe53d4aa37628d377aa4b01af28bf62a11d52374cfe009cb732807278e5fe31265c4db62f917d31e13421adbebf7f5ad4c8d51e4344e53d77e8e8aad755161f979767e25a146174043a7e252229f1957ef4464a87c04104284997c1c119f17ea3e5bdcecd7f5e64e75f11b8cdf0a2eb5bccb907a9df3a22645f74a0a2cf6f00a12e280c9445f3738c4bd9904c841ad35af3ebf281941163251a01e5c3346d31b31c9165b072d6171e0b91e23540263f2725cec95e8aa5359e616fb39f963a2cf12f3b8252ea977482ecb2d7b329d175e931f86657dcb101057f06b2238ac7e92357785c1dae70d64b10268d7b52c95511fc885051fc6ce07440134154ee8b653bd5f3ba7f9ca6d441d1a2bf8b4658a1cd97d8f1b8f3e7708ecdd0d17ff67e2b008b275142de5231e508af60321e1d816ab56cedb800012dbf61462bd064581c51d4263e2be7458eb2fc35a65b899544c793e506dcff4c23139717d9f8bf33e783068daed719a88c438079afa92478daff94a4043c41186385f0673ab35c942d961707f442708ef2191c6b58572a6de8c593ce477d303deb39894bc4c7f598b00006d30df2f8fc72de1159ffd602fe70313dc9f7546876fdad7cfd171362abfdd0d47814c660325c6825538046a2943965c48d330f432a85c150c7420c19c0a0acdbf3980d136c4f1f832b9484e0e3420888b9f852aa78685f7e72e38c3c5f416f3871a2451ab00a1cf3a4c95b5a4dcf4b01e00c726451f249ff3b8830adc9e804a43265f3d5799c594353eaadb642bff5aa12feadae90a2cf8ed4beaccd128bc403046bc0feb8f134bd10ac1a059655ce4cec631f7d37b925af57349af588713a04de888d05c2c3cd6e98c6f2b811e504d53dda9cd7b65fcec402f295a755af373d5ad3a5b972f997b79e25ea32b778e66b355b4927be06eb01c742ad7d49f5802d86185beeb44225b7be7deec98b17b446516ade340d14bc75d32b09d771a255eefc8766a2dd5e4ccf25cb07c64df7ca99ec11f3f08296bbdcd5f65fa5a335578dd12188f2c6a6c1aae113c626ed1b9498de852c1e7691591178eed8e212966e99fe6a6b28b18673f160b823b26b76672df1c03cea404e7b8cb7445f85873efe768432f709e8e4eefcc6eeb20213b319fd0a9a32a4d68f1b60058765759f66176df630ad2e74ebb2e61c4001661224785c5366583def3d31480e658a957ac23bb1f75c0fb641899ac86ed28ae3a756090306977c64765181ae3018bd70e322603c3680a8ef19ab686e243500a328c064a42b12e3a6e7326aede37e8a324f195d0c9951328ea6710310a822dc32b2018965346317a811c7e94d81a72d22a10e1e41e5287476c040a536157c4f82a2713709f338c88f16635eb3f9e927abe3d41ed29e2e9282f2abb327352d20bd9e68d925c55e51c6ee00301d6fb9096ee6ed2277a6c18e288154a2a3014ef1d76253d4288152d2d2165f037108741acfa04c5aef42c8306f46b873cf0cfde6f3cefd038bb99386118fba35a63ed30872b2c08f1d8517ad9ee3e61247048a6858c7a7fec16648db1596d45a35c9988c60b7816cf9fe987118380c30e60169cfd864b5d41bce69c061a88b78c6409f8054dbabfa4b68fa6cf600dfa4e598edcf0020d8cc832ad43f4991d92a3d2cd102132efcc3690fec019c981bef7b99fd8420980d56397fa8de7a47dc105a45431864a3ec1667edb168ea6bdf268204846f4f07a5e35c1c81f03ad68f14a828bb239521e9be91ed98e24b78be1aece9e41bdf14da3f442dd7564099ddad7a79d29a6ab31e965f4e214d060913b7ee9b4e7294869b3373d274f58b3d4dca85ce1b167379c832d0bff7f5a030631e293c103a68c77ad6370146c8c2f5f29559c56ca39a39268ad4ad32965cc8515526ca0509e59e57595d92b12624303d078b35dd7c7aef2631fd3bd1719cac0ac5baedfd5af7e71ebf6eba2b82c166b388e82a60ef5717533c585eb563a94697884fb502a1a407e5a904d59b9f43752c4faa6cfe536e663846c2b3d802a42554bf468d2e371447a74926cf6829f0d9d953fdd12482fef2d3cf5d858f5f2ff3d2948f3cc036bfbabcff1cff6a25ef3bfd8d669ac1f5426167e219ecc57109d64efd48ed395e4c55868dd9a4c13fd97dd3ac0e6b64266af861d6d8a550660cc19cfe559d46055c7c4c73cac255d95eddf2614985c8612392a4dd289c56fbb5dbe273e0020d9dc8e4b0c2260978771c138f17181263cc2e3cd64d646593d9bb6ea929ca76e61a31f3024c40330f09745cf87eb4dfc363e0d2b0def01f20d9b788d2d008ca27b4deceb35ec3400eb397ebaf7bde3f08ccfb44320e0226ea9ac989ea8285e60164be442adee5fbe4d6f3537c3db722bd75546486f33e2c833a833987734434c5472b066509ad1b9eed99887f9a88ef198efe95a49147cf408061fd1acf6557a10ce7b4c6ff9db745e107bb6ca8e51ebd15026bb4f868176c5036cee0e3164469c2261b3deb0cee1c0f12e3008c1a19ef5c8d4928ff8dc5b66dd7e56d4f35fbef84ce784eab567183daadd8e1e733a8b5aab94882a4618c3b30352df47465dde50768c98600f9ba9c81c244e09a9c9b25a2cfa2a342bfcefbc3ffca3e7bf0fc2e32e0f87c2a6b4bbbe463991c23939d1150cd5099618a717015129804d70a034257fa8c0624a17514ac16f54368ae13e09b2e9701941ecb45bef3fb09d8b7fe696194762a690f48efad80cc2f3447e2999b9dd4cf0f8c288231af54b892f7cc2c9313abcde495ef52a76ab03112a911a14036514862358e8d3b99945e3a88863a11760d55035b734211e71575f2e9d646f8244ae12f4e532aff379f33bc5de7b0512cf814c9ce03b6afc5630e8b4014a7c8386e51f0aed4e0c034779247194851039434925fbef5efa737b1495b206a8eee779247ac30e5d0a3ce807d612403df75657647afa3cba21a7c32bb5b1f27d33778d0ab9fedcf2ba66811322977c5f9720856307cf770fec531c3663ce76512993b42cf44dfcba1c8b5f08771c0e9a27dcd09d45423e04acee304f95e6cc27465fa9f592ec10860da880979337abbb1a98fdf69379d973251c2731211eb1bba97ae7ab38ede93129b1c39e5f9bb3e0ccb9e90211f328b22068ea7c36d72cb301d75c47abe03c6c90a304d9039dcc0d6700ef9a00ba23432151749102c6981433555a81b572a360e1b9bd1980be8fb3af53c4f29d71b333a1e52a3dcfadf0b6d14c5a3fb42e6513e39e95cd642b0156bc2de9d680f0c4dc28a48a4022b2622d74fa938c5da1f0f7641944270bea2c17776a34e81d55376c6e85f3b29627fe128e1d12a6eafb7002be8e95d15c1af78e9f942a6bbb87e09de4e89689d5c43671286cb2145ce32adeed6ba9f12ac28c6f9d10189fe25c653964fa197e7cb1a86946bc65fbe35d06f208ffce7796f2c51d9ed3f709052d96d9a331f689405de905e715c232228f6995b221bf0ff130e195e9b801a952eca9a877634386d8996dc8eca2c3801ab80a2a0349e937edd70b5232a997bf92c331872e00f83b63e5dcd6bf517108dcec6e7f326102111c82ad2f2d7ab70111aa009e39ed7cb05effe7296d8c9fb4ea5ff9d64d9730b46d4b6fbae70b08398813238f8a8ea2a6f7f646155921416ffad8d89796c2e96ee8aa150344d5cfe4c214d61116d670a456a84e9b99bb1846dd0388e75fe8782e7875a304245d9f5e43ca36dbff14be7e865e647311267a4976a9d6eca02b62bbfb694946ab6bb5d7104b422552687f3ea3316a7b5716349262f0ba6f764d02ef90bdef9fc09d20e0f520182799cc2a8428886ff8942bdeb007e120513f24451920bdbc81266d78ca01999f56e8cf5822dd67820a289ee5f6f74ea7c533d76cbaa3e73395a5bd3f08c358bdb61834997e1ebafe52b1db9e2aaca2493f2fae978b720ea0f66ebd480482b560949b5a922330ce3e56a91426f0eefbdb2a50fc8cdb4c11dfb4e3578eb1a713121a3f3713678c99fe71914453b419c57fb4328f68a544c403ad1649bc422a1d1cfae90a53ec3481be49599e5684576575b7cbd3eff163e65cfeef5dadb5b7903629cc8a2647db682c74507f9c538da8de1a7994e223aa88b420a1fbfcfb393a86fe912b6b846e5d96be403ff812790142a73e96908a29d048e2e58bff52e79a5d28f4690099178fcf7dbdd2440adc6622d6b62f9d879e20170f8dbf979a38e77e053ad6ae1add562fe4edd882d5ae2c778cc192c083e56ad71f1b403dc7525c880bc04d55e86c4b5179510bb82266c94ac5b5e6ab2f71e4d79c26a9e4a458437ced712637d8e85c14870c31ef6a94eb4a13b65b6a84541263270eabbe78dd97a3538e93836574badacc56a6d7a96ab23d1564286f003e98eb301a2904e6774a4caeb42bcacb8b209ac3ff8852982e999d4f5beb1c706ee2b0ecc310a0672f5804aea547844ef04b10c98a8f129815b16783c1fd3f93934b23138058b82566b13869a91c3bd919f09d0e41e26bf7d412d11cc17a99542f8461da930f23ba275012597daf3be733786be19dfed1dd566f81bd116d98780ebb93f4da5c3188d5124122eb74ad24e50293283508080d430fd41e309d91a984279dda50a2b09220f051c9f540d164b450e52e3650d29fb80dccfe59c23de6a55bea111771ebad437ef1e491e06ad4b8e1dc6cc8055aec857995bb11b63f5895a5dd3af585fbf104334133e20e7e47ecd61d8cc6f3a1b6c7845dd72afa4e264da74f808996af9a0227685649fda78dba3dea9d0cb953b189c18a7b5c4cb63cda2b170980488cd44e8f2d38a9ee0f4c3ead385901e9008e630a8355ab3122d160d0fff4211940baac27cba6bbd464cb2d91bcb458d40dd1eae6656bf811c2809e1d9db457fd249515f00cba261467ced5eecdba79ea947a209c08de2c6da09fcd8f775b3f4bb4896d8c994d4837b474e13a2fe37377afbf30b42dbbb7cd9857ac9a22352432034248c90e65499c22ff071ae5dd1948b52a9363988f6086cbfa34fd32cbba36a3ba391635c168595b547575d8a8e45b7cc8136655a714", 0x1000}], 0x6, &(0x7f0000004980)=[@cred={0x18, 0x1, 0x2, r37, r38, r39}], 0x18, 0x4040}, {&(0x7f00000049c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000004b00)=[{&(0x7f0000004a40)="fba194249f98eeb3243a70b221c098a2e3941372645fa2d44704c062dd26065e11e82e97968b3a9c569bf9c2aa6cea3d30ce2ad5a36319c2d7dd5cba851c37941a96c3dc4da038e09d3caa96532fb23f68a64285d6b085da90cb1951c3d2244bad26b1bb91eade5901ea51e4c93bd5105a4a88cb47bf044eb03c2b9c1670691dd6d7f2a6b2484aa864178f2ad7541ae5cfe0e3f0518369f579ed3d02dd7aa6bc153f9c6dfe73a0dfd0c98c13f92a", 0xae}], 0x1, &(0x7f0000004b40)=[@rights={0x14, 0x1, 0x1, [r2, r6]}], 0x14, 0x4}, {&(0x7f0000004b80)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000004c80)=[{&(0x7f0000004c00)="e3a2a922af6d236956454c9fda6dc4097b9a6e46b543960747b497f22d889fa47400df4ee8e0616789155caf381178eefc9455317ffea8cae5f94fffa216a2dde22589c0c0b2e1edb9447629a8a93661b65402cc84f2125b5e3b7c2e9b3aa676296184de890c3755e43edabb25", 0x6d}], 0x1, &(0x7f0000005b00)=ANY=[@ANYBLOB="180000000100000002000000", @ANYRES32=r40, @ANYRES32=r41, @ANYRES32=r42, @ANYBLOB="180000000100000002000000", @ANYRES32=r43, @ANYRES32=r44, @ANYRES32=r45, @ANYBLOB="1c0000000100000001000000", @ANYRES32=r5, @ANYRES32=r1, @ANYRES32=r3, @ANYRES32=r1, @ANYBLOB="180000000100000002000000", @ANYRES32=r46, @ANYRES32=r47, @ANYRES32=r48, @ANYBLOB="3849310ecfd4cadc01225d76a09cd0048c0a0000003f42490a33915727546b94f36a8a13060b539ab673997a5b1ee711242cb707a3a74dbbb564c0af943306c869e4c8128315c0708256b8d97b5fcbbf12690529dd73b1dcf01f30de2da14a2af65cba316a15e1c1bc10f41d58d30feb6108107d903857d1624e03f84304b2709b7572064ec81b533ac681a5", @ANYRES32=r49, @ANYRES32=r50, @ANYRES32=r51, @ANYBLOB="180000000100000002000000", @ANYRES32=r52, @ANYRES32=r53, @ANYRES32=r54, @ANYBLOB="200000000100000001000000", @ANYRES32=r6, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r2], 0xb4}, {&(0x7f00000056c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000005800)=[{&(0x7f0000005740)="3fce1abe", 0x4}, {&(0x7f0000005780)="d9c4e6137db0833baaf89054f107c97b4e691e614b1ae1ef88b5468b47c530ab9a3d712518e7ece571ff475156961f54a44a2b35b7f4f02808c7cb457e24dee832b466614b8f92d5ac834dcacf9380ef4f3ce0a6d966a417f6240169449b483e43a90c05db24b62d397725", 0x6b}], 0x2, &(0x7f0000005980)=[@rights={0x10, 0x1, 0x1, [r5]}, @rights={0x1c, 0x1, 0x1, [r5, r5, r3, r0]}, @rights={0x18, 0x1, 0x1, [r6, r1, r3]}, @cred={0x18, 0x1, 0x2, r55, r56, r57}], 0x5c, 0x40000}], 0x7, 0x20000000) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r58 = socket$inet6(0xa, 0x1000000000002, 0x0) r59 = openat$cgroup_ro(r1, &(0x7f00000001c0)='cgroup.stat\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r59, 0xab09, 0x3ff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r58, 0xffffffffffffffff) sendmsg$nl_route(r59, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34000000200010042600c9b949bd7000fedbdf250a0010890000140002000000e51e148e942195fc94781000000008000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x40000) getsockopt$inet_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180), &(0x7f0000000200)=0x4) 02:49:50 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xfcffffff, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5502) 02:49:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 02:49:50 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYPTR64=&(0x7f0000000000)=ANY=[@ANYRESOCT=r0]], 0x20) fstat(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$inet6(0xa, 0x2, 0xd621, &(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_tcp_buf(r2, 0x6, 0x1d, &(0x7f0000000a00)=""/39, &(0x7f0000000a40)=0x27) r3 = geteuid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in=@local}}, &(0x7f0000000240)=0xe8) fstat(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = geteuid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000300)={{{@in6, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@loopback}}, &(0x7f0000000400)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000480)={{{@in, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@mcast2}}, &(0x7f0000000580)=0xe8) getgroups(0x5, &(0x7f00000005c0)=[0xee01, 0x0, 0xffffffffffffffff, 0x0, 0x0]) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000780)={0x0, 0x0, 0x0}, &(0x7f00000007c0)=0xc) getgroups(0x6, &(0x7f0000000800)=[0xee00, 0xffffffffffffffff, 0x0, 0xee00, 0xffffffffffffffff, 0xffffffffffffffff]) r14 = getgid() getgroups(0x7, &(0x7f0000000840)=[0xee01, 0xee00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff]) r16 = getgid() fstat(r0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000000900)={{}, {0x1, 0x1}, [{0x2, 0x6, r1}, {0x2, 0x1, r3}, {0x2, 0x2, r4}, {0x2, 0x8229a80c5fa7587c, r5}, {0x2, 0x5, r6}, {0x2, 0x4, r7}, {0x2, 0x1, r8}], {0x4, 0x1}, [{0x8, 0x7, r9}, {0x8, 0x2, r10}, {0x8, 0x6, r11}, {0x8, 0x1, r12}, {0x8, 0x1, r13}, {0x8, 0x6, r14}, {0x8, 0x5, r15}, {0x8, 0x7, r16}, {0x8, 0x1, r17}], {0x10, 0x2}, {0x20, 0x7}}, 0xa4, 0x2) 02:49:50 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000540)={{0x3ff, 0x1ff, 0x1, 0xfffffffffffff001}, 'syz1\x00', 0x2a}) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2016.831933] input: syz0 as /devices/virtual/input/input723 [ 2016.856735] input: syz0 as /devices/virtual/input/input726 02:49:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc0ffffff]}, 0x48) 02:49:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5507) 02:49:50 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xfffffffc, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:50 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000000040000000000c84a2130000000002eb6"], 0x2e) 02:49:50 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x42400, 0x0) ioctl$KDGKBMETA(r3, 0x4b62, &(0x7f0000000080)) dup2(r2, r0) 02:49:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x425b, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 02:49:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, 0xfffffffffffffffe, 0x2000, 0x0) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000580)="dc4c0f622fa37b2a") ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000005c0)=0x0) fcntl$lock(r0, 0x6, &(0x7f0000000600)={0x0, 0x1, 0x6, 0x1, r3}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) syz_open_dev$usb(&(0x7f0000000540)='/dev/bus/usb/00#/00#\x00', 0x85, 0x20200) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045569) 02:49:51 executing program 1: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x5, 0x20001) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) sendfile(r0, r1, &(0x7f0000000080), 0x4) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf0ffffffffffff, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40049409) 02:49:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x48) [ 2017.021841] input: syz0 as /devices/virtual/input/input729 [ 2017.048404] input: syz0 as /devices/virtual/input/input732 02:49:51 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000000000000447a00009c9a023b7c150c06cd"], 0x2e) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3ff, 0x800) write$P9_RREADDIR(r1, &(0x7f0000000080)={0x49, 0x29, 0x1, {0x2, [{{0x0, 0x0, 0x3}, 0x310, 0x3ff, 0x7, './file0'}, {{0x80, 0x2, 0x4}, 0x80000000000000, 0x0, 0x7, './file0'}]}}, 0x49) 02:49:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf0ffffff00000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5460) [ 2017.140729] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2017.140729] program syz-executor1 not setting count and/or reply_len properly [ 2017.191177] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2017.191177] program syz-executor1 not setting count and/or reply_len properly 02:49:52 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r3 = dup2(r2, r0) vmsplice(r3, &(0x7f0000000400)=[{&(0x7f0000000040)="6aa2d52546896a739f56975a4b6f14d6cbd3efc75eadec200657b96a101008c1c369f421f5d10a7f1cbd1b4d76f428c62d1a005805de4a8aed58d807f572334d5f2cd54fb6a8e65c35d83510c2ff500bf48a93b3825347db32b807654986208f9261249d80fdf59dbf638b41de7e62598bd21800b666403a32bf4fd9b8ef66c728d2a715cd0a62c508e1a571218ba83ce401f0695af8f15bede84acd94fa7a0e9339640026424823e187d42aaed14f58d5e6e5f50b668e1c585356b0559f0507a0b441200c590cbf148a", 0xca}, {&(0x7f0000000140)="e7cb863beea326b41df51feece56624c3ad8ed5dbde0398d411d761f0890a4fc81dcbbb4d2f2a04e4167f61f48de637d3ff7f94d9389c40a0b01505eec34824f2a7edc76eeefa0f4d90a5ac2dc373e34b1132bcdf0d4580cf9f62a63af64be4534c735fb3a8f79ba5350da373063e232de963270a6fb1b", 0x77}, {&(0x7f00000001c0)="6291ef0b9550a2845f", 0x9}, {&(0x7f0000000200)="aeabbffcadd21fb37afae0a9ff0c1d090ea1fb1e91046184310a5de65e2ad6cbbe0648d8770230db91651018ee19e1740d4dfaa432617900d753da4cdc67c5a3aba2d7bfb7fc7c25d680f1602eef18502faba40224ec450f9f3829ede598a7406f54c0f8bcbd5be2f212c0f57c10dd8a8c42c71bf3dd08e88ab71e09ead0b23856e17cdc6378ed06c88436f9348b65cb16d7900d1550ccfcf7ad773135a88f28f51a4efe2d6a3d6163b4e7e3e4cb31622bf820a4b6f9188be315eddb6d6c53e152e05e45c7", 0xc5}, {&(0x7f0000000300)="6aca99bb73ef48b105cd99786f91c3dd573532861bc67b375045d67ec149e293ffae1c789ae14a323ac25cce4d8e65f6afe9032262f1ef33e23e181c4130b2f3a681566cee0182f40b3816339c046a7afeea0eb674d2fbe567bc8d1b24e8bdcb9541121fa9c71ef7c19011c7f5351d7d52868ed746091a3a7aeb9784918a3981f54a8727ac093d145a548934f590328de7d6d0fc54b882cbd283f38034dcf3aa582658b98047bc44c06c495eb71f499cc071741a814e28dd40f382014eb32ce2a0791de531bd77c805614442e4441d5f28532d73de357cce250ec8ebfbfe9b9991f22885c56f", 0xe6}, {&(0x7f0000000480)="376372dfb43e6710350340b8cbb1266e91873dfc0950c8e0821bf57b22ad74edabec1d59523abc5d52951ff661926e6522c2b9663ee7252a920e1fe4d9a6b5c592624c9ec9d98790808bd82c6cd3", 0x4e}, {&(0x7f0000000500)="2952ee966cc874efe1fd70f67bb43eed40687b2d643542d00033e3ddf123e8e54270f6783ba8aeaffe3a8464a754f161b2b87fd44d7c11ca09481ae35698b214e0ecff2598ffb0301dc047ec0435ea6bf5fa168196cfd198cee6d47bceecbf195137061443ac87c87fd00972c2906ccda18484966124b4b60cb6e357", 0x7c}, {&(0x7f0000000580)="0845c160e8fadb02d189623463c3352b3a98b562c7b304357ac6fa4df760226add20fb3e6169f3df19b35b62f686ab79ca11edd7400d3bd2bae00d1e6caf7ce40f2f1f303b973179d02b", 0x4a}], 0x8, 0x1) 02:49:52 executing program 3: geteuid() r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$binfmt_misc(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="73797a31d2a5f1e33570e7a5a95b82e44366639ceec195e83f0d747a7e980e9526d6eac771de775c94a5396b9fd9bbac7d9c1dbc1e53ec921a38e76b832f495b584736b85a742baf83096e25361ae5c0bff562a70fcfb1f6302c5b204f0e9a3fe0a646bca3fe5b96f0db2a9d8f15385f72fb9688ff70b59c43d233640288a20f5c8a275be73ea94aea1f15a174627a55d1d5a23ad5d097bfcc0a7a5429eece028df5550b637ac9778d123c98a0158e20a4c8fbb1fea792e077e4f9e64bf4c046477f511ad2e5edb0a5a62bdb1117d0b47addfbab9eec72c5a47dc38b002d4757dfa8b536bed6b6c9b1e918f47a25df788853859e71465cab776afa5f2e66ff65cefe43f5df3bfece639326d5c6ddb65a6d93cfaf33892de93a985ea41455a82b638bce4ac7af452563f77b905e57b85e0fc8c4194523c0a7bd8ea3115469ad87c2"], 0x8f) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) socketpair(0x11, 0x80004, 0x4, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000580)={0xffffffffffffffff}, 0x13f, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000600)={0x7, 0x8, 0xfa00, {r2, 0x8000}}, 0x10) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000006c0)={0x0}, &(0x7f0000000700)=0xc) perf_event_open(&(0x7f0000000640)={0x3, 0x70, 0xfffffffffffffff7, 0x2, 0x2, 0xff, 0x0, 0x2, 0x100, 0x5, 0x5, 0x7, 0xc3, 0x0, 0xffffffffffffffe0, 0xfffffffffffffff7, 0x4, 0x2, 0x9, 0x5e44, 0x30c64cc0, 0x0, 0x0, 0x4, 0xfffffffffffffe01, 0x8001, 0x7ff, 0xfff, 0x4e02, 0x0, 0x2, 0x1eb9, 0x2, 0xd, 0x1, 0x9, 0xa6be, 0x1, 0x0, 0x28000000000, 0x2, @perf_config_ext={0x9, 0x800000000000}, 0x104, 0x2, 0x7, 0x4, 0x76ca, 0x101}, r4, 0xf, r3, 0x3) 02:49:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) 02:49:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xfffff000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x405c5503) 02:49:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c460000ffff0a0000060000000000000000a4688d7822990000380000000000000000000000000000000000040000000000943935e3bb36b7eb35ed2f24d28caa13526bde6e393a63cef50a7f26b6a35fb7fbde50347761fc97b1e05357aa14b8e9e7d46feaa401529e7683"], 0x2e) 02:49:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x3000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x406855c9) 02:49:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x8000800000, 0x2) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="717adbfeeb184e38aa0a7d32d85199250fca38cb2e7b176e8288b6a1e2448f43842237d85688c2b793c8a2a6aad2b7a30afe19be5731395f8698876b7059bb000000000094120000000000000000000000b1f9a8723ed8c6ff37d5a8cb1ef924d990eab7830d7aaa5494e211f5809e7578539377ac83a2a458dfb143ed445ccfdbb04ef734f8a60060f1bac6e8d064709164b7ec1bce034b0f1ca171ba3b81dc25e92e0d59fea7700fff0f0000f87e3085c0e651cc06c56b93f628d60250990622c0ab18781115a8e07b78e598041fbd0cb6e8d976adb3227034a3fc84598870e03fd8", @ANYRESOCT=r0], 0x6c) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f00000000c0)={r3, 0x3}) ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f0000000100)=0x3ff) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000040), &(0x7f00000001c0)=0x4) r4 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1, 0x1) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x5, 0xfe00000000000000, 0x6}}, 0x30) 02:49:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) [ 2018.442659] input: syz0 as /devices/virtual/input/input739 02:49:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc06855c8) 02:49:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x9effffff, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:53 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_MMAP_OFFSETS(r2, 0x11b, 0x1, &(0x7f0000000180), &(0x7f0000000200)=0x60) r3 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x5, 0x400) write$P9_RLERRORu(r3, &(0x7f0000000140)={0x14, 0x7, 0x2, {{0x7, 'ppp1GPL'}, 0x8000}}, 0x14) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000240)=0x101, 0x4) r4 = socket$inet6(0xa, 0x80f, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) ptrace$peek(0x2, r5, &(0x7f00000000c0)) signalfd4(r2, &(0x7f0000000280)={0x2}, 0x8, 0x80000) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r4, r0) 02:49:53 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x2000, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000580)={0x3, 0x4fcd, 0xa9, 'queue1\x00', 0x1}) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:53 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000000)) 02:49:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 02:49:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045565) 02:49:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xffffff9e, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x48) [ 2019.833941] input: syz0 as /devices/virtual/input/input745 [ 2019.835556] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2019.835556] program syz-executor1 not setting count and/or reply_len properly 02:49:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc00c55ca) 02:49:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 02:49:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x9effffff00000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2019.896293] input: syz0 as /devices/virtual/input/input748 [ 2019.913502] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2019.913502] program syz-executor1 not setting count and/or reply_len properly 02:49:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045566) 02:49:55 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000200002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000040), 0x4) dup2(r2, r0) 02:49:55 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[], 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7fffffff, 0x200000) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000080)={0x45}, 0x4) 02:49:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) 02:49:55 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0xffffffffffff1b1b, 0x2000) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:55 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x60000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:55 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x550b) 02:49:55 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xc020660b) 02:49:55 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[], 0x0) 02:49:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000]}, 0x48) 02:49:55 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2021.192691] input: syz0 as /devices/virtual/input/input753 [ 2021.217219] input: syz0 as /devices/virtual/input/input756 02:49:55 executing program 3: r0 = socket(0x4, 0x80001, 0xfffffffffffffbff) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000005c0)=ANY=[@ANYBLOB="73656375726974790000000000000000000000000000000000000000000000000e0000000400000040030000bc0000000000000078010000bc000000bc000000ac020000ac060000ac020000ac020000ac02000004000000", @ANYPTR=&(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000048e70000000000000000000000000000000000000000000000000000000000000000000000008820000000"], @ANYBLOB="00000401ac1414aaffffff00ffffff0074756e6c30000000000000000000000073797a5f74756e000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d00036000000000000000000000000000009800bc0000000000000000000000000000000000000000000000000024004e465155455545000000000000000000000000000000000000000000000105000500e000000100000000ffffffffffffffff73797a5f74756e00000000000000000076657468300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000400020800000000000000000000000000009800bc0000000000000000000000000000000000000000000000000024004e465155455545000000000000000000000000000000000000000000000004000000ffffffffe0000001ffffffffffffffff626f6e6430000000000000000000000067726530000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000ee00030a0000000000000000000000000000d8003401000000000000000000000000000000000000000000000000400073657400000000000000000000000000000000000000000000000000000006000000be022a1f0600000093feffff01040000ce020000a508000081e85c005c00434c55535445524950000000000000000000000000000000000000000000000000000180c2000003ff0f1000030014001e001400300017002c0033004000400038001800220014000f003b00000000000000dba8000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000940000000000000000000000000000000000000000002400000000000000000000000000000000000000000000000000000000000000feffffff"], 0x39c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ppp\x00', 0x8002, 0x0) write$P9_RXATTRCREATE(r2, &(0x7f00000009c0)={0x7, 0x21, 0x1}, 0x7) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000]}, 0x45c) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8000, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$PERF_EVENT_IOC_DISABLE(r3, 0x2401, 0x3d5a) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000540)) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:49:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000]}, 0x48) [ 2021.381531] input: syz0 as /devices/virtual/input/input759 [ 2021.415140] input: syz0 as /devices/virtual/input/input760 02:49:56 executing program 4: timer_create(0x6, &(0x7f0000000040)={0x0, 0x2f}, &(0x7f0000000080)=0x0) timer_settime(r0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x77359400}}, &(0x7f0000000100)) r1 = socket$packet(0x11, 0x40002, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r1, 0x107, 0x17, &(0x7f0000000180), 0x4) dup2(r2, r1) 02:49:56 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xf000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556b) 02:49:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f00000000c0)) 02:49:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000]}, 0x48) 02:49:56 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f00000005c0)) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000600)=0x0) r2 = getpgrp(r1) sched_setattr(r2, &(0x7f0000000580)={0x30, 0x1, 0x1, 0x3f, 0xbf, 0x7, 0x400, 0xb9f}, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000640)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x74, &(0x7f0000000680)=""/53, &(0x7f00000006c0)=0x35) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2400000]}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) sigaltstack(&(0x7f0000ff1000/0xe000)=nil, &(0x7f0000000540)) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4008556c) 02:49:56 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0xffffff7f00000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2022.573507] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2022.573507] program syz-executor1 not setting count and/or reply_len properly [ 2022.599987] input: syz0 as /devices/virtual/input/input763 02:49:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000000000000]}, 0x48) 02:49:56 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000006, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) [ 2022.623432] input: syz0 as /devices/virtual/input/input764 02:49:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x402c582a) 02:49:56 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x40030000000000, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:56 executing program 1: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x1d) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000000004dffffffffffffff0100000000000000000000000000380000000000000000000000000000"], 0x2e) 02:49:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 02:49:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x541b) 02:49:56 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001680)='/dev/nullb0\x00', 0x400, 0x0) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000016c0)={0x2, 0x80000001}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001640)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x88, 0xa0, 0xffffffff, {"a40857248b84fa74be71b30e3b814c7e826129b1b57bdfc46081a4d1f532d4de637caf457318a4af7631f641d42e2dc37c2f4cbb712a5be75dc6a6ad0e17be9f8abc654aba53ec7fd77becc289800c147e1e18b8969413e4422bf5a8f3d0367e1765e8a0d7c1cf902f753b01ceee3bffa0369978d1285815629eea6359336ef0beb2bf6729d01a"}}, {0x0, "de55ffe3ecffd65adecb4ff9dc1c4a5842b59aadd95dd9091b2c42d7db0c79bf1be1d65db00bbdf4f35a3c3d2703aef56713999786ec9b119ae5aeaffc3625cdd7884d2dfcd97477ab334c7f74186ca0cedc8d25d62d04eda3435dda5e29810e2ec9627fecb2cdf387fd1549edc976b65bd5a9d952c6cff20228cfd6e9dcfdf37f41e97a2005dd6afdfbde3126b67fa5e38d35adc79e47dd6308c59394361c0b332e7dbf629ede5759791802dbc6cb1ee2470fba418979b0de082172b4746354858fd6d6faaa52c2bd7f9eaeae93e8dc213b68e35c9ea39efa93c5cddac66472b1b4e9bab11d5e7bd63028d4e07cd587ec5734c31d91e5fd44d6c027f8d6bf8647f0d68c3b5966619a5a0e5719c1674fe85a972bc85c3d10ac65b93f39ea56aa958c8e515b94834fc0b1e15296b096388ff9841fbebc69f3d6e4f8ec8863de5041328bbc9e2abd787d6e1dadad913534f8326dfec334d1115660db9c1bb953dc68b0966f10d3e611640e0aba7d598220c45a246e0d01f0dbbba23644f03257b1bbb77db9e8daa92c514336b031cfe270d0fcb386cfa6382f0c5a24ddb412796027fca45bcdd9157c6a2320bf792ac49aa2b1e74c351151677373bdf4b7af04400d392bf316e1e54e91226a2603df9d9683e3df77f9824f5b19e20b22a922525a902f77e92fda2004c8ac4941ac9e26e61683aa1c8e9080db2b1ca341798ff2077e2e2b62f1e00d154aff47eb83e034862df5ffee4adbe423c7e41562449898e23caae31837dddb5c2864fc4e521d2c82a03e7f5f88daabe8386189a32226df0b7490c7735abe5d9f8d4eb621459dc67c3ba48cbe2b8fe87038e498eec86401148af81559fe9a8eafdda659b8b865129691035e70cce9dc013da6e5e6c6f7199d029ab8d57acaf6e335f8df5e489f28bfc5544f03a583ec4411fff233e6579dbaf91d29af5f431de46358d998f521b3473cb4227a89d1c6b8c0c7fe7ee9fb38f3640431d4fe0304d96488bdaabd2d655f15b6127dbae6d3e77761f9530201d21dd76d5e007cd7ec4d56f81431d928c835e8c5dd3e8776b8840d8d3fdd78c9a9591594420dbb6ce7da55431e7f0845aed54e8de86deb6a91ec1e6c72fb5fe634ba1604ccf9989d9da1a36592c3f52d75ba1ea48d40b6da7bd6f0ee32d614b790de378af8307ce756821861366a1ff7aecc63a854e40540bba1754d76aef704240d6c1230c71892f082cb463cb1af2fb3e96e2123deb63baa3a1596e593a20f10a8232055ba044f399db31ff97b965d30a89687ba7692e3beccc82de568c126f069f25011ee2e62fc69b22fad9fc41c8b95ec661bede3315573453ff5f45249fd1bf8d223324e6fe22ac7cb817bd86b1cfd4d89733ed6eedec07b9bcdaedd14df20179370fa586313252aad112b23e571a2198bf42ea6b507f8a77ad5c8445288ef328c20aa179df322a72d4cb9083d644c0bfce0771e0cd35a4e1237d52e0d85bb0e7a81ff4ed0b8220f889376dafd7cb89ef57bc57be8f8b783ae883ce6478705ea958ebd1bd7df43823930de743a9da661e2a687c0fdc3819ebca2b0f911fe2cfa8f0a45c5135506a1bd39f98e2c8b51036c007ba3fcb6b866e0a980494812f09452395abb9197d39f11e538b1cf92b1e6a27fdd94b03871ff3dc21ba27669a4395efb1534ef834b1b7e4e2a0688a22b0d7e0f3d7d17d3344e4a1e7503c630158e02c0198771e133199ef8ae5a65e08e1f5642f01b2a7120d1acb14873f2091e98055eed09ccd113b95bf9154d06d4a4756796157e44a724251ce1f782c19f6ac0433a5472c39a6a518013cbe9f79ac5a45407a97cde56b4e9a6ac36b44030c9503cd0de7a23e538e20bbdf503946c9b7220f73be522b8308308dc9577ad1a5426fcf5f79c68354faf98df6264ae7d6fcbc8d41534d35becd0c217a9a81e93b33aa3ef61f3a7d818c4bd3baaf5a7e74dbae3fcf6af57ff737214b899e0c3e7a155cf659918409e591ef9a49eaebf0330942293ef35366787c2d1e7f9ef41adc93bdfd3fcc5ea3350d235a7e1125043cc4d8d420055f091f999912d462f2a960f3d3e4627cf6e999e7b8afccea5b7af9f37b1e0765532acf6caff329bbe6b0d03ae7410474054c8253fca2848a6a39aa0a5527bf0d1c7999a419ec3bb3b3d6fc6f48755c5787aad5a54d2bca5140e578bd1db301e85c837dfa946756615e7139297c88755195e091d7f6b2185a1d03e7d52c47ba7cc58e361d3b0b99b09e2b4842ee21a509ff847e3de9433ff7ae85034df1a2b9baca360dcca856024b4ed9db0fceb73ecb327f5021a1d7b1fe60d6a9eaf1b1a0d6ec701262afc926ab77a63f5c73be34bc768790efc058a92965d7c8596d194e08111f82208a6358ae636c4eec623dfaec6157aeac1f2b05c338de80eabe16693f9886cd10d75e5a1f3117d3e5c58d20813aaf632b6d28bbc73ba7c997c3eb9e9248526007f240b4617b7a743f2700c9c08ec054c07af37e36a501cf4a62e51a5f878c6c76302e6cbbe0f47d4fea167b0e05412b4198fc8c944de697d4504c4d2dc4baffba57248c06b4524e58e91f5b88f66fc517da1f4d0ccf67532e9dab8a3808b7edbca31b39577aaefd683b0b184739e6c9dbdcdc506a1de862aecc4f79894461d6c00bf8cb6c1195310771a6e9e5f460eb15ddd514a1c4fb241040395efcb09dbdea9c753306016d6bbdb80f9953054ffe431e8f196fe2415d515bf77c96e7f98fd17d89b0140b1b1a2828cc83149b660a8bae8089a3864a58fb69b38138122014aadd89b587ac74022b29a435a3bd2a0308f4820db49da5e3721594e825f131e69466e6b6b805a5cd169e1d7d22ac2de45fa23c3b9051ae83c65856042d26f73c71defa82724171a57d4792a17902bc899fd0be4f91b01dc956140a1bda0714dac4647d6f7f4daeea7bb8b2b944175e92a86a140ee771be45b976f084aea3c5dc650b03cb23bdafa24a6f922f8f848b0bea5f2795a38124a9529ffa1824b0d39ad3b8089014410a47bb241896f1341a0723fbc64a1c518a525eca838f4669625b8f8d34467312fe24a098c59af4ed4275b49ca4cf4019e9428805627c6ee14b6d394ea83fb78b3a943b7300f16c1b66376924bd816ea90e591bcad2775d5a9932b2e1a0cbd87d614a27b2a87ec3b77251b6729f78266e566f03dcca8b1213df8cb2d22b3d855accf257304a515ead9221a6ed00102c8fce0f2a2fec258e423e4e7eb30aeaaefca09af5f453427574c5a35bace4bdcb50c26c6393a0c249ffcfdd60ee3acd70a993f39ed3449b56797a3047fd2034ab270746ae5757550196776684f91e757a51f5ed7cca30b1037f08865768793a70358cea053f89f1a70be0f14c08cbd376a80e6493691af81d75ec2523d044acde0ad8ee97f771466bac33d46e4877cd0e6e9fd34b6e160c85b62e7a35aeca3105ea762cb25c22fd93accaff18cfd5fc49ff07518d932da9b655ab173a15af124d9ffde9508aec9a35ddf2363351e0199303da15dab2b4b86bbe45bf0097f64280d3a1719a6111a52f61755cee3bb5957993ca142713762d806212129b31fb8b1fd6b81e5e5eace139483d639f30ad142b47a9e627f6b2f0b0f45cb9ecff4cae70e9559bf4a9859b5495897070d5626c6a4f62fd8617d9448f63f2d8c1f2ebef6b269d061923bb7a8c88600ea73eb3d83a50e42dd4cbd48a013f8ac708c134bec728e5cc45c2ce6de80abb7a6541faeb7bf1db0a2197d0f304639580c1fa485d93946154889d74e50f2250b089913fc3fa7ce554a75ab0b55dba4edc3e72575f4ebca4595a4bf2c4b04b8293753969fdfeb58cc08c447ba2822eb8b55e4055798d7ea859e177ab526a99e07ecf32a5b35357e7b90d7921edce5fe51621f9ac0c6b2d6628d05e31fb21de19c53c34de79558ef8521a5ffc068271d729f9930b05af62e65219899fd50edbcf5b514371a3064a6af3915f4018fcaf7fa6885cb20bbd29a0b5b10a6e005b5a270f9b9dbb252bd2238d5ead285942c6e74ff3004d88dab0be66da5092fb685ee0b5bafd20614a2828f44663750a181eba16fba74ed06808501e5db0e152cc3f8df98a13abd3bb67b3ebc0a91533d2bdae072749ffc63c4e5e4e9dd26a1ae2d430f66efcc7c90727980027dd38db6e795298ada9c5eaeaf1b393bc0ebfc24bd520d3d54ce7d1b144aa21138b0cf633b8d1d9fbee73ea237baf81f0164622be632ff4be2a23dc118bd33bc30c6fb8c846bf044f13ef73be3c468fa07ebf8d99f224436ea9c6aa6b0b00b196e66ac7a140485f640675e453dbabaabe4d5d9fa35d70eff9cf9f44f4b6c463f53733462ab9e2f9610055cf430433cb8e7df985e6fed5b2f87866551f973f7b7875c2d9cea109379791e03bf8dd53cdee604247bac823c58ba895c71c94d4d57a508e235d7a618bf7a6784037f2467742e344be525582594798cb6a2811ee880500b1a25718e97ae8d6b21ccd1103b885463469c96c2e1edc89b65a059f3be4567716e98ee5bd02e95aec22ef943db123e347c553ce7809c75182003bdf1f885f8088b0f1c6ac39950a0bbf0aa700fff3d1e8e500ef33371be6d9efdc0e75c129c1094a8653f3f1eef677c77082d06bd937e16eeb18f738958ed7d9f0a390edea61340d47d8de52b5c60915671f545afd89bb1b0333d3bd98de047499e09c37ff39efdfbe5c02cf304f491cb3ad10b5db90899dd00b38b23c06b3b9273abd3134a06bc7d5dc14f7bca474d17275c01fc9aa70e4a7e866457c760b45caf12f7e2dea66c4b981f21d5886ae453a02f6fe5f1a259cff1cc5c2df69598e9aa2e5d7d6930c415dd1fc0aa5f9a48893c8c7af8273111cfc7e187508940bddeef09e6265adaf8730b0bc112f2a12811ab4061634e9628f487f9b67f019cc265b18987424a8fd6fd41dd573b11631fa089bed6d3940e354e07fb0264d40ddb726be82c1990915cb92aee66a711bad063e3a4d13a383ebfc2ec75a52eea6bf7eff0883083902034fd84da1a4e26b79b2cba4474cec9a237fd278bca3afada7ca5a113077d5fa8feed3e50ddfac0cb837e039728c4e355cae42ee50b0e9542b5a9896d8d3b23b5951e48f1f87d61b8a71f56dba6dbfe43df5c9fa1f83a1734edfdc7327570624622234f037da5be25a6f11669bddbb7b7a0a223a71ebdce7cba30bfe66ec3592505046e21636d33538ac82ce6e7455c018f3402394e4830c4eb42fd3443025555cdfbe05a5b016e8d004ab42be7cc2a7f55a4f647637c9c4e13f15ef998066b31cbff9a9fb931e785a0418919fdb6769575fb566671d1c8c805a0bf713f27dfae33a6dd9eaa90d0f5d9ac83a771817dd72ef37c0cdb2e42765a2a57a1ea38aca6d7ae1dbda43bddad9af132cc9b6fb70c7671e504778f6747ba591eb3ca6cd754b15467eb241bdbb6ca2615b012459cedf80ce171c29b675fc9436660a9c4d578fe30236d03fb7611b9bed78f2b21b93aa347aebc7b516adf57b25865b94cee3f185de985cd549aa98b5ff30ce14e0b14f755618add0a85066f45fad9e8b07ab5b386624f9a23b16048f401ca4327cbf30306b7fa4423d86ee5fd74fff9314b197eecf552b4198f7edc129efe31dea964a04b8144b1226222e9af5dab0dc57397cbeec3171debe680a2b321cedf89a9c401bdccf7ccafc6806e4a70e79666e73bab531a1611d16b1051422d3a6a6758f07dfb8864ef33d08dd4c9b569cdcb5b754a39fe3e1ecdcf6a88066bb80539ced49a5ea8d43da5d79f124b7aba0ee5"}}, &(0x7f0000001600)=""/10, 0x10a2, 0xa}, 0x20) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:49:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd0ffffff]}, 0x48) 02:49:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x3, 0x0) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:56 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x5b42, 0x0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x402c5828) [ 2022.812401] input: syz0 as /devices/virtual/input/input771 02:49:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x48) [ 2022.860351] input: syz0 as /devices/virtual/input/input772 02:49:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x40000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f0000000240)={0x1000, 0x3, 'client1\x00', 0x2, "50e75f0452b7abdb", "9dc008b39193ec733ee5fa22db774f015ffe1c74cb1a8e3000d14ed3b4787d05", 0x200, 0x1000}) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x41, &(0x7f0000000180)=ANY=[@ANYBLOB="1f000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000016bdd5abd66b1a411da377eed277cbd4c82b172acf1d761a4a81"], 0x48) r5 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x5, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r5, 0x84, 0x7, &(0x7f00000000c0)={0xa2f}, 0x4) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40082404, &(0x7f0000000140)=0x4f9e) ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000080)=0x3) 02:49:58 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/autofs\x00', 0x40, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000004c0)=0x2, 0x4) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x6, 0x2) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000080)=0x1) write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7f72000000100680000000000000000000004dffffffffffffff2ece00000000000000000000000000003800000000003c58c5879d1de186eb1c40245aece1db16e48a2a"], 0xffffffffffffff2d) setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000100)=0x3, 0x2) ioctl$TIOCLINUX2(r2, 0x541c, &(0x7f00000000c0)={0x2, 0x80, 0xaa, 0x2, 0x5, 0x4}) 02:49:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf0ffffff, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:58 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0xff02) 02:49:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffd0]}, 0x48) 02:49:58 executing program 3: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x400400) r1 = syz_open_procfs(0x0, &(0x7f0000000700)='numa_maps\x00') ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000740)=r1) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r2, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/full\x00', 0x5, 0x0) poll(&(0x7f0000000780)=[{r0}, {r3, 0x12cc}, {r3, 0x4}], 0x3, 0x2) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$UI_END_FF_UPLOAD(r3, 0x406055c9, &(0x7f0000000540)={0x1, 0x28, {0x53, 0x5, 0x40, {0x9, 0x3ff}, {0x800, 0x3}, @cond=[{0x6, 0x7f, 0xb0, 0xf3, 0x81, 0x80}, {0x8, 0x80000000, 0xaea, 0x30000000, 0x6a, 0x1}]}, {0x53, 0x40, 0xd3, {0x200, 0x100}, {0x4, 0x7}, @const={0x0, {0x3, 0x7, 0x8, 0x6b7c88c5}}}}) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000600)={0x3, 0x0, 0x101, 0x0, 0x38}) ioctl$UI_END_FF_UPLOAD(r3, 0x406055c9, &(0x7f0000000640)={0xd, 0x1, {0x56, 0x5, 0x1, {0xffffffffffffffe0, 0x4eba4f8b}, {0x8, 0x4}, @rumble={0x80, 0x5}}, {0x56, 0x5, 0x9bcd, {0x3, 0xde1b}, {0x43, 0x4000000}, @rumble={0x8000, 0x8}}}) write$P9_RUNLINKAT(r3, &(0x7f00000005c0)={0x7, 0x4d, 0xffffffff}, 0x7) 02:49:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xffffff7f, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000]}, 0x48) 02:49:58 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5525) 02:49:58 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000000)=0x0) ptrace$cont(0x3f, r1, 0x7, 0x7) [ 2024.144137] input: syz0 as /devices/virtual/input/input777 [ 2024.177500] input: syz0 as /devices/virtual/input/input778 [ 2024.203071] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2024.203071] program syz-executor1 not setting count and/or reply_len properly [ 2024.238611] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; 02:49:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000]}, 0x48) [ 2024.238611] program syz-executor1 not setting count and/or reply_len properly 02:49:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000500)='/dev/vcsa#\x00', 0x20, 0x8000) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000540)={0x0, @in={{0x2, 0x4e24, @multicast1}}, [0x80, 0x7, 0x1f, 0x401, 0x4, 0x4, 0x0, 0x3, 0x8, 0xbfc, 0x2, 0xe6, 0x1000, 0x4, 0x200000000000]}, &(0x7f0000000640)=0x100) ioctl$sock_inet_SIOCGIFBRDADDR(r2, 0x8919, &(0x7f0000000040)={'veth0\x00', {0x2, 0x4e20, @multicast1}}) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={r4, 0xf3, 0x30}, 0xc) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:49:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x400c55cb) 02:49:59 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xffffff9e, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:59 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000580)) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/autofs\x00', 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:49:59 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f0000000040), &(0x7f0000000080)=0x8) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:49:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]}, 0x48) 02:49:59 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x1dd, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x40045567) 02:49:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}, 0x48) [ 2025.461609] input: syz0 as /devices/virtual/input/input781 [ 2025.487761] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2025.487761] program syz-executor1 not setting count and/or reply_len properly [ 2025.505830] input: syz0 as /devices/virtual/input/input784 02:49:59 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x34000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:49:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5450) 02:49:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffb0]}, 0x48) 02:50:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x200000, 0x0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000180)=0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x4, 0x8, 0x3ff, 0x80000001, 0x0, 0x6, 0x4, 0x9, 0x200, 0x0, 0x8, 0x8, 0x1, 0xee, 0x2, 0x80000001, 0x3e, 0x1, 0xfe9, 0xfffffffffffffffb, 0x80, 0x2, 0xffff, 0x4, 0x2, 0x6, 0x3, 0x4, 0x4148a00d, 0xff, 0x5, 0x0, 0x80, 0x8, 0x5, 0x77, 0x0, 0x8e, 0x2, @perf_config_ext={0x9, 0x8}, 0x1018, 0x1f, 0x8, 0x6, 0x0, 0x0, 0x9d7}, r4, 0x1, r2, 0x2) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r5 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000000480)={0x0, 0x0, 0x2080}) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r5, r0) 02:50:00 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x2000) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600000600ffffffffffff00000e000000380000000000290cc67e170d5e0b436d4c1d3d3d6861a8417f00"], 0x2e) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9911, 0x2000) ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f0000000080)=""/133) 02:50:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x5b42000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:00 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000580)={0xd, 0xfff, 0xffffffff}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 02:50:00 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x4004556e) 02:50:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:00 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0xfffffffffffffffc, 0x1) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x466, 0x200080) epoll_wait(r1, &(0x7f0000000080)=[{}, {}, {}, {}], 0x4, 0x9) 02:50:00 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580)='/dev/uinput\x00', 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x1, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000540)) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000600)='/dev/vsock\x00', 0x84040, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0xc) getsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000680), &(0x7f0000000640)=0x4) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}, 0x48) [ 2026.882814] input: syz0 as /devices/virtual/input/input789 [ 2026.919541] input: syz0 as /devices/virtual/input/input792 02:50:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x300, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:01 executing program 1: r0 = open(&(0x7f00000002c0)='./file0\x00', 0x840, 0x100) getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000300), &(0x7f0000000340)=0xb) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x600040, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000280)=0xffffffffffffffff, 0x4) r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x8, 0xa800) ioctl$ASHMEM_PURGE_ALL_CACHES(r2, 0x770a, 0x0) r3 = accept4$inet6(0xffffffffffffff9c, &(0x7f00000003c0)={0xa, 0x0, 0x0, @local}, &(0x7f00000001c0)=0xffffffffffffffb6, 0x800) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000200)=0x4, 0x4) write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c4600fb0500000000000000000000004dffffffffffffff0000000000000000000000769e6c5f4e8f1fbb0000d9916062fbbe3a3112b464b34200380000000000"], 0x2e) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x604400, 0x0) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000380)=0xe1ef, 0x4) ioctl$RNDZAPENTCNT(r4, 0x5204, &(0x7f0000000080)=0x800) ioctl$KVM_GET_CLOCK(r4, 0x8030ae7c, &(0x7f00000000c0)) [ 2026.987971] QAT: Invalid ioctl [ 2027.003332] QAT: Invalid ioctl 02:50:02 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000040)={r1}) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000480)={r1, r0, 0x4, 0x1ff, &(0x7f0000000080)="39f99d8f8c0a31aa5cdb39fd8e631612ead397bf3bcbe97af34117a8d86b06c7513e0334d782a2dd1f75c6e16a00114b971bc32b9633346d9cb629d49d6eb9d21c40a135b691891d315fdae796162bf7b19e8db3702cf53590433420b953e7dbb0376b9de817f16b644a444d3018d334beea9586ecc1aa340705c0c85e68119408f5d91acf2ed255e7ed7e032f4003f9dcf45db48638166960462a13cb595ad30dabd103dbf992cfebe6f34f3dc72ef4b88507f301298a81577909802800297321d592c28f21b8a0e027f8b4183581ea94c49cc6a6bcdbedaf08338f0f307e6115b30c172790710a99e5bbe0b503a372b4b4291c57133a", 0x4, 0x16, 0x1ff, 0xb5, 0xdcb, 0xfffffffffffff956, 0x1, "66dcd8f2c7764bb6deb9333d94542a508e20c1769ced2b6a1cafeb6d4a5ad6c9dbd79f99e6c887b77313533300d56d4eedc01ed5a86c29643a1a1579366f992c56e3815e54dde520f62ff65afa5affe7dbb31161888e4b0eaa525c629567aaefffcfb39bb7dee67da39ae86b063f0b6d3f9086d2163672c48e750677209f914c72783f48138e9a7916dcf793cf3c8f449fd9282b9aa99760af41527382f1ade6783d6ce948f1200d1b2f4ce17c4fef8e091f742fa11e66d2a22c1ed3ed51754888adcc79be11d9a17c27f6bfddd02cdc2cad618e950bc6636c183dacffbacbd6e5f016e58a7d018ce39d117469e958a779f5ecd235ec1e9fa9e1d439dd71403faead6781645984501506b7e8f341ee3b75e180f6fb7baef7a137665b61c6561ee3cab08cf9b15a562d1399556fb1172c162a1c146ee72f564aae02412b3ace0bde7aca507f05476261c87e2c8c214330ec91ae6bd9471ffdc9cf9bfc214b99021cb335b43ea70311f015526dad2c826e1a9502e70954940f514109a23e2380aca3f5210fef47954dab258b326fd13e1effe2a5347ea4d1cf9acf30df6f7f73fbe188f01997fff3dcaddf5925a840db436d65fe171e50f6e0d679985e758545c8a9d84d4784880ce5d5d16d22cdc946d3fc0ee5e2e31f5804b448805093eb7cfedf07a7f45e80f1bab2aadf6ca1b73fd3c9e619a166e2f70b0c0b9d3be88abfeb690916a57215141754c21755237136dd065569426e1462b8df2437354a09f5fa539d71f100956069d7563b0acd167a7f3b3addeb919007d1edbcf76adb327140afe2a13ef7a9ea115aacd6fdc78344d0ff82f4a0f68a4de897fb042db482a9aa0cc48476e124fefeb6fc0c2f514c9c2723dd29d2a16a1220c0dc829dc783f55e45ba2ee9af910b0822a5750977ab716d6dc2cac97b18abcf68c19ec2a108fe94018141f91264c4c8fe90292a3a6e674faff3e978a8e20e9d2f0a42ee8d522fda122101b6f604cd9a7abfe49f9d81f384582fab647df74d9b5bdb498dc15e16b84b3b57f9717d996ee1acdc508d232f1cd70833429df6e1a1fb041d625d4f9eb81036d0629286f0123a59ed1a8ad719c80ade38b8c4d9e8b643739604a699b9be8ad2cf285447b5dfdfd6e4140576e522a8b52c06fdc7f8cd8115033ac499ec5f70511f6868921deb6eff31615433d9ea359cb4d62b164994f22ee6b36f07c2f37d660359fa7adb63ef4ee4f86fa2bd1f8b8dbb80f18f1b9f351d586ef6a76b7ff2d46a2384fcc040345a31f24fdfb00b8862cf9dd1dfe756b725e6a04446b650e738134acfc37b0d98e6ee2ae4e539ea26b0ec1b4132618e97998d4b76d4718303e5a72720acf4ffb28278ef1b10c04a7015080a0a8b141fdb846123c21d2e977a7a3f9aab1345f9c0e70db85fff7c159bf070d69d434c343e118c4bcf011e10a4c722ca4290d28f81552ac6a239920b1e0e4defb28966c78bd3b7639fcfa0c2a15726bd41d0bfbd88b19563ceed6cb6cd70b5b247ad4c6927602777ff8274c52a50a98a87ef81aa776181a4f1046cb54689f3854a609d2af60c3a1aeb131e43f34c4127ec3f2e9d5609830924a5e5c948e7a9716d5c32ba8726832e01659d11bcfc7fbc1652f9f3f6712725847127a6bacfbffbb48bcdaefd2cc50d24c11f5fee2aa0c747bbf141028d22ae238817b6d2dcd909d41cab12099d13a2ad8d8f45afaa27ce3f3f30188ba3c9de9713fb95612db7499233ccb5db351f4073116e06059ffeb89b169437c5518dd9ce348b9c594544bab257e2adbb5ea9afc05d947e97ddea823a620b4bc4673cc7b93650ce048d40caad502e0199c344b719d214a52c1fc544f38023e186707354e49354f9f24cbba4b48f6c1a99d13e57c1e4a5b8f2246a262fe11c2d1603b1b49a2e9e4bce5d92478068917daf95c4dff38fbd7cec17ec850b3b72d883e426c5f105dc29212c040501d4f67111ec0e2aa3dd646f9c170ffeb9223b12916b3b89a5e78745c6e8037d840e1f7a09f9abecbe70d197f8da37288ed1763cad2e8d1940feab55fba300ccde904fe36fe84092b6e67c941dd535d384af809b60ed9583456bac1ad36b2b185d5bdf6635e311c0860393ed69cb503c45527400100d286f1f231df768d43ccf98826c4b5cacf1d120858472d46c8f137e2d657b93a9898d95f948ba2f83f82bb49bf0a3e452b3b29b2bba54b3abb56176a24fe18311b35fc8d91d84ba352acfcf089fff65e8933672122acf7331e767b7f9882c01a7899d563efa41a962fa076a7c155a3ea34e80b5b83f4313f028d4d853f712d2da5b6718869bdb8b39069e0f7202feac3b47c69591c77d8148e946d6c0917e22a64fdc17109431e051c957ab068c6373b8e33b0b1aadb19570738b6d05b996dc8b9e9cf02a261721eb5f81882cfc6d48e848792c5f419fa13dcbec0c0c2ea6edf2f265389bafc47bc747a330b66a07c1e31c97e8e27c69175227416a564fd5d75d089631ada94dbd28c705c71300712dd51a4c303f830b21099c848b89c36fd97f5a145a373b564fae76643029406e18a74c371b243ff7645651386be5b47b46ae304bc697c01b816bf5489443582b17a351267036e02223b9eec6e563406550f3c2626afdae8414b8ec9abf9aa7438bab574afbebbc911f93e5356a75c8d9c27b6a08b6068743d153bbd625065590d5169275392c2bc8fb507efa1e3354886e1f8f2b5aea8bb9ca3cec9ed542da2b5061fd11c1bdc886564a78f938c833a367246d7d6aaa667b0f28b7f3f3fe83692ca16a912cada7122f0d716bbdfa0580516fae3a7e088862cca643ccc0027e3f93fb1d96429c0a4cdc8bc501c56cc9fb73fc6dc17e702843511ad0ab5089d158cf8249c7060245a227f45156d73e4fae9fbaee5b4adc947faf22d67a14db6c33581a1110fbd6cb582c8582fa14b0c4a05cae2a91a2c73e1362906eaf934a4be95f586eb64e598529e7d1a73a9a084469383f13704a8d2e49f76089864952af9d1141c5e2e7ef7083f1a4cb6ac824153aec1539ec4443a5ec1518be9ad15b18ac2c762e0534705a3aef86b4327874e8d9a289755a4f56b0e6fe251f4d03be32b9710255023e84b9feebb1a4a4975e6fdcd2dafe544fbcff72e95052e2764d227246b6a52336a9ee796b37fd8f47eb10554388088217c889324c35ab80debff8b1bb993643cc468609aab5ec1a8d5281a1e6e3d834a6d7cdea9da6e3710752d03db4563879db2c21beb3c4a63db10920aee36d1f39f22d1a668e8776d982d3ab9897e8331bba8b7c36bd7a0ee28643825a264b7f4aabab9b471f7428b2b17fb88684784612741e3056658ad1d906e220224767ee9f64f8a74252afd76f4d9b79713e538c43b0ce99505393e4140f0dc2891c6b561f192345bf326709fc9408932ee1394c5410843a0a436750297f85d75f5b5cc1f49cf48cdca5e4cf4975d1a0ff7df3b0e6902f79d49feceb05b1432383ad3364c000ed08ceb6d74b633e3fa1fa872925fa3f0c4e1e06ce85bc583e27e5edb0bf5c2abdedbfcd270d22969c7ce66bd5fd41af43908483ca30cab3324867d14bc5902d570050469753c25d687dd202e3f499f16f5d233516a01c393af5376221d4a22341a730e66ab8993b34724d4f4eff4ce7993f4973fff333d48853fd084523b22343ee48dc0047cfe50483155543e1c2e6b5f778d3e575ed1f7b7b2c83f13ac5829d62827136352163d83af0a4902ff5a2a99acf36a305aead9d4a192c2daed61f454d4972290ef9ef7c401ba32e7b52f6e57c7244b4611dac59a8efdd0ccbef1c4f979d9ab217e374cb6f36b8c913104e211e74ae4d1f6951ba3ad83e9064fa74bf7970342872355860e034c572154caf7071fa728241138854798e0fc0166a3de4f96336c469561871eb535b1bb6f3cd84f8dd46825986977e761e70e12f4c9860298fa9a3173388e6ecb969274d0315e756eb02eb3beb20cc4450ac01384456f0e1467487f917695cad3bed07440a4b11bb1368e3faff854c89b6d558d0171471cc8c7f1f80d1f3cd390e963e89eff8a94d99fdc91ad42167a669f92e778799b4a0951fb7567d3fefb82f83bb6a16f1a45b15471773e72b83871e5dc4ca2122bc102957ad7d88815935e202604869629b7b0ac4810c943c71d66666237827fd922c9ce66d67139d65df2d68231f3f0e4da5fd276c8b1dc695edb69ea7697708f564712385bc6d05cb2b782ccad315c80e10cc03193c82421be9fda01c922f70f530a4617b7ed51c1c825bc75c1526ee78ef3ccb86eee9dcefd047b01c1052e859609ec215cbce57377df31220c7c07c1134c87b95a9c877ab699aedcee84df11eb50cc24e4f7a2ac2c6cb7ad2fb7750a40fe715fa44515691419aecad636ec739d1883a7506909c0133f58cd299805aa5f54f56b0e934043b340b5a5bcfb747f9fa9431518b773c9f39a84deec869f6f7d8d5abc0d390b835261b51575d8e5798d54280ffb0ae1c9ed0d76c5c10b2bb620684284ae15110d5573e2725126bad51e3580b0b50f299c0872ca948e65fddf40b00825c5a868e1891631fa2e8a1dd70cf16335d8deef600859246cd9c0b21a3c59a1528336a0a50e558a5dba1f35a165782f611122cfe82368d2b1b6e8914ed677558c3992b2ec50b6067924b3175861589eee26a63b44b258810c42c5e7406cd0febe27f1d889210bc83771a3c80f58269f0eeca012958e02f0d021b97be6318278f0362d8cea450d68c903c385c4a0845ac7f515cc242e59cb6a2a030f3bf17170a93fc9d0e1220a3d6bb1f32e083349ff36ee3711af1f49e33a85fe59e9de4fd7f6c3cac4480f0e6aa85331e5ad83e4c5da4d73dec657014229661a9a012ac3d257aff35faa554a62f3d74242387ee85a3a91cd41f49e4ee7db1150b15faebe12226e072593f29815a21cf80137d8a2ab7d9d99a754647151e89b9da463985162da645b9727d1fe35611eebfc731cc1c4892b0b4c34032e7b8ee44048ed6211b0402a64f9ed5e89db1a4426c1b40894ee2c0d636900ef2748386d2597e1b843df579ff30f8a101c3307a3c3554d878f194a74f84e8b40b3c87578ce34a90c185822d710d1d1355804b9f318b8def077aa30dd97ef451001832a1b72ab14b86d3cc9b682d4b938995b9c6f5888a545dd92dd56253d48c0532c39e7c9b44154cb0359c375b1d848be26d1bf6510353aaa64bcfe6676e0a4c6ab8a5fd84c369c05447a1f62dce2d005dc1860429e3719be6b32b0a9b372d9be078c9bdceca18d745358ddd200f53553e4a4c695c04108e1c32ad9e1d1293e87770228ac677eb5335ea8a6991d09c62996c7c1810731b7b0516de55615742558b4066c3aa21ceb5f56729e4c18a1a7e5a0ccb59f256722e2c2754f4400f260192e597031f6127410caa3d46644f227111176c28b0c94e31b89a8368f6317e344890cc855dd819738d1ac71259d4cd0cb117294ae6faa213b897945a6f8f54a0819bba294678f564603d3c38084300b168aa7ed22db1c6d574b537fe1d79701c9a5ae625698f586349bbacf3ebe6e54989a9dddafc90c67e3d9f009e61b3fdb498e488b3b4b51c7b39aaaea7b50cbee1d8fbf4de5acecbaf6cd398fdb96fb4cab6ff62b6f8e9fa89a57aafc919ae57d0729c97fb9e52ffb7cab319fff81204f288e6aa3107f9e80d0e896f5ae29e027a92fca341e49fb638b1dac2c856f640b0842fce26b8231f59a18015145006ace984c9b48be6311054599e83fd030a6e09fb0b21d66fec415350"}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r3, r0) 02:50:02 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x1c, &(0x7f0000000540), &(0x7f0000000580)=0x4) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 02:50:02 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x4000, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f00000005c0)='/dev/snd/pcmC#D#c\x00', 0x5, 0x200) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000580)={r1, r2, 0xc, 0x3}, 0x10) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x5b42, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:02 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000fd7f9de075156257e8ee1aec99837c78469936b48f17b5567a987aa1669065af277231740a35e3d70282c9287cd6540f6b929bb3a12d95248f9a80445b2262f90b018ffdc94e535f8b442dd8533afd29b3c463af1655b141a998de2faa9eaefa231a98b776860e31b07b64231dd1b18eed3fe57180922e6a2458d718a7261cb2fdca08f94818258ba80366c92bfa2ee9860eb53456558d07372f1a99bac5530c5961413c6e93e7dcb5eb"], 0x2e) 02:50:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) [ 2028.271866] input: syz0 as /devices/virtual/input/input793 [ 2028.282486] input: syz0 as /devices/virtual/input/input794 [ 2028.294643] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2028.294643] program syz-executor1 not setting count and/or reply_len properly 02:50:02 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffffb, 0x20041) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x11) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[@ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRESDEC=r1, @ANYBLOB="cf6db920a08bbaa461364c9555a82cd79aa4a123bf04211d949f114966337b3ea6fd1beec5d90e4f41a4736cdc77f33716df2e25e6fe2272632dfe889f61924d0b9d7c4741fcd0531907227e7d626dd2f99826c4a94ca10a286b6f361db2cbcfede9587c98a2b6f0d8baf53cfac56ef7c240586cdf4d2c563df11c3569f53f9c9d4369dc9cbf3105000699ee8bbf5ba2295029a7fbc541c2616bf7cd1f5c6dbae4d3d19c315eb8527419530c1e3708e25748c5ca2e", @ANYRESDEC=r1, @ANYRESOCT=r1, @ANYBLOB='U', @ANYRES16=0x0], @ANYBLOB="ea2d48fa1245e991f2a3750bfd00dfae6fa053a9a219dbd40998d904db96a981da6af87b4fa4c2b46dfbbe13e49f5d9b19950b8e24949eb049c8e9e80a470f608c0d87b61b5f97740dc447b7a91ab8da39f78179b5632cf107d301dd2a00771c57f0d9129105aa7ffbf4818aae39cc7dec9b23bd3f90e8529635fcf7429a01e539ef36e4149e74e87ec5ae81c1e39ab8b9011e63035cfb991de14a51b12289eeef2086870f3cd4e9c387dd36127b973dfae59934afc11de2560545a766428f55f7e27b88f48b184eeae4786b5c119fb718a3", @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRESOCT=r1, @ANYRESHEX=r1, @ANYRES16=r1, @ANYRESDEC=r1, @ANYRES64=r1, @ANYRESDEC=r1]], 0xfffffffffffffd38) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) 02:50:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xfffffffffffff000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2028.356049] input: syz0 as /devices/virtual/input/input795 02:50:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 02:50:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:02 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2028.467075] input: syz0 as /devices/virtual/input/input797 [ 2028.489638] input: syz0 as /devices/virtual/input/input798 02:50:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x408000, 0x0) ioctl$PPPIOCSFLAGS(r3, 0x40047459, &(0x7f0000000080)=0xa0000) ioctl$RNDZAPENTCNT(r3, 0x5204, &(0x7f00000000c0)=0x9) dup2(r2, r0) 02:50:03 executing program 1: prctl$seccomp(0x16, 0x0, &(0x7f0000000080)={0x8, &(0x7f0000000000)=[{0x9, 0xfff, 0xba, 0x1}, {0x9, 0x5, 0x8, 0xfffffffffffffeff}, {0x0, 0x1, 0x10000, 0x7f}, {0x4, 0x72c7, 0x1}, {0x560c, 0xffffffff, 0xfffffffffffffffd, 0xfffffffffffff179}, {0x7, 0x3, 0x3}, {0x4, 0x101, 0x4, 0x80}, {0x8, 0x0, 0x8, 0x3}]}) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="85454c4600000600000000000010000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:50:03 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x295) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x48) 02:50:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xffffff7f00000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:03 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r1 = dup2(r0, r0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf0ffff, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x48) [ 2029.700845] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2029.700845] program syz-executor1 not setting count and/or reply_len properly [ 2029.721627] input: syz0 as /devices/virtual/input/input799 [ 2029.728702] input: syz0 as /devices/virtual/input/input800 02:50:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x3f000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) syncfs(r0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0xa102, 0x0) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) accept4(r1, &(0x7f00000000c0)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000200)=0xfffffffffffffe4c, 0x100800) ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000180)={@remote, 0x28, r2}) socketpair$inet6(0xa, 0x180004, 0x82, &(0x7f0000000000)) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000240)) 02:50:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000]}, 0x48) [ 2029.757505] input: syz0 as /devices/virtual/input/input801 [ 2029.766212] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2029.766212] program syz-executor1 not setting count and/or reply_len properly [ 2029.791759] input: syz0 as /devices/virtual/input/input802 02:50:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x40000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2029.851840] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2029.851840] program syz-executor1 not setting count and/or reply_len properly [ 2029.871214] Unknown ioctl 35126 [ 2029.874728] Unknown ioctl 19459 [ 2029.924795] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2029.924795] program syz-executor1 not setting count and/or reply_len properly [ 2029.972751] Unknown ioctl 35126 02:50:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x3, 0xa) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:50:05 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) prctl$setendian(0x14, 0x1) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f, {0x0, 0x0, 0xfffffffffffffffe}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) openat$autofs(0xffffffffffffff9c, &(0x7f0000000700)='/dev/autofs\x00', 0x4c20c0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000540)={{{@in=@local, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000000)=0xe8) stat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r0, r1, r2) 02:50:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0ffffff00000000]}, 0x48) 02:50:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x9effffff, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:05 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x2, 0x0) bind(r0, &(0x7f0000000100)=@ipx={0x4, 0x3, 0x40, "11df64a49990", 0x7f}, 0x80) getsockname$netlink(r0, &(0x7f0000000080), &(0x7f00000000c0)=0xc) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0xc0002) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="7077b4e8c1a4b67a000000000000000000004dffffffffffffff0000000000000000000100000000000000000000"], 0x2e) 02:50:05 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000540)={0x0, 0x64, "22703dc4054f693a675b83aa53c727ffc9e078fb2b2a3077ced3451412060a9c616bee5682f841324594be3dffad31e2c92fbefc2527d77523ffa38104f0528d0dd06c3c16af06bc3c75b1ab4cc16c8c784ed195ab9951bac6dfbdc90434bf2d8bb542ec"}, &(0x7f00000005c0)=0x6c) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000600)={0x0, 0x1, 0x5, 0x1, r2}, &(0x7f0000000640)=0x10) 02:50:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) [ 2031.194902] input: syz0 as /devices/virtual/input/input803 [ 2031.202038] sg_write: data in/out 2058790045/4 bytes for SCSI command 0x0-- guessing data in; [ 2031.202038] program syz-executor1 not setting count and/or reply_len properly [ 2031.223635] input: syz0 as /devices/virtual/input/input804 02:50:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xfcffffff00000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x48) [ 2031.252437] input: syz0 as /devices/virtual/input/input805 [ 2031.265160] input: syz0 as /devices/virtual/input/input806 02:50:05 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000003, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19e, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)=0x0) fcntl$lock(r0, 0x0, &(0x7f0000000040)={0x2, 0x4, 0x1, 0x80000001, r2}) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:50:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x100000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2031.410283] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2031.410283] program syz-executor1 not setting count and/or reply_len properly [ 2031.941788] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2031.941788] program syz-executor1 not setting count and/or reply_len properly 02:50:06 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) mknod(&(0x7f0000000040)='./file0\x00', 0xc000, 0xffffff7f) 02:50:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000]}, 0x48) 02:50:06 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = socket(0x1, 0x0, 0x4) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000540)='team\x00') getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001780)={{{@in6=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@local}}, &(0x7f0000001880)=0xe8) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000018c0)={@dev, @local, 0x0}, &(0x7f0000001900)=0xc) getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x14, &(0x7f0000001940)={@dev, 0x0}, &(0x7f0000001980)=0x14) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000005580)={0x0, @dev}, &(0x7f00000055c0)=0xc) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000fc0)={&(0x7f0000000580), 0xc, &(0x7f0000000f80)={&(0x7f00000005c0)={0x98c, r2, 0x0, 0x70bd2c, 0x25dfdbff, {}, [{{0x8, 0x1, r3}, {0x100, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r4}}}]}}, {{0x8, 0x1, r5}, {0x170, 0x2, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r4}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0xfffffffffffff801}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r4}, {0xb8, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x800}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r4}, {0x44, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x1b1b}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r6}, {0x198, 0x2, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r3}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0xf5b}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0xfffffffffffffffb}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0xf5}}}]}}, {{0x8, 0x1, r6}, {0x250, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x869}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x1f}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x5c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x2c, 0x4, [{0x7, 0x949, 0x0, 0x800}, {0x4, 0x12c, 0x6, 0x65f781ca}, {0x0, 0x100, 0x8, 0x80000001}, {0x800, 0x7, 0x8, 0x800000000000}, {0x8dd, 0x3, 0x617, 0x2}]}}}]}}, {{0x8, 0x1, r4}, {0x44, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x581}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x1a0, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0xfff}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r5}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x401}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x80000000}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x401}}, {0x8}}}]}}]}, 0x98c}, 0x1, 0x0, 0x0, 0x1}, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000005600)={{{@in=@loopback, @in6=@ipv4={[], [], @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}}}, &(0x7f0000005700)=0xe8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000005740)={'bpq0\x00', 0x0}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000005780)={0x0, @multicast2, @remote}, &(0x7f00000057c0)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000005a40)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @rand_addr}}, 0x0, @in=@rand_addr}}, &(0x7f0000005b40)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000005b80)={{{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@broadcast}}, &(0x7f0000005c80)=0xe8) getsockname$packet(0xffffffffffffffff, &(0x7f0000005cc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000005d00)=0x14) getpeername$packet(0xffffffffffffff9c, &(0x7f0000005d40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000005d80)=0x14) recvmmsg(0xffffffffffffff9c, &(0x7f0000008f80)=[{{0x0, 0x0, &(0x7f0000006040)=[{&(0x7f0000005dc0)=""/206, 0xce}, {&(0x7f0000005ec0)=""/191, 0xbf}, {&(0x7f0000005f80)=""/53, 0x35}, {&(0x7f0000005fc0)=""/8, 0x8}, {&(0x7f0000006000)=""/34, 0x22}], 0x5, 0x0, 0x0, 0x3}}, {{&(0x7f0000006080)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80, &(0x7f0000007480)=[{&(0x7f0000006100)=""/1, 0x1}, {&(0x7f0000006140)=""/14, 0xe}, {&(0x7f0000006180)=""/45, 0x2d}, {&(0x7f00000061c0)=""/169, 0xa9}, {&(0x7f0000006280)=""/205, 0xcd}, {&(0x7f0000006380)=""/4096, 0x1000}, {&(0x7f0000007380)=""/142, 0x8e}, {&(0x7f0000007440)=""/35, 0x23}], 0x8, 0x0, 0x0, 0x9}, 0x2}, {{&(0x7f00000074c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000007740)=[{&(0x7f0000007540)=""/157, 0x9d}, {&(0x7f0000007600)=""/43, 0x2b}, {&(0x7f0000007640)=""/135, 0x87}, {&(0x7f0000007700)=""/14, 0xe}], 0x4, &(0x7f0000007780)=""/29, 0x1d, 0x3f}, 0x1}, {{&(0x7f00000077c0)=@nfc, 0x80, &(0x7f0000007a00)=[{&(0x7f0000007840)=""/137, 0x89}, {&(0x7f0000007900)=""/145, 0x91}, {&(0x7f00000079c0)=""/11, 0xb}], 0x3, &(0x7f0000007a40)=""/4096, 0x1000, 0x4}, 0xed86}, {{&(0x7f0000008a40)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000008bc0)=[{&(0x7f0000008ac0)=""/229, 0xe5}], 0x1, &(0x7f0000008c00)=""/248, 0xf8, 0x8001}, 0x101}, {{&(0x7f0000008d00)=@ax25, 0x80, &(0x7f0000008f00)=[{&(0x7f0000008d80)=""/222, 0xde}, {&(0x7f0000008e80)=""/121, 0x79}], 0x2, &(0x7f0000008f40)=""/44, 0x2c, 0x4}, 0x10001}], 0x6, 0x43, 0x0) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000009380)={0x0, @broadcast, @multicast2}, &(0x7f00000093c0)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f000000a880)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@local}}, &(0x7f000000a980)=0xe8) getpeername$packet(0xffffffffffffffff, &(0x7f000000a9c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f000000aa00)=0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f000000aa40)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f000000ab40)=0xe8) getsockname$packet(0xffffffffffffff9c, &(0x7f000000ab80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f000000abc0)=0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f000000e940)={'vlan0\x00', 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f000000e980)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in=@dev}}, &(0x7f000000ea80)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f000000eac0)={'vcan0\x00', 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f000000eb00)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}}}, &(0x7f000000ec00)=0xe8) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f000000f3c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f000000f380)={&(0x7f000000ec40)={0x728, r2, 0x800, 0x70bd25, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x13c, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r6}, {0x1e8, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0xfb4}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x1cea6cb}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r11}}}]}}, {{0x8, 0x1, r12}, {0xec, 0x2, [{0x74, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x44, 0x4, [{0x1ba, 0x0, 0x50, 0x7f}, {0x7, 0x3, 0x0, 0x7fff}, {0x5, 0x8000, 0x3, 0x4}, {0xfff, 0xffffffff80000001, 0xffffffff, 0x7b4}, {0x5, 0xe3, 0x101, 0x25}, {0x7, 0x8, 0x7a, 0x9}, {0x2, 0x1, 0x2, 0xffff}, {0x3, 0x0, 0x5}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r13}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r14}, {0x16c, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r15}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r16}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x100}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r17}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r18}}}]}}, {{0x8, 0x1, r19}, {0x170, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r20}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r21}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x1c, 0x4, [{0xc92, 0x2b300, 0x8, 0x5}, {0x7, 0x0, 0xffffffffffffff81, 0x3}, {0xffffffff93665fcb, 0x49, 0x3, 0x6}]}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r22}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r23}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}]}}]}, 0x728}, 0x1, 0x0, 0x0, 0x44}, 0x24008080) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:06 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:50:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x300000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:06 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00') write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000080)={0x2, 0xffffffffffffecbc}, 0x2) 02:50:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x9effffff00000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2032.712552] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2032.712552] program syz-executor1 not setting count and/or reply_len properly [ 2032.738593] input: syz0 as /devices/virtual/input/input807 02:50:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x48) 02:50:06 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x8) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000640)={0x4, {0x9, 0x0, 0x8000, 0x3, 0x800000000}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile64(r2, r3, &(0x7f00000005c0), 0x3) ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f0000000580)=0x161) openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x80, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2032.767047] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2032.767047] program syz-executor1 not setting count and/or reply_len properly [ 2032.805416] input: syz0 as /devices/virtual/input/input810 02:50:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xfffff000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x48) 02:50:06 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0106434, &(0x7f0000000200)={0x4, 0x0, 0x10000, 0x6}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000240)='trusted.overlay.opaque\x00', &(0x7f0000000280)='y\x00', 0x2, 0x3) write$binfmt_elf64(r1, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000080)=ANY=[@ANYRESOCT=r1]], 0x4) r2 = memfd_create(&(0x7f0000000000)='$loselinux\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x403c5404, &(0x7f0000000180)={{0x3, 0x3, 0x3, 0x2, 0x7}, 0x7, 0x6}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000100)={0x0, 0x80000, r2}) fstatfs(r1, &(0x7f0000000300)=""/160) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000140)={0x0, r3}) ioctl$LOOP_CLR_FD(r0, 0x4c01) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vga_arbiter\x00', 0x80000, 0x0) [ 2032.826122] input: syz0 as /devices/virtual/input/input811 [ 2032.898593] input: syz0 as /devices/virtual/input/input812 02:50:08 executing program 4: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x1, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f00000000c0)={0x6, 0x6992, 0xfffffffffffffffc, 0x8000}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000006a80)=@req={0x100000000, 0x0, 0x0, 0xfffffffffffff820}, 0xfffffe8a) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000000), 0x4) memfd_create(&(0x7f0000000040)='%-\x00', 0x4) dup2(r3, r1) 02:50:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 02:50:08 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x80) fcntl$setlease(r1, 0x400, 0x2) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000600)) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f0000000540)=""/137) ppoll(&(0x7f0000000640)=[{r1, 0x4e}], 0x1, &(0x7f0000000680)={0x0, 0x989680}, &(0x7f00000006c0)={0xaa}, 0x8) 02:50:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x6000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mixer\x00', 0x400000, 0x0) mq_getsetattr(r1, &(0x7f0000000080)={0x7, 0x9, 0x6, 0x0, 0x200, 0x9, 0x9, 0x4}, &(0x7f00000000c0)) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r1, &(0x7f0000000240)={0xb, 0x10, 0xfa00, {&(0x7f0000000100), r2, 0x80}}, 0x18) 02:50:08 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) getsockopt$inet_mreq(r1, 0x0, 0x27, &(0x7f0000000540)={@remote, @remote}, &(0x7f0000000580)=0x8) 02:50:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x425b, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2034.195948] input: syz0 as /devices/virtual/input/input814 [ 2034.206686] input: syz0 as /devices/virtual/input/input813 [ 2034.212576] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2034.212576] program syz-executor1 not setting count and/or reply_len properly 02:50:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x48) 02:50:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x2, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[], 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xf, 0xa240) fchmod(r1, 0xc) ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="03000000000000000000000000000000b1ff0c734c368d5e750000ef00000000000000000008000000000014a8138f1074af45ebff0000000000000000fb2cd3ca067f72"]) [ 2034.247236] input: syz0 as /devices/virtual/input/input815 [ 2034.255951] input: syz0 as /devices/virtual/input/input816 [ 2034.265656] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2034.265656] program syz-executor1 not setting count and/or reply_len properly 02:50:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 02:50:08 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:50:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x4000000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 02:50:08 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) socketpair(0x4, 0x0, 0xec, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000007c0)={0x0, 0x5, 0x8, 0x1ff}, &(0x7f0000000800)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000a80)=ANY=[@ANYRES32=r2, @ANYBLOB="d0000000eb10e60634cad2ce6a302910c450dc71ee4bdd6cdded8a55d559de9e24be66832218dd3f29ea4a749379e175d400f3fcf1a5d3daf467a4f17ee1fafdec5efda71010e78b215094b77a6cda28f5a0afeb849f9b9473428e8023948d13e25c09e08501301251cb69df56cae52536c5886ecc214a34fd446eaeb987905f46dfa0674057a32a862caa72e2913ef1767784af16c960e0b39d155d09358f31c2107fc4df346c37885f5d8db9ad66788678a3bfe8f072cb6aff955731ab3dcc3334febc5e7724ab36730a281cd46fc8f061ea678407b1854b109052a13e622dc0859bd97cb2d2528f22ff320f96d6ebfaf02020aa96db5d09483742da534f8e2c3a44cc6b9713789893e6a8e040051c2df672771cb81428c4d071800044495552cf9054f894a32272bf83000730819ce9dc28a4b3003aa80a6a408c3f947dc0f9ab228aa325514e89ad73007a1e91b1d76016e8fbc54b83ae24263c12e1b2ea10e4b2aaf54678b772033f859123c397fdd9c7d3a3b1f44be3eb83a84737b21034f7d15768e5007ddb472a1a8284cbcd292d305ecb3ec4b8df0320a37e35cee0676b211db70b4451e302622ca5ea5b77765ca6fd8ff742ca3901417450dc7fee243cfa142a1fec991d3d9779c0bc61eebb7c3c2f4547039f465795048a509367b2e27d8394d3779cae8eb84def07afdc576e0396163d5a63c7e3bfe35d39879d25047fa3f394ccd258b72fdb4aa3dd215dcb185b795a"], &(0x7f0000000940)=0xd8) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000600)="ebffffffffffffff") ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r4, 0xc04c5349, &(0x7f0000000640)={0x2, 0x1f, 0x101}) memfd_create(&(0x7f00000005c0)='syz0\x00', 0x4) getsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000540)=0x5, &(0x7f0000000580)=0x2) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[], 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffff9c, 0xae41, 0x2) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000000)={0x200000000000000, 0x7000, 0x1, 0x3}) 02:50:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x8000000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:08 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x400, 0x0) syz_open_dev$sndmidi(&(0x7f0000000100)='/dev/snd/midiC#D#\x00', 0xa54, 0x40a000) 02:50:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0ffffff]}, 0x48) [ 2034.470234] input: syz0 as /devices/virtual/input/input817 [ 2034.503774] input: syz0 as /devices/virtual/input/input818 [ 2034.509985] input: syz0 as /devices/virtual/input/input819 02:50:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x1000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x48) 02:50:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x60000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2034.525824] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2034.525824] program syz-executor1 not setting count and/or reply_len properly [ 2034.555425] input: syz0 as /devices/virtual/input/input820 02:50:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x100000000000c, 0x0) r3 = dup2(r2, r0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x203a11}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x78, r4, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3ff}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7a}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1c}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x8000) 02:50:09 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) fallocate(r0, 0x73, 0x7ff, 0xfffffffffffff58c) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:50:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 02:50:09 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xdd010000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:09 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0xa001, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x400300, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffb0]}, 0x48) [ 2035.829283] input: syz0 as /devices/virtual/input/input821 [ 2035.840777] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2035.840777] program syz-executor1 not setting count and/or reply_len properly [ 2035.860363] input: syz0 as /devices/virtual/input/input822 02:50:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf00, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x60, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000000000000]}, 0x48) [ 2035.901586] input: syz0 as /devices/virtual/input/input823 [ 2035.909211] input: syz0 as /devices/virtual/input/input824 02:50:10 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x440000, 0x9) ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000580)) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) setsockopt$inet_udp_int(r1, 0x11, 0xa, &(0x7f00000005c0)=0x7e9, 0x4) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2036.033275] input: syz0 as /devices/virtual/input/input825 [ 2036.054428] input: syz0 as /devices/virtual/input/input826 02:50:11 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x400001, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r2, r0) 02:50:11 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x20400, 0x0) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x40081, 0x0) 02:50:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x6000000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50000000]}, 0x48) 02:50:11 executing program 5: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x100, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000540)={0x6, {0x80, 0x2, 0x7, 0xffff, 0x7, 0xe765}}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="08000c000220b68f321192d05214f5249963155f67e59aa76d1693a180c4fff18f38803d777961e82b5b1f1d989eb9c7563a112c560026a03654d9b3d8e12eee887e525ea48279fdd3c6756e6a491b70ae5ae334fd654607cd597549a42dab910af26a27b726e0e8a1d6065b454856ff9e5e4a646a8e2704007f9691cd290bc688eb28dc9f48304be11a4d"], &(0x7f00000005c0)=0xa) setxattr$trusted_overlay_redirect(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000580)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000980)=0x2c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000600)={r2, @in6={{0xa, 0x4e22, 0x2, @mcast1, 0x10001}}, [0x6, 0x2, 0x4, 0x8000, 0x7, 0x5, 0x7, 0x8, 0x3f, 0x3, 0x85, 0x7, 0x20, 0x3, 0x10001]}, &(0x7f0000000700)=0xffffffffffffffb7) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) setxattr$security_capability(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='security.capability\x00', &(0x7f00000007c0)=@v2={0x2000000, [{0x7, 0x6}, {0x401, 0xbc1d}]}, 0x14, 0x0) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xfa) dup3(r1, r1, 0x80000) syz_open_dev$sndtimer(&(0x7f00000009c0)='/dev/snd/timer\x00', 0x0, 0x80000) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:50:11 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000540)='/dev/input/mouse#\x00', 0x5, 0x111000) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000580)={0xfffffffffffffff8}, 0x4) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x45c) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x16) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x48) [ 2037.203388] QAT: Invalid ioctl [ 2037.212882] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2037.212882] program syz-executor1 not setting count and/or reply_len properly [ 2037.213420] QAT: Invalid ioctl [ 2037.232531] input: syz0 as /devices/virtual/input/input827 02:50:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x3f00000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2037.255860] input: syz0 as /devices/virtual/input/input829 [ 2037.285280] QAT: Invalid ioctl [ 2037.297970] input: syz0 as /devices/virtual/input/input828 02:50:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000]}, 0x48) 02:50:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xfcffffff, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) [ 2037.307664] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2037.307664] program syz-executor1 not setting count and/or reply_len properly 02:50:11 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f, {0x0, 0x9, 0x3, 0x0, 0x72b, 0x2}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2037.367311] QAT: Invalid ioctl [ 2037.383872] QAT: Invalid ioctl [ 2037.387835] input: syz0 as /devices/virtual/input/input830 [ 2037.410654] QAT: Invalid ioctl [ 2037.423652] input: syz0 as /devices/virtual/input/input831 [ 2037.509064] input: syz0 as /devices/virtual/input/input832 02:50:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x234000, 0x0) ioctl$KVM_GET_SREGS(r3, 0x8138ae83, &(0x7f0000000080)) dup2(r2, r0) 02:50:12 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x5, 0x200580) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000200)=0x7ff, 0x4) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xae44, 0x400) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f00000003c0), &(0x7f0000000400)=0x4) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000240)="a7e755efd0e2c4896f585d1c6db201334f7aa6b72fa31cfe83895080b13bc4fbc49c8054d16a13522274c3f7ec6ff724b3def1dc5fce0669a7619a2e23eedd127d6764fd43ae6adca0e6e0676a1be3ba4a469436fce6fd1a531e9e085bcc77a3cbcc0f81f7c92cdd4fbe7e48d47890428c024bdc75baec2b6bcc9873c820545f3ed7268801b9e6c8f128a43a3562b53b5fdd3c3cfdb10d69c291b78b88acce95cf3d29116943e5ca3d833db8d676c6a8b26bd453d303fd308e4bc27304f0d2d204e6dee6fa2f4144ebad2a54ba9ec6d4f74fb6cd0ad39725ecde17980d94d36b87294593803c400155c508a8ae6b28bf0bd2a7d61a6b4e213971df5328d903bf") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c460000060000000000f600000000004dffffffffffffff0000000000000000000000000000380000000000e6bb4b40011d09c669f14b342c3c0ffdb78f7069900b1a62b90fad9cd734929a6f535e80eee1e6ba69403d2826097db993b797f00ed1d456625e2969b97c18c54a24cf262ec350ee87a01155c525493aef0a306c5dfe26b9841d33c2ab1101a19cc84e426e697b2a30523712b358e880fbbdf01c4042042df3290a4fd2aba83065ae5c57af78bcef9f369fee91bd1fd17399647eb92ffc24b111e3a67b2e7243161dafe79d35b29bb071a17de4d350420f2a9a1f1de32006bd34a3c4597ba565f2eb9b6e12632b3abe5e4051f460fdc0d5adc69286102dfcd7b3da4f56ad72ca650eca21d1bd60b9cca81e"], 0x2e) r2 = dup3(r1, r1, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r2, 0x40045731, &(0x7f0000000180)=0xb2d7765) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40106614, &(0x7f0000000380)={0x0, @aes256}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000080)=""/196) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x4) unlink(&(0x7f0000000340)='./file0\x00') 02:50:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x4000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x48) 02:50:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000540)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000580)={0x0}, &(0x7f00000005c0)=0xc) fcntl$setownex(r1, 0xf, &(0x7f0000000600)={0x2, r3}) 02:50:12 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f, {0x0, 0x0, 0x0, 0x0, 0x4}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000540)={0xfffffffffffffffb, 0x0, 0x2, 0x9}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x3, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffd0]}, 0x48) [ 2038.696937] input: syz0 as /devices/virtual/input/input833 [ 2038.701478] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2038.701478] program syz-executor1 not setting count and/or reply_len properly [ 2038.729477] input: syz0 as /devices/virtual/input/input834 [ 2038.738520] input: syz0 as /devices/virtual/input/input835 02:50:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x6, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) futex(&(0x7f0000000040)=0x4, 0x0, 0x4, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000080), 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x15) futex(&(0x7f000000cffc), 0x800000000005, 0x0, &(0x7f0000000180)={0x77359400}, &(0x7f0000000040), 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:12 executing program 3: socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/mixer\x00', 0x1, 0x0) ppoll(&(0x7f0000000600)=[{r0, 0x1}, {r1, 0x8}, {r2, 0x1000}], 0x3, &(0x7f0000000640)={0x0, 0x989680}, &(0x7f0000000680)={0x8000}, 0x8) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r3, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r3, 0x5501) ioctl$SCSI_IOCTL_DOORUNLOCK(r4, 0x5381) [ 2038.753980] input: syz0 as /devices/virtual/input/input836 [ 2038.763930] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2038.763930] program syz-executor1 not setting count and/or reply_len properly 02:50:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf0ffffffffffff, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 2038.860974] input: syz0 as /devices/virtual/input/input837 [ 2038.882274] input: syz0 as /devices/virtual/input/input838 [ 2038.897943] input: syz0 as /devices/virtual/input/input839 02:50:14 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x100000030) r4 = dup2(r3, r0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x0, 0x7fff}, 0x8) accept4$packet(r4, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000200)=0x14, 0x80000) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8936, &(0x7f0000000240)={@loopback, 0x1f, r5}) 02:50:14 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000000000000000000000000003800000000000ea57d765e38f6cdbccb01461e5aa122e5e5c4ab7ef0a537b9268503c3b6b929463341edf228d5764029ec5200000000a6b6442e5349ae99baa146f468229ba60e55884614ce86c5988838456621476c078f21496ed454c43873c189baaecd125a9b5de3998f86170659aca0da1cba12ef2be221cc650144838a3ebab9e97cf61f2d7bc88dc05ffbe3f495746293c08080391368d0d1bf830e3632b78b799584c953ae46c6b1fd5201c8e8c5685cb5ef174c07bbdb90f6c556a97d8cf5880ad12f89a021b94101312550"], 0x2e) getresuid(&(0x7f0000000000)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) getresuid(&(0x7f0000000200), &(0x7f0000000240)=0x0, &(0x7f0000000280)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f00000003c0)=0xe8) setresuid(r1, r2, r3) 02:50:14 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf00000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 02:50:14 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x40040, 0x0) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000740)) write$UHID_DESTROY(r1, &(0x7f00000006c0), 0x4) r2 = syz_open_dev$vcsa(&(0x7f0000000540)='/dev/vcsa#\x00', 0x36, 0x8000) uselib(&(0x7f0000000700)='./file0\x00') setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000580)=0x7f, 0x4) fcntl$setsig(r2, 0xa, 0xc) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000780)='/dev/full\x00', 0x4, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xe) ioctl$UI_DEV_CREATE(r0, 0x5501) arch_prctl(0x1001, &(0x7f00000005c0)="813229b5f704333d7abf0a4e4c9e0e242b9ee373ce058785b85bb158836b19447b994d0e08134d283db489aac26a358338856dbd75f3d3d1c4d15bc57a1aad2abdb3f571a54a938c1b0d3604c36301fb340e7bd8099da595377a9edb8e68a39459d8f4109a5f69009b2604c83d6d5e38e7b0cf1a585c96d28497e391adbb939466a7350bf39fb506817fbd899bea541cd80e") 02:50:14 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = accept4$inet6(r0, 0x0, &(0x7f0000000000), 0x800) r2 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x40000) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000005c0)={{{@in6, @in6=@ipv4={[], [], @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f00000006c0)=0xe8) bind$can_raw(r2, &(0x7f0000000700)={0x1d, r3}, 0x10) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000540)=0x10000, 0x4) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x48) 02:50:14 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xdd01000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2040.198014] input: syz0 as /devices/virtual/input/input841 [ 2040.204369] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2040.204369] program syz-executor1 not setting count and/or reply_len properly [ 2040.227251] input: syz0 as /devices/virtual/input/input842 [ 2040.241163] input: syz0 as /devices/virtual/input/input843 02:50:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000]}, 0x48) 02:50:14 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x20000, 0x0) name_to_handle_at(r1, &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="7200000005000000b7dbceeefa7358f18ae94d9a55da35e26a8946b72c27a598a9b897139f214664c5f155438f527ec3e35cfb2816483ec57f918b85499eaf8e60c737ca78863d750812bb4b858737af6bdb52f137e1373321d4bfc180057b9cc57900c66d2ba13f08f11da6711ace18ec12c943fbf00b5634a0d8085eafbf26043500c6342040bd4da6f10b58136df916c77472da8b502c783bd7c15deb5d2fc9ae680fd418932b05e0b17d0e10227925d9d113c8a1b4615708343d1d697fe2427101d79b39efc405a631"], &(0x7f00000006c0), 0x10400) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2040.286399] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2040.286399] program syz-executor1 not setting count and/or reply_len properly 02:50:14 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x3000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x48) [ 2040.370244] input: syz0 as /devices/virtual/input/input845 [ 2040.399720] input: syz0 as /devices/virtual/input/input846 02:50:15 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000028c0)={@empty, 0x0}, &(0x7f0000002900)=0x14) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000002940)={@remote, 0x7f, r3}) r4 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x80) setsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000000100)="44a4e8839aca70b52e3bd9fd0d5e7142962903d9d785b8c5237abdc514", 0x1d) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r5 = socket$inet6(0xa, 0x1000000000002, 0x0) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x40a01, 0x0) setsockopt$bt_BT_FLUSHABLE(r6, 0x112, 0x8, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r5, r0) 02:50:15 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x5b420000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000140)) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0x153) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x6, 0x80) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000100)=0x44) 02:50:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 02:50:15 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) socketpair(0x0, 0xa, 0x9, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_opts(r1, 0x0, 0x0, &(0x7f0000000580)=""/121, &(0x7f0000000600)=0x79) lsetxattr(&(0x7f0000000780)='.\x00', &(0x7f00000007c0)=@known='trusted.overlay.redirect\x00', &(0x7f0000000800)='\x00', 0x1, 0x3) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) lstat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000700)=""/44, &(0x7f0000000740)=0x2c) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000840), &(0x7f0000000880)=0x14) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = syz_open_dev$mice(&(0x7f00000005c0)='/dev/input/mice\x00', 0x0, 0x8000) bind$inet6(r1, &(0x7f0000000600)={0xa, 0x4e24, 0x100000000, @local, 0x6}, 0x1c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) socketpair$inet6(0xa, 0x0, 0x7f, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_mreq(r2, 0x29, 0x1f, &(0x7f0000000540)={@ipv4={[], [], @rand_addr}}, &(0x7f0000000580)=0x14) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2041.688887] sg_write: data in/out 29249/297 bytes for SCSI command 0x0-- guessing data in; [ 2041.688887] program syz-executor1 not setting count and/or reply_len properly [ 2041.706239] input: syz0 as /devices/virtual/input/input848 [ 2041.726170] input: syz0 as /devices/virtual/input/input849 02:50:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb0ffffff00000000]}, 0x48) 02:50:15 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x2000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2041.734432] input: syz0 as /devices/virtual/input/input847 02:50:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000480)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7f450f4600ffffffffffd13b00000000000000000000000000000000000000000000000000000000004084ca3911c337dc214e0970cc0815591c846fa8f94d8cbd53639633388521a502db1b789f08397db28f55551c37fba5468a8df19c8a0e3bb343920004ed33470b47c5ae7949a17a68ae1ebb28061a686db8d578453e94162522eb8d0b9e808cd051617f497792d80807484be3b8ebfc82b5dd9d874717f72b0216655942a7bbc38fa77543b8a8748a340004f8cdc72d0fc4c5f22893fb9671f03637f922470f01d3278614b94a63b271f73f3527378911a7da58a222b1f8f730d4f2f5af5a9295a85fbe5386b1569c9904f56054fb84fd774ac580f30cac16b0bd138217439911ea4d30899125a82d6c1457458f60c1d6f4f80510ce5eca7fa0c68faf76547a84b8d4456dff92c7d22332c015e37dd25fc895da5597d779ca0c10cc89964dbfb11be5d2093a9328cf769fcde98ec843772d8f1f86856d6be54be28ea523d28016fc6db998dbd5fdd4023512830d55277b06a33da40ec25040a07939226634bb9ddddc29f874c8c2f01c2a902eab71518f69707caf5ff814b526b84115d0a7a9488c66c06b85ae13971e51cab77d84b250e62ec3e5ffabce464e3f0850fe1c1056c3671d0637c40519813be5ac660538696900000000000000000000"], 0x2e) r1 = syz_open_dev$admmidi(&(0x7f0000000380)='/dev/admmidi#\x00', 0x1, 0x800) r2 = syz_open_dev$mice(&(0x7f00000003c0)='/dev/input/mice\x00', 0x0, 0x10a00) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000400)={0x3, r2}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$TIOCMGET(r3, 0x5415, &(0x7f0000000080)) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000100)) removexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)=@known='system.sockprotoname\x00') 02:50:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x48) 02:50:15 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xdd01, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:15 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = dup(r0) write$FUSE_IOCTL(r1, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x8, 0x4, 0x7, 0x2}}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f0000000540)='oom_adj\x00') getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000580)={0x0, @rand_addr, @dev}, &(0x7f00000005c0)=0xc) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000640)={0x5, 0x0, [{}, {}, {}, {}, {}]}) [ 2041.803926] input: syz0 as /devices/virtual/input/input850 [ 2041.873717] input: syz0 as /devices/virtual/input/input851 [ 2041.934036] input: syz0 as /devices/virtual/input/input852 02:50:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xfffffffc, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:17 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0x420081) ioctl$TUNATTACHFILTER(r1, 0x400854d5, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{0x4, 0x0, 0x1b, 0x2}, {0x10000, 0x1, 0x8, 0x4}, {0x0, 0x5, 0x7fff000000000, 0x6}, {0x100000001, 0x9, 0x2, 0xfffffffffffffffb}, {0x7f, 0x5, 0x0, 0x4c57}, {0x0, 0x6, 0xfffffffffffffff9}, {0x7, 0x3f, 0x1, 0x80000000}, {0x1ff, 0xc1, 0x2, 0x8868}]}) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f0000000100)) 02:50:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x48) 02:50:17 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r0, r1) 02:50:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0xffffffffffffffff, {0x0, 0x4, 0x0, 0x0, 0x3}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000540)={'syz0\x00', {0x7, 0x0, 0x5, 0x1}, 0x49, [0xff, 0x8, 0xfffffffffffffff8, 0x9, 0x7fff, 0x800, 0x3, 0x2, 0x2, 0xda, 0xfffffffffffffffa, 0x35, 0x2, 0x0, 0x6, 0x5, 0x10001, 0x20, 0x8aa7, 0xb9, 0x0, 0x3ff, 0x6e, 0x6, 0x7, 0x80000001, 0x9, 0x3, 0x6, 0x80, 0x101, 0x1, 0x1, 0x400, 0xe6, 0x1f, 0x8b, 0x8d, 0x7fffffff, 0x4, 0xffff, 0x80, 0x2, 0x5, 0x3, 0x3, 0x10001, 0x1, 0x0, 0xfe, 0xffffffffffffff01, 0x40, 0x3, 0x1, 0x101, 0x6, 0x3dd7, 0x1, 0x6, 0x7, 0x7, 0x8, 0x6, 0x4], [0x6, 0x6, 0x7ff, 0x100000001, 0x1, 0x5, 0x548, 0x7fff, 0x10000, 0xffff, 0x67, 0x0, 0x2, 0x9, 0x3, 0xffffffffffff0000, 0xffffffff, 0x20, 0x2, 0x5, 0x1, 0xfc48, 0x0, 0x5, 0x1, 0x1f, 0x0, 0x1f, 0xffff, 0x1, 0x6, 0x200, 0xffffffff, 0x3a9d6da4, 0x3, 0x3ff, 0x4, 0x100000000, 0x9, 0x1, 0x1, 0x2, 0x975d, 0x3, 0x20, 0x0, 0x8000, 0x3800000000000, 0x200000000000, 0x2, 0x1, 0x200, 0x9, 0x6, 0x800, 0xee, 0x5, 0x8000, 0x4, 0x5, 0x9, 0x3, 0x5, 0x101], [0xfffffffffffffff7, 0x420, 0x2, 0xe0, 0x7f, 0x57b58ab1, 0x0, 0x1ff, 0x0, 0xf9, 0x4ae, 0x4, 0x1, 0x4, 0x81, 0x3, 0x80000001, 0xbb1, 0x8, 0x8, 0x8, 0x5, 0xffffffffffff8001, 0x9, 0xb2b, 0x6, 0xffffffff, 0xc97a, 0x50000000000, 0x8, 0x8, 0x5eb, 0xffffffffffffffff, 0xfffffffffffff1ce, 0x10001, 0x3, 0x81, 0x1200000, 0x80000000, 0x100, 0x9, 0x7, 0xfffffffffffffff9, 0x5, 0x2, 0x5, 0xffffffffffffaa50, 0x6, 0x7fffffff, 0x200000, 0x3, 0x1f, 0x0, 0x3, 0x8, 0x2, 0x6, 0x800, 0x8, 0x5, 0x800, 0x3a, 0x6, 0xffffffff], [0x4, 0x0, 0x9, 0x7, 0xfffffffffffffff7, 0x8, 0x2, 0x9, 0x9, 0x42, 0x8, 0x40, 0x8, 0xfffffffffffeffff, 0xffffffffffffa7f8, 0x400000000000000, 0x0, 0x401, 0x0, 0x2, 0x800, 0xf3d, 0x6, 0x0, 0x2, 0x100, 0x80, 0x8, 0x8001, 0x1000, 0x100000001, 0x7, 0x3, 0x7ff, 0x7fff, 0x3, 0x67ba27db, 0x0, 0x7, 0x7, 0x1, 0xffffffffffff7fff, 0xc10e, 0x0, 0x0, 0x5, 0x5, 0xf873, 0x7a9, 0xffffffffffffffff, 0x7, 0x9, 0xfffffffffffff001, 0x7, 0xfff, 0x1, 0x0, 0x8, 0xfffffffffffffff7, 0x8, 0x2, 0x3f, 0x401, 0x6d6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:17 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x48) 02:50:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xfffffff0, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2043.137269] input: syz0 as /devices/virtual/input/input853 [ 2043.140290] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2043.140290] program syz-executor1 not setting count and/or reply_len properly [ 2043.162444] input: syz0 as /devices/virtual/input/input854 [ 2043.180019] input: syz0 as /devices/virtual/input/input855 02:50:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 02:50:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x200000000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) write$P9_RREADDIR(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="6800e3ff280100040000004100000000070000000000000040000000000000000207002e2f66696c65308004000000080000000000000006000000000000007f07336fcb46696c65303601000000070000000000000604000000000000000507002e2f66696c6530"], 0x68) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) epoll_create(0x7) [ 2043.214053] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2043.214053] program syz-executor1 not setting count and/or reply_len properly [ 2043.253759] input: syz0 as /devices/virtual/input/input856 02:50:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000]}, 0x48) 02:50:17 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c0400000000000000000000000000004dffff0000000000000000000000003257f4ed7195000000000000000000000000adebb14e97d5a52a25bd39d0d72bb6eee55e0770895823e9c2b25e7366a89c44a844c73c65733d5c122cce655a47716a85287333b810bd83c3a814844520c7e4b991eb4543989321c896c71b5ed11b736f931c61c075c284075232d8d5c2d58801a6375dd56de321647474eb4bcaa973bd43f8abdb1d4a4b6bdd5fb11936120bd29da1f56a00c21795e914091f455880450d"], 0x2e) tee(r0, r0, 0xff, 0x1) open_by_handle_at(r0, &(0x7f0000000080)={0x6f, 0x80000001, "0e922ea33766689a907a24aaeb06d060e1d80f8531621cccab2fa3f46ae90d80fbe3395aa940efe330b99e7fc9010a5447b792ab3ac206e63878a813ed921ff623932249ba4f1eadb38020907ce042c63182aaf11699bfbb6771386799c63a26d1af78bf84c5d2"}, 0x400) 02:50:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0xf0ffffff00000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:17 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$binfmt_elf32(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="7f454c46020004d303000000000000000300030000080000740200003800000004010000090000000200200001000200060009000000000070df550bb00000000700000001000100ff01000008000000c6170000fdffffff0000000040000000b8010000c30000003f000000ff160000ff00000006000000261722b48e041a488d4fb4ad9ff409795fb33736ad5f5311b0bf71fc7047c1dee13ac7a97daa3d1c6fe4d8a181bb07f30d7235dae2921ae3612d8fad01ca0c9daaaacabe6ec715f6eef6e5596734333906ccd6bd542d522d42fd0c7933be0c8ff67149b671317ba650716845e4bf2a7f8bf2c852bcaef182376e03f96aebd3f828c696a6fdea0b103f7222b25182ffb7206d3952e05840faaa1b6ae76dbb181944037f29af2cf967f0077b550e874d773fcc82e9e3308931dae390000000000000000000000000000000000000eeff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0xb33) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000001180)='/dev/full\x00', 0x7ffff, 0x0) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000540)=0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) [ 2043.329491] input: syz0 as /devices/virtual/input/input857 [ 2043.355572] input: syz0 as /devices/virtual/input/input858 [ 2043.417888] input: syz0 as /devices/virtual/input/input859 [ 2043.454484] input: syz0 as /devices/virtual/input/input860 02:50:18 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0x1c) r3 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x8, 0x1) getsockopt$XDP_STATISTICS(r3, 0x11b, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x18) socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r4 = dup2(r1, r0) ioctl$sock_bt(r4, 0xdd1f, &(0x7f0000000040)="d9d3016413fa85b6c6f060f7214d5ae16142e8b725243b8d120ddf69ddde22fb098f418d94fa454286047b318a") ioctl$UI_BEGIN_FF_UPLOAD(r4, 0xc06055c8, &(0x7f00000000c0)={0x3, 0x9838, {0x57, 0x8, 0x1, {0x9, 0x2}, {0x4, 0x80000001}, @period={0x0, 0x0, 0x7, 0x7f, 0x4, {0x10001, 0x81, 0x3, 0x9e89}, 0x1, &(0x7f0000000080)=[0x7]}}, {0x54, 0x8, 0x0, {0x7, 0x8d4f}, {0x3, 0x4}, @const={0x1f, {0x0, 0x9, 0xfffffffffffffffb, 0xeee}}}}) 02:50:18 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004d6b1f54bf1d882488a66e7db27e012cffffffffffffff0000000000000000000000010000380000000000"], 0x2e) signalfd(r0, &(0x7f0000000080)={0x7bac}, 0x8) 02:50:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x40030000000000, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) 02:50:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000540)) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) dup2(r0, r0) ioctl$UI_DEV_CREATE(r0, 0x5501) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000580)='trusted.overlay.opaque\x00', &(0x7f00000005c0)='y\x00', 0x2, 0x1) 02:50:18 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) pipe2(&(0x7f0000000640)={0xffffffffffffffff}, 0x4000) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f0000000680)={0x0}, &(0x7f00000006c0)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000700)={r2, 0xfffffffffffffffd}, &(0x7f0000000740)=0x8) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001]}, 0x45c) r3 = syz_open_dev$mice(&(0x7f0000000540)='/dev/input/mice\x00', 0x0, 0x400) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000780)={0xaa, 0x24}) ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000000600)={0x15, 0x76, &(0x7f0000000580)="f3cff1d0e0195949804393d4d1d44a8c902bd9bbb6acd6c81c6ac4c9663036c07d392e376124c3156cac2d046110203df26a14c5fe211c4916167e8398be5bf33b7091d4528c55a0bec6db4b687cdec0b31625c0f7dc9a6aba74e2fc7bac7d839d284bca4f5d92e0f431408d96b754bb931eb302bc5b"}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r3, 0x4004700c, 0xa28) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2044.542213] input: syz0 as /devices/virtual/input/input861 [ 2044.559097] input: syz0 as /devices/virtual/input/input862 02:50:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x48) 02:50:18 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x24002, 0x0) write$P9_RMKDIR(r0, &(0x7f0000000080)={0x14, 0x49, 0x1, {0x80, 0x0, 0x2}}, 0x14) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:50:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x3f00, {0x3}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000]}, 0x48) [ 2044.587228] input: syz0 as /devices/virtual/input/input864 [ 2044.611537] input: syz0 as /devices/virtual/input/input863 02:50:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x9}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000]}, 0x48) [ 2044.642187] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2044.642187] program syz-executor1 not setting count and/or reply_len properly 02:50:20 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x40000, 0x0) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000140)={0x1, 0x2, 0x2}) r1 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000180)=""/163) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000000), 0x4) r4 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x3, 0x20080) ioctl$TUNGETVNETHDRSZ(r4, 0x800454d7, &(0x7f00000000c0)) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000240), 0x4) dup2(r3, r1) 02:50:20 executing program 5: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x10000, 0x41) ioctl$UI_SET_PHYS(r0, 0x4004556c, &(0x7f0000000540)='syz0\x00') r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xffffffffffffffff) ioctl$UI_DEV_CREATE(r1, 0x5501) 02:50:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x2}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) r1 = syz_open_dev$usbmon(&(0x7f0000001b00)='/dev/usbmon#\x00', 0x5, 0x84002) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000001b40), &(0x7f0000001b80)=0x4) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:50:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 02:50:20 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x2, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000540)='/dev/audio\x00', 0x20000, 0x0) ioctl$NBD_CLEAR_QUE(r1, 0xab05) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2046.009887] input: syz0 as /devices/virtual/input/input865 [ 2046.017349] input: syz0 as /devices/virtual/input/input866 [ 2046.027325] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2046.027325] program syz-executor1 not setting count and/or reply_len properly 02:50:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 02:50:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x4}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2046.069327] input: syz0 as /devices/virtual/input/input868 [ 2046.077266] input: syz0 as /devices/virtual/input/input867 02:50:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3801}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000]}, 0x48) 02:50:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0) write$UHID_CREATE(r1, &(0x7f0000000100)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000080)=""/114, 0x72, 0x40, 0x100, 0x6, 0x6, 0x20}, 0x11c) 02:50:20 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000680)={0x0, 0x0, 0x0}, &(0x7f00000006c0)=0xc) r2 = getgid() setregid(r1, r2) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0) ioctl$RTC_UIE_OFF(r3, 0x7004) sendmsg$can_raw(r3, &(0x7f0000000640)={&(0x7f0000000580), 0x10, &(0x7f0000000600)={&(0x7f00000005c0)=@can={{0x1, 0x0, 0x6, 0x6}, 0x3, 0x3, 0x0, 0x0, "f1506156bf882743"}, 0x10}, 0x1, 0x0, 0x0, 0x4004010}, 0x4) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x1) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x5) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2046.166247] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2046.166247] program syz-executor1 not setting count and/or reply_len properly [ 2046.208006] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2046.208006] program syz-executor1 not setting count and/or reply_len properly [ 2046.226265] input: syz0 as /devices/virtual/input/input869 [ 2046.280881] input: syz0 as /devices/virtual/input/input870 02:50:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x40000, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x7fff) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) lseek(r1, 0x0, 0x5) dup2(r2, r0) 02:50:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}, 0x48) 02:50:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3, 0xfffffff0}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:21 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000640)={0x400000000002f, {0x0, 0x8000, 0x80, 0x0, 0xfffffffffffffffd}}) r1 = inotify_init() write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) fsetxattr$security_evm(r1, &(0x7f0000000580)='security.evm\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="050001000000000700353c50b93dc7e8263067bb21f383ea20ac506683dd142b09e3057651b3bc18180d2933bbcecc47a8665dd433e8fe"], 0x3f, 0x1) r2 = dup3(r0, r0, 0x80000) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='/dev/uinput\x00', r2}, 0x10) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40046602, &(0x7f0000000600)=0x400000) 02:50:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1f, 0x400000) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000080)) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff00000053fb391f2710607c000000380000000000"], 0x2e) 02:50:21 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000540)='/dev/admmidi#\x00', 0x8001, 0x80000) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000580)="8fa625d255dbd0e068620294472abf2e58f4b253adc8a5dbe25b37077edc01c1b05935d379831220eb84946073a447dffed5f14a60b5d5fd6a78fa8ce0e6e260fc2b414eba889935104190de449cce01065839079ff45882f14ba20b3e4bd62530a72deb80fea1deeb46710c85b9095efd06afac07fce1") [ 2047.465735] input: syz0 as /devices/virtual/input/input871 [ 2047.482206] input: syz0 as /devices/virtual/input/input872 [ 2047.503756] input: syz0 as /devices/virtual/input/input873 02:50:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30]}, 0x48) 02:50:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3, 0xfcffffff00000000}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c46000005fffff800000000000000004dffffffffffffff0000000000000000000000000000380000008300"], 0x2e) [ 2047.522302] input: syz0 as /devices/virtual/input/input874 02:50:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3, 0x40000000}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:21 executing program 1: sync() r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) 02:50:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}, 0x48) [ 2047.671255] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2047.671255] program syz-executor1 not setting count and/or reply_len properly [ 2047.723104] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2047.723104] program syz-executor1 not setting count and/or reply_len properly 02:50:22 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGFLAGS(r1, 0x8004745a, &(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r4 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x5, 0x109000) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0x40a45323, &(0x7f00000000c0)={{0x79c5, 0x6}, 'port1\x00', 0x60, 0x2, 0x280c, 0xffffffff, 0x0, 0x8, 0x0, 0x0, 0x2, 0x4}) dup2(r3, r0) 02:50:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3, 0xfcffffff}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:22 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000540)='/dev/qat_adf_ctl\x00', 0x4100, 0x0) r2 = openat(r1, &(0x7f0000000580)='./file0\x00', 0x202000, 0x80) ioctl$UI_DEV_CREATE(r2, 0x5501) 02:50:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000]}, 0x48) 02:50:22 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000540)=@assoc_value={0x0, 0x9}, &(0x7f0000000580)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={r2, 0x7f, 0x5}, &(0x7f0000000600)=0x8) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff000000000000000000000000001299d00038005b"], 0x2e) 02:50:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0ffffff]}, 0x48) 02:50:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3, 0x60000000}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2048.783064] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2048.783064] program syz-executor1 not setting count and/or reply_len properly [ 2048.802287] input: syz0 as /devices/virtual/input/input876 02:50:22 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = syz_open_dev$dspn(&(0x7f0000000600)='/dev/dsp#\x00', 0x7fff, 0x1) write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000640)={0xe, 0x3, 0x7, 0x0, 0xa5, "f07bc90f297835e3e88eb4661caff0468a554a5e7d40c4ad5c57a3bf02b03fa8990d22e9cdbfd29894e0645cf12ffd011d5ee4fc54e80692fdef6e43b47e092a65005940264f0ec0175353dacdad32ab17777a082eabaaa306056983ca3e77dc49ce25d156456a56336ff711718c7e37d3ef4b02f5e52c66fef7076cba66997feb25d6b90312634959ce4402b4ccbd26060edbc2409b7e3ff0c88027bde33a602d851702c6"}, 0xb1) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000700)={{{@in=@remote, @in=@dev}}, {{@in6=@mcast1}, 0x0, @in=@local}}, &(0x7f0000000800)=0xe8) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000540)=0x0) capset(&(0x7f0000000580)={0x399f1336, r3}, &(0x7f00000005c0)={0x0, 0x7, 0xfffffffffffff800, 0x7, 0xffffffffffff0001, 0x4}) 02:50:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) r1 = dup(r0) getsockname$unix(r1, &(0x7f0000000080)=@abs, &(0x7f0000000000)=0x6e) 02:50:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) [ 2048.837282] input: syz0 as /devices/virtual/input/input878 02:50:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3, 0x3f00}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) [ 2048.882148] input: syz0 as /devices/virtual/input/input879 [ 2048.917250] input: syz0 as /devices/virtual/input/input880 02:50:24 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000006a80)=@req3={0x6000000, 0x3, 0x6000000, 0x3}, 0xb7) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000), 0x4) r3 = dup2(r2, r0) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0xcd9) 02:50:24 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x400000000002f, {0xffffffffffffffff, 0x0, 0x7f7fffff, 0x8000000000000000}}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x8000, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8, 0x8501) ioctl$KVM_GET_SREGS(r1, 0x8138ae83, &(0x7f00000005c0)) ioctl$UI_DEV_CREATE(r0, 0x5501) 02:50:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000004dffffffffffffff0000000000000000000000000000380000000000"], 0x2e) ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000000)=0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x800, 0x0) write$P9_RCLUNK(r1, &(0x7f00000000c0)={0x7, 0x79, 0x2}, 0x7) 02:50:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000015d400500000000005504000001ed00001d040000000000002c460000000000006b0a0dfe000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa0]}, 0x48) 02:50:24 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x20, 0x27, 0xaff, 0x0, 0x0, {0x3, 0x300}, [@nested={0xc, 0x3, [@typed={0x8, 0x0, @binary}]}]}, 0x1fd}}, 0x0) 02:50:24 executing program 3: lstat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) write$uinput_user_dev(r0, &(0x7f00000000c0)={'syz0\x00'}, 0x45c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f00000006c0)={'nat\x00'}, &(0x7f0000000740)=0x54) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) perf_event_open$cgroup(&(0x7f0000000640)={0x0, 0x70, 0x100000001, 0x100000001, 0x95, 0xffffffffffff15a1, 0x0, 0x7, 0x10000, 0x8, 0x9, 0x1c, 0x4, 0x5a7, 0x4, 0x80000000, 0x0, 0x8, 0x2, 0x7f, 0x8, 0x3, 0xffffffff80000000, 0x401, 0x2, 0x5, 0x9, 0x3, 0x7fffffff, 0x4, 0x3, 0x6, 0x8, 0x2, 0x2, 0x788, 0x10000, 0x6, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000600), 0xf}, 0x8203, 0x4ea7, 0x2, 0x0, 0x2, 0x3406, 0x5}, r1, 0x10, r1, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 2050.133171] input: syz0 as /devices/virtual/input/input881 [ 2050.144767] input: syz0 as /devices/virtual/input/input882 [ 2050.150820] sg_write: data in/out 393180/4 bytes for SCSI command 0x0-- guessing data in; [ 2050.150820] program syz-executor1 not setting count and/or reply_len properly [ 2050.191385] WARNING: CPU: 1 PID: 2227 at mm/slab_common.c:1031 kmalloc_slab+0x56/0x70 [ 2050.199367] Kernel panic - not syncing: panic_on_warn set ... [ 2050.199367] [ 2050.206734] CPU: 1 PID: 2227 Comm: syz-executor5 Not tainted 4.19.0-rc7+ #176 [ 2050.214008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2050.223350] Call Trace: [ 2050.225935] dump_stack+0x1c4/0x2b4 [ 2050.229562] ? dump_stack_print_info.cold.2+0x52/0x52 [ 2050.234757] panic+0x238/0x4e7 [ 2050.237948] ? add_taint.cold.5+0x16/0x16 [ 2050.242090] ? __warn.cold.8+0x148/0x1ba [ 2050.246151] ? kmalloc_slab+0x56/0x70 [ 2050.249947] __warn.cold.8+0x163/0x1ba [ 2050.253831] ? kmalloc_slab+0x56/0x70 [ 2050.257642] report_bug+0x254/0x2d0 [ 2050.261281] do_error_trap+0x1fc/0x4d0 [ 2050.265163] ? retint_kernel+0x2d/0x2d [ 2050.269043] ? math_error+0x3f0/0x3f0 [ 2050.272841] ? trace_hardirqs_off+0x310/0x310 [ 2050.277331] ? perf_trace_lock+0x14d/0x7a0 [ 2050.281556] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2050.286394] ? trace_hardirqs_on_caller+0x310/0x310 [ 2050.291399] ? zap_class+0x640/0x640 [ 2050.295108] ? __fget+0x4aa/0x740 [ 2050.298562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2050.303402] do_invalid_op+0x1b/0x20 [ 2050.307111] invalid_op+0x14/0x20 [ 2050.310562] RIP: 0010:kmalloc_slab+0x56/0x70 [ 2050.314963] Code: c5 60 ab 00 89 5d c3 48 85 ff b8 10 00 00 00 74 f4 83 ef 01 c1 ef 03 0f b6 87 80 aa 00 89 eb d8 31 c0 81 e6 00 02 00 00 75 db <0f> 0b 5d c3 48 8b 04 c5 a0 aa 00 89 5d c3 66 90 66 2e 0f 1f 84 00 [ 2050.333861] RSP: 0018:ffff8801b0e6fad8 EFLAGS: 00010246 [ 2050.339220] RAX: 0000000000000000 RBX: 000000007f800000 RCX: ffffc90004087000 [ 2050.346479] RDX: 000000000000007b RSI: 0000000000000000 RDI: 0000001fe0000020 [ 2050.353745] RBP: ffff8801b0e6fad8 R08: ffff8801b99aa040 R09: ffffed0037372ed9 [ 2050.361004] R10: ffff8801b0e6fba8 R11: ffff8801b9b976cf R12: 0000000000000000 [ 2050.368265] R13: 0000000000000000 R14: ffff8801bc220e00 R15: 00000000006080c0 [ 2050.375553] __kmalloc+0x25/0x760 [ 2050.379003] ? ksys_dup3+0x680/0x680 [ 2050.382711] ? __might_fault+0x12b/0x1e0 [ 2050.386777] ? input_mt_init_slots+0xe5/0x4a0 [ 2050.391274] input_mt_init_slots+0xe5/0x4a0 [ 2050.395595] uinput_ioctl_handler.isra.10+0x2049/0x2540 [ 2050.400955] ? uinput_request_submit.part.9+0x2d0/0x2d0 [ 2050.406324] ? __fget_light+0x2e9/0x430 [ 2050.410293] ? fget_raw+0x20/0x20 [ 2050.413748] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2050.419281] ? compat_put_timespec64+0x110/0x280 [ 2050.424038] ? compat_get_timespec64+0x2a0/0x2a0 [ 2050.428786] ? __ia32_compat_sys_futex+0x3e6/0x5f0 [ 2050.433715] ? uinput_ioctl_handler.isra.10+0x2540/0x2540 [ 2050.439242] uinput_compat_ioctl+0x6b/0x90 [ 2050.443475] __ia32_compat_sys_ioctl+0x20e/0x630 [ 2050.448229] do_fast_syscall_32+0x34d/0xfb2 [ 2050.452546] ? do_int80_syscall_32+0x890/0x890 [ 2050.457128] ? entry_SYSENTER_compat+0x68/0x7f [ 2050.461705] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2050.466717] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2050.471565] ? trace_hardirqs_on_caller+0x310/0x310 [ 2050.476574] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2050.481582] ? recalc_sigpending_tsk+0x180/0x180 [ 2050.486331] ? kasan_check_write+0x14/0x20 [ 2050.490563] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2050.495403] entry_SYSENTER_compat+0x70/0x7f [ 2050.499802] RIP: 0023:0xf7f58ca9 [ 2050.503162] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 2050.522055] RSP: 002b:00000000f5f330cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 2050.529755] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000005501 [ 2050.537019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2050.544281] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2050.551563] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2050.558820] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2050.567395] Kernel Offset: disabled [ 2050.571018] Rebooting in 86400 seconds..